Network File System (NFS) is a distributed file system protocol for sharing files and folders. NFS is based on the Remote Procedure Protocol (ONC RPC). NFS allows to mount remote file systems over the network. Remember that by default data are not encrypted when using NFS, and clients are not authenticated (access can be limited by IP).
NFS is easy to configure both on the server and client-side. In this article, we’ll show how to install and configure an NFS server, and then we will connect an NFS share on a client. This article is based on RPM-based Linux distributions (CentOS, RHEL, Fedora, etc.).
How to Install and Configure an NFS Server on Linux CentOS
By default, nfs is already installed in CentOS with the Standard package. If you have removed NFS components or used the Minimal Install mode for your server, you can install the NFS package using yum (or dnf) package manager:
In CentOS 8:
# dnf install nfs-utils -y
I had the package installed:
cat /proc/fs/nfsd/versions
After you have installed all packages you need, start nfs-server and rpcbind services, and add them to startup:
# systemctl enable rpcbind
# systemctl enable nfs-server
# systemctl start rpcbind
# systemctl start nfs-server
If you are using firewalld on your Linux host, open the following ports:
# firewall-cmd --permanent --add-port=111/tcp
# firewall-cmd --permanent --add-port=20048/tcp
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --zone=public --add-service=nfs
# firewall-cmd --permanent --zone=public --add-service=mountd
# firewall-cmd --permanent --zone=public --add-service=rpc-bind
# firewall-cmd --reload
# iptables -t filter -A INPUT -p tcp --dport 111 -j ACCEPT
# iptables -t filter -A INPUT -p tcp --dport 2049 -j ACCEPT
# iptables -t filter -A INPUT -p tcp --dport 20048 -j ACCEPT
# service iptables save
# service iptables restart
Then create a directory your NFS server will share:
# mkdir -p /backup/nfs
# chmod -R 777 /backup/nfs
Publish the NFS share and assign access permissions in the configuration file containing the NFS server settings (/etc/exports).
# nano /etc/exports
Add the following line to the config to grant NFS access to all hosts in the specified IP subnet:
/backup/nfs 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash)
Or you can limit access to a single IP address only:
/backup/nfs 192.168.2.24(rw,sync,no_root_squash,no_all_squash, anonuid=1000,anongid=1000) 192.168.3.100 (ro,async,no_subtree_check)
Let’s see what parameters are used to grant privileges on the NFS directory:
- rw – grant write permissions, ro – provides read-only access
- sync – synchronous access mode, async means that you don’t need to wait for confirmation of writing on the disk (it improves NFS performance, but reduces reliability)
- no_root_squash – allows the root user to get access to the NFS directory from a client (usually not recommended)
- no_all_squash – enables user authentication, all_squash – allows accessing NFS share under an anonymous user
- no_subtree_check – disables a check that a user accessed a file in the directory (subtree_check is used by default)
- anonuid, anongid – map NFS user/group to the specified local user/group (UID or GID)
To apply new NFS share settings, run the following command:
# exportfs -a
And restart the NFS server:
# systemctl restart nfs-server
Thus, we have finished the configuration of our NFS server and may proceed with a client configuration.
Configuring NFS Client on CentOS
To configure an NFS client, you must also install the nfs-utils package.
# yum install nfs-utils -y
Add services to startup and start them:
# systemctl enable rpcbind
# systemctl enable nfs-server
# systemctl start rpcbind
# systemctl start nfs-server
Then create a directory on a client the NFS directory will be mounted to:
# mkdir /backup
Then you can mount the remote NFS share using this command:
# mount -t nfs 192.168.0.100:/backup/nfs/ /backup
You can force the version of the NFS protocol to be used:
# mount -t nfs -o vers=4 192.168.0.100:/backup/nfs/ /backup
where IP is the address of the NFS server you have configured earlier.
Then the connected NFS shares will be displayed in the list of mounted drives. You can read data in the directory or write to it (depending on the permissions assigned to your IP address on the NFS server). To automatically mount the NFS directory on reboot, you need to open the fstab file:
# nano /etc/fstab
And add the following line to it:
192.168.0.100:/backup/nfs/ /backup/ nfs rw,sync,hard,intr 0 0
After saving fstab, you can apply it with this command:
# mount -a
So we have configured and connected a remote NFS storage, which can be used for transparent network access to a shared resource from different hosts. You can place backups, ISO image files, etc. in your NFS directory.