- Challenges of File Sharing
- Different Protocols for Different Clients
- Planning File Services
- Using Apple Filing Protocol
- Configuring Apple File Service
- Monitoring AFP Activity
- Using Windows File Service
- Configuring Windows File Service
- Configuring Access and Starting Windows File Services
- Using NFS Share Point Access
- Configuring NFS
- Using FTP File Service
- Configuring FTP Service
- Network-Mounted Share Points
- Preparing for a Network Home Folder
- Configuring Network Mounts
- Controlling Access to Shared Folders
- Troubleshooting File Services
- What Youve Learned
- Chapter Review
Setting up NFS share points is similar to setting up AFP and SMB share points.
- On your Mac OS X computer in Server Admin, click the File Sharing button in the toolbar, and then click the Volumes button, followed by the Browse button. Navigate to and select the Shared Items folder.
- Click the New Folder button in the upper-right corner of Server Admin to create a folder inside Shared Items called NFS Services. Click Save.
- Click the Share button, and then click Save.
- In the Share Point pane at the bottom of the window, click the Protocol Options button, and disable AFP, SMB, and FTP services for this folder.
- In the Protocol Options pane, click NFS.
- Select “Export this item and its contents to” and leave World chosen in the pop-up menu.
This setting allows any computer (unless blocked by a firewall) access to this NFS share, regardless of its IP address.
- Set the Mapping pop-up menu to Root to Nobody.
This setting blocks users from using the root user account (UID=0) to get unlimited access to the file on the share point. Anyone using a root user account will be treated the same as the nobody, or guest, user on the server.
- Select the “Read only” option.
Because of the security deficiencies with NFS, many people choose to offer file services via NFS in a read-only manner.
- Click OK to dismiss the Protocol Options dialog.
- Click Save.
Starting the NFS Service
The NFS service Settings pane contains only a few options, which can safely be left at their defaults for basic NFS file servers. You start the NFS service in the same manner as other services.
- In Server Admin, click the Add (+) button and choose Add Service from the pop-up menu.
- Select the checkbox for NFS, and click Save.
- Select the NFS service in the left column.
- Click the Start NFS button.
Connecting to an NFS Share
NFS has one major difference over other file-sharing protocols that comes up when you mount an NFS share from your client computer. With most sharing protocols, you connect to the share point without knowing where it is on the file server’s file system. With NFS, you must specify the full path of the share point as it exists on the server. Also unlike other protocols, you won’t be given a list of share points to choose from. If you need to know what shares exist on a server, you can type showmount -e nfs.server.name in a Terminal window.
- In the Finder on your Mac OS X computer, choose Go > Connect to Server.
- Enter this URL: nfs://server17.pretendco.com:/Shared Items/NFS Services.
- Click Connect.
A new Finder window will appear, and a new entry for the server will appear in the sidebar.
Note that you were not prompted for any user name or password. Also note the Read-Only icon in the corner of the Finder window; it is shown because the volume is read only, as you configured it to be earlier. Depending on your use of NFS, you may have a read-write NFS share, or you may limit NFS to read only but also share the same folder using another protocol for any write actions.
Setting Other NFS Share Options
Usually for NFS you don’t want to export (share) the folder to the entire world, but rather restrict it to a certain subnet or list of IP addresses.
- In Server Admin, click the name of your server on the left, followed by the File Sharing button in the toolbar.
- Click the Share Points button just below the toolbar.
- Click the NFS Services share point, then click the Share Point tab.
- Click the Protocol Options button.
- Click the NFS tab.
- Change the pop-up menu from World to Subnet.
- Enter a Subnet address of 10.1.0.0.
- Enter a Subnet mask of 255.255.0.0.
For even better security, if you have only a few computers that will be connecting to your NFS server, you would want to limit connections to just those IPs.
- Change the pop-up menu at the top from Subnet to Client List.
- Click the Add (+) button.
127.0.0.1 (localhost) appears in the list. You probably want to leave that IP there so the server can talk to itself.
- Click the Add (+) button again.
- Type an address of 10.1.17.2 (or use the IP address assigned to your Mac OS X computer).
Modify some additional NFS settings that might be appropriate for your use:
- Change the Mapping to “All to Nobody.”
This setting will ignore any user names on the client side, and treat any NFS clients as if they were using the Nobody (guest) account on the server.
- Change the Minimum Security setting to “Kerberos v5 with data integrity and privacy.”
This setting requires that clients must possess a Kerberos ticket, and it will authenticate both the client and server as well as encrypt all the NFS network traffic.
- Click OK.
- Click Save.