🖊️ Author: Nairuz Abulhul

🌐 Blog: R3dbuck3t

Table of Contents

NFS Overview

**NFS purpose is to access file systems over a network as if they were local.

It is used between Linux and Unix systems.

The NFS protocol has no mechanism for authentication or authorization.

The authentication is completely shifted to the RPC protocol's options. The authorization is taken from the available information of the file system where the server is responsible for translating the user information supplied by the client to that of the file system and converting the corresponding authorization information as correctly as possible into the syntax required by UNIX.**
Version Features
NFSv2 It is older but is supported by many systems and was initially operated entirely over UDP.
NFSv3 It has more features, including variable file size and better error reporting, but is not fully compatible with NFSv2 clients.
NFSv4 It includes Kerberos, works through firewalls and on the Internet, no longer requires portmappers, supports ACLs, applies state-based operations, and provides performance improvements and high security. It is also the first version to have a stateful protocol.

Common Ports

Default Configuration

The /etc/exports file contains a table of physical filesystems on an NFS server accessible by the clients.

zink0x001@htb[/htb]$ cat /etc/exports 

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
Option Description
rw Read and write permissions.
ro Read only permissions.
sync Synchronous data transfer. (A bit slower)
async Asynchronous data transfer. (A bit faster)
secure Ports above 1024 will not be used.
insecure Ports above 1024 will be used.
no_subtree_check This option disables the checking of subdirectory trees.
root_squash Assigns all permissions to files of root UID/GID 0 to the UID/GID of anonymous, which prevents root from accessing files on an NFS mount.

Setting up NFS Share

Create a directory in the mount directory (mnt) which you want to expose internally on the network. In the example below, it is nfs share with the security options above in the table.

Then add the path to the directory to the export configuration file

root@nfs:~# echo '/mnt/nfs  10.129.14.0/24(sync,no_subtree_check)' >> /etc/exports

Restart the NFS server