The Network File System (NFS) protocol enables remote access to filesystems over a network connection. It is based on a client-server architecture, allowing a centralized server to share files with other computers. A client can attach those exported shares in their own file system to access it conveniently, as they will be located on local storage. While Samba and AFP are more common distributed filesystems on Windows and OS X, NFS is now the de-facto standard and a key element of any Linux server system. Here in this process, we will show you how easy it is to set up an NFS server for file sharing over the network.
To Start With: What Do You Need?
To complete this process, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to facilitate the download of additional packages. It is expected that your NFS server and all the clients will be able to ping each other and are connected to each other by a static IP address (see the process, Building a static network connection, in Configuring the System). In our example, the NFS server is running with IP 192.168.1.10 and two clients with the IPs 192.168.1.11 and 192.168.1.12 and the network’s domain name example.com.
The Process
In this particular section, we are going to learn how to install and configure the NFS server and create and export a share on a client.
Installing and configuring the NFS server
NFSv4 is not installed by default, and for this reason, we will begin by downloading and installing the required packages:
- To do this, log in as root on the server that you want to run the NFS daemon on and type the following command in order to install the required packages:
yum install nfs-utils
- For NFSv4 to work, we need the same base domain for all clients and the NFS server. So, let’s define sub-domain names for our NFS server and the clients, if you haven’t set up a domain name using DNS, we will set up a new hostname for our computers in the /etc/hosts file:
echo "192.168.1.10 myServer.example.com" >> /etc/hosts
echo "192.168.1.11 myClient1.example.com" >> /etc/hosts
echo "192.168.1.12 myClient2.example.com" >> /etc/hosts - Now, open the /etc/idmapd.conf file and put in the base domain name (not the full domain name) of your NFS server; search for the line that reads #Domain = local.domain.edu, and replace it with the following:
Domain = example.com
- Next, we need to open some firewall ports for the server to have proper NFS access:
for s in {nfs,mountd,rpc-bind}; do firewall-cmd --permanent --addservice $s; done; firewall-cmd --reload
- Finally, let’s start the NFS server service and enable it on reboot:
systemctl start rpcbind nfs-server systemctl enable rpcbind nfs-server systemctl status nfs-server
Creating an export share
Now that our NFS server is configured and up-and-running, it’s time to create some file shares that we can export to our clients:
- First, let’s create a folder for our shares and change its permissions:
mkdir /srv/nfs-data
- Create a new group with a specific GID and associate it with the export, and then change permissions:
groupadd -g 50000 nfs-share;chown root:nfs-share /srv -R;chmod 775 /srv -R
- Open the following file:
vi /etc/exports
- Now, enter the following text, but be very focussed while typing:
/srv/nfs-data *(ro) 192.168.1.11(rw) 192.168.1.12(rw) /home *.example.com(rw)
- Save and close the file, then re-export all entries from /etc/exports using the following:
exportfs -ra
How Does It Work?
On CentOS 7, you can install version 4 of the NFS, which has some enhancements over former versions, such as more flexible authentication options and being fully backward compatible with older NFS versions. Here, we showed you how easy it is to install and configure the NFS server and create some shared exports for our clients to use.
So, what did we learn from this experience?
We started this process by installing the nfs-utils package, since the NFS server functionality is not available on CentOS 7 by default. Next, we configured our server’s domain name using the /etc/hosts file, as in our example, no DNS server of our own has been configured. If you have set up a DNS server, you should follow a similar domain name schema as shown here, because this is very important for NFSv4 to work, as all clients and the server should be in the same base domain. In our example, we specified that they are all sub-domains of example.com: myClient1.example.com, myClient2.example.com, and myServer.example.com. This is a means of securing the sharing of data, as the NFS server will only allow access to files from a client to a server if the domain names match (in our example, both server and client are part of the example.com domain). Next, we put this base domain in the idmapd.conf file, which takes care of mapping user names and group IDs to NFSv4 IDs. Afterwards, we enabled the nfs, mountd, and rpc-bind firewalld services in our firewalld instance, which are all needed for full support and communication between our clients and server. To finish our base configuration, we started the rpcbind and NFS servers and enabled them on boot.
After the NFS server was successfully set up, we added some export to it, to actually allow clients to access some shared folders from the server. Therefore, we created a special directory in the filesystem, which will keep all our shared files. We associated this sharing folder, /srv/nfs-data, with a new group, nfs-share, and gave it read/write/execute permissions. For practical reasons, we will control Linux file permissions for our export on a group level. The name is unimportant but its group identifier (GID) has to be set to a static value (for example, 50000). This new GID must be the same on the server as well as on every client for every user who wants to have write permissions because NFS transfers any access permissions between server and client on a user (UID) or GID level over the network. The whole sharing magic then happens in the /etc/exports file. It contains a table; in it you specify all the important information about your shared folders and their access securities for the clients. Every line in this file is equivalent to one shared folder in your system, and a whitespaced list of all the hosts allowed to access them together with their accessing options in brackets. As you can see, there are different possibilities to define your target clients using IP addresses or hostnames. For hostnames, you can use wildcards such as * and ? to keep the file more compact and allow for multiple machines at once, but you can also define export options for each single host name. Explaining all the options is outside the scope of this book; if you need more help, read the exports manual, which can be found using man exports.
For example, the line, /srv/nfs-data *(ro) 192.168.1.11(rw) 192.168.1.12(rw),
defines that we want to export the content of the folder /srv/nfs-data to all hostnames (because of the * symbol); read-only (ro) means that every client can read the content of the folder but not write in it. For clients with the IP address 192.168.1, ending with 11 and 12, we allow reading and writing (rw). The second line defines that we are exporting the /home directory to all clients in the subdomain of *.example.com with read/write capacity. Whenever you make a change to the /etc/exports file, run the exportfs -r command to apply your changes to the NFS server.
Finally, we can say that NFSv4 in CentOS 7 is very easy to set up and start. It’s the perfect solution for sharing files between Linux systems, or for centralized home directories.