The Network File System or NFS is an RPC service used in conjunction with portmap and other related services to provide network accessible mount points for client machines. For more information on how NFS works, see the chapter titled Network File System (NFS) in the Official Red Hat Linux Reference Guide. For more information about configuring NFS, refer to the Official Red Hat Linux Customization Guide. The following subsections will assume basic knowledge of NFS.
It is recommended that anyone planning to implement an NFS server first secure the portmap service as outlined in the Section called Securing Portmap, then address following issues.
Because NFS passes all information unencrypted over the network, it is important the service be run behind a firewall and on a segmented and secure network. Any time information is passed over NFS an insecure network, it risks being intercepted. Careful network design in these regards can help prevent security breaches.
The NFS server determines which file systems to export and who to export these directories to via the /etc/exports file. Be careful not to add extraneous spaces when editing this file.
For instance, the following line in the /etc/exports file shares the directory /tmp/nfs/ to the host my.example.com with read and write permissions.
/tmp/nfs/ my.example.com(rw) |
This line in the /etc/exports file, on the other hand, shares the same directory to the host my.example.com with read-only permissions and shares is to the world with read and write permissions due to a single space after the hostname.
/tmp/nfs/ my.example.com (rw) |
It is good practice to check any configured NFS shares by using the following command to verify they are correctly configured:
showmount -e <hostname> |