System Administration Guide

Sharing Files From a Server

NFS is a distributed file system that can be used to "tie together" computers that are running different operating systems. For example, systems running DOS can share files with systems running UNIX.

NFS makes the actual physical location of the file system irrelevant to the user. You can use NFS to allow users to see all the relevant files, regardless of location. Instead of placing copies of commonly used files on every system, NFS allows you to place one copy on one system's disk and let all other systems access it across the network. Under NFS, remote file systems are virtually indistinguishable from local ones.

A system becomes an NFS server if it has file systems to share or export over the network. A server keeps a list of currently exported file systems and their access restrictions (such as read/write or read-only).

You may want to share resources, such as files, directories, or devices from one system on the network (typically, a server) with other systems. For example, you might want to share third-party applications or source files with users on other systems.

When you share a resource, you make it available for mounting by remote systems.

You can share a resource in these ways:

By using the share or shareall command
By adding an entry to the /etc/dfs/dfstab (distributed file system table) file

The default /etc/dfs/dfstab file shows you the syntax and an example of entries:

$ more /etc/dfs/dfstab
#   Place share(1M) commands here for automatic execution
#   on entering init state 3.
#
#   Issue the command '/etc/init.d/nfs.server start' to run the NFS
#   daemon processes and the share commands, after adding the
#   very first entry to this file.
#
#   share [-F fstype] [ -o options] [-d ""]  [resource]
#   .e.g,
#   share  -F nfs  -o rw=engineering  -d "home dirs"  /export/home2
share -F nfs /var/mail
$

Add one entry to the /etc/dfs/dfstab file for each resource that you want to have shared automatically. Each entry must be on a separate line, using this syntax:

share [-F nfs] [-o specific-options] [-d "description"] pathname

Table 26-4 describes these variables.

Table 26-4 Variables for /etc/dfstab Entry


Option	Description
`-F nfs`	Indicates that the file system type is NFS. If you have only one distributed file system package installed, `nfs` is the default, and you can omit the `-F` option.
`-o` `specific-options`	Regulates how the resource is shared. Specific options, separated by commas, that can follow the `-o` flag include: `rw` - Shares pathname read/write to all clients (by default), except those that are specified under `ro=`. `ro` - Shares pathname read-only to all clients, except those that are specified under `rw=`. `ro=client[:client]` - Shares pathname read-only to the listed client machines or netgroup names (overriding `rw`). `rw=client[:client]` - Shares pathname read/write to the listed client machines or netgroup names (overriding `ro`). `anon=uid` - Lets you specify a different UID for ``anonymous'' users--users whose UID is 0, the UID of root on Solaris systems--when accessing pathname. By default, anonymous users are mapped to user `nobody`, which has the UID `UID_NOBODY`. User `nobody` has ordinary user privileges, not root privileges. `root=host[:host]` - Lets a user from `host`, whose UID is 0, access pathname as root; root users from all other hosts become `anon`. If this option is not specified, no user from any host is granted access to pathname as root. `secure` - Shares a resource with additional user authentication required (See NFS Administration Guide for more information). `kerberos` - Shares a resource with Kerberos authentication. (See "Administering Kerberos Version 4 Authentication" for more information.)
`-d` `description`	Is a comment that describes the resource to be shared. If you use the `-d` option, the description is stored in the `sharetab` file. However, clients do not see the description displayed when they use the `dfshares` command to list the resources shared on that system.
pathname	Is the full name of the resource to be shared, starting at root (`/`).

You cannot specify both rw and ro without arguments, and you cannot specify the same client in the rw= list and the ro= list. If no read/write option is specified, the default is read/write for all clients.

Caution -

Granting root access to other hosts has far-reaching security implications; use the root= option with extreme caution.

See Chapter 28, Mounting and Unmounting File Systems (Tasks) for information on how to share files and file systems. See the NFS Administration Guide for a complete description of NFS.

Note -

Arguments that accept a client or host list (ro=, rw=, and root=) are guaranteed to work over UDP, but may not work over other transport providers.

Under NFS, a server shares resources it owns so clients can mount them. However, a user who becomes root as a client is denied access as root to mounted remote resources. When a user logged in as root on one host requests access to a remote file shared through NFS, the user's ID is changed from 0 to the user ID of the user name nobody. The access rights of user nobody are the same as those given to the public for a particular file. For example, if the public has only execute permission for a file, then user nobody can execute only that file.