Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

241

242

243

244

245

246

247

248

249

250

248 Chapter 17. Network File System (NFS)

permitted or prevented access to the NFS server. For more information on conﬁguring access

controls with TCP wrappers, see Chapter 8.

After the client is allowed past TCP wrappers, the NFS server refers to its conﬁguration ﬁle,

/etc/exports, to determine whether the client has enough privileges to mount any of the exported

ﬁle systems. After granting access, any ﬁle and directory operations are sent to the server using

remote procedure calls.

Warning

NFS mount privileges are granted speciﬁcally to a client, not a user. If you grant a client machine

access to an exported ﬁle system, any users of that machine will have access to the data.

When conﬁguring the /etc/exports ﬁle, be extremely careful about granting read-write permissions

(rw) to a remote host.

17.1.1. NFS and portmap

NFS relies upon remote procedure calls (RPC) to function. portmap is required to map RPC requests

to the correct services. RPC processes notify portmap when they start, revealing the port number they

are monitoring and the RPC program numbers they expect to serve. The client system then contacts

portmap on the server with a particular RPC program number. portmap then redirects the client to

the proper port number to communicate with its intended service.

Because RPC-based services rely on portmap to make all connections with incoming client requests,

portmap must be available before any of these services start. If, for some reason, the portmap service

unexpectedly quits, restart portmap and any services running when it was started.

The portmap service can be used with the host access ﬁles (/etc/hosts.allow and

/etc/hosts.deny) to control which remote systems are permitted to use RPC-based services on

your machine. See Chapter 8 for more information. Access control rules for portmap will affect all

RPC-based services. Alternatively, you can specify each of the NFS RPC daemons to be affected

by a particular access control rule. The man pages for rpc.mountd and rpc.statd contain

information regarding the precise syntax of these rules.

17.1.1.1. portmap Status

As portmap provides the coordination between RPC services and the port numbers used to commu-

nicate with them, it is useful to be able to get a picture of the current RPC services using portmap

when troubleshooting. The rpcinfo command shows each RPC-based service with its port number,

RPC program number, version, and IP protocol type (TCP or UDP).

To make sure the proper NFS RPC-based services are enabled for portmap, rpcinfo -p can be

useful:

program vers proto port

100000 2 tcp 111 portmapper

100000 2 udp 111 portmapper

100024 1 udp 1024 status

100024 1 tcp 1024 status

100011 1 udp 819 rquotad

100011 2 udp 819 rquotad

100005 1 udp 1027 mountd

100005 1 tcp 1106 mountd

100005 2 udp 1027 mountd

100005 2 tcp 1106 mountd

100005 3 udp 1027 mountd