
NFS, or Network File System is popular file system protocol. It enables client system to access files over the network. NFS is a client-and-server file system(FS). In this article, you will learn how to install and configure the NFS server on CentOS 8 Linux distributions.
By default NFS protocol is not encrypted and it does not provide user authentication. Clients’ IP addresses or hostnames are restricted to access the server.
Prerequisites
- A server running CentOS 8 OS
- Connection between server and client over a private network
Our testing machines in this example have the following IPs:
NFS Server IP: 192.168.201.107 NFS Clients IPs: From the 192.168.201.0/24 range
Set Up the NFS Server
First, we need to install the required packages on the NFS server. The nfs-utils
package provides the NFS utilities and daemons for the NFS server. Run the following command to install it:
sudo dnf install nfs-utils
Once the installation is complete, enable and start the NFS service by typing:
sudo systemctl enable --now nfs-server
In CentOS 8, the supported NFS version are NFSv3 and NFSv4 and default version is NFS version is 4.2. You can verify by running the following cat command:
sudo cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2
The configuration files for the NFS server are:
- /etc/nfs.conf – main configuration file for the NFS daemons and tools.
- /etc/nfsmount.conf – an NFS mount configuration file.
Creating the file systems
Now, we will create the file systems to export or share on the NFS server. In this example, we will create two file systems, we’re going to share two directories /var/www
and /opt/backups
with different configuration settings. The /var/www/
is owned by the user and group apache
and /opt/backups
is owned by root
.
Run the mkdir command to create the export filesystem:
sudo mkdir -p /mnt/nfs_shares/{backups,www}
Next, mount to the actual directories:
sudo mount --bind /opt/backups /mnt/nfs_shares/backups
sudo mount --bind /var/www /mnt/nfs_shares/www
Exporting the file systems
Next, you have to define the file system that will be exported by the NFS server at /etc/exports
file:
sudo nano /etc/exports
Export the www
and backups
directories and make accessible to clients on the private network:
/mnt/backups 192.168.201.0/24(ro,sync,no_subtree_check) 192.168.201.107(rw,sync,no_subtree_check) /mnt/www 192.168.201.108(rw,sync,no_subtree_check)
Below are some of the exports options
- rw – It allows both read and write access on the file system.
- sync – Inform the NFS server to write operations when requested.
- all_squash – It maps all UIDs and GIDs from client requests to the anonymous user.
- no_all_squash – Used to map all UIDs and GIDs from client requests to identical UIDs and GIDs on the NFS server.
- root_squash – maps requests from root user or UID/GID 0 from the client to the anonymous UID/GID.
The first line shows how to specify multiple export rules for one file system. It exports the /mnt/backups
directory and allows only read access to the whole 192.168.201.0/24
range, both read and write access to 192.168.201.107
. The sync option tells NFS to write changes to disk before replying.
For more information about all the available options, type man exports
in your terminal.
Save and close the file and export the shares:
sudo exportfs -ra
You have to run above command every time when you modify the /etc/exports
file.
Use the below command to view the current active exports and their state:
sudo exportfs -v
In output you can see all shares with their options. It will also show default options and you can make changes if you want.
/mnt/backups 192.168.201.3(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash) /mnt/www 192.168.201.110(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash) /mnt/backups 192.168.201.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
Firewall configuration
If Firewalld service is running on you server, you need to allow traffic to the necessary NFS services.
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
firewall-cmd --reload
At this point, you successfully completed steps to install NFS server on CentOS and now we will go through for client set up.
Set Up the NFS Clients
At this point, NFS server set up is complete and next need to configure NFS shares on the client system.
Run the appropriate command for your distribution:
Installing the NFS client
Install the tools required to mount remote NFS file systems.
Install NFS client on Debian and Ubuntu
The nfs-common
package includes the program for mounting NFS file systems on Debian based distro. Run below command:
sudo apt update
sudo apt install nfs-common
Install NFS client on CentOS and Fedora
For RHEL based distributions, install the nfs-utils package:
sudo yum install nfs-utils
Mounting file systems
In our example the client machine have IP 192.168.201.107
, which has read and write access to the /mnt/www
file system and read-only access to the /mnt/backups
file system.
We will create two new directories for the mount points. You can create these directories at any location you want.
sudo mkdir -p /backups
sudo mkdir -p /mnt/www
Use mount command to mount the exported file systems:
sudo mount -t nfs -o vers=4 192.168.201.110:/backups /backups
sudo mount -t nfs -o vers=4 192.168.201.110:/www /mnt/www
Here, 192.168.201.110
is the IP of the NFS server. At the time of mounting an NFSv4 filesystem, you need to omit the NFS root directory, so instead of /mnt/backups
you need to use /backups.
Verify that the remote file systems are mounted successfully using either the mount
or df
command:
df -h
The command will print all mounted file systems. The last two lines are the mounted shares:
... 192.168.201.110:/backups 9.7G 1.2G 8.5G 13% /backups 192.168.201.110:/www 9.7G 1.2G 8.5G 13% /mnt/www
You can make the mounts permanent on reboot by changes in /etc/fstab
file:
sudo nano /etc/fstab
Add the following line to file.
192.168.201.110:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev 0 0 192.168.201.110:/www /mnt/www nfs defaults,timeo=900,retrans=5,_netdev 0 0
Alternate option to mount the remote file systems is to use either the autofs
tool or to create a systemd unit.
Testing NFS Access
Now the client set up is also completed so time to test the access by creating a new file.
Create a test file at /backups
directory using below command:
sudo touch /backups/test.txt
The /backups
file system is exported as read-only so you will see a Permission denied error message:
touch: cannot touch '/backups/test': Permission denied
Now try to create a file to the /mnt/www
directory as a root using sudo command:
sudo touch /mnt/www/test.txt
Same as above you will see a permission denied message:
touch: cannot touch ‘/mnt/www’: Permission denied
The apache
user is owner of the /var/www
directory. This share has root_squash
option set, which maps the root
user to the nobody
user and nogroup
group that doesn’t have write permissions to the remote share.
Assuming that a user apache exists on the client machine with the same UID and GID as on the remote server, you can test to create a file as user apache with:
sudo -u apache touch /mnt/www/test.txt
This command will not show any output that means files is created successfully.
Run the following to to verify it:
ls -la /srv/www
Newly created files should display in output:
drwxr-xr-x 3 apache apache 4096 Apr 23 22:18 . drwxr-xr-x 3 root root 4096 Apr 23 22:29 .. -rw-r--r-- 1 apache apache 0 Apr 23 21:58 index.html -rw-r--r-- 1 apache apache 0 Apr 23 22:18 test.txt
Unmounting NFS File System
You can unmount NFS share as any other mounted file system using the umount command. For instance, to unmount the /backups
share you should run:
sudo umount /backups
If the mount point is defined in the /etc/fstab
file, make sure you remove the line or comment it out by adding #
at the beginning of the line.
Conclusion
You successfully learned how to install and set up an NFS server on CentOS 8 and how to mount the remote file systems on the client machines.
If you have any questions, feel free to leave comment.
Leave a Reply