Configuring a NFS Server
Problem
The following describes the process of configuring NFS using an installation of RHEL/CentOS.
Notable
- On RHEL 7, NFSv4 is the default version used and maintains backwards compatibility with earlier protocols.
- The meaning of the export table options (
rw
,all_squash
, etc.) can be found using the commandman exports
. - Check out the man pages for fstab format and options for the nfs file systems using the command
man 5 nfs
.
Solution
Setup NFS Server
-
Install required utilities for NFS
yum -y install rpcbind nfs-utils policycoreutils-python
-
Create NFS server share directory
mkdir -p /srv/nfsexport
-
Set ownership of the directory
chown -R nfsnobody:nfsnobody /srv
-
Set permissions of the directory
chmod -R 755 /srv/*
-
Change the label of
/srv/nfsexport
, recursively, to the nfs_t type in order to allow the NFS server to access share.semanage fcontext --add --type nfs_t "/srv/nfsexport(/.*)?"
-
Apply the SELinux policy setting to the file system
restorecon -R -v /srv/nfsexport
-
Start the NFS server
systemctl start nfs-server
-
Enable the service to start at boot
systemctl enable nfs-server
-
Update NFS server export table to share the newly created directory
echo "/srv/nfsexport *(rw,all_squash)" >> /etc/exports
Notice This allows both read and write requests on this NFS volume and maps all UID/GID to the anonymous user.
-
Make all changes effective by reloading the configuration file.
exportfs -r
-
Open firewall for NFS server
firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-service=mountd firewall-cmd --permanent --add-service=rpc-bind firewall-cmd --reload
-
Verify the NFS share has been mounted
showmount -e localhost
Setup NFS Client
-
Attempt to access the NFS server
NFS_SERVER="" \ && showmount -e $NFS_SERVER
-
Create the mount point
mkdir -p /mnt/nfsshare
-
Create an
/etc/fstab
entry for the NFS serverNFS_SERVER="" \ && echo "$NFS_SERVER:/srv/nfsexport /mnt/nfsshare nfs defaults 0 0" >> /etc/exports
-
Mount the exported NFS share directory
mount -a
-
Verify the NFS share is mounted and writable
touch /mnt/nfsshare/test.txt ls -l /mnt/nfsshare
Summary
NFS is an Internet Standard protocol created by Sun Microsystems in 1984. NFS was developed to allow file sharing between systems residing on a local area network.
In NFS, an NFS server is offering shares, which are also referred to as exports
, and the NFS client mounts the share to it’s local file system and supports three versions of the NFS protocol: NFS version 2 RFC1094, NFS version 3 RFC1813, and NFS version 4 RFC3530.
To use an NFS, you should follow these two steps:
- Mount it - attach the local file system found on some device to the big tree file tree, the file hierarchy, rooted at
/
of the server. - Access it - mount the NFS share into the local file system of the NFS client computer.
Troubleshooting
If you’re using iptables
for configuring security instead of firewalld
, use the following commands to open the firewall for the NFS server:
# Set the firewall rules to allow access to the NFS service
iptables -I INPUT 1 -p tcp --dport 2049 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 20049 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 111 -j ACCEPT
# Save the firewall rules
service iptables save