Network File System or NFS is a distributed file system protocol that allows remote hosts to mount file systems over a network and perform file operations on them as though they are mounted locally. This is particularly useful when you want to share resources from one server over multiple clients or allow multiple clients to write to single storage space.
In this tutorial, you will learn how to install and configure the NFS Server and NFS Clients based on Rocky Linux 8. For this, we will set up a host or server to share files and a client to access the host files using an NFS mount.
- Two Rocky Linux 8 servers. Each of these should have a non-root user with sudo privileges.
- Both the host and the client should have a static IP address. You can even set up both over a Private network. For our tutorial, we will use host_ip to denote the Host’s IP address and client_ip to refer to the Client’s IP address.
Step 1 – Install NFS on The Host and Client
To install NFS packages, you need to install the
nfs-utils package. It provides a daemon for the NFS server and related tools.
Install the package.
$ sudo dnf install nfs-utils
Enable and Start the
nfs-server service. Remaining services necessary for NFS mounting and sharing such as
rpc.idmapd start automatically along with it.
$ sudo systemctl enable nfs-server --now
Verify the version of NFS installation.
$ sudo cat /proc/fs/nfsd/versions -2 3 4 4.1 4.2
NFS versions 3 and 4 are enabled by default, and version 2 is disabled. NFSv2 is pretty old and outdated, and hence you can see the -ve sign in front of it.
NFS stores its configurations in
/etc/nfs.conf files. The
/etc/nfsmount.conf is to configure NFS mounts while
/etc/nfs.conf is to configure the NFS daemon and associated tools. The default settings are enough for our tutorial, and no change is required.
On the client, install the
$ sudo dnf install nfs-utils nfs4-acl-tools
We will use two examples with different configuration settings – one with a general-purpose mount and one by sharing the host’s home directory.
NFS mounted directories are not a part of the Client. Therefore, NFS cannot perform tasks requiring superuser privileges on them. It means the client cannot change ownership, write on them as a root user, or perform high-level tasks. However, there are cases when a trusted user on the client needs to perform such tasks without requiring superuser access on the host. The NFS server can be configured to allow for this, but it comes at a risk where a client can access the host.
Working with a General Purpose Mount
For our first case, we will create a simple mount that uses default NFS behavior which means the client cannot perform any tasks requiring superuser privileges.
Create a share directory.
host:$ sudo mkdir /var/nfs/share -p
The host’s root user will own this directory since we used
sudo to create it.
host:$ ls -l /var/nfs total 0 drwxr-xr-x. 2 root root 6 Dec 13 07:30 share
NFS will translate all root operations on the client-side to the
nobody:nobody credentials for security reasons. Therefore, we need to match them on the host side.
host:$ sudo chown nobody:nobody /var/nfs/general
Working with the Home Directory
For our second case, we will make the home directory on the host available to the client. We don’t need to create it since it exists already. We don’t need to change any permissions as it would affect users on the host machine.
Step 3 – Configuring NFS Exports on the Host
Open the file
/etc/exports on the Host machine for editing.
host:$ sudo nano /etc/exports
Paste the following code in the file.
/var/nfs/share client_ip(rw,sync,no_subtree_check) /home client_ip(rw,sync,no_root_squash,no_subtree_check)
Each directory and its configuration need to be on a separate line. Replace the
client_ip value with the actual IP address of the client machine.
Let us go through all the options for NFS exports.
- rw – gives the client machine read and write access on the NFS volume.
- sync – this option forces NFS to write changes to the disk before replying. This option is considered more reliable. However, it also reduces the speed of file operations.
- no_subtree_check – this option prevents subtree checking, a process where the host must check whether the file is available along with permissions for every request. It can also cause issues when a file is renamed on the host while still open on the client. Disabling it improves the reliability of NFS.
- no_root_squash – By default, NFS translates requests from a root user on the client into a non-privileged user on the host. This option disables that behavior and should be used carefully to allow the client to gain access to the host.
Once finished, save the file by pressing Ctrl X and entering Y when prompted.
To export the shares, run the following command.
host:$ sudo exportfs -arv exporting client_ip:/home exporting client_ip:/var/nfs/share
- -a – this option causes all directories to be exported.
- -r – this option causes all directories to be exported by constructing a new list in the
/var/lib/nfs/etabdirectory. This option is used to refresh the export list with any changes made to the
- -v – enables verbose output.
To list all the exported directories, run the following command. It will show all the options, including the default ones that were not specified in the
host:$ sudo exportfs -s /var/nfs/share client_ip(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash) /home client_ip(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
Step 4 – Configuring Firewall on the Host
Rocky Linux uses Firewalld Firewall. Check the firewall’s status.
host:$ sudo firewall-cmd --state running
This indicates it is up and running successfully.
The firewall works with different zones, and the public zone is the default one that we will use. List all the services and ports active on the firewall.
host:$ sudo firewall-cmd --permanent --list-services
It should show the following output.
cockpit dhcpv6-client ssh
Next, we need to allow traffic to the necessary NFS services –
rpc-bind. We also need to allow access from the client IP. If your clients and host servers are in the same subnet, then you don’t need to add the client’s IP address.
host:$ sudo firewall-cmd --permanent --add-service=nfs host:$ sudo firewall-cmd --permanent --add-service=rpc-bind host:$ sudo firewall-cmd --permanent --add-service=mountd host:$ sudo firewall-cmd --permanent --add-source=client_IP
Reload the firewall to apply the changes.
host:$ sudo firewall-cmd --reload
Step 5 – Creating Mount points and Directories on the Client
Now that the NFS Server/Host is configured, the next step is to set up mount points and directories on the client. You can run the
showmount command on the client to check the list of exported file systems on the Host.
client:$ showmount -e host_ip Export list for host_ip: /home host_ip /var/nfs/share host_ip
Always create a new directory as mount points on the client or use an existing empty directory. If there is a file in a directory you mount, it will become hidden.
Create the Mount directories.
client:$ sudo mkdir -p /nfs/share client:$ sudo mkdir -p /nfs/home
Mount the shares using the IP address of the host.
client:$ sudo mount host_ip:/var/nfs/share /nfs/share client:$ sudo mount host_ip:/home /nfs/home
Verify that the mount was successful.
client:$ df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 370M 0 370M 0% /dev tmpfs 405M 0 405M 0% /dev/shm tmpfs 405M 16M 389M 4% /run tmpfs 405M 0 405M 0% /sys/fs/cgroup /dev/vda1 25G 2.4G 23G 10% / tmpfs 81M 0 81M 0% /run/user/1000 host_ip:/var/nfs/share 25G 2.4G 23G 10% /nfs/share host_ip:/home 25G 2.4G 23G 10% /nfs/home
Both the shares are mounted from the same file system. Hence they show the same disk usage.
You can also use the
mount command to verify.
client:$ mount | grep nfs rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) host_ip:/var/nfs/share on /nfs/share type nfs4 (rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=client_ip,local_lock=none,addr=host_ip) host_ip:/home on /nfs/home type nfs4 (rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=client_ip,local_lock=none,addr=host_ip)
Step 6 – Test NFS Access
Write a test file to
client:$ sudo touch /nfs/share/test.txt
Check its ownership.
client:$ ls -l /nfs/share/test.txt -rw-r--r--. 1 nobody nobody 0 Dec 13 08:08 /nfs/share/test.txt
Since we mounted this volume using default NFS settings and created the file on the client using
sudo, ownership on the file defaults to
nobody:nobody. Client superusers cannot perform any administrative tasks on the share.
Write a test file to
client:$ sudo touch /nfs/home/home.txt
Check its ownership.
client:$ ls -l /nfs/home/home.txt -rw-r--r--. 1 root root 0 Dec 13 08:09 /nfs/home/home.txt
Since we used the
no_root_squash option, it allowed the client’s root user to act as root on the share itself.
Step 7 – Make the Mount points permanent
NFS Shares by default are temporary and need to be mounted at boot. We can make them permanent by editing the
/etc/fstab file on the client.
Open the file
/etc/fstab for editing.
client:$ sudo nano /etc/fstab
Paste the following lines at the bottom of the file.
. . . host_ip:/var/nfs/share /nfs/share nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0 host_ip:/home /nfs/home nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0
You can find out more about the options listed above by running the following commands.
client:$ man nfs client:$ man mount
If you want to read them online, you can Google the phrase
man nfs and
man mount to learn more about these options.
If you no longer want the remote mounts on your system, you can unmount them by using the
umount command. Note that the command is called umount and not unmount which is a common mistake.
Move out of the shared mounts and Unmount them.
client:$ cd ~ client:$ sudo umount /nfs/share client:$ sudo umount /nfs/home
If you no longer need the shares mounted again on reboot, make sure you comment out the corresponding entries in the
/etc/fstab file by putting a
# sign in front of them.
In this tutorial, we learned how to create an NFS host server and mount directories using it, which we shared with an NFS client. If you are implementing it in a private network, then there should be no issue but if you are using it in production, then you should remember the protocol is not encrypted and you should implement some authentication to protect your data.
If you have any questions, post them in the comments below.