How to install and configure NFS server on CentOS 8

Network File System (NFS) is a distributed file system protocol that allows you to share remote folders over the network. With NFS, you can mount remote folders on your system and manipulate files on remote machines as convenient as local files.

The NFS protocol is not encrypted by default, and unlike Samba, it does not provide user authentication. The server restricts access by limiting the client's IP address and port.

In this guide, you will follow the necessary steps to build an NFSV4 server on CentOS 8. We will show you how to mount an NFS file system on the client.

1. Prerequisites##

We assume that you have a server running CentOS 8. On this server, we will set up an NFS server, and other machines will act as NFS clients. The server and client should be able to connect to each other through a private LAN. If you cannot provide a private IP address, you can use a public address, configure the server's firewall, and allow traffic from trusted sources to pass through port 2049.

The machine in this example has the following IPs:

NFS Server IP:192.168.33.148
NFS Clients IPs: From the 192.168.33.0/24 range

Two, establish an NFS server##

This section explains how to install the necessary software packages, create and export NFS directories, and configure firewalls.

2.1 Install NFS server###

The "nfs-utils" package provides the NFS tools and daemons needed to build an NFS server. To install it, run the following command:

sudo dnf install nfs-utils

Once the installation is complete, enable and start the NFS service, enter:

sudo systemctl enable --now nfs-server

By default, on CentOS 8, both NFS 3 and NFS 4 are available, and NFS 2 is disabled. NFSV2 is very old and there is no reason to enable it. To verify, run the following cat command:

sudo cat /proc/fs/nfsd/versions
-2+3+4+4.1+4.2

The NFS server configuration options are in the /etc/nfsmount.conf and /etc/nfs.conf files. The default settings are sufficient to meet our requirements.

2.2 Create file system###

When configuring an NFSv4 server, the best practice is to use a global NFS root directory and mount the actual directory here. In this example, we will use /srv/nfs4 as the NFS root directory.

To better explain the configuration of NFS mount, we will share two directories (/var/www and /opt/backups) in different configuration file settings.

/var/www/ belongs to the user and user group apache, and /opt/backups belongs to the root user.

Use the mkdir command to create this exported file system:

sudo mkdir -p /srv/nfs4/{backups,www}

Mount the actual directory:

sudo mount --bind /opt/backups /srv/nfs4/backups
sudo mount --bind /var/www /srv/nfs4/www

To make this mount persistent, add the following entry to the /etc/fstab file:

sudo nano /etc/fstab
/opt/backups /srv/nfs4/backups  none   bind   00/var/www     /srv/nfs4/www      none   bind   00

2.3 Export file system###

The next step is to locate the file system that will be exported by the NFS server, sharing options, and clients that are allowed to access the file system. To do this, open the /etc/exports file:

sudo nano /etc/exports

Export the www and backups directories, and allow all clients from the 192.168.33.0/24 network:

/srv/nfs4         192.168.33.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)/srv/nfs4/backups 192.168.33.0/24(ro,sync,no_subtree_check)192.168.33.3(rw,sync,no_subtree_check)/srv/nfs4/www     192.168.33.110(rw,sync,no_subtree_check)

The first line contains fsid=0 which defines the NFS root directory /srv/nfs. All clients from the 192.168.33.0/24 network are allowed to access the NFS volume. The crossmnt option is necessary to share subdirectories of the exported directory.

The second line shows how to specify multiple export rules for a file system. It exports the /srv/nfs4/backups directory and allows read-only access by clients from 192.168.33.0/24, while clients from 192.168.33.3 can read and write at the same time. This sync option tells NFS to write the changes to disk before replying.

The last line should be self-explanatory. To learn more about the available options, type man exports in the terminal.

Save the file and export and share:

sudo exportfs -ra

You need to run the above command every time you modify the /etc/exports file. If there are any errors or warnings, they will be displayed on the terminal.

To view the currently active exports and their status, use:

sudo exportfs -v

The output will contain all shares and their options. As you can see, there are also options that we did not define in the /etc/exports file. Those are the default options, if you want to modify them, you need to explicitly set those options.

/srv/nfs4/backups
		192.168.33.3(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)/srv/nfs4/www 	192.168.33.110(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)/srv/nfs4     	192.168.33.0/24(sync,wdelay,hide,crossmnt,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)/srv/nfs4/backups
		192.168.33.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)

root_squash is one of the most important options, related to NFS security. It prevents the root user from the client from having root permissions for the mounted shared directory. It will map the root UID and GID to the UID and GID of nobody/nogroup.

For those users who access through the client machine, NFS is expected to match the user and user group ID of the client to the user and user group on the server. Another option is to use the NFSv4 idmapping feature, which can convert users and user group IDs into names or other methods.

that's it. At this point, you have set up an NFS server on your CentOS server. You can see the next step and configure the client to connect to the NFS server.

2.4 Firewall configuration###

FirewallD is the default firewall solution on CentOS 8.

The NFS service contains preset rules that allow access to the NFS server.

The following command will permanently allow access from the 192.168.33.0/24 subnet:

sudo firewall-cmd --new-zone=nfs --permanent
sudo firewall-cmd --zone=nfs --add-service=nfs --permanent
sudo firewall-cmd --zone=nfs --add-source=192.168.33.0/24--permanent
sudo firewall-cmd --reload

Third, create an NFS client##

Now that the NFS server has been set up and the sharing has been exported, the next step is to configure the client and mount the remote file system.

You can also mount NFS shared directories on macOS and Windows machines, but we will focus on mounting shared directories on Linux systems.

3.1 Install NFS client###

On other client machines, install the tools that need to mount the remote NFS file system

3.2 Mount the file system###

We will operate on the client machine whose IP is 192.168.33.110. This machine has read and write permissions to /srv/nfs4/www and read-only access permissions to the file /srv/nfs4/backups.

Create two new directories as mount points. You can create these directories anywhere:

sudo mkdir -p /backups
sudo mkdir -p /srv/www

Use the mount command to mount the exported file system:

sudo mount -t nfs -o vers=4192.168.33.148:/backups /backups
sudo mount -t nfs -o vers=4192.168.33.148:/www /srv/www

192.168.33.148 Is the IP address of the NFS server. You can also use the host name instead of the IP address, but it needs to be converted to ip on the client machine. This is usually done by mapping the host name and IP in the /etc/hosts local file.

When mounting an NFSv4 file system, you need to ignore the NFS root directory, so instead of using /srv/nfs4/backups, use /backups instead.

To verify that the remote file system is successfully mounted, use the df command:

df -h

This command will print out all mounted file systems. The last two lines are the mounted shares:

...192.168.33.148: /backups           9.7G  1.2G  8.5G  13%/backups
192.168.33.148: /www               9.7G  1.2G  8.5G  13%/srv/www

To persist these mounts, open the /etc/fstab file:

sudo nano /etc/fstab

Add the following line:

192.168.33.148: /backups /backups   nfs   defaults,timeo=900,retrans=5,_netdev	00192.168.33.148:/www /srv/www       nfs   defaults,timeo=900,retrans=5,_netdev	00

To find out more about the available options for mounting NFS file systems, type in the terminal: man nfs.

Another option for mounting a remote file system is to use the autofs tool or create a systemd unit.

3.3 Test NFS access###

Let's test access to the shared folder by creating a new file in the shared directory.

First, create a test file in the /backups directory by using the touch command:

sudo touch /backups/test.txt

The backup file system is exported as read-only, and you should see an error message similar to Permission denied:

touch: cannot touch ‘/backups/test’: Permission denied

Next, create a test file in the /srv/www directory as the root user through the sudo command:

sudo touch /srv/www/test.txt

Once again, you will see the message Permission denied.

touch: cannot touch ‘/srv/www’: Permission denied

The /var/www directory belongs to the apache user, and this share has the root_squash option, which maps the root user to the nobody user and the nogroup user group, causing the root user to have no write permissions on remote shared files .

Assuming that the apache user exists on the client machine, and the GID and UID are also the same as on the remote server (for example, you have installed apache on both the server and the client), you can create it as the apache user A file:

sudo -u apache touch /srv/www/test.txt

This command will not display any output, meaning the file was successfully created.

To verify the successful creation, list all files in the /srv/www folder:

ls -la /srv/www

The output should show the newly created file:

drwxr-xr-x 3 apache apache 4096 Jun 2322:18.
drwxr-xr-x 3 root     root     4096 Jun 2322:29..-rw-r--r--1 apache apache    0 Jun 2321:58 index.html
- rw-r--r--1 apache apache    0 Jun 2322:18 test.txt

3.4 Unmount the NFS file system###

If you no longer need the remote NFS share, you can use the umount command to unmount it. For example, to uninstall /backup, you can run:

sudo umount /backups

If the mount point is defined in the /etc/fstab file, make sure you remove the corresponding line, or use # to comment at the beginning of the line.

Four, summary##

In this guide, we show you how to set up a remote NFS server and how to mount a remote file system on the client. If you use NFS in a production environment and share sensitive data, we recommend that you enable kerberos authentication and authentication.

As an alternative to NFS, you can use SSHFS to mount remote directories via SSH connections. SSH is encrypted by default and is easy to configure and use.

Recommended Posts

How to install and configure NFS server on CentOS 8
How to install and configure Postfix mail server on CentOS8
How to install and configure VNC on CentOS 8
How to install and configure Redis on CentOS 8
How to install and configure phpMyAdmin on CentOS 6
How to install and configure Owncloud on CentOS 8
How to install and configure Redmine on CentOS 8
How to install and configure NATS on Ubuntu 16.04
How to install and configure Gogs on Ubuntu 18.04
How to install and use Docker on CentOS 7
How to install and configure Cyberpanel on Ubuntu 18.04
How to install and configure ownCloud on Ubuntu 16.04
How to install and configure ownCloud on Ubuntu 16.04
How to install and configure GitLab on Ubuntu 18.04
How to install and configure Ansible on Ubuntu 18.04
How to install and use Composer on CentOS 8
How to install and configure Elasticsearch on Ubuntu 16.04
How to install and configure PostGIS on Ubuntu 14.04
How to install Node.js and npm on CentOS 8
How to install and configure VNC on Ubuntu 18.04
How to install and configure Sphinx on Ubuntu 16.04
How to install and configure OrientDB on Ubuntu 14.04
How to install jdk1.8.0_151 and mysql5.6.38 on centos7.2.1511
How to install and use Curl on CentOS 8
How to install and configure AppScale on Ubuntu 12.04
How to install and uninstall tomcat on centos
How to install and configure PostGIS on Ubuntu 14.04
How to install jdk1.8 on centOS7
How to install MySQL on CentOS 8
How to install Memcached on CentOS 8
How to install R on CentOS 8
How to install FFmpeg on CentOS 8
How to install Virtualbox on CentOS 8
How to install TensorFlow on CentOS 8
How to install TeamViewer on CentOS 8
How to install Perl 5 on CentOS
How to install Git on CentOS 8
How to install Gradle on CentOS 8
How to install Elasticsearch on CentOS 8
How to install Jenkins on CentOS 8
How to install Java on CentOS 8
How to install Go on CentOS 8
How to configure FTP server with Vsftpd on CentOS 8
How to install GCC on CentOS 8
How to install Yarn on CentOS 8
How to install Asterisk on CentOS 7
How to install Jenkins on CentOS 8
How to install Python 3.8 on CentOS 8
How to install Tomcat 9 on CentOS 8
How to install Webmin on CentOS 8
How to install and use Cockpit on CentOS 8/RHEL 8
CentOS 8 - install and configure NFS service
How to install Ruby on CentOS 8
How to install Skype on CentOS 8
How to install htop on CentOS 8
How to install Python on CentOS 8
How to install Elasticsearch on CentOS 8
How to install Postgresql on CentOS 8
How to install Wordpress on Centos
How to install htop on CentOS 8
How to configure FTP server with Vsftpd on CentOS 8