NFS on OS X 10.5 and above

From OS X Scientific Computing

(Redirected from NFS on OS X 10.5)
Jump to: navigation, search

Contents

Creating NFS networks

OS X, like other unix operating systems, can function as both an NFS server and NFS client. Canonical unix systems permit the system administrator to configure this by editing two ascii text files. The file /etc/fstab controls what remote disks (i.e., those served by another machine) will be mounted, and the file /etc/exports controls what files will be served via NFS to other computers, and can restrict access according to the system administrator's needs.

All of this is now true of OS X as well, as of versions 10.5 and above. (Previously one had to take a few extra steps that have now been eliminated).



Exporting a Filesystem

In principle, the only thing you have to do is

Create an /etc/exports file

sudo touch /etc/exports

Populate it with entries

You just need to specify the filesystem to export, and the machines to export to (they should have static IP addresses):

/etc/exports:

/Users  -maproot=nobody  my.other.machine.com  yet.another.machine.org somewhere.over.the.rainbow

Details: man exports

More details on the syntax to use in /etc/exports

Test it

showmount -e

If that doesn't show the contents of /etc/exports, or returns some other error, try this:

sudo nfsd restart

You might have to give it 20 seconds to get going. See also suggested workarounds for exporting NFS filesystems below.





Auto-Mounting remote filesystems with NFS

You have two (non-exclusive) options:


  1. Use /etc/fstab
  2. Use the /etc/auto_* files


The first of these options is set up to mount filesystems automatically at root level without further user intervention. Functionally speaking, it should work just like /etc/fstab does on other unix operating systems.

The the second option requires some typing, but allows you to fine-tune and customize automounting.




Use an /etc/fstab file

This is the simple way to do things, and has the additional merit of behaving in the same way that you expect NFS mounting to behave on other unix operating systems.

All you have to do is to create an /etc/fstab file and put the appropriate entries into it. This is explained in the following link:

NFS Workarounds




Use the /etc/auto_* files

As of OS X 10.5, automount works differently, and in a way that allows quite a bit of customization. Instead of using /etc/fstab, it makes use of a file called /etc/auto_master and a set of derivative files called the /etc/auto_* files. Click on that link to see how to use them.

man auto_master

for further details.


Note that in order to be able to write to NFS mounted filesystems, you have to have the same userid on both machines. On OS X, issue the command

id -p

to find out what uid you have. Unfortunately, the converse is also true: Anyone with uid of 501 can write to a filesystem owned by another user with uid of 501 on the remote machine. In the case of OS X, the first user account created is 501, the second 502, and so forth, so unless you are careful, you can have a big mess on your hands.





Mounting remote filesystems with NFS without Automount

You should not have to subvert the automounter, but here is how you can.





If things are problematic

I've had trouble with mounting filesystems from non-OS X machines (linux and sun, which used to work fine), and with exporting file systems, as briefly noted above. NFS Workarounds





Security

Kerberized NFS

In OS X, 10.5, NFS has the option to use Kerberos authentication.

Common Sense

You should only export filesystems to specific static IP addresses, not domains or to the whole world. Although spoofing an IP address to overcome this is not difficult, it still requires some effort.

TCP Wrappers and firewall

Use the hosts.allow file to set up rules for access

nfsd: your.favorite.machine:ALLOW
mountd: your.favorite.machine:ALLOW

Use IPFW to restrict NFS port access to friendly static IP addresses





Fine-tuning the behavior of nfs on 10.5 and above

Many of the default behaviors can be changed by creating a file called /etc/nfs.conf

Personal tools