Lab 5: NFS¶
After completing this lab, you will be able to
- install and configure NFS
- share files and directories between Linux systems using NFS
- use common NFS utilities to query or troubleshoot NFS issues
Estimated time to complete this lab: 40 minutes
NFS is an acronym for Network File System. It allows sharing of files and folders over a network with other systems. NFS provides a simple way for making the contents of the local file system available to multiple users (or systems) on a network.
This sharing is traditionally between UNIX/Linux like systems, but systems running Microsoft Windows operating systems can also access NFS shares if they have the proper software installed to do this.
Support for NFS must be enabled or compiled into the kernel.
As with most networking concepts, NFS has client and server sides. The server side consists of the system that exports (shares) file systems to other systems. The client side consists of the systems that need access to the file system exported by the server.
NFSv4 requires the services of the following programs (daemons):
- portmap - maps RPC programs to regular network ports
- mountd - handles incoming mount requests
- nfsd - this is the main NFS program that handles the actual file transfers
/etc/exports configuration file serves as an access control list for specifying file systems that may be exported via NFS to authorized clients. It provides information to
mountd and to the kernel-based NFS file server daemon
The directives in
/etc/exports uses the following syntax:
In this exercise you will share (export) a local directory to be shared with your partner system, but first you will learn how to manage the NFS service.
NFS is a Remote Procedure Call (RPC) based client and server application. It is therefore useful to have RPC utilities handy that can be used for querying, debugging, and making RPC calls to RPC servers (like NFS servers).
rpcinfo is one such useful utility. Its usage syntax and options are shown here:
SYNOPSIS rpcinfo [-m | -s] [host] rpcinfo -p [host] rpcinfo -T transport host prognum [versnum] rpcinfo -l [-T transport] host prognum versnum rpcinfo [-n portnum] -u host prognum [versnum] rpcinfo [-n portnum] [-t] host prognum [versnum] rpcinfo -a serv_address -T transport prognum [versnum] rpcinfo -b [-T transport] prognum versnum rpcinfo -d [-T transport] prognum versnum
To start NFS¶
Ensure you are logged on to your system as a user with Administrative privileges.
Start by installing the
nfs-utilspackage. This package provides various utilities for use with NFS clients and servers. Type:
dnf -y install nfs-utils
Amongst things, the newly installed nfs-utils package also provides the systemd service unit (
nfs-server.service) needed for managing the NFS daemon on the system. Use
systemctlto view some of the ancillary services that the nfs-server unit "Wants". Type:OUTPUT
systemctl show -p "Wants" nfs-server
Wants=nfs-idmapd.service nfsdcld.service rpcbind.socket rpc-statd-notify.service rpc-statd.service auth-rpcgss-module.service network-online.target
Some important and notable services that nfs-server needs are
rpcinfocommand is used for making RPC calls to an RPC server and then reports on its findings.
rpcinfolists all the RPC services registered with
rpcinfoto query your local server for a list of all registered RPC services. Type:
rpcinfo -p localhost
program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper
From the sample output above, we can tell a
portmapperservice is registered on the RPC server running localhost.
A) What is portmapper? B) Find out the meaning of the different fields (column heading) of the
rpcinfocommand? (Program, Vers, proto, and service.)
Check the status of
systemctl status nfs-server
bash ● nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled) Active: inactive (dead)nfs-server.service is currently not running according to the output on our demo system.
Use systemctl to start the nfs-server daemon. Type:
systemctl start nfs-server
Check the status of the nfs-server service again.
rpcinfocommand again to check if anything has changed.
What new services do you see listed in the
rpcinfooutput after starting nfs-server?
nfs-server.serviceis set to automatically start every time the system reboots. Type:
systemctl is-enabled nfs-server
If the nfs-server is disabled on your system, run the command to configure it for automatic starts with the system.
If the firewall sub-system is running on your server, you'll need to allow/permit NFS traffic through the firewall for remote NFS clients. This can be done by running:
firewall-cmd --permanent --add-service nfs && firewall-cmd --reload
Creating a share is done by creating a directory or sharing an already existing directory on the local file system.
exportfs utility is used for viewing and maintaining the table of exported NFS file systems. Its usage syntax and options are:
SYNOPSIS /usr/sbin/exportfs [-avi] [-o options,..] [client:/path ..] /usr/sbin/exportfs -r [-v] /usr/sbin/exportfs [-av] -u [client:/path ..] /usr/sbin/exportfs [-v] /usr/sbin/exportfs -f /usr/sbin/exportfs -s
Don't forget to replace all references to server
To create and export a share¶
You will create and share a directory called
/mnt/nfs. This directory will be the source file-system that exported from the NFS server.
Ensure you are logged on to your system as a user with administrative privileges.
Create a directory under
nfsand change to that directory.
mkdir /mnt/nfs && cd /mnt/nfs
Create 5 sample files under the new directory you created. Type:
Use the HEREDOC shell feature to create a new NFS export entry in
/etc/exports. The single line entry you want is -
/mnt/nfs foocentos2(rw) localhost(rw). Type:You can also use any text editor you are comfortable with to create the entry.
cat << EOF > /etc/exports /mnt/nfs 172.16.99.0/24(rw) localhost(rw) EOF
Verify the contents of
/etc/exportsto ensure no mistakes.
After making any change to the
/etc/exportsfile you should run the
-sflag with the
exportfscommand to display the current export list suitable for
/etc/exports. For example, view the list of directories, allowed hosts, and options. Type:
List your output below.
Mounting NFS shares¶
This exercise deals with the client side of NFS. You'll try accessing the NFS server as a client.
showmount is a handy utility for querying and showing mount information on NFS servers. It can also show the state of the NFS server and list the clients that are mounting from the server. Its syntax and options are shown here:
SYNOPSIS showmount [ -adehv ] [ --all ] [ --directories ] [ --exports ] [ --help ] [ --version ] [ host ] OPTIONS -a or --all List both the client hostname or IP address and mounted directory in host:dir format. -d or --directories List only the directories mounted by some client. -e or --exports Show the NFS server's export list. -h or --help Provide a short help summary. -v or --version Report the current version number of the program. --no-headers Suppress the descriptive headings from the output.
To access an NFS share locally¶
You will test the NFS server's configuration from Exercise 1 by trying to access the exported directory from your local machine, before testing it from a remote machine.
While logged in as the superuser, create a directory called
/mnt/nfs-local. This directory will serve as the test mount point for the NFS share.
As a quick pre-flight check, run
showmountas a client to show the available export list on the server. Type:OUTPUT
showmount -e localhost
Export list for localhost: /mnt/nfs 172.16.99.0/24,localhost
You should see whatever NFS exports that are configured on the server.
You are now ready to mount the NFS share at the test mount point. Type:
mount -t nfs localhost:/mnt/nfs /mnt/nfs-local
Change your PWD to the
/mnt/nfs-localdirectory and list its contents.
While still in the
/mnt/nfs-localdirectory, attempt to delete some files. Type:OUTPUT
rm -rf 1nfs 2nfs
rm: cannot remove '1nfs': Permission denied rm: cannot remove '2nfs': Permission denied
Was your file deletion attempt successful?
Now try creating additional files (6nfs, 7nfs, 8nfs) on the NFS share. Type:
Was your file creation attempt successful? Why do you think this failed?
PERFORM THIS EXERCISE FROM YOUR PARTNER-SYSTEM
To access an NFS share remotely¶
While logged into serverPR as the superuser, install the
nfs-utilspackage if it isn't installed.
Create a directory called “
/mnt/nfs-remote” that will serve as the mount point for the remote NFS share. Type:
Assuming the IP address for the remote serverXY is 172.16.99.100, mount the NFS share on serverXY by running:
mount -t nfs 172.16.99.100:/mnt/nfs /mnt/nfs-remote
mountcommand to display some extra information about the NFS share that you just mounted. Type:OUTPUT
mount -t nfs4
172.16.99.100:/mnt/nfs on /mnt/nfs-remote type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255 ...<SNIP>...
cdto the NFS mount point and try to delete its contents. Type:
cd /mnt/nfs-remote ; rm -f
Was your attempt successful?
Logout of serverPR as the superuser and log back in as the unprivileged user “ying”
While logged into serverPR as “ying” cd to the directory mounted in step 2. Type:
Make a note of the contents of the directory. If can see the expected files, you have successfully completed the NFS lab!
Configure the NFS setup on your local server (serverXY), such that the superuser at the H.Q. (hq.example.org) will be able to mount your nfs share (/mnt/nfsXY) for use on the hq machine.
The superuser at HQ should be able to write (create) new files and delete the files on your NFS share.
You need to disable NFS’s special treatment of root-owned files. This is done by specifying a special option that will “un-squash” the superuser in the “/etc/exports” file. The special option is called
no_root_squash. Please note that it is considered bad practise and a security risk to use the
no_root_squashoption. A sample entry to accomplish this for any host that matches
/etc/exportswill look like:
/mnt/nfs 172.16.99.0/24(rw) localhost(rw,no_root_squash)
Author: Wale Soyinka
Contributors: Steven Spencer, Ganna Zhyrnova