A note before we begin: if you want to configure NFS or Samba (Microsoft Windows) networking on your Linux machine then KDE has a tool called "kdenetwork-filesharing" which I find to be a very easy way to configure shared folders and printers. Just

apt-get install kdenetwork-filesharing

NFS (Network File System)
If you want to set up some kind of file or printer sharing in Linux, then you might want to use NFS (Network File System). I have found NFS to be quite reliable and fast as long as nothing out of the ordinary happens. On the other hand, I have experienced full machine lockups if the network goes down or if somebody turns off a computer that is mounted by a different computer.

That being said, you should be also warned that NFS is not exactly secure. As far as I can tell, all traffic is submitted in the clear over the network, and furthermore (it seems to me) that no authentication is performed for one computer to share to another computer except by name. This means that I just put a list of names in a file, and if there appears a computer on the network with that name then it has access. This doesn't sound very secure to me. Of course, I *think* that there is a way to specify not ONLY the names but also the MAC (hardware address of the ethernet card) for the allowed computers. At least this should make it harder to hijack - but I haven't bothered to see how this works.

At this point a better option *may* be to use LUFS or SHFS networking. This uses SSH to set up a secure connection between machines. In fact I use this pretty often.

There is one more thing to consider: NFS (by itself) does not translate user/group ID's (UID/GID) between machines. This is a problem since my user "spencer" might have different actual UID numbers on different machines. Clearly this is at the least annoying, and at the most a huge security risk. There is a complicated mapping system called NIS (Name Information Service), but I have not had time (or need) to figure it out yet. There is even an improved method called NIS+, but as far as I can tell the Linux support for this hasn't been implemented (and probably never will be). NIS not only maps UID/GID, but it also keeps global passwords synchronized across the network - a very useful feature if you have a large network. The utilities all go under the names "yp*" where the yp stands for "Yellow Pages". I found a pretty good NIS Howto for Debian.

Since my network is only a couple of machines, I'm not going to worry about that right now. There is a quick manual UID/GID mapping method that works if the number of users and number of machines is small (see below). This link is the standard NFS howto. These notes will be a fast summary of stuff that worked instantly (for me).

Server setup
In order to share files out, you will need to set up the server side of things. There are two types of NFS servers: either a Kernel-oriented server or a Userspace-oriented server. The first is faster, the second is probably more flexible (you'll need the "nfs-user-server" Debian package if you want to use the "map_static" option explained below, otherwise you should probably choose the package "nfs-kernel-server").

Now you will need to CONFIGURE your shares for NFS (this is where the KDE tool mentioned above can be useful). The configuration is stored in /etc/exports. Here the lines are of the form

directory machine1(option11,option12) machine2(option21,option22)

where "directory" is shared to machines "machine1" and "machine2" with permissions given by the options (i.e. ro,rw,sync,etc). At this point, you SHOULD set up some security in the "/etc/hosts.allow" and "etc/hosts.deny" files, but I must admit that I'm lazy and so I don't worry about it - check the official documentation for more about that.

Instead of using NIS to map UIDs and GIDs I just use the option "map_static=[filename]" for each share in /etc/exports. This works fine on a network with only a couple of machines and a couple of users, but clearly won't work for larger systems (NIS is the game, then). Let's see how this works. Suppose I want to share "/directory" to "remotemachine1" - then I would use the following line in /etc/exports:

/directory remotemachine1(rw,sync,root_squash,map_static=/etc/remotemachine1map.txt)

where the text file /etc/remotemachine1map.txt takes the format:

# Mapping for client remotemachine1:
#    remote     local
uid  0-99       -       # squash these
uid  100-500    1000    # map 100-500 to 1000-1500
gid  0-49       -       # squash these
gid  50-100     700     # map 50-100 to 700-750

Client setup
On the client side things are pretty easy. You can just mount a shared NFS directory (located on remote.machine.com) by issuing the command

mount remote.machine.com:/shared/directory /local/directory

Simple. I put an entry in my /etc/fstab that allows me to mount the directories easily (but not automatically... I have encountered problems with this):

machine:directory localdirectory nfs noauto,noatime,user,rw,nosuid,hard,intr,sync 0 0

CAVEAT: Note that NFS behaves very strangely with symbolic links. If a symbolic link refers to a file "/usr/share/testfile" on the REMOTE system, then if you mount the remote share and try to access this symbolic link then it will look for the file "/usr/share/testfile" on your LOCAL machine. The way that I work around this is to use "relative" symbolic links, like "../../testfile". This keeps the link referencing on the REMOTE machine. I really think that NFS should be fixed to take this into account.

Samba (Microsoft Windows networking/SMB/CIFS)
Since I'm busy I cannot describe this right now. To install the samba subsystem just install the Debian packages "samba" and "smbclient".

To CONFIGURE Samba you have two choices: either use the KDE tool mentioned at the top of this page, or manually tweak "/etc/samba/smb.conf". The documentation concerning this is easily found on the net, so I won't bother duplicating it. However, I must admit that Samba can sometimes be very painful in Linux. Some day I'll come back and say more...

This page has been visited   times since January 13, 2005