NFS on OS X 10.5
From OS X Scientific Computing
Contents |
Creating NFS networks
OS X, like other unix operating systems, can function as both an NFS server and NFS client. Canonical unix systems permit the system administrator to configure this by editing two ascii text files. The file /etc/fstab controls what remote disks (i.e., those served by another machine) will be mounted, and the file /etc/exports controls what files will be served via NFS to other computers, and can restrict access according to the system administrator's needs.
All of this is now true of OS X as well, as of version 10.5. (Previously one had to take a few extra steps that have now been eliminated).
Exporting a Filesystem
In principle, the only thing you have to do is
Create an /etc/exports file
sudo touch /etc/exports
Populate it with entries
You just need to specify the filesystem to export, and the machines to export to (they should have static IP addresses):
/etc/exports:
/Users -maproot=nobody my.other.machine.com yet.another.machine.org somewhere.over.the.rainbow
Details: man exports
More details on the syntax to use in /etc/exports
Test it
showmount -e
If that doesn't show the contents of /etc/exports, or returns some other error, try this:
sudo nfsd restart
You might have to give it 20 seconds to get going. See also suggested workarounds for exporting NFS filesystems below.
Auto-Mounting remote filesystems with NFS
You have two (non-exclusive) options:
- Use /etc/fstab
- Use the /etc/auto_* files
The first of these options is set up to mount filesystems automatically at root level without further user intervention. Functionally speaking, it should work just like /etc/fstab does on other unix operating systems.
The the second option requires some typing, but allows you to fine-tune and customize automounting.
Use an /etc/fstab file
This is the simple way to do things, and has the additional merit of behaving in the same way that you expect NFS mounting to behave on other unix operating systems.
All you have to do is to create an /etc/fstab file and put the appropriate entries into it. This is explained in the following link:
Use the /etc/auto_* files
As of OS X 10.5, automount works differently, and in a way that allows quite a bit of customization. Instead of using /etc/fstab, it makes use of a file called /etc/auto_master and a set of derivative files called the /etc/auto_* files. Click on that link to see how to use them.
man auto_master
for further details.
Note that in order to be able to write to NFS mounted filesystems, you have to have the same userid on both machines. On OS X, issue the command
id -p
to find out what uid you have. Unfortunately, the converse is also true: Anyone with uid of 501 can write to a filesystem owned by another user with uid of 501 on the remote machine. In the case of OS X, the first user account created is 501, the second 502, and so forth, so unless you are careful, you can have a big mess on your hands.
Mounting remote filesystems with NFS without Automount
You should not have to subvert the automounter, but here is how you can.
If things are problematic
I've had trouble with mounting filesystems from non-OS X machines (linux and sun, which used to work fine), and with exporting file systems, as briefly noted above. NFS Workarounds
Security
Kerberized NFS
In OS X, 10.5, NFS has the option to use Kerberos authentication.
Common Sense
You should only export filesystems to specific static IP addresses, not domains or to the whole world. Although spoofing an IP address to overcome this is not difficult, it still requires some effort.
TCP Wrappers and firewall
Use the hosts.allow file to set up rules for access
nfsd: your.favorite.machine:ALLOW mountd: your.favorite.machine:ALLOW
Use IPFW to restrict NFS port access to friendly static IP addresses
Fine-tuning the behavior of nfs on 10.5
Many of the default behaviors can be changed by creating a file called /etc/nfs.conf
