NFS

NFS (Network File System)

Last updated 2008/03/18

Return to the Suffield Academy Network Documentation Homepage

A printable version of this document is also available.

Introduction

NFS Exports

To allow other machines to connect to a server, you must export directories from the server to the clients.

Traditionally, the list of exported directories has been defined in a file (/etc/exports). However, under Mac OS X Server, the list of exports is stored in NetInfo (Apple's directory service).

In general, an exports entry must specify the following:

• The directory path(s) to export

• The clients to export to

• Access restrictions on the paths

Note that NFS is an inherently insecure protocol, so great care should be taken to prevent abuse. If possible, attempt to follow these guidelines:

• Export filesystems to as few clients as possible. Use a restricted network, or a specific client list to prevent unauthorized access.

• Export filesystems as read-only to prevent attacks from other machines.

The examples below follow these guidelines.

Adding an Export

Note: Apple's NFS daemon requires that all shared paths on a single device be mentioned in the same configuration directive. So, if you have three directories on a disk you'd like to share, all three must be in the same configuration directive (you can not list them individually).

Let's suppose we wish to export a few directories, all on a single device. The device is mounted at /Volumes/Snapshots/, and the folders we wish to share are called Users, Groups, and Web.

Keeping in line with our security recommendations, we'll be exporting these directories only to a specific subnet. Additionally, we'll export the filesystem as read-only to prevent changes from external clients.

To add the export directive, run the following in a terminal:

(Note: order is important; the "name" property must be set last!)

sudo niutil -create . /exports/Snapshots
sudo niutil -createprop . /exports/Snapshots opts 'ro'
sudo niutil -appendprop . /exports/Snapshots opts 'maproot=root'
sudo niutil -createprop . /exports/Snapshots opts 'network=192.168.1.0'
sudo niutil -createprop . /exports/Snapshots opts 'mask=255.255.255.0'
sudo niutil -createprop . /exports/Snapshots name '/Volumes/Snapshots/Users /Volumes/Snapshots/Groups /Volumes/Snapshots/Web'

Now restart the nfs daemon:

sudo killall -HUP mountd

Look for any startup errors in the system log:

tail -f /var/log/system.log

If the logs are clean, you're ready to connect from an NFS client.

NFS Clients

This section not yet complete.