NFS stands for Network File System. It was designed to allow directories on a file server to be mounted on remote systems.
There are other alternatives like SAMBA but the advantage of NFS is that it is built into the kernel, and therefore has better performance. It also allows you to mount remote file systems automatically at start-up without authentication, which can be very useful if you want to use a centralised home directory system.
Install the required packages
To allow a client machine to mount an NFS files system you just need to install the portmapper and NFS common files.
To do this you need to be running as root.
$ su Password:
$ sudo -i Password:
The following command will download and install the components that are common to both the server and the client.
# apt-get install portmap nfs-common --no-install-recommends Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'rpcbind' instead of 'portmap' The following extra packages will be installed: libevent1 libgssglue1 libnfsidmap2 librpcsecgss3 The following NEW packages will be installed: libevent1 libgssglue1 libnfsidmap2 librpcsecgss3 nfs-common 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 309kB of archives. After this operation, 836kB of additional disk space will be used. Do you want to continue [Y/n]? Y : : : #
For an NFS server you need to install the following additional packages.
# apt-get install nfs-server--no-install-recommends Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'nfs-kernel-server' instead of 'nfs-server' The following NEW packages will be installed: nfs-kernel-server 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 141 kB of archives. After this operation, 472 kB of additional disk space will be used. : : : [ ok ] Starting NFS common utilities: statd idmapd. [warn] Not starting NFS kernel daemon: no exports. ... (warning). #
To configure the server you need to add an entry for each exported file system to the NFS exports configuration file.
Each line begins with the absolute path of a directory to be exported, followed by a list of the addresses or sub-nets of the clients that are allowed to mount the exported file systems and the options for that client or sub-net.
# vi /etc/exports #/home 192.168.0.1(rw,sync,no_subtree_check) /home/share 192.168.0.0/255.255.255.0(ro,no_subtree_check) #
In this case we will create a read only share that is accessible from any client on the local sub-net. A client can be specified either by name or IP address and you can specify the clients that can access the exported file system using wildcards or netmasks, but you must not leave any space between client name and the options, since the list of clients is delimited by spaces.
Allowing incoming connections
In order for clients to connect you need to allow inbound connections the to NFS services, bu default these will be limited to the host so you probably want to change this to allow any client on your local sub-net to connect, but you can restrict access to specific machines or users.
To do this you need to add the following entries to hosts.allow. (Assuming your subnet is 192.168.0.0/24)
# vi /etc/hosts.allow # portmap: 192.168.0.0/255.255.255.0 lockd: 192.168.0.0/255.255.255.0 rquotad: 192.168.0.0/255.255.255.0 mountd: 192.168.0.0/255.255.255.0 statd: 192.168.0.0/255.255.255.0 #
If you have a host based firewall configured on your server then you also need to configure NFS to use fixed port numbers and to allow inbound connections to these ports.
# vi /etc/default/nfs-common # Options for rpc.statd. STATDOPTS="-p 32765 -o 32766" # vi /etc/default/nfs-kernel-server # Options for rpc.mountd. RPCMOUNTDOPTS="--manage-gids -p 32767" #
Note – You need to enclose the options in quotes as shown above.
For any changes to take effect you need to reload the configuration.
# /etc/init.d/nfs-common restart [ ok ] Stopping NFS common utilities: idmapd statd. [ ok ] Starting NFS common utilities: statd idmapd. # /etc/init.d/nfs-kernel-server reload [ ok ] Re-exporting directories for NFS kernel daemon.... # /etc/init.d/nfs-kernel-server restart [ ok ] Stopping NFS kernel daemon: mountd nfsd. [ ok ] Unexporting directories for NFS kernel daemon.... [ ok ] Exporting directories for NFS kernel daemon.... [ ok ] Starting NFS kernel daemon: nfsd mountd. #
To check what directories are being exported you can use the following command to list the current exports.
# exportfs /home/share 192.168.0.0/255.255.255.0 #
Next you need to allow incoming connections to these ports through the firewall.
# ufw allow from 192.168.0.0/24 to any port 111 proto tcp Rule added # ufw allow from 192.168.0.0/24 to any port 111 proto udp Rule added # ufw allow from 192.168.0.0/24 to any port 2049 proto tcp Rule added # ufw allow from 192.168.0.0/24 to any port 32765:32767 proto tcp Rule added # ufw allow from 192.168.0.0/24 to any port 32765:32767 proto udp Rule added #
The following command will mount the exported file system on a client.
# sudo mount -t nfs servername:/home/share /mnt #
To have the client automatically mount the exported file system during startup you need to add the following line to /etc/fstab.
# vi /etc/fstab servername:/share /mnt nfs user,noauto 0 0 #