Thursday, 10 April 2014

Mounting NFS shares from a Linux server

Almost every Unix/Linux server, except IBM, has "portcheck" enabled, which means that an NFS client must use reserved ports when connecting to the server.  Fortunately this setting can be changed on the fly, and can also be made permanent. If you attempt to mount an NFS filesystem from a Linux server without portcheck, you will receive the following error:

# mount centos:/home/export /mnt
mount: 1831-008 giving up on:
vmount: Operation not permitted.

Once portcheck is activated, you can mount the filesystem:

# nfso -o nfs_use_reserved_ports=1
Setting nfs_use_reserved_ports to 1
# mount centos:/home/export /mnt
# df -g /mnt
Filesystem    GB blocks      Free %Used    Iused %Iused Mounted on
centos:/home/export    401.31    239.08   41%   115639     1% /mnt

Managing portcheck

To activate portcheck:
# nfso -o nfs_use_reserved_ports=1

To deactivate portcheck:
# nfso -o nfs_use_reserved_ports=0

To make the change permanent:
# nfso -p -o nfs_use_reserved_ports=1

If this setting does not survive a reboot, you can  manually edit the "/etc/tunables/nextboot" file as follows:

        nfs_use_reserved_ports = 1

# tuncheck -f /etc/tunables/nextboot

If interested in learning more about a tunable you can always use the "-h" option:

# nfso -h portcheck
Checks whether an NFS request originated from a privileged port.
        Default: 0
        Range: 0 - 1
        Type: Dynamic
        Unit: On/Off
Value of 0 disables the port-checking that is done by the NFS server. A value of 1 directs the NFS server to do port checking on the incoming NFS requests. This is a configuration decision with minimal performance consequences.

If nfs_use_reserved_ports=0 AIX server uses nonreserved IP port numbers above 1024 when the NFS client communicates with the NFS server.

If nfs_use_reserved_ports=1 AIX server uses nonreserved IP port numbers below 1024
when the NFS client communicates with the NFS server.