NetInfo Changes, Command Line
http://mactechnotes.blogspot.com/2005/09/mac-os-x-as-nfs-server.html
NetInfo Changes, Command Line
Adding NFS export information to NetInfo from a command line involves running a few simple commands: one to create the entry, and two more to add the necessary options.
- To create the new entry, run
sudo nicl . -create /exports/\\/external\\/path
Since NetInfo uses the / to separate path components, and we have / characters in the entry we want to create, those / have to be escaped. This is done with the backslash, \, and since we are running in a shell, we need to double them up. After the shell is done examining the command, the string \\/ becomes \/ which is what we need to pass to nicl. If we don't use any backslashes, nicl will end up creating an entry /exports/external which has a subdirectory path. This is definitely not what we want.
Basically, double-backslash the forward slashes in the path to export ( /external/path), but not the NetInfo path (/exports/). Note also the part /\\/ as the path we are exporting is /external/path which includes the leading /.
If you added /exports/external\\/path then the path exported would be external/path which is a relative path, but relative to what?
Make sure to not put in a trailing slash on the path. - Now we need to add the two properties which specify the allowed clients and any options we need. These properties are clients which we'll set to an empty string (which means all clients, but read the note on default entry, below); and opts, set to ro so the directory is mounted read-only (see the manpage for exports for the options which can be used). The commands to accomplish this are:
sudo nicl . -append /exports/\\/external\\/path clients ""
sudo nicl . -append /exports/\\/external\\/path opts ro
You can repeat this procedure for any other directories you wish to export (but be sure to read the note about default entry, below, if you export several directories to empty clients properties).
Starting Daemons or Notifying mountd
For serving NFS, Mac OS X has three daemons which need to be running: portmap which tells clients how to contact the NFS daemons, mountd which handles mounting of NFS filesystems, and nfsd which handles all the rest of serving NFS. See the respective man pages for more information on these.
The first thing to know is, if a machine has no exports listed, these daemons will not be started when the OS starts. portmap is started by /System/Library/StartupItems/Portmap/Portmap (prior to 10.4, and by launchd in 10.4 and later), and both mountd and nfsd are started by /System/Library/StartupItems/NFS/NFS. If you're curious, a look at these scripts will show where they check for exports before starting the respective daemons. The NFS script also starts the NFS client daemons, FYI.
The point of this information is, if this is the first time you add NFS exports, these daemons have to be started before anything works. If this is the case, you'll need to start the daemons (mentioned below). If they are already running, you merely need to notify mountd of export changes (also below).
Starting Daemons
If the daemons aren't running yet (ie, you just added your first exports), you can either start them up by hand, or simply reboot. To start them, run (don't start portmap if you're running on 10.4 or later):
cd /
sudo /usr/sbin/portmap
sudo /usr/sbin/mountd
sudo /sbin/nfsd -t -u -n 6
The order is important. The arguments given to nfsd are the default; if you've added your own to NetInfo's /config/nfsd, use those instead. Once they are started, you're ready to test them.
Notifying mountd
If the daemons are already running, modifying /exports requires a notification be sent to only mountd. This can be done simply by running:
sudo kill -1 `cat /var/run/mountd.pid`
Note those are backticks, not single quotes.
Testing The Exports
To see what mountd is offering, you can run:
showmount -e
This shows the exported filesystems on your machine. You can also run this against another machine as:
showmount -e nfsserver
The output from showmount should look like:
Exports list on localhost:
/external/path Everyone
This indicates the exports are setup properly and mountd is aware of them. The next test is to actually attempt to mount the filesystem. This is accomplished by running:
sudo mount localhost:/external/path /private/mnt
This mounts the exported filesystem into /private/mnt, so an ls of /private/mnt should show the same files as under /external/path.
Once this is verified, unmount it by running
sudo umount /private/mnt
The only testing left is to try mounting the filesystem on a different machine. If that doesn't work, you'll have to consult further documentation, as a full NFS troubleshooting discussion is beyond the scope of this document.
Notes About Being an NFS Server
- default entry
One big issue is where you try to export more than one directory on the same filesystem to a blank clients property. The first one is picked up, labeled as the "default entry" for that filesystem, and any other directory on that same filesystem with a blank clients list will not in fact be exported. This is covered in the manpage for exports, but the wording is quite vague.
The fix for this is to add the additional directories to the name property of the first one you add. For example, if you want to export /Users/user1 and /Users/user2 to everybody and both directories are on the same filesystem, you would set it up as follows,
sudo nicl . -create /exports/\\/Users\\/user1
sudo nicl . -append /exports/\\/Users\\/user1 name /Users/user2
sudo nicl . -append /exports/\\/Users\\/user1 clients ""
sudo nicl . -append /exports/\\/Users\\/user1 opts ro
This then causes both /Users/user1 and /Users/user2 to be the default entry. - Security Information
One note about security. Be very careful with exports which use an empty clients property, as that means any machine can see the exported files. Whenever possible, only specify machines which need to access the exported filesystem. Also, whenever possible, export filesystems read-only (an opts value of ro). - Viewing /exports from the command line
If you want to look at what's currently in /exports from the command line, run
nidump -r /exports .
This will dump out the information recursively (what's in /exports, and all the information pertaining to it). It should look something like
{
"name" = ( "exports" );
CHILDREN = (
{
"name" = ( "/external/path" );
"clients" = ( "" );
"opts" = ( "ro" );
}
)
}
1 Comments:
ehh... love this style.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home