Difference between revisions of "NFS Version 4 Only"

From UVOO Tech Wiki
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
 
```
 
```
apt update && sudo apt install nfs-kernel-server
+
apt update && sudo apt install -y nfs-kernel-server uuid
systemctl status nfs-server
+
systemctl status nfs-server --no-pager
 
ss -lntp | grep 2049
 
ss -lntp | grep 2049
 
```
 
```
Line 12: Line 12:
 
set -eu
 
set -eu
  
apt update && sudo apt install nfs-kernel-server
+
apt update && sudo apt -y install nfs-kernel-server uuid
systemctl status nfs-server
+
 
 +
UUID=$(uuid)
 +
mkdir /$UUID
 +
chown nobody:nogroup /$UUID
 +
 
 +
systemctl status nfs-server --no-pager
 
ss -lntp | grep 2049
 
ss -lntp | grep 2049
 
cat /proc/fs/nfsd/versions
 
cat /proc/fs/nfsd/versions
sed 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf
+
sed -i 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf
 
systemctl restart nfs-kernel-server
 
systemctl restart nfs-kernel-server
 
cat /proc/fs/nfsd/versions
 
cat /proc/fs/nfsd/versions
 
```
 
```
 +
 +
 +
## Share folder
 +
```
 +
mkdir -p /nfs
 +
chown nobody:nogroup /nfs
 +
```
 +
 +
/etc/exports
 +
```
 +
/nfs 10.0.0.0/8(rw,sync,no_subtree_check,insecure,root_squash)
 +
```
 +
Make sure you know security implications with the above
 +
 +
## NFS Client Host
 +
 +
/etc/fstab
 +
```
 +
nfshost:/nfs /opt/nfs nfs4  _netdev,auto  0  0
 +
```
 +
 +
 +
# Older
  
 
alt-for-older.sh
 
alt-for-older.sh
Line 35: Line 63:
 
cat /proc/fs/nfsd/versions
 
cat /proc/fs/nfsd/versions
 
```
 
```
 +
 +
  
 
# More stuff Old
 
# More stuff Old

Latest revision as of 04:28, 26 November 2023

Use Debian 12

apt update && sudo apt install -y nfs-kernel-server uuid
systemctl status nfs-server --no-pager
ss -lntp | grep 2049

nfs-v4-only.sh 

#!/bin/bash
set -eu

apt update && sudo apt -y install nfs-kernel-server uuid

UUID=$(uuid)
mkdir /$UUID
chown nobody:nogroup /$UUID

systemctl status nfs-server --no-pager
ss -lntp | grep 2049
cat /proc/fs/nfsd/versions
sed -i 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf
systemctl restart nfs-kernel-server
cat /proc/fs/nfsd/versions

Share folder

mkdir -p /nfs
chown nobody:nogroup /nfs

/etc/exports 

/nfs 10.0.0.0/8(rw,sync,no_subtree_check,insecure,root_squash)

Make sure you know security implications with the above

NFS Client Host

/etc/fstab 

nfshost:/nfs /opt/nfs nfs4  _netdev,auto  0  0

Older

alt-for-older.sh 

sed -i 's/^NEED_STATD=*/NEED_STATD="no"/g' /etc/default/nfs-common
sed -i 's/^NEED_IDMAPD=*/NEED_IDMAPD="yes"/g' /etc/default/nfs-common
sed -i 's/^RPCNFSDOPTS=*/RPCNFSDOPTS="-N 2 -N 3"/g'  /etc/default/nfs-kernel-server
sed -i 's/^RPCMOUNTDOPTS=*/RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"/g' /etc/default/nfs-common

sudo systemctl mask rpcbind.service
sudo systemctl mask rpcbind.socket
# sudo systemctl unmask rpcbind.service
# sudo systemctl unmask rpcbind.socket

cat /proc/fs/nfsd/versions

More stuff Old

Enable verion 4 only by disabling 2 and 3 (2 is already disabled on modern os) - https://wiki.debian.org/NFSServerSetup - https://help.ubuntu.com/community/NFSv4Howto

/etc/default/nfs-kernel-server # update 

# RPCMOUNTDOPTS="--manage-gids"
RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"
RPCNFSDOPTS="-N 2 -N 3"

/etc/default/nfs-common # add 

NEED_STATD="no"
NEED_IDMAPD="yes"

sudo systemctl mask rpcbind.service
sudo systemctl mask rpcbind.socket
sudo cat /proc/fs/nfsd/versions
sudo systemctl restart nfs-server
sudo cat /proc/fs/nfsd/versions

showmount -e nas

does not work now

and all traffic goes over 2049 unencrypted with only ip address access restrictions. Very simple, very fast.

/etc/exports 

/101f8f6a-e761-11eb-8e23-afa707071684    192.168.1.10(rw,sync,no_subtree_check,insecure,root_squash)

/etc/fstab 

nfshost:/101f8f6a-e761-11eb-8e23-afa707071684 /opt/localnfshare nfs4  _netdev,auto  0  0
Retrieved from "https://tech.uvoo.io/index.php?title=NFS_Version_4_Only&oldid=4733"