Let’s run NFS server on CentOS 7.3
01. Installing NFS :
You must install this package on both server and clients.
yum -y install nfs-utils
02. Run the NFS services :
systemctl start nfs-server.service systemctl enable nfs-server.service systemctl status nfs-server.service
03. Open Firewall Port for NFS :
NFSv4 ( the latest and most secure version of NFS protocol , now it is the default on Red Hat , CentOS , … ) listen on TCP port number 2049 .
firewall-cmd --permanent --add-service=nfs firewall-cmd --reload
04. NFS shares :
To share a folder using NFS protocol , use either :
Edit /etc/exports and append your share lines.
Create a file with .exports extension on /etc/exports.d/ and add your share lines.
SELinux fcontext type for shared directories may be default_t OR nfs_t .
The configuration syntax is :
export host(options)
OR many different hosts with different options
export host(options) host2( options ) subnet( options )
export : the shared folder path
host/subnet : the client IP , IP subnet , client DNS Name , domain name.
options : if not specified , it is read-only (ro) by default.
ro = read-only permissions
rw = read and write permissions
root_squash = root user will be treated as nfsnobody user and not root if used on client to mount the NFS share and it is the default for security reasons.
no_root_squash = if any root user on client mounted the shared path , it will be as the system root and have all privileges on the shared path.
sync = the NFS server will not reply to requests before changes made by previous requests are written to disk. To enable asynchronous writes instead, specify the option async .
Thats is some of most important options.
05. Examples :
Create a folder named share ,
make sure SELinux fcontext type is default_t ,
change permissions for Others ,
create NFS configuration to share it for all as read-only :
/share *(ro)
* means share for any host or to the world ,
reload exportfs using command exportfs -r ,
show current shared nfs using command exportfs .
[root@server01 ~]# mkdir /share [root@server01 ~]# ls -ldZ /share/ d------rwx. root root unconfined_u:object_r:default_t:s0 /share/ [root@server01 ~]# chmod o+rwx /share/ [root@server01 ~]# vim /etc/exports.d/share.exports /share *(ro) [root@server01 ~]# exportfs -r [root@server01 ~]# exportfs /share <world> [root@server01 ~]#
Create another folder named share2 , all the same except using option read and write (rw) and allow share for only specific IP and edit /etc/exports directly.
[root@server01 ~]# mkdir /share2 [root@server01 ~]# ls -ldZ /share2/ d------rwx. root root unconfined_u:object_r:default_t:s0 /share/ [root@server01 ~]# chmod o+rwx /share2/ [root@server01 ~]# vim /etc/exports /share2 192.168.1.7(rw) [root@server01 ~]# exportfs -r [root@server01 ~]# exportfs /share <world> /share2 192.168.1.7 [root@server01 ~]#
As you NFS shares are listed correctly .
Let’s mount it from a client
06. Client Mount NFS :
As we mentioned before, nfs-utils package must be installed on clients to enable mounting nfs type shares.
Mount is a simple mount command , we can use server IP or DNS Name if we configured DNS or edited /etc/hosts on client.
mount IP_or_name:/path_to_shared /local/mount/path
To mount what we shared on server 192.168.1.6 above to client with IP of 192.168.1.7 , we create to directories to mount on , use nfsstat -l to list current nfs status and version.
[root@server02 ~]# mkdir /mnt/share [root@server02 ~]# mkdir /mnt/share2 [root@server02 ~]# mount 192.168.1.6:/share /mnt/share [root@server02 ~]# mount 192.168.1.6:/share2 /mnt/share2/ [root@server02 ~]# nfsstat -l nfs v4 client total: 315 ------------- ------------- -------- nfs v4 client open: 7 nfs v4 client open_conf: 4 nfs v4 client close: 4 nfs v4 client setattr: 4 nfs v4 client fsinfo: 30 nfs v4 client renew: 74 nfs v4 client setclntid: 16 nfs v4 client confirm: 16 nfs v4 client access: 20 nfs v4 client getattr: 34 nfs v4 client lookup: 23 nfs v4 client lookup_root: 10 nfs v4 client pathconf: 20 nfs v4 client readdir: 3 nfs v4 client server_caps: 50 [root@server02 ~]# nfsstat -l3 [root@server02 ~]#
As you noticed , nfsstat -l shows it used NFS version 4 by default , if we test versions 3 using -l3 options , it shows nothing.
Now test read and write capabilities .
[root@server02 ~]# touch /mnt/share/testfile touch: cannot touch ‘/mnt/share/testfile’: Read-only file system [root@server02 ~]# touch /mnt/share2/testfile [root@server02 ~]# ls /mnt/share2/ testfile [root@server02 ~]#
Nice , we can’t write to /share/ because it is mounted as read-only , but we can write to /share2/ as it is mounted as read and write.
What is /share/ path is mounted as read and write , and we allowed root user to be treated as root on the shared folder using option ( no_root_squash ), let’s see that .
[root@server01 ~]# vim /etc/exports.d/share.exports /share *(rw,no_root_squash) [root@server01 ~]# exportfs -r [root@server01 ~]# exportfs /share2 192.168.1.7 /share <world> [root@server01 ~]#
then on client,
*If faced a problem try to unmount and remount that shared path.
[root@server02 ~]# touch /mnt/share/testfile [root@server02 ~]# ls -la /mnt/share/ total 0 -rw-r--r--. 1 nfsnobody nfsnobody 0 May 3 08:09 test -rw-r--r--. 1 root root 0 May 3 09:53 testfile
Did you notice?
test file we create before while default root_squash was used, it is created with owner nfsnobody .
testfile we created after enable no_root_squash option, it is created as the owner or creator is the root.
That was simple NFS file server , i hope it was easy , thanks for joining me.
Enjoy !.