Setting up the file server is one of my main purposes of setting up a centralized server to begin with. Benefits:
- The Network File Server (NFS) system lets you access all of your files no matter where you log on. I can access Hannah’s documents and we both access and modify shared family documents no matter which computer we log on to–similar to “roaming profiles” in Windows.
- There’s less overhead because there’s only one encrypted filesystem where we keep and backup our data. Since our lives are becoming more and more embedded in our data, I want that data to be as secure as possible. Backup only has to run on one computer, the server. The clients can be reinstalled transparently in a couple of hours without any loss of data or settings. Case in point, Hannah’s hard drive failed a week after the server was set up and I had her up and running with a fresh install before she knew it and she didn’t notice any changes. Of course, the story’s a little longer when the server drive crashes, but that’s what backups are for.
- It also eliminates some redundancy because I don’t need my own folder of music (and other shared interests) on my desktop anymore; we can both access files from one centralized resource.
- Plus, we don’t need very large disk drives on our desktop “thin clients” since they only need to run an operating system, a cheap 40 Gb max.
However, I’ve also noticed a few cons:
- Applications usually stay with the computer they were installed on, even though the application menu follows the user. So I installed some applications on my computer. When I log into Hannah’s computer, I can’t run that application, even though it’s in the menu; I can only run it from my computer.
- Some applications, such as firefox and thunderbird, lock their profiles so that they can only be run at one place at one time. There are also a few sharing issues with our encrypted password safe, keepassx; we sometimes have it open at the same time and it complains a lot about being opened read-only.
- Since my computer is faster than Hannah’s, I turned on some extra graphical effects. When I log in to her machine, it has a hard time keeping up.
Permissions
But before we turn full control over to the server’s new /home directory, the permissions have to be tweaked a bit. Here is a nice permissions primer. And here is another. And here is a more specific and technical post on these concepts. I want a family group where everybody in that group can access everybody else’s files. So first, on the server, create the family group:
$ sudo addgroup family
Then put all the folders and files in the /home directory in the family group and give anyone in the family group write permissions:
$ sudo chgrp -R family /home $ sudo chmod -R g+w /home
The -R (recursive) flag makes the changes propogate through all subfolders and files.
Also, make sure the primary group of relevant users on the desktops is set to family.
Make new files and folders inherit the same permissions.
Setting the setgid permission on a directory (chmod g+s) causes new files and subdirectories created within it to inherit its groupID, rather than the primary groupID of the user who created the file (the ownerID is never affected, only the groupID). Newly created subdirectories inherit the setgid bit.
$ sudo chmod g+s /home
Note that setting the setgid permission on a directory only affects the groupID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities. Setting the setgid bit on existing subdirectories must be done manually, with a command such as the following:
$ sudo find /home -type d -exec chmod g+s '{}' \;
Finally, set the default umask on the client machines to allow default group access to the system in /etc/profile (reboot required)–or, alternatively, override the system settings per user by creating ~/.bash_profile and adding the following line (logout/login required). Change the last line to:
umask 0002
Now when you log in again, you can create a new file in the /home directory and it will belong to the family group and have full permissions by anybody in the family group:
-rw-rw-r-- 1 josh family 0 2009-11-13 20:36 test.txt
NFS
There is a good tutorial here on how to set up NFS on Ubuntu. Here’s the jist of it. On the server:
$ sudo apt-get install nfs-kernel-server nfs-common portmap
The file /etc/exports controls which folders are “exported” and how. Add this line to /etc/exports:
/home 10.0.0.1/24(rw,insecure,no_root_squash,no_subtree_check,async)
The restart NFS:
$ sudo /etc/init.d/nfs-kernel-server restart
Now on the client desktop, install the nfs client, create your mount point and manually (and temporarily) mount your new /home (I called it /home2):
$ sudo apt-get install portmap nfs-common $ sudo mkdir /home2 $ sudo mount homeserver:/home/josh /home2
Now you can copy all files from the desktop /home/user directory to the server’s /home/user folder. Don’t forget to copy hidden files and folders!, except for maybe .bashrc, .profile, .Xaurhority.
Make it permanent
To make the home folder transition permanent by mounting to the server’s home at boot time:
$ sudo nano /etc/fstab
Which now looks something like this:
# /etc/fstab: static file system information. # # Use 'vol_id --uuid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # / was on /dev/sda2 during installation UUID=edbf2ea0-418d-47c0-bb3f-e699500de391 / ext3 relatime,errors=remount-ro 0 1 # /boot was on /dev/sda1 during installation UUID=175ca58f-97bf-4090-a588-eb2b83efe6a6 /boot ext3 relatime 0 2 # /home was on /dev/sdc1 during installation UUID=62f56675-e9f9-4e94-9ba0-06be7a252d61 /home2 ext3 relatime 0 2 # Remote NFS home homeserver:/home /home nfs rsize=8192,wsize=8192,timeo=14,hard,intr,async,nodev,nosuid 0 0 # swap was on /dev/sda3 during installation UUID=7c5529c3-4b70-4b31-b9a1-f1f84044af54 none swap sw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0 /dev/sdb1 /backup ext3 defaults 0 2
Reboot and cross your fingers.
Here are some links to good info:
