TITLE
    Mac OS X Server: Exporting NFS Directories With NetworkManager
Article ID:
Created:
Modified: 		60046
2/10/99
11/2/00
TOPIC

    This article discusses NFS and how to export directories with NFS.

DISCUSSION

    If you do not already have an understanding of NetInfo domains, please read the following articles:

    Article 60038: " Mac OS X Server: What is NetInfo? "
    Article 30832 " Mac OS X Server: Basic Introduction To NetInfo Domains ."

    What Is NFS?

    NFS stands for network filesystem. A filesystem in a Unix-style operating system generally means a directory or directory hierarchy. NFS is based on the client/server model. The server exports the filesystems, and the client imports them. With NFS it is possible to seamlessly share filesystems to other computers on a network. When users changes directories, they should not know that they are now looking at a remote filesystem. This is very powerful because it allows common resources to be stored on one computer, and accessed throughout the network. This would be an excellent idea for documentation like man pages, or read me files.

    Selecting The Correct Domain

    NetworkManager allows you to make modifications network wide, so you must select the domain you wish to change. If the computer is not part of a NetInfo network then the local domain is the only one available. If the computer is on a NetInfo network then the domain that you have access to must be selected.

    The domain is selected at the top of the NetworkManager window in the field title "Domain." To reveal the larger domain hierarchy, click the disclosure triangle to the left of "Domain." The correct domain name can be typed or selected.

    Once the correct domain appears in the "Domain" field, NetworkManager can be used.

    A quick word on button conventions; buttons that have a star are for a new items, buttons that have a pencil is for editing items, buttons that have the international symbol for no are to delete items, and buttons that have a pencil and outline are to edit default profiles. Finally, buttons that have one face are for users, and buttons that have two faces are for groups.

    Exporting Filesystems

    To export a directory, click the "File Sharing" button on the left-hand side of the window. Clicking the "Shared Directories" tab shows the directories that are currently being exported (shared) to the network. This is also where new directories can be exported.

    To share a new directory, click the share new directory button (a hard drive with a star). In the window that appears, use the "Select..." button along the right-hand side of the window to select the directory to be exported (shared). It is also possible to type in the path of the directory. All directories contained in the exported directory are visible to any client, but a client can only mount the exported directory, not nested directories.

    Choosing a Destination

    Next, the destination of the exported directory needs to be chosen. The destination is where the directory is exported to. There are three options, world, subnet, and clients.

    Client is the most secure option because only clients with specified host names or that belong to specified netgroups are allowed to mount the directory. If the client option is chosen two buttons appear add and remove. Clicking the add button allows you to type in the name of the client or netgroup that the filesystem should be exported to. The name of the client or netgroup must be in the NetInfo database.

    For more informaon on adding computers to NetInfo, please read:

    Article 60026: " Mac OS X Server: Using NetworkManager To Manage Computers In NetInfo. "

    The export to subnet option allows only a specified segment of the network to import these filesystems. For example, if 192.168.42.0 were entered into the subnet field then any computer on the 19.168.42.X subnet would be able to import the filesystem. Note : this is only true if the default subnet of 255.255.255.0 is still in place.

    The last option is export to world and allows any client to import the directory. This means that if the server is on the internet it is possible for a client that is also on the internet to import the directories. However, this is also the easiest to configure.

    The NFS Export Options

    The nobody user is a default system user that has limited access privileges. For the highest level of security it is best to select treat all users as nobody. This is to be sure that remote users do not have access to secure information. There are times when other users should be selected, but they are not discussed here.

    The other export options are listed in the following table:
    Read Only

    		Does not allow changes to be made to the remote filesystem.
    Export Entire Filesystem Allows any directory below the exported directory to be imported directly.
    Require Kerberos Authentication Use a Kerberos server for authentication (a Kerberos server must be installed).

    Note : Changes made with this program require the root password to the domain you are trying to configure. This may be only for the local domain (your computer) or it may be the root domain (the entire network). You should not try to change settings you do not have access to.

Document Information
Product Area: Mac OS System Software
Category: Mac OS X Server
Sub Category: General Topics

Copyright © 2000 Apple Computer, Inc. All rights reserved.