What is NFS?
The Network File System (NFS) is a network file system commonly used by UNIX systems and network-attached storage devices to allow multiple clients to share access to files over the network. It provides access to shared directories or files from client systems.
NFS server installation requires the nfs-utils package to be installed. It provides all necessary utilities to export a directory with NFS to clients. The configuration file for the NFS server exports is the /etc/exports file. The /etc/exports file lists the directory to share to client hosts over the network and indicates which hosts or networks have access to the export.
One or more clients can be listed, separated by a space, as a:
– DNS-resolvable host name, like server0.example.com in the following example, where the /myshare directory is exported and can be mounted by server0.example.com.
– DNS-resolvable host name with the wildcards * for multiple characters and/or ? for a single character. The following example allows all subdomains in the example.com domain to access the NFS export.
– DNS-resolvable host name with character class lists in square brackets. In this example, the hosts server0.example.com, server1.example.com, … , and server20.example.com have access to the NFS export.
– IPv4 address. The following example allows access to the /myshare NFS share from the 172.25.11.10 IP address.
– IPv4 network. This example shows an /etc/exports entry, which allows access to the NFSexported directory /myshare from the 172.25.0.0/16 network.
– IPv6 address without square brackets. The following example allows the client with IPv6 address 2000:472:18:b51:c32:a21 access to the NFS-exported directory /myshare.
– A directory can be exported to multiple hosts simultaneously by specifying multiple targets with their options, separated by spaces, following the directory to export.
/myshare *.example.com 172.25.0.0/16
Optionally, there can be one or more export options specified in round brackets as a comma-separated list, directly followed by each client’s definition. Commonly used export options are:
1. ro, read-only: the default setting when nothing is specified. It is allowed to explicitly specify it with an entry. Restricts the NFS clients to read files on the NFS share. Any write operation is prohibited. The following example explicitly states the ro flag for the server0.example.com host.
2. rw, read-write: allows read and write access for the NFS clients. In the following example, the desktop0.example.com is able to access the NFS export read-only, while server[0-20].example.com has read-write access to the NFS share.
/myshare desktop0.example.com(ro) server[0-20].example.com(rw)
3. no_root_squash: By default, root on an NFS client is treated as user nfsnobody by the NFS server. That is, if root attempts to access a file on a mounted export, the server will treat it as an access by user nfsnobody instead. This is a security measure that can be problematic in scenarios where the NFS export is used as / by a diskless client and root needs to be treated as root. To disable this protection, the server needs to add no_root_squash to the list of options set for the export in /etc/exports.
The following example allows the client diskless.example.com read-write and real root user access to the exported NFS directory /myshare.
Configuring an NFS export
In this example, please follow along with these steps while your instructor demonstrates how to share a directory IP-based with NFS. The directory /myshare is on serverX and will be mounted on the desktopX system.
1. Start the NFS service on serverX with the systemctl command.
[root@serverX ~]# systemctl start nfs-server
2. Enable the NFS service to start at boot on serverX.
[root@serverX ~]# systemctl enable nfs-server
3. Create the directory /myshare to share it with NFS on the serverX system.
[root@serverX ~]# mkdir /myshare
4. Export the /myshare directory on serverX to the desktopX client as a read- and write-enabled share. To do that, add the following line to the /etc/exports file on serverX:
5. After the changed /etc/exports file has been saved, apply the changes by executing exportfs -r.
[root@serverX ~]# exportfs -r
6. The NFS port 2049/TCP for nfsd must be open on the server. To configure firewalld to
enable access to the NFS exports immediately, run:
[root@serverX ~]# firewall-cmd --permanent --add-service=nfs
7. Reload the firewalld rules so the new rule gets applied.
[root@serverX ~]# firewall-cmd --reload
8. Use the newly created mount point /mnt/nfsexport on the desktopX system to mount the NFS-exported directory.
[root@desktopX ~]# mkdir /mnt/nfsexport
9. On the desktopX system, the share can now be mounted on the newly created mount point /mnt/nfsexport with the mount command.
[root@desktopX ~]# mount serverX:/myshare /mnt/nfsexport