Learning NFS through server and client configuration
I have used NFS in a limited capacity for years. I was familiar with the concept and had been accessing NFS shares, however, I had never actually configured one. Chances are, I am not alone in this. I thought I would learn how to set it all up and even bring you all along with me. Let’s get started on the beginner’s guide to learning NFS.
What is NFS?
Network File System (NFS), is a distributed file system that allows various remote systems to access a file share. We all know that files should be stored on a central server for security and ease of backup. NFS provides us with a file sharing service that is easily managed and controls client access to resources.
What is needed?
Before we can begin, we need to nail down a few prerequisites. First up, we need two different systems that are capable of talking to each other via the network. Since NFS uses a server to client(s) relationship, we will use the following:
You can use the ping command to confirm communications between the two systems. I have these two machines on a NAT network and have tested the connections both ways.
After that, let’s ensure that both of our systems are up to date. As these systems are RHEL 8.2 and Fedora 32, we will use the following command on both the server and client:
[root@rhel tcarrigan]# sudo yum -y update
And finally, we need to install the nfs-utils package to both our systems.
[root@rhel tcarrigan]# sudo yum -y install nfs-utils (must do on both servers) Updating Subscription Management repositories. Last metadata expiration check: 0:55:54 ago on Wed 24 Jun 2020 11:53:45 AM EDT. Package nfs-utils-1:2.3.3-31.el8.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete!
*Note: the package is already installed in the above example.
Now, let’s jump into configuring the server.
Configure the server
Step 1: Start and enable the newly-installed nfs-utils service.
[tcarrigan@rhel ~]$ sudo systemctl start nfs-server.service [tcarrigan@rhel ~]$ sudo systemctl enable nfs-server.service
Step 2: Confirm the nfs-server service is up and running.
[tcarrigan@rhel ~]$ sudo systemctl status nfs-server.service ● nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabl> Active: active (exited) since Wed 2020-06-24 12:50:23 EDT; 18min > Main PID: 61026 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 50657) Memory: 0B CGroup: /system.slice/nfs-server.service Jun 24 12:50:23 server.example.com systemd[1]: Starting NFS server a> Jun 24 12:50:23 server.example.com systemd[1]: Started NFS server an> lines 1-10/10 (END)
Step 3: Verify the NFS version (you can see this information in column two).
[tcarrigan@rhel ~]$ rpcinfo -p | grep nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl
*Note that you can find the NFS daemon configuration files at /etc/nfs.conf . You can also find the config file for the mount at /etc/nfsmount.conf .
The NFS service is now up and running on your server. Next, let’s create an NFS share.
Create and export the share
First, we need to designate a folder for sharing. Since one doesn’t already exist on my system, I will create a directory to share.
[tcarrigan@rhel ~]$ sudo mkdir -p /test/nfs_share/docs
Now, I learned from some trial and error and then well-written resources that you can avoid a lot of headache by changing the permissions and ownership to match the following:
[tcarrigan@rhel ~]$ sudo chown -R nobody: /test/nfs_share/docs/ [tcarrigan@rhel ~]$ sudo chmod -R 777 /test/nfs_share/docs/
*Note: you may not be able to do this in a production environment due to security considerations. Be sure that you know what you are doing before you remove all restrictions from a file or directory.
Next, we need to create an /etc/exports file.
[root@server docs]# vi /etc/exports
Make the following entry in the new file:
/test/nfs_share 172.25.1.0/24(rw,sync,no_all_squash,root_squash)
To better understand the parameters used here, let’s break them down one by one.
- rw — Allows us to read and write to the NFS share.
- sync — Requires writing of changes to the disk before any other operations are completed.
- no_all_squash — Maps all UIDs and GIDs from the client request to the identical UIDs and GIDs on the NFS server.
- root_squash — Maps requests from the client-side root user to an anonymous UID/GID.
Now that we have created the share, let’s export it to the client(s).
[root@server docs]# exportfs -rav exporting 172.25.1.0/24:/test/nfs_share
Notice that I mapped the entire subnet here. You can include only a single IP or hostname here if you prefer.
Modify the firewall
We installed the server, and then created and exported the share. Next, we configure a tunnel through the firewall. We will be adding rules for nfs , rpc-bind , and mountd . Don’t forget to reload the firewall config when completed.
[root@server]# firewall-cmd --permanent --add-service=nfs success [root@server]# firewall-cmd --permanent --add-service=rpc-bind success [root@server]# firewall-cmd --permanent --add-service=mountd success [root@server]# firewall-cmd --reload success
With the server-side completed, we can now focus our attention on the client machine.
Configure the client
*Note: all future steps are carried out on the client machine.
Since we already updated our system and installed the nfs-utils package, this should be pretty straightforward.
We start by creating an entry in /etc/hosts for the NFS server. It should look similar to this:
[root@client]# cat /etc/hosts 127.0.0.1 localhost ::1 localhost 172.25.1.5 localhost
Now, let’s see if anything is shared from the NFS server. If you followed along in the earlier sections, you should see /test/nfs_share/docs as a shared directory.
[root@client ~]# showmount --exports nfs-server Export list for nfs-server: /test/nfs_share/docs 172.25.1.0/24
Next, create a directory on the client machine to mount the remote share.
[tcarrigan@client ~]$ sudo mkdir p /test/client_share
Now that we have created a mount directory, let’s mount the share.
[tcarrigan@client ~]$ sudo mount -t nfs 172.25.1.5:/test/nfs_share/docs /home/tcarrigan/test/client_share
Run the following command to verify the share:
[tcarrigan@client ~]$ sudo mount | grep -i nfs
Finally, to ensure that the mount is persistent across reboots, add the following line to the /etc/fstab file:
172.25.0.5:/test/nfs_share/docs /home/tcarrigan/test/client_share nfs defaults 0 0
Proof of concept
As a culmination of our efforts, let’s test the configured share. Create a file on the server in /test/nfs_share/docs named test_doc .
[tcarrigan@server docs]$ ls -lrt total 4 -rw-r--r--. 1 root root 39 Jun 25 16:21 test_doc
Let’s see if our test_doc is exported to our client machine via NFS.
[tcarrigan@client ~]$ cd test/client_share/ [tcarrigan@client client_share]$ ls docs [tcarrigan@client client_share]$ ls docs/ test_doc [tcarrigan@client client_share]$
Here we see the test_doc exists on the NFS Server.
To test in the other direction, I create a file on the client named client-test-doc .
[tcarrigan@client docs]$ vi client-test-doc
Let’s jump over to the server and see if we can view the newly created file.
[tcarrigan@server docs]$ ls -lrt total 8 -rw-r--r--. 1 root root 39 Jun 25 16:21 test_doc -rw-rw-r--. 1 tcarrigan tcarrigan 5 Jul 6 13:25 client-test-doc
We can see both the original file test_doc as well as the newly-created file client-test-doc .
Congratulations on setting up a functioning NFS server/client pair.