linux tux

What is an NFS share?

An NFS share is literally a Network File System, developed by Sun Microsystems (now owned by Oracle – https://www.oracle.com/sun/ ) and rapidly became a great standard for the model of a centralized filesystem shared across networks, so that users could have their files available as long as they were connected to a local network or remote, mainly via VPN.

The basic concept behind it is the following one: you take a server, possibily redundant and backed up, installing on it the necessary packages to manage NFS sharing and securing, then you just create a list of paths that you want to export and let them available for other users to mount it from wherever they are.

Advantages of implementing NFS shares

  • You are not bound to a particular OS
  • NFS allows a centralized file sharing
  • NFS allows securing via KRB (Kerberos) or ACLs
  • Your files become available wherever you are
  • Basic and simple client-server architecture, no strings attached!

Let’s see together how to install required packages and perform a minimal configuration of an NFS share!

Prerequisites

First of all, let’s see what we are talking about. NFS service (nfs) comes as a stardard systemd service, so there’s no particular setup around it, your package manager will just download the package and install it as a service.

Let’s see what are the required packages to install on both the client and server.

Installing the required packages

On Fedora/CentOS/RHEL

We are going to install the following packages to enable NFS capabilities on a RHEL/Fedora/CentOS system

Copy to Clipboard

On Debian/Ubuntu

We are going to install the following packages to enable NFS capabilities on a Debian/Ubuntu system

Copy to Clipboard

Starting NFS service

Once the packages are installed, it is time to start the service, to see if everything went smooth! Since NFS requires rpcbind service to work ( see more here ), we need to enable it too along with client and server components of nfs.

Since we said it is a systemd service, all we have to do is just invoke it via the command line.

On the server:

If everything goes smooth, you can assure that the service started:

Enabling firewall ports

Both RPCBind and NFS require some particular ports to be open in order to work correctly.

The ports are

  • rquotd(875/udp; 875/tcp)
  • lockd(32803/tcp; 32769/udp)
  • mountd(892/udp; 892/tcp)
  • statd(10053/udp; 10053/tcp)
  • statd_outgoing(10054/udp; 10054/tcp)
  • rpcbind(111/tcp; 111/udp)
  • nfsd(2049/tcp; 2049/udp)

If you are using firewalld you can just:

If you are on iptables, this should do the trick:

Configure NFS mounts in linux

Aside from particular and more complex configurations, the core part of the configuration is deciding which paths you want to export to make clients able to mount them.

The basic configuration is made by editing /etc/exports file.

The syntax of the file is very basic and easy to understand, each line is composed by:

In detail we got:

  • /path/to/export/ –> It represents the path to be exported, no more, no less
  • <host/IP/*> –> This part is responsible of restricting access to the shared mount to a particular IP, hostname, or allowing universal mount with the wildcard *
  • <options>–> Literally every option that you want your mount to get once it is mounted. Below you can find a short list.
  1. ro: Read-only access to share for the clients
  2. rw: Clients can both read and write to the share
  3. sync: Changes on the share become effective only after that requests are fully committed
  4. no_root_squash: This gives root the chance to enter the directory. (Security flaw if not under control!)

A sample file is the following one:

To enable changes, just restart the service:

Copy to Clipboard

And check that everything is ok, using the command showmounts -e :

Let’s switch on the client!

When you put yourself on the client side, you could not be aware of particular settings made on the server, so you just try to discover if the mount you need has been exported.

After installing nfs-tools as mentioned above, you could just discover exported mounts by using the showmount command with the hostname/IP of the server:

Now that we know the exported folder on the server, we can just go on and mount it.

Let’s create the mountpoint:

And then just mount it!

To check that we did all right, just try to touch a test file in the shared folder, /share, and then list the files present in the mounted directory /mnt/nfs

Congratulations! You just learned how to create and configure a shared NFS mount in linux!

If you liked the article, just share it with your friends and colleagues!