Lesson 5

Date: 2/19/2009

Network File System (NFS)

Linux for Engineering and IT Applications

NFS Security and Performance optimization
Security

In NFSv2 and NFSv3, file access is based on UID and GID, therefore, clients should be trusted hosts.

Restrict remote access to a portmapper via tcp_wrappers:
in /etc/hosts.deny

portmap: ALL

In /etc/hosts.allow

portmap: 192.168.2.1 , 192.168.1.

Do not use no_root_squash in export options

Use nosuid and nodev mounting options

More detailes on security: Sec. 6 NFS-HOWTO

Performance optimization

On an NFS server: optimize number of concurently running nfsd daemons.

On an NFS client: optimize wsize and rsize blocks for write/read performance.

More details on optimization: Sec. 5 NFS-HOWTO

NFS implementation
NFS versions
File System virtualization
NFS and RPC
NFS and OSI
NFSv3 server stateless
NFSv3 daemons
NFS mount
NFSv3 server side
NFSv3 client side
Standard mount
Automount
Security and Optimization
NFSv4 features
NFSv3 Exercises
NFSv4 Exercises
Take me to the Course Website