Learning NFS through server and client configuration 

I have used NFS in a limited capacity for years. I was familiar with the concept and had been accessing NFS shares, however, I had never actually configured one. Chances are, I am not alone in this. I thought I would learn how to set it all up and even bring you all along with me. Let's get started on the beginner's guide to learning NFS.

What is NFS?

Network File System (NFS), is a distributed file system that allows various remote systems to access a file share. We all know that files should be stored on a central server for security and ease of backup. NFS provides us with a file sharing service that is easily managed and controls client access to resources.

What is needed?

Before we can begin, we need to nail down a few prerequisites. First up, we need two different systems that are capable of talking to each other via the network. Since NFS uses a server to client(s) relationship, we will use the following:

• NFS server - server.example.com - 172.25.1.5
• NFS client - client.example.com - 172.25.1.4

You can use the ping command to confirm communications between the two systems. I have these two machines on a NAT network and have tested the connections both ways.

After that, let's ensure that both of our systems are up to date. As these systems are RHEL 8.2 and Fedora 32, we will use the following command on both the server and client:

[root@rhel tcarrigan]# sudo yum -y update

And finally, we need to install the nfs-utils package to both our systems.

[root@rhel tcarrigan]# sudo yum -y install nfs-utils (must do on both servers)
Updating Subscription Management repositories.
Last metadata expiration check: 0:55:54 ago on Wed 24 Jun 2020 11:53:45 AM EDT.
Package nfs-utils-1:2.3.3-31.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

*Note: the package is already installed in the above example.

Now, let's jump into configuring the server.

Configure the server

Step 1: Start and enable the newly-installed nfs-utils service.

[tcarrigan@rhel ~]$ sudo systemctl start nfs-server.service
[tcarrigan@rhel ~]$ sudo systemctl enable nfs-server.service

Step 2: Confirm the nfs-server service is up and running.

[tcarrigan@rhel ~]$ sudo systemctl status nfs-server.service
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabl>
   Active: active (exited) since Wed 2020-06-24 12:50:23 EDT; 18min >
 Main PID: 61026 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 50657)
   Memory: 0B
   CGroup: /system.slice/nfs-server.service
    
 Jun 24 12:50:23 server.example.com systemd[1]: Starting NFS server a>
 Jun 24 12:50:23 server.example.com systemd[1]: Started NFS server an>
lines 1-10/10 (END)

Step 3: Verify the NFS version (you can see this information in column two).

[tcarrigan@rhel ~]$ rpcinfo -p | grep nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl

*Note that you can find the NFS daemon configuration files at /etc/nfs.conf. You can also find the config file for the mount at /etc/nfsmount.conf.

The NFS service is now up and running on your server. Next, let's create an NFS share.

Create and export the share

First, we need to designate a folder for sharing. Since one doesn't already exist on my system, I will create a directory to share.

[tcarrigan@rhel ~]$ sudo mkdir -p /test/nfs_share/docs

Now, I learned from some trial and error and then well-written resources that you can avoid a lot of headache by changing the permissions and ownership to match the following:

[tcarrigan@rhel ~]$ sudo chown -R nobody: /test/nfs_share/docs/
[tcarrigan@rhel ~]$ sudo chmod -R 777 /test/nfs_share/docs/

*Note: you may not be able to do this in a production environment due to security considerations. Be sure that you know what you are doing before you remove all restrictions from a file or directory.

Next, we need to create an /etc/exports file.

[root@server docs]# vi /etc/exports

Make the following entry in the new file:

/test/nfs_share   172.25.1.0/24(rw,sync,no_all_squash,root_squash)

To better understand the parameters used here, let's break them down one by one.

• rw - Allows us to read and write to the NFS share.
• sync - Requires writing of changes to the disk before any other operations are completed.
• no_all_squash - Maps all UIDs and GIDs from the client request to the identical UIDs and GIDs on the NFS server.
• root_squash - Maps requests from the client-side root user to an anonymous UID/GID.

Now that we have created the share, let's export it to the client(s).

[root@server docs]# exportfs -rav
exporting 172.25.1.0/24:/test/nfs_share

Notice that I mapped the entire subnet here. You can include only a single IP or hostname here if you prefer.

Modify the firewall

We installed the server, and then created and exported the share. Next, we configure a tunnel through the firewall. We will be adding rules for nfs, rpc-bind, and mountd. Don't forget to reload the firewall config when completed.

Seen here:

[root@server]# firewall-cmd --permanent --add-service=nfs
success
[root@server]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@server]# firewall-cmd --permanent --add-service=mountd
success
[root@server]# firewall-cmd --reload
success

With the server-side completed, we can now focus our attention on the client machine.

Configure the client

*Note: all future steps are carried out on the client machine.

Since we already updated our system and installed the nfs-utils package, this should be pretty straightforward.

We start by creating an entry in /etc/hosts for the NFS server. It should look similar to this:

[root@client]# cat /etc/hosts
127.0.0.1  localhost
::1        localhost
172.25.1.5 localhost

Now, let's see if anything is shared from the NFS server. If you followed along in the earlier sections, you should see /test/nfs_share/docs as a shared directory.

[root@client ~]# showmount --exports nfs-server
Export list for nfs-server: 
/test/nfs_share/docs 172.25.1.0/24

Next, create a directory on the client machine to mount the remote share.

[tcarrigan@client ~]$ sudo  mkdir p /test/client_share

Now that we have created a mount directory, let's mount the share.

[tcarrigan@client ~]$ sudo mount -t nfs 172.25.1.5:/test/nfs_share/docs /home/tcarrigan/test/client_share

Run the following command to verify the share:

[tcarrigan@client ~]$ sudo mount | grep -i nfs

Finally, to ensure that the mount is persistent across reboots, add the following line to the /etc/fstab file:

172.25.0.5:/test/nfs_share/docs /home/tcarrigan/test/client_share  nfs defaults 0 0 

Easy day.

Proof of concept

As a culmination of our efforts, let's test the configured share. Create a file on the server in /test/nfs_share/docs named test_doc.

[tcarrigan@server docs]$ ls -lrt
total 4
-rw-r--r--. 1 root root 39 Jun 25 16:21 test_doc

Let's see if our test_doc is exported to our client machine via NFS.

On the client machine:

[tcarrigan@client ~]$ cd test/client_share/
[tcarrigan@client client_share]$ ls
docs
[tcarrigan@client client_share]$ ls docs/
test_doc
[tcarrigan@client client_share]$

Here we see the test_doc exists on the NFS Server.

To test in the other direction, I create a file on the client named client-test-doc.

[tcarrigan@client docs]$ vi client-test-doc

Let's jump over to the server and see if we can view the newly created file.

NFS server:

[tcarrigan@server docs]$ ls -lrt
   total 8
   -rw-r--r--. 1 root      root      39 Jun 25 16:21 test_doc
   -rw-rw-r--. 1 tcarrigan tcarrigan  5 Jul  6 13:25 client-test-doc

We can see both the original file test_doc as well as the newly-created file client-test-doc.

Congratulations on setting up a functioning NFS server/client pair.

[ Free online course: Red Hat Enterprise Linux technical overview. ]