The Network File System (NFS) protocol enables remote access to filesystems over a network connection. It is based on a client-server architecture, allowing a centralized server to share files with other computers. A client can attach those exported shares in their own file system to access it conveniently, as they will be located on a local storage. While Samba and AFP are more common distributed filesystems on Windows and OS X, NFS is now the de-facto standard and a key element of any Linux server system. Here in this recipe, we will show you how easy it is to set up an NFS server for file sharing over the network.
To complete this recipe, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to facilitate the download of additional packages. It is expected that your NFS server and all the clients will be able to ping each other and are connected to each other by a static IP address (see the recipe, Building a static network connection, in Chapter 2, Configuring the System). In our example, the NFS server is running with IP 192.168.1.10
and two clients with the IPs 192.168.1.11
and 192.168.1.12
and the network's domain name example.com
.
In this particular section, we are going to learn how to install and configure the NFS server, and create and export a share on a client.
NFSv4 is not installed by default, and for this reason we will begin by downloading and installing the required packages:
root
on the server that you want to run the NFS daemon on and type the following command in order to install the required packages:yum install nfs-utils
/etc/hosts
file:echo "192.168.1.10 myServer.example.com" >> /etc/hosts echo "192.168.1.11 myClient1.example.com" >> /etc/hosts echo "192.168.1.12 myClient2.example.com" >> /etc/hosts
/etc/idmapd.conf
file and put in the base domain name (not the full domain name) of your NFS server; search for the line that reads #Domain = local.domain.edu
, and replace it with the following:Domain = example.com
for s in {nfs,mountd,rpc-bind}; do firewall-cmd --permanent --add-service $s; done; firewall-cmd --reload
systemctl start rpcbind nfs-server systemctl enable rpcbind nfs-server systemctl status nfs-server
Now that our NFS server is configured and up-and-running, it's time to create some file shares that we can export to our clients:
mkdir /srv/nfs-data
groupadd -g 50000 nfs-share;chown root:nfs-share /srv -R;chmod 775 /srv -R
vi /etc/exports
/srv/nfs-data *(ro) 192.168.1.11(rw) 192.168.1.12(rw) /home *.example.com(rw)
/etc/exports
using the following:exportfs -ra
On CentOS 7, you can install version 4 of the NFS, which has some enhancements over former versions, such as more flexible authentication options and being fully backward compatible with older NFS versions. Here, we showed you how easy it is to install and configure the NFS server and create some shared exports for our clients to use.
So, what did we learn from this experience?
We started this recipe by installing the nfs-utils
package, since the NFS server functionality is not available on CentOS 7 by default. Next, we configured our server's domain name using the /etc/hosts
file, as in our example, no DNS server of our own has been configured. If you have set up a DNS server, you should follow a similar domain name schema as shown here, because this is very important for NFSv4 to work, as all clients and the server should be in the same base domain. In our example, we specified that they are all sub-domains of example.com: myClient1.example.com
, myClient2.example.com
, and myServer.example.com
. This is a means of securing the sharing of data, as the NFS server will only allow access to files from a client to a server if the domain names match (in our example, both server and client are part of the example.com
domain). Next, we put this base domain in the idmapd.conf
file, which takes care of mapping user names and group IDs to NFSv4 IDs. Afterwards, we enabled the nfs
, mountd
, and rpc-bind
firewalld services in our firewalld instance, which are all needed for full support and communication between our clients and server. To finish our base configuration, we started the rpcbind
and NFS servers and enabled them on boot.
After the NFS server was successfully set up, we added some export to it, to actually allow clients to access some shared folders from the server. Therefore, we created a special directory in the filesystem, which will keep all our shared files. We associated this sharing folder, /srv/nfs-data
, with a new group, nfs-share
, and gave it read/write/execute permissions. For practical reasons we will control Linux file permissions for our export on a group level. The name is unimportant but its group identifier (GID) has to be set to a static value (for example, 50000
). This new GID must be the same on the server as well as on every client for every user who wants to have write permissions because NFS transfers any access permissions between server and client on a user (UID) or GID level over the network. The whole sharing magic then happens in the /etc/exports
file. It contains a table; in it you specify all the important information about your shared folders and their access securities for the clients. Every line in this file is equivalent to one shared folder in your system, and a whitespaced list of all the hosts allowed to access them together with their accessing options in brackets. As you can see, there are different possibilities to define your target clients using IP addresses or hostnames. For hostnames, you can use wildcards such as *
and ?
to keep the file more compact and allow for multiple machines at once, but you can also define export options for each single host name. Explaining all the options is outside the scope of this book; if you need more help, read the exports manual, which can be found using man exports
.
For example, the line, /srv/nfs-data *(ro) 192.168.1.11(rw) 192.168.1.12(rw)
, defines that we want to export the content of the folder /srv/nfs-data
to all hostnames (because of the *
symbol); read-only (ro
) means that every client can read the content of the folder but not write in it. For clients with the IP address 192.168.1
, ending with 11
and 12,
we allow reading and writing (rw
). The second line defines that we are exporting the /home
directory to all clients in the subdomain of *.example.com
with read/write capacity. Whenever you make a change to the /etc/exports
file, run the exportfs -r
command to apply your changes to the NFS server.
Finally, we can say that NFSv4 in CentOS 7 is very easy to set up and start. It's the perfect solution for sharing files between Linux systems, or for centralized home directories.