# nfs recommendation [solved]

## DaggyStyle

hello.

currently, I'm using nfs4 to share a folder on my server with my laptop, but that folder has symlinks which don't behave well with nfs4.

so I need to change the nfs protocol, I want need a recommendation for an protocol that supports symlinks, read (only) data from the server, can be limited to specific addresses per folder, bind to specific user and can be binded to a static port.

I've thought of using smb but I'm not sure if it can be binded on addresses per share.

can smb do that? if not, is there a nfs implementation that supports what I want?

----------

## NeddySeagoon

DaggyStyle,

Does sshfs do what you need ?

Its a way of mounting a remote filesystem over ssh for a single user.

----------

## DaggyStyle

 *NeddySeagoon wrote:*   

> DaggyStyle,
> 
> Does sshfs do what you need ?
> 
> Its a way of mounting a remote filesystem over ssh for a single user.

 

might be, will check it out, btw, does it interferes with other ssh connection?

is it possible it is overshoot for my needs?

----------

## John R. Graham

Hard links work okay with NFSv4.  Is that a possibility for you?

- John

----------

## alunduil

What about AFS?  I've been meaning to get around to using it but haven't had the time.

Regards,

Alunduil

----------

## Hu

In what way do the symlinks behave badly under NFSv4?

----------

## DaggyStyle

 *John R. Graham wrote:*   

> Hard links work okay with NFSv4.  Is that a possibility for you?
> 
> - John

 

even when it point to another partition? I'll need to refresh my knowledge on symlink vs hardlink

 *alunduil wrote:*   

> What about AFS?  I've been meaning to get around to using it but haven't had the time.
> 
> Regards,
> 
> Alunduil

 

androw fs? 

 *Hu wrote:*   

> In what way do the symlinks behave badly under NFSv4?

 

they point on the location on the client's computer rather then on the server computer

----------

## John R. Graham

 *DaggyStyle wrote:*   

>  *John R. Graham wrote:*   Hard links work okay with NFSv4.  Is that a possibility for you?
> 
> - John 
> 
> even when it point to another partition? I'll need to refresh my knowledge on symlink vs hardlink

 No; hard links work only within a single filesystem.  However, you can mount portions of other filesystems within your NFS shared directory.  See "mount -o bind".  

- John

----------

## depontius

 *DaggyStyle wrote:*   

>  *alunduil wrote:*   What about AFS?  I've been meaning to get around to using it but haven't had the time.
> 
> Regards,
> 
> Alunduil 
> ...

 

"andrew fs" - Don't know who the heck "andrew" was, maybe Andrew Carnegie, since it was orignally done at CMU.  We use AFS extensively at work.  It works well, but there are definitely non-Posix things about it - to ordinary users the most obvious is file permissions.

 *DaggyStyle wrote:*   

>  *Hu wrote:*   In what way do the symlinks behave badly under NFSv4? 
> 
> they point on the location on the client's computer rather then on the server computer

 

I'm serving /home over NFSv4 at home, and do this with no problems.  I have both "/local" and "/home".  There is local user space for each user available at /local, and nfs is mounted over /home.  In addition there are several box-local accounts - some different on each client, some the same.  The server has these accounts in /etc/passwd, but no space allocated in the exported space.  At this point, a picture might be better:

```

directly on the client:

/local/dale   (directory structure here)

      /mythtv (directory structure here)

/home/dale    ->/local/dale

     /mythtv  ->/local/mythtv

On the server:

/exports/home/dale   (directory structure here)

             /mythtv ->/local/mythtv
```

The upshot of all of this is that my clients can mount /home from the server for each regular user.  But space for the mythtv user does not exist on the server, but is separate and configured to each specific client.  Furthermore, since there is some user space for each client under /local, and because there's a symlink to /local hidden under the /home mount point, if the NFS server is not up users can still work.  In addition certain thing like the firefox profiles and cache are symlinked out of nfs and into the local space.  (If you think the sqlite problem was bad on ext3, imagine it over nfs.)

The upshot is that I've got symlinks pointing out of NFSv4 into local space and it works happily.  So it's not that it won't work, but there may be additional gotchas.

----------

## Hu

 *DaggyStyle wrote:*   

>  *Hu wrote:*   In what way do the symlinks behave badly under NFSv4? they point on the location on the client's computer rather then on the server computer

 That is exactly what is supposed to happen.

----------

## DaggyStyle

 *John R. Graham wrote:*   

>  *DaggyStyle wrote:*    *John R. Graham wrote:*   Hard links work okay with NFSv4.  Is that a possibility for you?
> 
> - John 
> 
> even when it point to another partition? I'll need to refresh my knowledge on symlink vs hardlink No; hard links work only within a single filesystem.  However, you can mount portions of other filesystems within your NFS shared directory.  See "mount -o bind".  
> ...

 

I've tried that, the content if the two folder I've binded on the server appear empty on the client, here is the fstab:

```

/dev/sdb1               /               reiserfs        noatime         0 1

/dev/mapper/Mainframe-portageTree       /usr/portageTree ext2           noatime         0 0

/dev/mapper/Mainframe-portageBin        /usr/portageBin reiserfs        noatime         0 0

/usr/portageBin/distfiles               /usr/portage/distfiles none     rw,bind         0 0

/usr/portageBin/packages                /usr/portage/packages none      rw,bind         0 0

/usr/portage                            /export/portage none            ro,bind         0 0

```

also, when I try to see the content of distfiles and packages as normal user I can see the content, but when trying to access the content of one folder within packages, I get permission denied.

 *Hu wrote:*   

>  *DaggyStyle wrote:*    *Hu wrote:*   In what way do the symlinks behave badly under NFSv4? they point on the location on the client's computer rather then on the server computer That is exactly what is supposed to happen.

 

thats true but that isn't what I've wanted and thought it will do.

----------

## depontius

So let me get this straight...

You had symlinks in an exported directory that were going outside of that mount point on the server, and of course on the client they wound up pointing to missing places on the client filesystem.  That is to be expected.

Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)

Do you have "root squash" enabled?  It's generally a good idea to keep root squashed, but I believe that within idmapd you could map root to another user - say portage?

----------

## DaggyStyle

 *depontius wrote:*   

> So let me get this straight...
> 
> You had symlinks in an exported directory that were going outside of that mount point on the server, and of course on the client they wound up pointing to missing places on the client filesystem.  That is to be expected.
> 
> 

 

yes.

 *depontius wrote:*   

> Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)
> 
> 

 

think so

 *depontius wrote:*   

> Do you have "root squash" enabled?  It's generally a good idea to keep root squashed, but I believe that within idmapd you could map root to another user - say portage?

 huh?

----------

## depontius

 *DaggyStyle wrote:*   

> 
> 
>  *depontius wrote:*   Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)
> 
>  
> ...

 

Basically, root can't be trusted across a network.  Trusting root across a network essentially means that root on one machine is root on any machine, meaning that you have to trust anything and everything that gets plugged into your network.  That situation is probably acceptable for a home lan or an isolated lab network, but not much more.

Because of that, "root squash" means turning root into an anonymous user - essentially "nobody", though that can be configured.  It also happens to be the default for nfs - local root can't do squat to an nfs-mounted filesystem.  The "Nobody-User" and "Nobody-Group" are what root normally becomes, and they're specified in /etc/idmapd.conf.  It's also possible to turn off root-squash, though I'm not sure how fine-grained that can be done.

----------

## DaggyStyle

 *depontius wrote:*   

>  *DaggyStyle wrote:*   
> 
>  *depontius wrote:*   Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)
> 
>  
> ...

 

but that is not what I want, all I want it to share portage with the laptop.

because the tree is on a 1k block ext2 partition and the packages+distfiles are on a reiserfs partition.

----------

## depontius

 *DaggyStyle wrote:*   

> 
> 
> but that is not what I want, all I want it to share portage with the laptop.
> 
> because the tree is on a 1k block ext2 partition and the packages+distfiles are on a reiserfs partition.

 

It doesn't seem to me that you should be having any problem, then.  From what I can tell here, the portage tree is universal-read, so even if root gets squashed into nobody, it should still be able to read the stuff.  I may be able to do a rough cut of this on my home system, to check it out for you.  I have:

/raid1-1/backup

        /etc

        /home/dale

        /lost+found

        /mail

/exports/home

#grep exports /etc/fstab

/raid1-1/home           /exports/home   none            bind            0 0

To come up with something analogous to your situation, I think I just need to bind-mount /usr/portage to /raid1-1/home and see what it looks like from the client side, both as user and as root.  Unlike your setup, my whole /usr/portage is on one filesystem, but I think we can demonstrate the basic principle by bind-mounting it into /raid1-1/home.  That will need to wait until I'm home tonight or this weekend.

----------

## DaggyStyle

 *depontius wrote:*   

>  *DaggyStyle wrote:*   
> 
> but that is not what I want, all I want it to share portage with the laptop.
> 
> because the tree is on a 1k block ext2 partition and the packages+distfiles are on a reiserfs partition. 
> ...

 

notice that it is anough to reload exportfs, restart nfs and enter /export/home

----------

## DaggyStyle

with the help of the guys at #gentoo in freenode, I've added the missing folders to export and modified the config and viola! all is working  :Smile: 

----------

