NFS Version 4 Only

From UVOO Tech Wiki
Revision as of 04:24, 26 November 2023 by Busk (talk | contribs)
Jump to navigation Jump to search

Use Debian 12

apt update && sudo apt install -y nfs-kernel-server uuid
systemctl status nfs-server --no-pager
ss -lntp | grep 2049

nfs-v4-only.sh 

#!/bin/bash
set -eu

apt update && sudo apt install nfs-kernel-server uuid
systemctl status nfs-server --no-pager
ss -lntp | grep 2049
cat /proc/fs/nfsd/versions
sed -i 's/^# vers3=y$/vers3=n/g' /etc/nfs.conf
systemctl restart nfs-kernel-server
cat /proc/fs/nfsd/versions

/nfsd/versions 

<br />## Share folder

mkdir -p /nfs chown nobody:nogroup /nfs 

<br />/etc/exports

/nfs 10.0.0.0/8(rw,sync,no_subtree_check,insecure,root_squash) 

Make sure you know security implications with the above

## NFS Client Host

/etc/fstab

nfshost:/nfs /opt/nfs nfs4 _netdev,auto 0 0 

<br /><br /># Older

alt-for-older.sh

sed -i 's/^NEED_STATD=/NEED_STATD="no"/g' /etc/default/nfs-common sed -i 's/^NEED_IDMAPD=/NEED_IDMAPD="yes"/g' /etc/default/nfs-common sed -i 's/^RPCNFSDOPTS=/RPCNFSDOPTS="-N 2 -N 3"/g' /etc/default/nfs-kernel-server sed -i 's/^RPCMOUNTDOPTS=/RPCMOUNTDOPTS="--manage-gids -N 2 -N 3"/g' /etc/default/nfs-common

sudo systemctl mask rpcbind.service sudo systemctl mask rpcbind.socket

sudo systemctl unmask rpcbind.service

sudo systemctl unmask rpcbind.socket

cat /proc/fs 

<br /><br /><br /># More stuff Old

Enable verion 4 only by disabling 2 and 3 (2 is already disabled on modern os)
- https://wiki.debian.org/NFSServerSetup
- https://help.ubuntu.com/community/NFSv4Howto

/etc/default/nfs-kernel-server  # update

RPCMOUNTDOPTS="--manage-gids"

RPCMOUNTDOPTS="--manage-gids -N 2 -N 3" RPCNFSDOPTS="-N 2 -N 3" 

<br />/etc/default/nfs-common  # add

NEED_STATD="no" NEED_IDMAPD="yes" 

<br />

sudo systemctl mask rpcbind.service sudo systemctl mask rpcbind.socket sudo cat /proc/fs/nfsd/versions sudo systemctl restart nfs-server sudo cat /proc/fs/nfsd/versions 

<br /><br />

showmount -e nas 

does not work now

and all traffic goes over 2049 unencrypted with only ip address access restrictions. Very simple, very fast.

/etc/exports

/101f8f6a-e761-11eb-8e23-afa707071684 192.168.1.10(rw,sync,no_subtree_check,insecure,root_squash) 

<br />/etc/fstab

nfshost:/101f8f6a-e761-11eb-8e23-afa707071684 /opt/localnfshare nfs4 _netdev,auto 0 0 ```

Retrieved from "https://tech.uvoo.io/index.php?title=NFS_Version_4_Only&oldid=4731"