How to Install and Configure an NFS Server on CentOS 8

NFS, or Network File System is popular file system protocol. It enables client system to access files over the network. NFS is a client-and-server file system(FS). In this article, you will learn how to install and configure the NFS server on CentOS 8 Linux distributions.

By default NFS protocol is not encrypted and it does not provide user authentication. Clients’ IP addresses or hostnames are restricted to access the server.

Prerequisites#

• A server running CentOS 8 OS
• Connection between server and client over a private network

Our testing machines in this example have the following IPs:

NFS Server IP: 192.168.201.107
NFS Clients IPs: From the 192.168.201.0/24 range

Set Up the NFS Server#

First, we need to install the required packages on the NFS server. The nfs-utils package provides the NFS utilities and daemons for the NFS server. Run the following command to install it:

sudo dnf install nfs-utils

Once the installation is complete, enable and start the NFS service by typing:

sudo systemctl enable --now nfs-server

In CentOS 8, the supported NFS version are NFSv3 and NFSv4 and default version is NFS version is 4.2. You can verify by running the following cat command:

sudo cat /proc/fs/nfsd/versions

-2 +3 +4 +4.1 +4.2

The configuration files for the NFS server are:

• /etc/nfs.conf – main configuration file for the NFS daemons and tools.
• /etc/nfsmount.conf – an NFS mount configuration file.

Creating the file systems#

Now, we will create the file systems to export or share on the NFS server. In this example, we will create two file systems, we’re going to share two directories /var/www and /opt/backups with different configuration settings. The /var/www/ is owned by the user and group apache and /opt/backups is owned by root.

Run the mkdir command to create the export filesystem:

sudo mkdir -p /mnt/nfs_shares/{backups,www}

Next, mount to the actual directories:

sudo mount --bind /opt/backups /mnt/nfs_shares/backups

sudo mount --bind /var/www /mnt/nfs_shares/www

Exporting the file systems#

Next, you have to define the file system that will be exported by the NFS server at /etc/exports file:

sudo nano /etc/exports

Export the www and backups directories and make accessible to clients on the private network:

/mnt/backups 192.168.201.0/24(ro,sync,no_subtree_check) 192.168.201.107(rw,sync,no_subtree_check)
/mnt/www 192.168.201.108(rw,sync,no_subtree_check)

Below are some of the exports options

• rw – It allows both read and write access on the file system.
• sync – Inform the NFS server to write operations when requested.
• all_squash – It maps all UIDs and GIDs from client requests to the anonymous user.
• no_all_squash – Used to map all UIDs and GIDs from client requests to identical UIDs and GIDs on the NFS server.
• root_squash – maps requests from root user or UID/GID 0 from the client to the anonymous UID/GID.

The first line shows how to specify multiple export rules for one file system. It exports the /mnt/backups directory and allows only read access to the whole 192.168.201.0/24 range, both read and write access to 192.168.201.107. The sync option tells NFS to write changes to disk before replying.

For more information about all the available options, type man exports in your terminal.

Save and close the file and export the shares:

sudo exportfs -ra

You have to run above command every time when you modify the /etc/exports file.

Use the below command to view the current active exports and their state:

sudo exportfs -v

In output you can see all shares with their options. It will also show default options and you can make changes if you want.

/mnt/backups 192.168.201.3(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/mnt/www 192.168.201.110(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/mnt/backups 192.168.201.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)

Firewall configuration#

If Firewalld service is running on you server, you need to allow traffic to the necessary NFS services.

firewall-cmd --permanent --add-service=nfs

firewall-cmd --permanent --add-service=rpc-bind

firewall-cmd --permanent --add-service=mountd

firewall-cmd --reload

At this point, you successfully completed steps to install NFS server on CentOS and now we will go through for client set up.

Set Up the NFS Clients#

At this point, NFS server set up is complete and next need to configure NFS shares on the client system.

Run the appropriate command for your distribution:

Installing the NFS client#

Install the tools required to mount remote NFS file systems.

Install NFS client on Debian and Ubuntu

The nfs-common package includes the program for mounting NFS file systems on Debian based distro. Run below command:

sudo apt update

sudo apt install nfs-common

Install NFS client on CentOS and Fedora

For RHEL based distributions, install the nfs-utils package:

sudo yum install nfs-utils

Mounting file systems#

In our example the client machine have IP 192.168.201.107, which has read and write access to the /mnt/www file system and read-only access to the /mnt/backups file system.

We will create two new directories for the mount points. You can create these directories at any location you want.

sudo mkdir -p /backups

sudo mkdir -p /mnt/www

Use mount command to mount the exported file systems:

sudo mount -t nfs -o vers=4 192.168.201.110:/backups /backups

sudo mount -t nfs -o vers=4 192.168.201.110:/www /mnt/www

Here, 192.168.201.110 is the IP of the NFS server. At the time of mounting an NFSv4 filesystem, you need to omit the NFS root directory, so instead of /mnt/backups you need to use /backups.

Verify that the remote file systems are mounted successfully using either the mount or df command:

df -h

The command will print all mounted file systems. The last two lines are the mounted shares:

...
192.168.201.110:/backups 9.7G 1.2G 8.5G 13% /backups
192.168.201.110:/www 9.7G 1.2G 8.5G 13% /mnt/www

You can make the mounts permanent on reboot by changes in /etc/fstab file:

sudo nano /etc/fstab

Add the following line to file.

192.168.201.110:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev 0 0
192.168.201.110:/www /mnt/www nfs defaults,timeo=900,retrans=5,_netdev 0 0

Alternate option to mount the remote file systems is to use either the autofs tool or to create a systemd unit.

Testing NFS Access#

Now the client set up is also completed so time to test the access by creating a new file.

Create a test file at /backups directory using below command:

sudo touch /backups/test.txt

The /backups file system is exported as read-only so you will see a Permission denied error message:

touch: cannot touch '/backups/test': Permission denied

Now try to create a file to the /mnt/www directory as a root using sudo command:

sudo touch /mnt/www/test.txt

Same as above you will see a permission denied message:

touch: cannot touch ‘/mnt/www’: Permission denied

The apache user is owner of the /var/www directory. This share has root_squash option set, which maps the root user to the nobody user and nogroup group that doesn’t have write permissions to the remote share.

Assuming that a user apache exists on the client machine with the same UID and GID as on the remote server, you can test to create a file as user apache with:

sudo -u apache touch /mnt/www/test.txt

This command will not show any output that means files is created successfully.

Run the following to to verify it:

ls -la /srv/www

Newly created files should display in output:

drwxr-xr-x 3 apache apache 4096 Apr 23 22:18 .
drwxr-xr-x 3 root root 4096 Apr 23 22:29 ..
-rw-r--r-- 1 apache apache 0 Apr 23 21:58 index.html
-rw-r--r-- 1 apache apache 0 Apr 23 22:18 test.txt

Unmounting NFS File System#

You can unmount NFS share as any other mounted file system using the umount command. For instance, to unmount the /backups share you should run:

sudo umount /backups

If the mount point is defined in the /etc/fstab file, make sure you remove the line or comment it out by adding # at the beginning of the line.

Conclusion#

You successfully learned how to install and set up an NFS server on CentOS 8 and how to mount the remote file systems on the client machines.

If you have any questions, feel free to leave comment.