Linux NFS File Server

The Network File System (NFS) is a client/server application that lets a computer user view and optionally store and update files on a remote computer as though they were on the user’s own computer. The NFS protocol is one of several distributed file system standards for network-attached storage (NAS).

Let’s run NFS server on CentOS 7.3

01. Installing NFS :

You must install this package on both server and clients.

yum -y install nfs-utils
02. Run the NFS services :
systemctl start nfs-server.service
systemctl enable nfs-server.service
systemctl status nfs-server.service
03. Open Firewall Port for NFS :

NFSv4 ( the latest and most secure version of NFS protocol , now it is the default on Red Hat , CentOS , … ) listen on TCP port number 2049 .

firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
04. NFS shares :

To share a folder using NFS protocol , use either :

Edit /etc/exports and append your share lines.
Create a file with .exports extension on /etc/exports.d/ and add your share lines.

SELinux fcontext type for shared directories may be default_t OR nfs_t .

The configuration syntax is :

export host(options)

OR many different hosts with different options

export host(options) host2( options ) subnet( options )

export : the shared folder path
host/subnet : the client IP , IP subnet , client DNS Name , domain name.
options : if not specified , it is read-only (ro) by default.
ro = read-only permissions
rw = read and write permissions
root_squash = root user will be treated as nfsnobody user and not root if used on client to mount the NFS share and it is the default for security reasons.
no_root_squash = if any root user on client mounted the shared path , it will be as the system root and have all privileges on the shared path.
sync = the NFS server will not reply to requests before changes made by previous requests are written to disk. To enable asynchronous writes instead, specify the option async .

Thats is some of most important options.

05. Examples :

Create a folder named share ,
make sure SELinux fcontext type is default_t ,
change permissions for Others ,
create NFS configuration to share it for all as read-only :
/share  *(ro)
* means share for any host or to the world ,
reload exportfs using command exportfs -r ,
show current shared nfs using command exportfs .


[root@server01 ~]# mkdir /share
[root@server01 ~]# ls -ldZ /share/
d------rwx. root root unconfined_u:object_r:default_t:s0 /share/
[root@server01 ~]# chmod o+rwx /share/
[root@server01 ~]# vim /etc/exports.d/share.exports 
    /share  *(ro)
[root@server01 ~]# exportfs -r
[root@server01 ~]# exportfs
/share            <world>
[root@server01 ~]#


Create another folder named share2 , all the same except using option read and write (rw) and allow share for only specific IP and edit /etc/exports directly.

[root@server01 ~]# mkdir /share2
[root@server01 ~]# ls -ldZ /share2/
d------rwx. root root unconfined_u:object_r:default_t:s0 /share/
[root@server01 ~]# chmod o+rwx /share2/
[root@server01 ~]# vim /etc/exports 
[root@server01 ~]# exportfs -r
[root@server01 ~]# exportfs
/share            <world>
[root@server01 ~]#

As you NFS shares are listed correctly .
Let’s mount it from a client

06. Client Mount NFS :

As we mentioned before, nfs-utils package must be installed on clients to enable mounting nfs type shares.
Mount is a simple mount command , we can use server IP or DNS Name if we configured DNS or edited /etc/hosts on client.

mount  IP_or_name:/path_to_shared  /local/mount/path

To mount what we shared on server above to client with IP of , we create to directories to mount on , use nfsstat -l to list current nfs status and version.

[root@server02 ~]# mkdir /mnt/share
[root@server02 ~]# mkdir /mnt/share2
[root@server02 ~]# mount /mnt/share
[root@server02 ~]# mount /mnt/share2/
[root@server02 ~]# nfsstat -l
nfs v4 client        total:      315 
------------- ------------- --------
nfs v4 client         open:        7 
nfs v4 client    open_conf:        4 
nfs v4 client        close:        4 
nfs v4 client      setattr:        4 
nfs v4 client       fsinfo:       30 
nfs v4 client        renew:       74 
nfs v4 client    setclntid:       16 
nfs v4 client      confirm:       16 
nfs v4 client       access:       20 
nfs v4 client      getattr:       34 
nfs v4 client       lookup:       23 
nfs v4 client  lookup_root:       10 
nfs v4 client     pathconf:       20 
nfs v4 client      readdir:        3 
nfs v4 client  server_caps:       50 

[root@server02 ~]# nfsstat -l3
[root@server02 ~]#

As you noticed , nfsstat -l shows it used NFS version 4 by default , if we test versions 3 using -l3 options , it shows nothing.

Now test read and write capabilities .

[root@server02 ~]# touch /mnt/share/testfile
touch: cannot touch ‘/mnt/share/testfile’: Read-only file system
[root@server02 ~]# touch /mnt/share2/testfile
[root@server02 ~]# ls /mnt/share2/
[root@server02 ~]#

Nice , we can’t write to /share/ because it is mounted as read-only , but we can write to /share2/ as it is mounted as read and write.

What is /share/ path is mounted as read and write , and we allowed root user to be treated as root on the shared folder using option ( no_root_squash ), let’s see that .

[root@server01 ~]# vim /etc/exports.d/share.exports 
   /share  *(rw,no_root_squash)
[root@server01 ~]# exportfs -r
[root@server01 ~]# exportfs 
/share            <world>
[root@server01 ~]#

then on client,
*If faced a problem try to unmount and remount that shared path.

[root@server02 ~]# touch /mnt/share/testfile
[root@server02 ~]# ls -la /mnt/share/
total 0
-rw-r--r--. 1 nfsnobody nfsnobody  0 May  3 08:09 test
-rw-r--r--. 1 root      root       0 May  3 09:53 testfile

Did you notice?
test file we create before while default root_squash was used, it is created with owner nfsnobody .
testfile we created after enable no_root_squash option, it is created as the owner or creator is the root.

That was simple NFS file server , i hope it was easy , thanks for joining me.
Enjoy !.





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s