Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

251

252

253

254

255

256

257

258

259

260

Chapter 17. Network File System (NFS) 253

This line states that any directory a user tries to access under the local /home directory (due to the

asterisk character) should result in an NFS mount on the server.domain.com system within its exported

/home ﬁle system. The mount options specify that each /home directory NFS mounts should use a

particular collection of settings. For more information on mount options, including the ones used in

this example, see Section 17.3.3.

17.3.3. Common NFS Mount Options

Beyond mounting a ﬁle system via NFS on a remote host, a number of different options may be

speciﬁed at the time of the mount that can make it easier to use. These options can be used with

manual mount commands, /etc/fstab settings, and autofs, and other mounting methods.

The following options are the most popular for NFS mounts:

• hard or soft — speciﬁes whether the program using a ﬁle via an NFS connection should stop

and wait (hard) for the server to come back online if the host serving the exported ﬁle system is

unavailable, or if it should report an error (soft).

If you specify hard, you will not be able to terminate the process waiting for the NFS communica-

tion to resume unless you also specify the intr option.

If you specify soft, you can set an additional timeo=

value option, where value speciﬁes

the number of seconds to pass before the error is reported.

• intr — allows NFS requests to be interrupted if the server goes down or cannot be reached.

• nolock — is occasionally required when connecting to older NFS server. To require locking, use

the lock option.

• noexec — does not permit the execution of binaries on the mounted ﬁle system. This is useful if

your Red Hat Linux system is mounting a non-Linux ﬁle system via NFS that contains binaries that

will not execute on your machine.

• nosuid — does not allow set-user-identiﬁer or set-group-identiﬁer bits to take effect.

• rsize=8192 and wsize=8192 — may speed up NFS communication for reads (rsize) and writes

(wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when

changing these values; some older Linux kernels and network cards may not work well with larger

block sizes.

• nfsvers=2 or nfsvers=3 — specify which version of the NFS protocol to use.

Many more options are listed on the mount man page, including options for mounting non-NFS ﬁle

systems.

17.4. Securing NFS

NFS works well for sharing entire ﬁle systems with a large number of known hosts in a largely

transparent manner. Many users accessing ﬁles over an NFS mount may not be aware that the ﬁle

system they are using is not local to their system. However, with ease of use comes a variety of

potential security problems.

The following points should be considered when exporting NFS ﬁle systems on a server or mounting

them on a client. Doing so will minimize NFS security risks and better protect your data.