NFS or Networked File System is a protocol used to share filesystems over a network. IRIX includes support for NFSv2 and NFSv3.
NFSv2 and NFSv3 have known security problems and exploits. It's highly advised to use a proper firewall and configuration.
NFS can be hosted from IRIX, BSD, Solaris/illumos, Linux or even some versions of macOS and still retain compatibility to IRIX. This page documents related issues with NFSv3/2 and the various quirks to get it working on each host OS.
The easiest hosts to get working with IRIX are, in no particular order:
- IRIX 6.5.22 or higher
- Windows 10 Pro or Enterprise
These hosts have a number of server and implementation issues with NFSv3, if there are tricks unheard of yet to getting them working please feel free to add tricks below:
- Linux: rpcbind in Linux is buggy, and the nfsd module usually gets interfered with by SELinux, systemd and other modern Linuxisms.
- macOS: The most recent versions do not appear to have proper NFSv3 support for hosting, though NFSv3 connections do appear to work.
FreeBSD supports NFSv3 for IRIX easily.
The following lines must be added to the /etc/rc.conf file:
mountd_flags="-r -p 735"
Now start the services:
# service rpcbind start; service nfsd start; service mountd reload
On ZFS, do not use /etc/exports. Instead, use:
zfs sharenfs="-network 10.0.0.0 -mask 255.255.255.0" tank/protected
This will share the tank/protected dataset on LAN addresses 10.0.0.0/24
Further examples will include PF firewall rules to ensure spoofed/hostile traffic cannot compromise NFS.
Thanks to Larbob/lbdm for this guide.
Install the NFS subsystem:
sudo apt install nfs-kernel-server
Make an NFS share directory:
sudo mkdir -p /srv/nfs
Set up /etc/exports with something like this:
Edit /etc/default/nfs-kernel-server's RPCMOUNTDOPTS section to add --no-nfs-version 4
sudo systemctl restart nfs-configsudo systemctl restart nfs-kernel-server
This will provide a setup to allow anyone with uid 0 to write as root. Please be careful if deciding this.
If you have a non pro or enterprise you won’t be able to enable NFS services.
From apps and services you must go to optional features then on the right will be more features. From here you can enable NFS
On the Irix side in /etc/exports add:
Back on windows: Steps below are showing how to mount an NFS share on Windows client.
1.) Install the NFS Client (Services for NFS) what can be enabled from Windows Control Panel:
Open Control Panel and search for "Turn Windows features on or off"
Check the option "Services for NFS," then click OK.
2.) On the ECS side, configure the NFS share. See the ECS Administration Guide for what can be downloaded from https://support.emc.com/products/37254_ECS-Appliance-/Documentation/.
3.) Enable Write Permissions for the Anonymous User:
With the default options, a user has read permissions when mounting an ECS NFS share using the anonymous user. We can give the anonymous user write permissions by changing the UID and GID that it uses to mount the share.
To change the UID and GID we must make a simple change to the Windows registry by performing the following steps:
Open regedit by typing it in the search box end pressing Enter.
Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default.
Create a new New DWORD (32-bit) Value inside the Default folder named AnonymousUid and assign the UID 0 (or another UID/GID if configured in ECS).
Create a new New DWORD (32-bit) Value inside the Default folder named AnonymousGid and assign the GID 0 (or another UID/GID if configured in ECS).
Restart the NFS client from Windows CMD line (nfsadmin client restart) or reboot the machine to apply the changes.
kA5f10000004F9xCAE_1_0 4.) Mount the NFS share on your windows CMD line:
C:\Users\bob>mount -o "nolock,sec=sys" x.x.x.x:/test-nfs-ns/test-nfs-bucket y:
Note: x.x.x.x = Public IP of ECS node
Example of completed command: mount -o “nolock,sec=sys” 192.168.x.x:/Desktop/mount y:y: is now successfully connected to 192.168.x.x:/Desktop/mount
Now just mount as a network drive in my computer.
Side note: these exact settings may work on mac and Linux but I have to test this on the clients I haven’t found an option for giving gid and uid sec=sys option is easily findable just need to find no lock as well. I am not sure yet how to do this on Linux but on another forum someone has successfully mounted multiple irix shares on Linux.