How to Install and Configure an NFS Server on CentOS 8




How to Install and Configure an NFS Server on CentOS 8

Network File System (NFS) is a allotted record system protocol that allows you to proportion far flung directories over a community. With NFS, you can mount remote directories in your system and paintings with the documents at the remote gadget as though they were local documents.

NFS protocol isn't encrypted through default, and unlike Samba, it does not provide user authentication. Access to the server is limited via the customers' IP addresses or hostnames.

In this tutorial, you’ll undergo the stairs important to set up an NFSv4 Server on CentOS 8. We’ll additionally show you the way to mount an NFS record machine at the purchaser.

Prerequisites
We’re assuming that you have a server jogging CentOS eight on which we can installation the NFS server and other machines a good way to act as NFS clients. The server and the customers need to be capable of talk with every different over a private community. If your hosting issuer doesn’t provide private IP addresses, you can use the public IP addresses and configure the server firewall to permit visitors on port 2049 handiest from relied on assets.

The machines in this case have the subsequent IPs:

NFS Server IP: 192.168.34.198
NFS Clients IPs: From the 192.168.34.0/24 range

Set Up the NFS Server
This phase explains the way to set up the necessary applications, create and export the NFS directories, and configure the firewall.

Installing the NFS server
The “nfs-utils” package deal affords the NFS utilities and daemons for the NFS server. To install it run the following command:

sudo dnf install nfs-utils


Once the set up is whole, allow and start the NFS carrier by typing:

sudo systemctl enable --now nfs-server


By default, on CentOS 8 NFS versions three and 4.X are enabled, model 2 is disabled. NFSv2 is quite old now, and there is no reason to enable it. To confirm it run the following cat command:

sudo cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2


NFS server configuration options are set in /and so on/nfsmount.Conf and /etc/nfs.Conf files. The default settings are sufficient for our tutorial.

Creating the file systems
When configuring an NFSv4 server, it is a great exercise is to use a worldwide NFS root listing and bind mount the actual directories to the share mount point. In this situation, we can use the /srv/nfs4 director as NFS root.

To better explain how the NFS mounts may be configured, we’re going to proportion  directories (/var/www and /opt/backups) with distinct configuration settings.

The /var/www/ is owned by means of the consumer and organization apache and /decide/backups is owned with the aid of root.
Create the export filesystem using the mkdir command:

sudo mkdir -p /srv/nfs4/{backups,www}


Mount the real directories:

sudo mount --bind /opt/backups /srv/nfs4/backups
sudo mount --bind /var/www /srv/nfs4/www


To make the bind mounts everlasting, upload the subsequent entries to the /and so forth/fstab document:

sudo nano /etc/fstab

/etc/fstab

/opt/backups /srv/nfs4/backups  none   bind   0   0
/var/www     /srv/nfs4/www      none   bind   0   0

Exporting the file systems
The subsequent step is to outline the file structures as a way to be exported via the NFS server, the shares options and the clients which might be allowed to get entry to the ones document systems. To do so open the /etc/exports report:

sudo nano /etc/exports


Export the www and backups directories and permit get admission to only from customers on the 192.168.34.0/24 community:

/etc/exports
/srv/nfs4         192.168.34.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 192.168.34.0/24(ro,sync,no_subtree_check) 192.168.34.3(rw,sync,no_subtree_check)
/srv/nfs4/www     192.168.34.110(rw,sync,no_subtree_check)


The first line consists of fsid=0 which defines the NFS root listing /srv/nfs. The access on this NFS volume is permitted simplest to the customers from the 192.168.34.0/24 subnet. The crossmnt option is required to proportion directories that are sub-directories of an exported directory.

The 2d line suggests a way to specify a couple of export regulations for one filesystem. It exports the /srv/nfs4/backups directory and permits best read get entry to to the entire 192.168.34.0/24 range, and each read and write get admission to to 192.168.34.Three. The sync choice tells NFS to write adjustments to disk earlier than replying.

The ultimate line should be self-explanatory. For greater information approximately all the available alternatives, type man exports for your terminal.
Save the record and export the shares:

sudo exportfs -ra

You need to run the command above every time you regulate the /etc/exports report. If there are any mistakes or warnings, they will be shown at the terminal.

To view the contemporary energetic exports and their nation, use:

sudo exportfs -v


The output will consist of all stocks with their alternatives. As you can see, there are also options that we haven’t outline inside the /and many others/exports file. Those are default alternatives, and if you want to exchange them, you’ll need to set those options explicitly.

/srv/nfs4/backups
		192.168.34.3(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/www 	192.168.34.110(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4     	192.168.34.0/24(sync,wdelay,hide,crossmnt,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups
		192.168.34.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)


root_squash is one of the most crucial options concerning NFS security. It prevents root customers related from the clients to have root privileges at the mounted stocks. It will map root UID and GID to no one/nogroup UID/GID.
For the users on the purchaser machines to have get entry to, NFS expects the customer’s user and institution ID’s to fit with the ones at the server. Another choice is to use the NFSv4 idmapping feature that translates user and group IDs to names and the other manner around.

That’s it. At this point, you've got installation an NFS server on your CentOS server. You can now move to the next step and configure the customers and connect to the NFS server.

Firewall configuration
FirewallD is the default firewall answer on Centos eight .

The NFS service includes predefined policies for allowing get admission to to the NFS server.

The following instructions will permanently allow get admission to from the 192.168.34.Zero/24 subnet:

sudo firewall-cmd --new-zone=nfs --permanent
sudo firewall-cmd --zone=nfs --add-service=nfs --permanent
sudo firewall-cmd --zone=nfs --add-source=192.168.34.0/24 --permanent
sudo firewall-cmd --reload


Set Up the NFS Clients
Now that the NFS server is setup and shares are exported, the subsequent step configure the customers and mount the faraway report structures.

You can also mount the NFS share on macOS and Windows machines, however we are able to focus on Linux systems.

Installing the NFS client
On the client’s machines, set up the equipment required to mount faraway NFS record structures.

Install NFS client on Debian and Ubuntu

The call of the package that includes applications for mounting NFS file structures on Debian based totally distributions is nfs-common. To set up it run:

sudo apt update
sudo apt install nfs-common

Install NFS client on CentOS and Fedora

On Red Hat and its derivatives installation the nfs-utils package deal:

sudo yum install nfs-utils

Mounting file systems
We’ll work at the client device with IP 192.168.34.One hundred ten, which has examine and write access to the /srv/nfs4/www record machine and read-most effective get admission to to the /srv/nfs4/backups document gadget.

Create two new directories for the mount points. You can create these directories at any region you need.

sudo mkdir -p /backups
sudo mkdir -p /srv/www


Mount the exported document structures with the mount command:

sudo mount -t nfs -o vers=4 192.168.34.148:/backups /backups
sudo mount -t nfs -o vers=4 192.168.34.148:/www /srv/www


Where 192.168.34.148 is the IP of the NFS server. You also can use the hostname as opposed to the IP address, but it desires to be resolvable with the aid of the patron device. This is typically carried out by means of mapping the hostname to the IP within the /etc/hosts file.
When mounting an NFSv4 filesystem, you need to pass over the NFS root listing, so in preference to /srv/nfs4/backups you need to apply /backups.

Verify that the far flung file structures are installed correctly using either the mount or df command:

df -h


The command will print all mounted document structures. The final two traces are the hooked up stocks:

...
192.168.34.148:/backups           9.7G  1.2G  8.5G  13% /backups
192.168.34.148:/www               9.7G  1.2G  8.5G  13% /srv/www


To make the mounts permanent on reboot, open the /and so forth/fstab record:

sudo nano /etc/fstab


and add the subsequent traces:

/etc/fstab

192.168.34.148:/backups /backups   nfs   defaults,timeo=900,retrans=5,_netdev	0 0
192.168.34.148:/www /srv/www       nfs   defaults,timeo=900,retrans=5,_netdev	0 0


To locate greater information approximately the to be had alternatives whilst mounting an NFS document machine, kind man nfs on your terminal.

Another choice to mount the far flung document systems is to apply both the autofs tool or to create a systemd unit.

Testing NFS Access
Let’s test the access to the stocks by means of growing a brand new document in each of them.

First, try to create a check document to the /backups directory the use of the touch command:

sudo touch /backups/test.txt


The /backup record device is exported as examine-only, and as expected you may see a Permission denied error message:

touch: cannot touch ‘/backups/test’: Permission denied


Next, try to create a take a look at record to the /srv/www directory as a root using the sudo command:

sudo touch /srv/www/test.txt


Again, you may see Permission denied message.

touch: cannot touch ‘/srv/www’: Permission denied


The /var/www directory is owned by the apache person, and this percentage has root_squash choice set, which maps the basis user to the nobody person and nogroup organization that doesn’t have write permissions to the faraway share.

Assuming that a consumer apache exists on the patron device with the identical UID and GID as at the faraway server (which should be the case if, for instance, you set up apache on each machines), you could check to create a file as consumer apache with:

sudo -u apache touch /srv/www/test.txt

The command will show no output, which means the record was effectively created.

To verify it list the files inside the /srv/www listing:

ls -la /srv/www


The output ought to show the newly created document:

drwxr-xr-x 3 apache apache 4096 Jun 23 22:18 .
drwxr-xr-x 3 root     root     4096 Jun 23 22:29 ..
-rw-r--r-- 1 apache apache    0 Jun 23 21:58 index.html
-rw-r--r-- 1 apache apache    0 Jun 23 22:18 test.txt


Unmounting NFS File System
If you now not need the faraway NFS proportion, you can unmount it as every other mounted record gadget the use of the umount command. For example, to unmount the /backup percentage you would run:

sudo umount /backups


If the mount point is defined within the /and so forth/fstab file, make sure you eliminate the line or remark it out through adding # at the beginning of the road.

Conclusion
In this academic, we've proven you the way to installation an NFS server and how to mount the faraway file systems on the purchaser machines. If you’re enforcing NFS in production and sharing sensible statistics, it is a superb concept to enable kerberos authentication.

As an opportunity to NFS, you can use SSHFS to mount remote directories over an SSH connection. SSHFS is encrypted by default and lots less difficult to configure and use.

Feel unfastened to go away a comment if you have any questions.



Author Biography.

CrowdforThink
CrowdforThink

CrowdforThink is the leading Indian media platform, known for its end-to-end coverage of the Indian startups through news, reports, technology and inspiring stories of startup founders, entrepreneurs, investors, influencers and analysis of the startup eco-system, mobile app developers and more dedicated to promote the startup ecosystem.

Join Our Newsletter.

Subscribe to CrowdforThink newsletter to get daily update directly deliver into your inbox.

CrowdforJobs is an advanced hiring platform based on artificial intelligence, enabling recruiters to hire top talent effortlessly.

CrowdforJobs

CrowdforApps brings to you the well researched list of the most successful and finest App development companies, Web software developers.

CrowdforApps

CrowdforGeeks is where lifelong learners come to learn the skills they need, to land the jobs they want, to build the lives they deserve.

CrowdforGeeks

CrowdforThink is a leading Indian media and information platform, known for its end-to-end coverage of the Indian startup ecosystem.

CrowdforThink
CFT

News & Blogs

6466cad5f49c2ac3321ab265d6b57cd3.jpg

Best Funny WhatsApp Stickers App of 2020.

WhatsApp App launches its new feature of sending stickers to your friend and family. There a...

e6aa2939636839489176a9c3a2127e77.png

How to Install Google Chrome Web Browser on Deb...

Google Chrome is the most mainstream internet browser on the planet. It is quick, natural, and se...

1f766b172fcbda319e2081df18bafeac.png

Which is best animation software for beginners?

Animation can be brutal. If the lengthy hours of strict attention don’t get to you, then th...

Top Authors

Hey, I am Suraj - a full-time blogger and a social media expert currently working on the Growth H...

Suraj Kumar

Zakariya has recently joined the PakWheels team as a Content Marketing Executive, shortly after g...

Zakariya Usman

Overall 3+ years of experience as a Full Stack Developer with a demonstrated history of working i...

Lokesh Gupta

With good communication and writing skiils, Astha Sharma is a full-time content writer working wi...

Astha Sharma
CFT

Our Client Says

WhatsApp Chat with Our Support Team