Difference between revisions of "NFS Version 4 Only"
Jump to navigation
Jump to search
| (12 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | # Use Debian 12 | ||
| + | |||
| + | ``` | ||
| + | apt update && sudo apt install -y nfs-kernel-server uuid | ||
| + | systemctl status nfs-server --no-pager | ||
| + | ss -lntp | grep 2049 | ||
| + | ``` | ||
| + | |||
| + | nfs-v4-only.sh | ||
| + | ``` | ||
| + | #!/bin/bash | ||
| + | set -eu | ||
| + | |||
| + | apt update && sudo apt -y install nfs-kernel-server uuid | ||
| + | |||
| + | UUID=$(uuid) | ||
| + | mkdir /$UUID | ||
| + | chown nobody:nogroup /$UUID | ||
| + | |||
| + | systemctl status nfs-server --no-pager | ||
| + | ss -lntp | grep 2049 | ||
| + | cat /proc/fs/nfsd/versions | ||
| + | sed -i 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf | ||
| + | systemctl restart nfs-kernel-server | ||
| + | cat /proc/fs/nfsd/versions | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ## Share folder | ||
| + | ``` | ||
| + | mkdir -p /nfs | ||
| + | chown nobody:nogroup /nfs | ||
| + | ``` | ||
| + | |||
| + | /etc/exports | ||
| + | ``` | ||
| + | /nfs 10.0.0.0/8(rw,sync,no_subtree_check,insecure,root_squash) | ||
| + | ``` | ||
| + | Make sure you know security implications with the above | ||
| + | |||
| + | ## NFS Client Host | ||
| + | |||
| + | /etc/fstab | ||
| + | ``` | ||
| + | nfshost:/nfs /opt/nfs nfs4 _netdev,auto 0 0 | ||
| + | ``` | ||
| + | |||
| + | |||
| + | # Older | ||
| + | |||
| + | alt-for-older.sh | ||
| + | ``` | ||
| + | sed -i 's/^NEED_STATD=*/NEED_STATD="no"/g' /etc/default/nfs-common | ||
| + | sed -i 's/^NEED_IDMAPD=*/NEED_IDMAPD="yes"/g' /etc/default/nfs-common | ||
| + | sed -i 's/^RPCNFSDOPTS=*/RPCNFSDOPTS="-N 2 -N 3"/g' /etc/default/nfs-kernel-server | ||
| + | sed -i 's/^RPCMOUNTDOPTS=*/RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"/g' /etc/default/nfs-common | ||
| + | |||
| + | sudo systemctl mask rpcbind.service | ||
| + | sudo systemctl mask rpcbind.socket | ||
| + | # sudo systemctl unmask rpcbind.service | ||
| + | # sudo systemctl unmask rpcbind.socket | ||
| + | |||
| + | cat /proc/fs/nfsd/versions | ||
| + | ``` | ||
| + | |||
| + | |||
| + | |||
| + | # More stuff Old | ||
| + | |||
Enable verion 4 only by disabling 2 and 3 (2 is already disabled on modern os) | Enable verion 4 only by disabling 2 and 3 (2 is already disabled on modern os) | ||
- https://wiki.debian.org/NFSServerSetup | - https://wiki.debian.org/NFSServerSetup | ||
| + | - https://help.ubuntu.com/community/NFSv4Howto | ||
/etc/default/nfs-kernel-server # update | /etc/default/nfs-kernel-server # update | ||
| Line 30: | Line 100: | ||
and all traffic goes over 2049 unencrypted with only ip address access restrictions. Very simple, very fast. | and all traffic goes over 2049 unencrypted with only ip address access restrictions. Very simple, very fast. | ||
| + | |||
| + | /etc/exports | ||
| + | ``` | ||
| + | /101f8f6a-e761-11eb-8e23-afa707071684 192.168.1.10(rw,sync,no_subtree_check,insecure,root_squash) | ||
| + | ``` | ||
| + | |||
| + | /etc/fstab | ||
| + | ``` | ||
| + | nfshost:/101f8f6a-e761-11eb-8e23-afa707071684 /opt/localnfshare nfs4 _netdev,auto 0 0 | ||
| + | ``` | ||
Latest revision as of 04:28, 26 November 2023
Use Debian 12
apt update && sudo apt install -y nfs-kernel-server uuid systemctl status nfs-server --no-pager ss -lntp | grep 2049
nfs-v4-only.sh
#!/bin/bash set -eu apt update && sudo apt -y install nfs-kernel-server uuid UUID=$(uuid) mkdir /$UUID chown nobody:nogroup /$UUID systemctl status nfs-server --no-pager ss -lntp | grep 2049 cat /proc/fs/nfsd/versions sed -i 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf systemctl restart nfs-kernel-server cat /proc/fs/nfsd/versions
mkdir -p /nfs chown nobody:nogroup /nfs
/etc/exports
/nfs 10.0.0.0/8(rw,sync,no_subtree_check,insecure,root_squash)
Make sure you know security implications with the above
NFS Client Host
/etc/fstab
nfshost:/nfs /opt/nfs nfs4 _netdev,auto 0 0
Older
alt-for-older.sh
sed -i 's/^NEED_STATD=*/NEED_STATD="no"/g' /etc/default/nfs-common sed -i 's/^NEED_IDMAPD=*/NEED_IDMAPD="yes"/g' /etc/default/nfs-common sed -i 's/^RPCNFSDOPTS=*/RPCNFSDOPTS="-N 2 -N 3"/g' /etc/default/nfs-kernel-server sed -i 's/^RPCMOUNTDOPTS=*/RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"/g' /etc/default/nfs-common sudo systemctl mask rpcbind.service sudo systemctl mask rpcbind.socket # sudo systemctl unmask rpcbind.service # sudo systemctl unmask rpcbind.socket cat /proc/fs/nfsd/versions
More stuff Old
Enable verion 4 only by disabling 2 and 3 (2 is already disabled on modern os) - https://wiki.debian.org/NFSServerSetup - https://help.ubuntu.com/community/NFSv4Howto
/etc/default/nfs-kernel-server # update
# RPCMOUNTDOPTS="--manage-gids" RPCMOUNTDOPTS="--manage-gids -N 2 -N 3" RPCNFSDOPTS="-N 2 -N 3"
/etc/default/nfs-common # add
NEED_STATD="no" NEED_IDMAPD="yes"
sudo systemctl mask rpcbind.service sudo systemctl mask rpcbind.socket sudo cat /proc/fs/nfsd/versions sudo systemctl restart nfs-server sudo cat /proc/fs/nfsd/versions
showmount -e nas
does not work now
and all traffic goes over 2049 unencrypted with only ip address access restrictions. Very simple, very fast.
/etc/exports
/101f8f6a-e761-11eb-8e23-afa707071684 192.168.1.10(rw,sync,no_subtree_check,insecure,root_squash)
/etc/fstab
nfshost:/101f8f6a-e761-11eb-8e23-afa707071684 /opt/localnfshare nfs4 _netdev,auto 0 0