NFS
Introduction
The file system is used to access file systems over a network as if they were local.
Standard ports used by NFS server:
2049 - NFSv4
111 - NFSv2, NFSv3 older versions(SUN RPC - underlying protocol used by NFS older versions)
Config
/etc/exports file contains a table of physical filesystems on an NFS server accessible by the clients. It also specifies the ACL for each shared file system.
cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
| Option | Description |
|---|---|
| rw | Read and write permissions. |
| ro | Read only permissions. |
| sync | Synchronous data transfer. (A bit slower) |
| async | Asynchronous data transfer. (A bit faster) |
| secure | Ports above 1024 will not be used. |
| insecure | Ports above 1024 will be used. |
| no_subtree_check | This option disables the checking of subdirectory trees. |
| root_squash | Assigns all permissions to files of root UID/GID 0 to the UID/GID of anonymous, which prevents root from accessing files on an NFS mount. no_root_squash should not be configured. |
| nohide | If another file system was mounted below an exported directory, this directory is exported by its own exports entry. |
Restart NFS server afer config changes
systemctl restart nfs-kernel-server
exportfs # shows all the exported nfs shares(from `/etc/exports` file)
showmount -e 10.129.14.128 # show NFS shares along with the hosts that have been mounted by the clients
nmap with nfs scripts
nfs scripts can be specified to get more information about the available NFS shares, their permissions and contents:
sudo nmap **--script nfs*** 10.129.14.128 -sV -p111,2049
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-19 17:37 CEST
Nmap scan report for 10.129.14.128
Host is up (0.00021s latency).
PORT STATE SERVICE VERSION
111/tcp open rpcbind 2-4 (RPC #100000)
| **nfs-ls: Volume /mnt/nfs**
| access: Read Lookup NoModify NoExtend NoDelete NoExecute
| PERMISSION UID GID SIZE TIME FILENAME
| rwxrwxrwx 65534 65534 4096 2021-09-19T15:28:17 .
| ?????????? ? ? ? ? ..
| rw-r--r-- 0 0 1872 2021-09-19T15:27:42 id_rsa
| rw-r--r-- 0 0 348 2021-09-19T15:28:17 id_rsa.pub
| rw-r--r-- 0 0 0 2021-09-19T15:22:30 nfs.share
|_
| **nfs-showmount**:
|_ /mnt/nfs 10.129.14.0/24
| **nfs-statfs:**
| Filesystem 1K-blocks Used Available Use% Maxfilesize Maxlink
|_ /mnt/nfs 30313412.0 8074868.0 20675664.0 29% 16.0T 32000
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
| 100000 2,3,4 111/udp rpcbind
| 100000 3,4 111/tcp6 rpcbind
| 100000 3,4 111/udp6 rpcbind
| 100003 3 2049/udp nfs
| 100003 3 2049/udp6 nfs
| 100003 3,4 2049/tcp nfs
| 100003 3,4 2049/tcp6 nfs
| 100005 1,2,3 41982/udp6 mountd
| 100005 1,2,3 45837/tcp mountd
| 100005 1,2,3 47217/tcp6 mountd
| 100005 1,2,3 58830/udp mountd
| 100021 1,3,4 39542/udp nlockmgr
| 100021 1,3,4 44629/tcp nlockmgr
| 100021 1,3,4 45273/tcp6 nlockmgr
| 100021 1,3,4 47524/udp6 nlockmgr
| 100227 3 2049/tcp nfs_acl
| 100227 3 2049/tcp6 nfs_acl
| 100227 3 2049/udp nfs_acl
|_ 100227 3 2049/udp6 nfs_acl
2049/tcp open nfs_acl 3 (RPC #100227)
MAC Address: 00:00:00:00:00:00 (VMware)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds
Mount/Unmount NFS share on the client
# mount -t nfs {source-nfs} {target-local}
sudo mount -t nfs 10.129.14.128:/ ./target-NFS/ -o nolock
sudo umount ./target-NFS