6.1. Introduction to File Sharing with NFS

NFS is the most common protocol for sharing files between UNIX systems over a network. NFS servers export directories from their local hard disks to NFS clients, which mount them so that they can be accessed like any other directory. Unlike other file sharing protocols, such as Windows networking, Netware, and AppleShare, NFS was designed to support client systems that have multiple users. This means that a client never logs into a server, and that the server almost completely trusts the client to authenticate users. The down side is that NFS is not a good protocol for sharing files with client systems that are not fully trusted.

Instead of using usernames and passwords for authentication, NFS uses the IP address of the client. Only trusted clients are allowed to mount directories from the server so that it is not vulnerable to unauthorized file access from any client on the network. Some additional security can be gained by restricting the access of particular UNIX users on a client, or treating all requests from a client as a single user.

On Linux, the /etc/exports file contains a permanent list of directories exported by NFS and the clients to which they are exported. Typically, this file is read at boot time by the nfsd and mountd programs that run in the background to service NFS requests. When you change or create exports using Webmin, the exports file is directly updated.

This chapter covers only the sharing of directories from a server using NFS. For details on how to mount an NFS exported directory on a client, see Chapter 5. If you want to share files with Windows clients, you should read Chapter 43 (which covers Samba) instead, as NFS support is not widely available for Windows.