l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2001 Dec 30 17:09

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] adventures in NFS land
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] adventures in NFS land



aaron,

you have to understand that i did the barest of skimming of the howto.  i
literally flipped through the howto, just looking for something that seemed
important.  i barely know what i'm doing (and i fully admit that i don't
deserve to have it work so quickly).

but i'm pretty sure the answer to your question is no because at the very
least you need to be able to specify the directory to share in /etc/exports.
this in of itself shouldn't be world writable.

but on top of that, any sane administrator uses tcpd, so you need to add your
host to /etc/hosts.allow.

pete


begin: Aaron King <aking@ucdavis.edu> quote
> Pete,
> 
> Is there a way to configure NFS if you're not root?  Although I have root
> priveleges on my home machines, I do not on the machines at work (which are the
> only ones accessible to the internet, since I have a strong firewall at home).
> Would it be possible for me to, say, use NFS to mount (from home) a subdirectory
> of my $HOME on a machine at work?  (Does that even make sense?)
> 
> A.
> 
> Peter Jay Salzman wrote:
> 
> > dear all,
> >
> > i just configured nfs for the first time from scatch.  it was easy.  took me
> > under 20 minutes to do.
> >
> > 8 minutes: reading the howto.  actually, i simply skimmed paragraphs that
> >    looked sorta important.
> >
> > 10 minutes: browsed through the google newsgroups to look for mention of
> >    "rpc: connection refused" error.  google didn't pan out (but lots of people
> >    asked the same question).  i found the answer by going back to the howto.
> >
> > the funny thing is that the howto is kind of outdated for what i'm using --
> > the kernel NFS feature, rather than user space NFS.
> >
> > the kernel space NFS is supposed to be faster, but is also supposed to be
> > harder to debug.  here is the outline of the steps:
> >
> > 1. compile the kernel on the server with "kernel nfs server support"
> >    include nfs 3 support.
> > 2. compile the kernel on the client with "kernel nfs client support"
> >    include nfs 3 support.
> > 3. edit /etc/hosts.allow, /etc/hosts.deny for security  here's the deny file:
> >
> >    portmap: ALL
> >    lockd: ALL
> >    mountd: ALL
> >    rquotad: ALL
> >    statd: ALL
> >
> > and here's the allow file:
> >
> >    portmap: lucifer.diablo.net
> >    lockd: lucifer.diablo.net
> >    rquotad: lucifer.diablo.net
> >    mountd: lucifer.diablo.net
> >    statd: lucifer.diablo.net
> >
> > 4. make the file /etc/exports.  here's mine.  i simply mount /home on the
> >    remote machine.
> >
> >       /home 192.168.0.4(rw)
> >
> > 5. /etc/init.d/nfs start
> > 6. run rpc.mountd, rpc.nfsd and rpc.lockd on the server.  (this was teh step
> >    i was missig that caused the rpc: connection refused" message.
> > 7. on the client,
> >
> >      lucifer# mount satan:/home /home
> >
> > 8. wait a bit
> >
> > and suddenly, i now have my home directory shared between my 2 computers.
> > very cool.  my bookmarks, my files; everything is available to me on both
> > computers.  no more wondering if i left a particular file on this machine or
> > that machine...
> >
> > i'm behind a pretty strong firewall, so running nfs on my home network
> > doesn't pose much of a threat.  although if i'm wrong, someone please speak
> > up!  :)
> >
> > if anyone has any tips on optimizing nfs or making it more secure, i'm all
> > ears too.
> >
> > pete
> >
> > --
> > "You may not use the Software in connection with any site that disparages
> > Microsoft, MSN, MSNBC, Expedia, or their products or services ..."
> >                     -- Clause from license for FrontPage 2002
> 
> --
> ======================================================================
> Aaron King, Ph.D.                        http://two.ucdavis.edu/~aking
> Dept. of Environmental Science & Policy       mailto:aking@ucdavis.edu
> University of California                             Tel: 530/752 3026
> One Shields Avenue, Davis CA 95616 USA               Fax: 530/752 3350
> ======================================================================
> 
> 
> 

-- 
"You may not use the Software in connection with any site that disparages
Microsoft, MSN, MSNBC, Expedia, or their products or services ..."
                    -- Clause from license for FrontPage 2002


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.