Advanced Linux Networking

The usual reason for running an NFS server is that you want to share files with other UNIX or Linux systems. You might do this to share static files, such as program binary files ”for instance, you might store large programs on a server and allow computers with smaller hard disks to run those large programs via NFS. Another common use of NFS is to provide a centralized server for user changeable files ”rather than place users' home directories on their own workstations, you can place them on a centralized server. Particularly when used with a centralized login system such as Kerberos (discussed in Chapter 6, Authenticating Users via Kerberos), this approach provides a great deal of flexibility, because users can log in to any workstation on your network that is appropriately configured and use it as if it were any other computer. This effectively unbinds users from specific workstations. Of course, you don't need to use NFS in either of these precise ways. For instance, you could set up local home directories but provide an NFS server for files shared between users, or provide read-only access to a static database.

Although NFS was designed for UNIX systems and therefore works well with Linux, NFS clients and servers are available for other OSs, such as Windows, OS/2, and MacOS. In most cases, it's better to configure Linux to use the file-sharing protocol that's native to the other OS than to use NFS with one of these OSs. This is particularly true when that protocol is SMB/CIFS and Linux functions as the server, because Samba does an excellent job as an SMB/CIFS server, and it's usually easier to configure one Linux system with Samba server software than to add NFS client software to many clients that don't normally support it. You might want to use NFS to interact with non-UNIX or non-Linux systems on some occasions, though, such as if your network is dominated by UNIX or Linux systems and you need to add just one or two Windows or MacOS computers. (MacOS X is based on UNIX, and so supports NFS quite well, although its configuration isn't obvious from the standard MacOS X GUI interfaces.)

WARNING

As described in the upcoming section "Access Control Mechanisms," NFS doesn't rely on passwords or other typical methods of restricting access to the server. Instead, it uses a trusted hosts model, in which the server relies on the host to authenticate users, and the NFS server in turn trusts that these clients do their user authentication jobs. You specify clients by hostname or IP address. It's possible to spoof (that is, fake) IP addresses, though, or reconfigure local computers to circumvent this security method. You should therefore pay careful attention to security on an NFS system. Ideally, you should not serve sensitive data via NFS. You might prefer to use Samba or some other file transfer mechanism, such as the scp program that's part of the Secure Shell (SSH) package, for more secure transfer of sensitive data.

Категории