To use WebNFS, you first need an application that is capable of running and loading an NFS URL (for example, nfs://server/path). The next step is to choose the file system that can be exported for WebNFS access. If the application is web browsing, often the document root for the web server is used. You need to consider several factors when choosing a file system to export for WebNFS access.
Each server has one public file handle that by default is associated with the server's root file system. The path in an NFS URL is evaluated relative to the directory with which the public file handle is associated. If the path leads to a file or directory within an exported file system, the server provides access. You can use the –public option of the share command to associate the public file handle with a specific exported directory. Using this option enables URLs to be relative to the shared file system rather than to the server's root file system. The root file system does not allow web access unless the root file system is shared.
The WebNFS environment enables users who already have mount privileges to access files through a browser. This capability is enabled regardless of whether the file system is exported by using the –public option. Because users already have access to these files through the NFS setup, this access should not create any additional security risk. You only need to share a file system by using the –public option if users who cannot mount the file system need to use WebNFS access.
After a file system is chosen, review the files and set access permissions to restrict viewing of files or directories, as needed. Establish the permissions, as appropriate, for any NFS file system that is being shared. For many sites, 755 permissions for directories and 644 permissions for files provide the correct level of access.
You need to consider additional factors if both NFS and HTTP URLs are to be used to access one web site. For more information about WebNFS limitations, see WebNFS Limitations With Web Browser Use.