System Administration Guide: Network Services

WebNFS Administration Tasks

This section provides instructions for administering the WebNFS system. Related tasks follow.

Table 5–4 Task Map for WebNFS Administration

Task 

Description 

For Instructions 

Plan for WebNFS 

Issues to consider before enabling the WebNFS service. 

Planning for WebNFS Access

Enable WebNFS 

Steps to enable mounting of an NFS file system by using the WebNFS protocol. 

How to Enable WebNFS Access

Enable WebNFS through a firewall 

Steps to allow access to files through a firewall by using the WebNFS protocol. 

How to Enable WebNFS Access Through a Firewall

Browse by using an NFS URL 

Instructions for using an NFS URL within a web browser. 

How to Browse Using an NFS URL

Use a public file handle with autofs 

Steps to force use of the public file handle when mounting a file system with the automounter. 

How to Use a Public File Handle With Autofs

Use an NFS URL with autofs 

Steps to add an NFS URL to the automounter maps. 

How to Use NFS URLs With Autofs

Provide access to a file system through a firewall 

Steps to allow access to a file system through a firewall by using the WebNFS protocol. 

How to Mount an NFS File System Through a Firewall

Mount a file system by using an NFS URL 

Steps to allow access to a file system by using an NFS URL. This process allows for file system access without using the MOUNT protocol. 

How to Mount an NFS File System Using an NFS URL

Planning for WebNFS Access

To use WebNFS, you first need an application that is capable of running and loading an NFS URL (for example, nfs://server/path). The next step is to choose the file system that can be exported for WebNFS access. If the application is web browsing, often the document root for the web server is used. You need to consider several factors when choosing a file system to export for WebNFS access.

  1. Each server has one public file handle that by default is associated with the server's root file system. The path in an NFS URL is evaluated relative to the directory with which the public file handle is associated. If the path leads to a file or directory within an exported file system, the server provides access. You can use the public option of the share command to associate the public file handle with a specific exported directory. Using this option allows URLs to be relative to the shared file system rather than to the server's root file system. The root file system does not allow web access unless the root file system is shared.

  2. The WebNFS environment enables users who already have mount privileges to access files through a browser. This capability is enabled regardless of whether the file system is exported by using the public option. Because users already have access to these files through the NFS setup, this access should not create any additional security risk. You only need to share a file system by using the public option if users who cannot mount the file system need to use WebNFS access.

  3. File systems that are already open to the public make good candidates for using the public option. Some examples are the top directory in an ftp archive or the main URL directory for a web site.

  4. You can use the index option with the share command to force the loading of an HTML file. Otherwise, you can list the directory when an NFS URL is accessed.

    After a file system is chosen, review the files and set access permissions to restrict viewing of files or directories, as needed. Establish the permissions, as appropriate, for any NFS file system that is being shared. For many sites, 755 permissions for directories and 644 permissions for files provide the correct level of access.

    You need to consider additional factors if both NFS and HTTP URLs are to be used to access one web site. These factors are described in WebNFS Limitations With Web Browser Use.

How to Browse Using an NFS URL

Browsers that are capable of supporting the WebNFS service should provide access to an NFS URL that resembles the following:


nfs://server<:port>/path
server

Name of the file server

port

Port number to use (2049, default value)

path

Path to file, which can be relative to the public file handle or to the root file system


Note –

In most browsers, the URL service type (for example, nfs or http) is remembered from one transaction to the next. The exception occurs when a URL that includes a different service type is loaded. After you use an NFS URL, a reference to an HTTP URL might be loaded. If such a reference is loaded, subsequent pages are loaded by using the HTTP protocol instead of the NFS protocol.


How to Enable WebNFS Access Through a Firewall

You can enable WebNFS access for clients that are not part of the local subnet by configuring the firewall to allow a TCP connection on port 2049. Just allowing access for httpd does not allow NFS URLs to be used.