Difference between revisions of "NFS Version 4 Only"
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
set -eu | set -eu | ||
| − | apt update && sudo apt install nfs-kernel-server | + | apt update && sudo apt -y install nfs-kernel-server uuid |
| + | |||
| + | UUID=$(uuid) | ||
| + | mkdir /$UUID | ||
| + | chown nobody:nogroup /$UUID | ||
| + | |||
systemctl status nfs-server --no-pager | systemctl status nfs-server --no-pager | ||
ss -lntp | grep 2049 | ss -lntp | grep 2049 | ||
| Line 21: | Line 26: | ||
``` | ``` | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
## Share folder | ## Share folder | ||
| Line 56: | Line 47: | ||
| + | # Older | ||
| + | |||
| + | alt-for-older.sh | ||
| + | ``` | ||
| + | sed -i 's/^NEED_STATD=*/NEED_STATD="no"/g' /etc/default/nfs-common | ||
| + | sed -i 's/^NEED_IDMAPD=*/NEED_IDMAPD="yes"/g' /etc/default/nfs-common | ||
| + | sed -i 's/^RPCNFSDOPTS=*/RPCNFSDOPTS="-N 2 -N 3"/g' /etc/default/nfs-kernel-server | ||
| + | sed -i 's/^RPCMOUNTDOPTS=*/RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"/g' /etc/default/nfs-common | ||
| + | |||
| + | sudo systemctl mask rpcbind.service | ||
| + | sudo systemctl mask rpcbind.socket | ||
| + | # sudo systemctl unmask rpcbind.service | ||
| + | # sudo systemctl unmask rpcbind.socket | ||
| + | |||
| + | cat /proc/fs/nfsd/versions | ||
| + | ``` | ||
Latest revision as of 04:28, 26 November 2023
Use Debian 12
apt update && sudo apt install -y nfs-kernel-server uuid systemctl status nfs-server --no-pager ss -lntp | grep 2049
nfs-v4-only.sh
#!/bin/bash set -eu apt update && sudo apt -y install nfs-kernel-server uuid UUID=$(uuid) mkdir /$UUID chown nobody:nogroup /$UUID systemctl status nfs-server --no-pager ss -lntp | grep 2049 cat /proc/fs/nfsd/versions sed -i 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf systemctl restart nfs-kernel-server cat /proc/fs/nfsd/versions
mkdir -p /nfs chown nobody:nogroup /nfs
/etc/exports
/nfs 10.0.0.0/8(rw,sync,no_subtree_check,insecure,root_squash)
Make sure you know security implications with the above
NFS Client Host
/etc/fstab
nfshost:/nfs /opt/nfs nfs4 _netdev,auto 0 0
Older
alt-for-older.sh
sed -i 's/^NEED_STATD=*/NEED_STATD="no"/g' /etc/default/nfs-common sed -i 's/^NEED_IDMAPD=*/NEED_IDMAPD="yes"/g' /etc/default/nfs-common sed -i 's/^RPCNFSDOPTS=*/RPCNFSDOPTS="-N 2 -N 3"/g' /etc/default/nfs-kernel-server sed -i 's/^RPCMOUNTDOPTS=*/RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"/g' /etc/default/nfs-common sudo systemctl mask rpcbind.service sudo systemctl mask rpcbind.socket # sudo systemctl unmask rpcbind.service # sudo systemctl unmask rpcbind.socket cat /proc/fs/nfsd/versions
More stuff Old
Enable verion 4 only by disabling 2 and 3 (2 is already disabled on modern os) - https://wiki.debian.org/NFSServerSetup - https://help.ubuntu.com/community/NFSv4Howto
/etc/default/nfs-kernel-server # update
# RPCMOUNTDOPTS="--manage-gids" RPCMOUNTDOPTS="--manage-gids -N 2 -N 3" RPCNFSDOPTS="-N 2 -N 3"
/etc/default/nfs-common # add
NEED_STATD="no" NEED_IDMAPD="yes"
sudo systemctl mask rpcbind.service sudo systemctl mask rpcbind.socket sudo cat /proc/fs/nfsd/versions sudo systemctl restart nfs-server sudo cat /proc/fs/nfsd/versions
showmount -e nas
does not work now
and all traffic goes over 2049 unencrypted with only ip address access restrictions. Very simple, very fast.
/etc/exports
/101f8f6a-e761-11eb-8e23-afa707071684 192.168.1.10(rw,sync,no_subtree_check,insecure,root_squash)
/etc/fstab
nfshost:/101f8f6a-e761-11eb-8e23-afa707071684 /opt/localnfshare nfs4 _netdev,auto 0 0