Ecommerce web host - insecure This flag reverses the effect of the
insecure This flag reverses the effect of the secure flag. ro This flag causes the NFS mount to be read-only. This flag is enabled by default. rw This option mounts file hierarchy read-write. root_squash This security feature denies the superusers on the specified hosts any special access rights by mapping requests from uid 0 on the client to the uid 65534 (that is, -2) on the server. This uid should be associated with the user nobody. no_root_squash Don’t map requests from uid 0. This option is on by default, so superusers have superuser access to your system’s exported directories. link_relative This option converts absolute symbolic links (where the link contents start with a slash) into relative links. This option makes sense only when a host’s entire filesystem is mounted; otherwise, some of the links might point to nowhere, or even worse, to files they were never meant to point to. This option is on by default. link_absolute This option leaves all symbolic links as they are (the normal behavior for Sun-supplied NFS servers). map_identity This option tells the server to assume that the client uses the same uids and gids as the server. This option is on by default. map_daemon This option tells the NFS server to assume that client and server do not share the same uid/gid space. rpc.nfsd then builds a list that maps IDs between client and server by querying the client’s rpc.ugidd daemon. map_static This option allows you to specify the name of a file that contains a static map of uids and gids. For example, map_static=/etc/nfs/vlight.map would specify the /etc/nfs/vlight.map file as a uid/gid map. The syntax of the map file is described in the exports(5) manual page. map_nis This option causes the NIS server to do the uid and gid mapping. anonuid and anongid These options allow you to specify the uid and gid of the anonymous account. This is useful if you have a volume exported for public mounts. Any error in parsing the exports file is reported to syslogd’s daemon facility at level notice whenever rpc.nfsdor rpc.mountd is started up. Note that hostnames are obtained from the client’s IP address by reverse mapping, so the resolver must be configured properly. If you use BIND and are very security conscious, you should enable spoof checking in your host.conf file. We discuss these topics in Chapter 6, Name Service and Resolver Configuration. Kernel-Based NFSv2 Server Support The user-space NFS server traditionally used in Linux works reliably but suffers performance problems when overworked. This is primarily because of the overhead the system call interface adds to its operation, and because it must compete for time with other, potentially less important, user-space processes.