How to set up an NFS Mount on Rocky Linux 8

Network File System or NFS is a distributed file system protocol that allows remote hosts to mount file systems over a network and perform file operations on them as though they are mounted locally. This is particularly useful when you want to share resources from one server over multiple clients or allow multiple clients to write to single storage space.

In this tutorial, you will learn how to install and configure the NFS Server and NFS Clients based on Rocky Linux 8. For this, we will set up a host or server to share files and a client to access the host files using an NFS mount.

Prerequisites

  • Two Rocky Linux 8 servers. Each of these should have a non-root user with sudo privileges.
  • Both the host and the client should have a static IP address. You can even set up both over a Private network. For our tutorial, we will use host_ip to denote the Host's IP address and client_ip to refer to the Client's IP address.

Step 1 - Install NFS on The Host and Client

Host

To install NFS packages, you need to install the nfs-utils package. It provides a daemon for the NFS server and related tools.

Install the package.

$ sudo dnf install nfs-utils

Enable and Start the nfs-server service. Remaining services necessary for NFS mounting and sharing such as nfsd, nfs-idmapd, rpcbind, rpc.mountd, lockd, rpc.statd, rpc.quotad and rpc.idmapd start automatically along with it.

$ sudo systemctl enable nfs-server --now

Verify the version of NFS installation.

$ sudo cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2

NFS versions 3 and 4 are enabled by default, and version 2 is disabled. NFSv2 is pretty old and outdated, and hence you can see the -ve sign in front of it.

NFS stores its configurations in /etc/nfsmount.conf and /etc/nfs.conf files. The /etc/nfsmount.conf is to configure NFS mounts while /etc/nfs.conf is to configure the NFS daemon and associated tools. The default settings are enough for our tutorial, and no change is required.

Client

On the client, install the nfs-utils and nfs4-acl-tools packages.

$ sudo dnf install nfs-utils nfs4-acl-tools

Step2 - Create the Share Directories on the Host

We will use two examples with different configuration settings - one with a general-purpose mount and one by sharing the host's home directory.

NFS mounted directories are not a part of the Client. Therefore, NFS cannot perform tasks requiring superuser privileges on them. It means the client cannot change ownership, write on them as a root user, or perform high-level tasks. However, there are cases when a trusted user on the client needs to perform such tasks without requiring superuser access on the host. The NFS server can be configured to allow for this, but it comes at a risk where a client can access the host.

Working with a General Purpose Mount

For our first case, we will create a simple mount that uses default NFS behavior which means the client cannot perform any tasks requiring superuser privileges.

Create a share directory.

host:$ sudo mkdir /var/nfs/share -p

The host's root user will own this directory since we used sudo to create it.

host:$ ls -l /var/nfs
total 0
drwxr-xr-x. 2 root root 6 Dec 13 07:30 share

NFS will translate all root operations on the client-side to the nobody:nobody credentials for security reasons. Therefore, we need to match them on the host side.

host:$ sudo chown nobody:nobody /var/nfs/general

Working with the Home Directory

For our second case, we will make the home directory on the host available to the client. We don't need to create it since it exists already. We don't need to change any permissions as it would affect users on the host machine.

Step 3 - Configuring NFS Exports on the Host

Open the file /etc/exports on the Host machine for editing.

host:$ sudo nano /etc/exports

Paste the following code in the file.

/var/nfs/share      client_ip(rw,sync,no_subtree_check)
/home               client_ip(rw,sync,no_root_squash,no_subtree_check)

Each directory and its configuration need to be on a separate line. Replace the client_ip value with the actual IP address of the client machine.

Let us go through all the options for NFS exports.

  • rw - gives the client machine read and write access on the NFS volume.
  • sync - this option forces NFS to write changes to the disk before replying. This option is considered more reliable. However, it also reduces the speed of file operations.
  • no_subtree_check - this option prevents subtree checking, a process where the host must check whether the file is available along with permissions for every request. It can also cause issues when a file is renamed on the host while still open on the client. Disabling it improves the reliability of NFS.
  • no_root_squash - By default, NFS translates requests from a root user on the client into a non-privileged user on the host. This option disables that behavior and should be used carefully to allow the client to gain access to the host.

Once finished, save the file by pressing Ctrl + X and entering Y when prompted.

To export the shares, run the following command.

host:$ sudo exportfs -arv
exporting client_ip:/home
exporting client_ip:/var/nfs/share
  • -a - this option causes all directories to be exported.
  • -r - this option causes all directories to be exported by constructing a new list in the /var/lib/nfs/etab directory. This option is used to refresh the export list with any changes made to the /etc/exports.
  • -v - enables verbose output.

To list all the exported directories, run the following command. It will show all the options, including the default ones that were not specified in the /etc/exports file.

host:$ sudo exportfs -s
/var/nfs/share  client_ip(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/home  client_ip(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)

Step 4 - Configuring Firewall on the Host

Rocky Linux uses Firewalld Firewall. Check the firewall's status.

host:$ sudo firewall-cmd --state
running

This indicates it is up and running successfully.

The firewall works with different zones, and the public zone is the default one that we will use. List all the services and ports active on the firewall.

host:$ sudo firewall-cmd --permanent --list-services

It should show the following output.

cockpit dhcpv6-client ssh

Next, we need to allow traffic to the necessary NFS services - mountd, nfs and rpc-bind. We also need to allow access from the client IP. If your clients and host servers are in the same subnet, then you don't need to add the client's IP address.

host:$ sudo firewall-cmd --permanent --add-service=nfs
host:$ sudo firewall-cmd --permanent --add-service=rpc-bind
host:$ sudo firewall-cmd --permanent --add-service=mountd
host:$ sudo firewall-cmd --permanent --add-source=client_IP 

Reload the firewall to apply the changes.

host:$ sudo firewall-cmd --reload

Step 5 - Creating Mount points and Directories on the Client

Now that the NFS Server/Host is configured, the next step is to set up mount points and directories on the client. You can run the showmount command on the client to check the list of exported file systems on the Host.

client:$ showmount -e host_ip
Export list for host_ip:
/home          host_ip
/var/nfs/share host_ip

Always create a new directory as mount points on the client or use an existing empty directory. If there is a file in a directory you mount, it will become hidden.

Create the Mount directories.

client:$ sudo mkdir -p /nfs/share
client:$ sudo mkdir -p /nfs/home

Mount the shares using the IP address of the host.

client:$ sudo mount host_ip:/var/nfs/share /nfs/share
client:$ sudo mount host_ip:/home /nfs/home

Verify that the mount was successful.

client:$ df -h
Filesystem                 Size  Used Avail Use% Mounted on
devtmpfs                   370M     0  370M   0% /dev
tmpfs                      405M     0  405M   0% /dev/shm
tmpfs                      405M   16M  389M   4% /run
tmpfs                      405M     0  405M   0% /sys/fs/cgroup
/dev/vda1                   25G  2.4G   23G  10% /
tmpfs                       81M     0   81M   0% /run/user/1000
host_ip:/var/nfs/share      25G  2.4G   23G  10% /nfs/share
host_ip:/home               25G  2.4G   23G  10% /nfs/home

Both the shares are mounted from the same file system. Hence they show the same disk usage.

You can also use the mount command to verify.

client:$ mount | grep nfs
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
host_ip:/var/nfs/share on /nfs/share type nfs4 (rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=client_ip,local_lock=none,addr=host_ip)
host_ip:/home on /nfs/home type nfs4 (rw,relatime,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=client_ip,local_lock=none,addr=host_ip)

Step 6 - Test NFS Access

Testing General Purpose Share

Write a test file to /var/nfs/share share.

client:$ sudo touch /nfs/share/test.txt

Check its ownership.

client:$ ls -l /nfs/share/test.txt
-rw-r--r--. 1 nobody nobody 0 Dec 13 08:08 /nfs/share/test.txt

Since we mounted this volume using default NFS settings and created the file on the client using sudo, ownership on the file defaults to nobody:nobody. Client superusers cannot perform any administrative tasks on the share.

Testing Home Directory Share

Write a test file to /nfs/home share.

client:$ sudo touch /nfs/home/home.txt

Check its ownership.

client:$ ls -l /nfs/home/home.txt
-rw-r--r--. 1 root root 0 Dec 13 08:09 /nfs/home/home.txt

Since we used the no_root_squash option, it allowed the client's root user to act as root on the share itself.

Step 7 - Make the Mount points permanent

NFS Shares by default are temporary and need to be mounted at boot. We can make them permanent by editing the /etc/fstab file on the client.

Open the file /etc/fstab for editing.

client:$ sudo nano /etc/fstab

Paste the following lines at the bottom of the file.

. . .
host_ip:/var/nfs/share      /nfs/share     nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0
host_ip:/home               /nfs/home      nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

You can find out more about the options listed above by running the following commands.

client:$ man nfs
client:$ man mount

If you want to read them online, you can Google the phrase man nfs and man mount to learn more about these options.

Step 8 - Unmount NFS Share

If you no longer want the remote mounts on your system, you can unmount them by using the umount command. Note that the command is called umount and not unmount which is a common mistake.

Move out of the shared mounts and Unmount them.

client:$ cd ~
client:$ sudo umount /nfs/share
client:$ sudo umount /nfs/home

If you no longer need the shares mounted again on reboot, make sure you comment out the corresponding entries in the /etc/fstab file by putting a # sign in front of them.

Conclusion

In this tutorial, we learned how to create an NFS host server and mount directories using it, which we shared with an NFS client. If you are implementing it in a private network, then there should be no issue but if you are using it in production, then you should remember the protocol is not encrypted and you should implement some authentication to protect your data.

If you have any questions, post them in the comments below.

Share this page:

0 Comment(s)