WebNFS Administration Tasks
This section provides instructions for administering the WebNFS system. Related tasks follow.
Table 5-4 Task Map for WebNFS Administration
Planning for WebNFS Access
To use WebNFS, you first need an application that is capable of
running and loading an NFS URL (for example, nfs://server/path). The next step is to
choose the file system that can be exported for WebNFS access. If the
application is web browsing, often the document root for the web server is
used. You need to consider several factors when choosing a file system to
export for WebNFS access.
Each server has one public file handle that by default is associated with the server's root file system. The path in an NFS URL is evaluated relative to the directory with which the public file handle is associated. If the path leads to a file or directory within an exported file system, the server provides access. You can use the public option of the share command to associate the public file handle with a specific exported directory. Using this option allows URLs to be relative to the shared file system rather than to the server's root file system. The root file system does not allow web access unless the root file system is shared.
The WebNFS environment enables users who already have mount privileges to access files through a browser. This capability is enabled regardless of whether the file system is exported by using the public option. Because users already have access to these files through the NFS setup, this access should not create any additional security risk. You only need to share a file system by using the public option if users who cannot mount the file system need to use WebNFS access.
File systems that are already open to the public make good candidates for using the public option. Some examples are the top directory in an ftp archive or the main URL directory for a web site.
You can use the index option with the share command to force the loading of an HTML file. Otherwise, you can list the directory when an NFS URL is accessed.
After a file system is chosen, review the files and set access permissions to restrict viewing of files or directories, as needed. Establish the permissions, as appropriate, for any NFS file system that is being shared. For many sites, 755 permissions for directories and 644 permissions for files provide the correct level of access.
You need to consider additional factors if both NFS and HTTP URLs are to be used to access one web site. These factors are described in WebNFS Limitations With Web Browser Use.
How to Browse Using an NFS URL
Browsers that are capable of supporting the WebNFS service should provide access to
an NFS URL that resembles the following:
nfs://server<:port>/path
- server
Name of the file server
- port
Port number to use (2049, default value)
- path
Path to file, which can be relative to the public file handle or to the root file system
Note - In most browsers, the URL service type (for example, nfs or http)
is remembered from one transaction to the next. The exception occurs when a
URL that includes a different service type is loaded. After you use an
NFS URL, a reference to an HTTP URL might be loaded. If
such a reference is loaded, subsequent pages are loaded by using the HTTP
protocol instead of the NFS protocol.
How to Enable WebNFS Access Through a Firewall
You can enable WebNFS access for clients that are not part of the
local subnet by configuring the firewall to allow a TCP connection on port
2049. Just allowing access for httpd does not allow NFS URLs to be
used.