Running Linux, 5th Edition - Matthias Kalle Dalheimer [315]
Don't forget to check the ro and rw options as well. When exporting a directory, the administrator may choose to make the directory available for read-only access, in which case you will not be able to write to the filesystem when mounted on your system. In this case, you should set the options field of the /etc/fstab line in the previous example to ro instead of defaults.
Make sure the administrator of the remote system has exported the desired directory (see "Adding a directory to the NFS server's exports," later in this chapter) and test your configuration by issuing a mount as root:
# mount allison:/usr
Finding NFS exported resources and diagnosing problems
Sometimes you know that there should be an NFS filesystem resource (a share) on a particular server, but you do not know whether the NFS server is running, or perhaps you do not know the correct name of the shared resource. Here is an example to show how you can find out what is available. In this example there are three NFS servers: merlin, frodo, and sunsol. Let's see what NFS resources are available on each.
The utility that can be used to examine the availabilty of NFS services is called showmount. This tool is normally only available to the root user. We will examine all three machines as shown here:
linux:~ # showmount -e merlin
Export list for merlin:
/srv *.myworld.org,192.168.1.0/24
/data *.myworld.org,192.168.1.0/24
The machine merlin has two NFS exports. They may be used only by NFS clients in the myworld.org domain, as well as from any IP address in the 192.168.1.0 network. Let's see what surprises the machine sunsol has for you:
linux:~ # showmount -e sunsol
Export list for sunsol:
/export (everyone)
The /export directory has been exported to the whole world. It is just as well that this resource is inside a private network and not on a machine that is exposed to the Internet. Just for the record, anyone can mount an export that is world-readable. If it is also capable of being written, that does not make for a particularly secure system!
Finally, let's see what happens when we request NFS export information from a server on which the NFS server service is not running. Let's ask the machine frodo, on which the NFS has apparently failed or has been stopped for some reason:
linux:~ # showmount -e frodo
mount clntudp_create: RPC: Program not registered
You can see that the Remote Procedure Call (RPC) process over which NFS resources are shared is not running. RPC is a protocol for client-server communication. It is possible to check what RPC services are running using the rpcinfo utility. In this case, we will check the difference in services available from the machines merlin and frodo, as shown here:
linux:~ # rpcinfo -p merlin
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100024 1 udp 1254 status
100021 1 udp 1254 nlockmgr
100021 3 udp 1254 nlockmgr
100021 4 udp 1254 nlockmgr
100024 1 tcp 4777 status
100021 1 tcp 4777 nlockmgr
100021 3 tcp 4777 nlockmgr
100021 4 tcp 4777 nlockmgr
100005 1 udp 645 mountd
100005 1 tcp 648 mountd
100005 2 udp 645 mountd
100005 2 tcp 648 mountd
100005 3 udp 645 mountd
100005 3 tcp 648 mountd
The nlockmgr RPC service provides file-locking capabilities over NFS-mounted connections, and the nfs_acl RPC service provides POSIX Access Control List (ACL) file security controls. Here is the result of asking the same question of the machine frodo:
linux:~ # rpcinfo -p frodo
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100024 1 tcp 32768 status
100021 1 tcp 32768 nlockmgr
100021 3 tcp 32768 nlockmgr
100021 4 tcp 32768 nlockmgr
The nfs