Choose a different version or distribution
Introduction
Before we begin talking about how to install NFS Server on Ubuntu 20.04, let's briefly understand – What is NFS Server?
The NFS server, short for Network File System server, is a technology that allows for the sharing of files and resources across a network. It enables multiple computers to access and use files stored on a central server, enhancing collaboration and efficiency. NFS simplifies file management, as users can access files as if they were stored locally on their own computers.
This powerful server-client model facilitates seamless data sharing and improves productivity in various environments, such as businesses and educational institutions. With NFS, users can enjoy secure and fast file access, making it an essential tool for network file sharing.
In this tutorial, we will explain how to set up an NFSv4 Server on Ubuntu 20.04. We will also address a few FAQs on how to install NFS Server on Ubuntu 20.04.
Advantages of NFS Server
- Efficient File Sharing: NFS enables seamless sharing of files and resources across a network, enhancing collaboration and productivity.
- Simplified File Management: Users can access files as if they were stored locally, streamlining file organization and access.
- Centralized Storage: NFS allows for centralized storage on a server, making it easier to manage and backup files.
- Secure Access: NFS provides secure access control, ensuring that only authorized users can access and modify files.
- High Performance: NFS offers fast data transfer speeds, optimizing file access and retrieval across the network.
Prerequisites to Install and Configure an NFS Server on Ubuntu 20.04
Utilizing two computers, one running Ubuntu 20.04 as an NFS server and the other as any other Linux distribution, we will mount the share on the second computer. It should be possible for the server and clients to interact with one another via a private network. Use public IP addresses and set the server firewall such that only trustworthy sources are permitted to send traffic on port 2049.
The following IP addresses identify the devices in this example:
NFS Server IP: 192.168.33.10
NFS Clients IPs: From the 192.168.33.0/24 range
Set Up the NFS Server
The NFS server has to be set up first. We'll build and export the NFS folders, install the required programs, and set up the firewall.
Installing the NFS server
The user-space assistance required to execute the NFS kernel server is provided by the NFS server package. Run: to install the package.
sudo apt update
sudo apt install nfs-kernel-server
NFS services will begin immediately when installation is complete.
NFS version 2 is not enabled in Ubuntu 20.04. Both versions 3 and 4 may be used. By using the cat command
shown below, you may confirm that:
sudo cat /proc/fs/nfsd/versions
Output
-2 +3 +4 +4.1 +4.2
There is no purpose to activate NFSv2 since it is already rather outdated.
The /etc/default/nfs-kernel-server
and /etc/default/nfs-common
files provide configuration information for NFS servers. For the majority of scenarios, the default settings are enough.
Creating the file systems
The exported directories are relative to the global root directory that the NFSv4 server uses. Using bind mounts, you may connect the folders you wish to export to the share mount point.
We'll make the /srv/nfs4
directory the NFS root in this case. We'll share two directories with various configuration options (/var/www and /opt/backups)
in order to further illustrate how NFS mounts may be set up. The user www-data
is the owner of, while the root
is the owner of /opt/backups
.
The root directory and the share mount points should be created first:
sudo mkdir -p /srv/nfs4/backups
sudo mkdir -p /srv/nfs4/www
Bind the directories to the mount points for the shares:
sudo mount --bind /opt/backups /srv/nfs4/backups
sudo mount --bind /var/www /srv/nfs4/www
Open the /etc/fstab
file to make the bind mounts persistent across reboots:
sudo nano /etc/fstab
and add the following lines:
/opt/backups /srv/nfs4/backups none bind 0 0
/var/www /srv/nfs4/www none bind 0 0
Exporting the file systems
The /etc/exports
file must then be updated to include the file systems that will be exported, as well as the clients authorized to access those shares.
An exported file system has the following line format for each line:
export host(options)
Where host
is a hostname or IP address/range
that may access the export
, options
are the host options, and export is the exported directory.
Add the following lines to the /etc/exports
file:
sudo nano /etc/exports
/srv/nfs4 192.168.33.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 192.168.33.0/24(ro,sync,no_subtree_check) 192.168.33.3(rw,sync,no_subtree_check)
/srv/nfs4/www 192.168.33.20(rw,sync,no_subtree_check)
The fsid=0
option on the first line specifies the location of the NFS root directory (/srv/nfs4)
. The only clients with access to this NFS volume are those from the 192.168.33.0/24
network. To share directories that are children of an exported directory, use the crossmnt
option.
For one filesystem, several export rules may be specified on the second line. Only the IP address 192.168.33.3
is authorized for reading access, while the whole 192.168.33.0/24
range is allowed for writing access. NFS is instructed to write updates to the disc before responding via the sync
option.
The last sentence needs no explanation. Enter man exports
in your terminal to learn more about all the choices available.
Export the shares and save the file:
sudo exportfs -ar
Every time you make changes to the /etc/exports
file, you must perform the aforementioned command. Any errors or warnings will be shown on the terminal if any exist.
Use the following command to display the list of active exports currently in progress.
sudo exportfs -v
All shares with their options will be included in the output. As you can see, the /etc/exports
file also contains options that we haven't defined. These are the default settings, so you must specifically specify them if you wish to modify them.
Output
/srv/nfs4/backups
192.168.33.3(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/www 192.168.33.20(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4 192.168.33.0/24(rw,wdelay,crossmnt,root_squash,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups
192.168.33.0/24(ro,wdelay,root_squash,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
Root_Squash
is enabled by default on Ubuntu. One of the most significant choices for NFS security is this one. Mapping root UID
and GID
to nobody/nogroup
UID and GID prohibit root users connected to the clients from having root access to the mounted shares.
NFS needs the user and group IDs on the client to match those on the server for the users on the client computers to gain access. Utilizing the NFSv4 ID mapping function, which converts user and group IDs to names and vice versa, is an additional choice.
You have now configured an NFS server on your Ubuntu server. The next step is to set up the clients and establish a connection to the NFS server.
Firewall configuration
You must allow access to the NFS port if you're installing Jenkins on a remote Ubuntu server that is protected by a firewall:
sudo ufw allow from 192.168.33.0/24 to any port nfs
Verify the change:
sudo ufw status
The output should show that the traffic in the port 2049
is allowed:
Output
To Action From
-- ------ ----
2049 ALLOW 192.168.33.0/24
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Set Up the NFS Clients
The next step is to set up the clients and mounts the remote file systems once the NFS server has been set up and shares have been exported.
We'll concentrate on Linux systems, although Windows and macOS computers can also mount the NFS share.
Installing the NFS client
We simply need to install the tools necessary to mount a remote NFS file system on the client computers.
Install NFS client on Debian and Ubuntu
On Debian-based distributions, the utilities for mounting NFS file systems are contained in a package called nfs-common
. Run: to install it.
sudo apt update
sudo apt install nfs-common
Install NFS client on CentOS and Fedora
The nfs-utils
package should be installed on Red Hat and its derivatives:
sudo yum install nfs-utils
Mounting file systems
The client computer with IP 192.168.33.20
will be used for this task. It has read and write access to the /srv/nfs4/www
file system and read-only access to the /srv/nfs4/backups
file system.
New folders should be created for the mount points:
sudo mkdir -p /backups
sudo mkdir -p /srv/www
The folders may be created anywhere you choose.
The mount command should be used to mount the exported file systems:
sudo mount -t nfs -o vers=4 192.168.33.10:/backups /backups
sudo mount -t nfs -o vers=4 192.168.33.10:/www /srv/www
Where 192.168.33.10
is the IP of the NFS server. The hostname can also be used in place of the IP address, but the client system must be able to resolve it. This is usually done by mapping the hostname to the IP in the /etc/hosts file.
When mounting an NFSv4 filesystem, omit the NFS root directory. Use /backups
, instead of /srv/nfs4/backups
.
Verify that the remote file systems are mounted successfully using either the mount or df
command:
df -h
All mounted file systems will be printed by the command. The mounted shares are shown in the last two lines:
Filesystem Size Used Avail Use% Mounted on
udev 951M 0 951M 0% /dev
tmpfs 199M 676K 199M 1% /run
/dev/sda3 124G 2.8G 115G 3% /
tmpfs 994M 0 994M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 456M 197M 226M 47% /boot
tmpfs 199M 0 199M 0% /run/user/1000
192.168.33.10:/backups 124G 2.8G 115G 3% /backups
192.168.33.10:/www 124G 2.8G 115G 3% /srv/www
When rebooting, enter the /etc/fstab
file and add the following lines to make the mounts permanent:
sudo nano /etc/fstab
192.168.33.10:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev 0 0
192.168.33.10:/www /srv/www nfs defaults,timeo=900,retrans=5,_netdev 0 0
Type man nfs
in your terminal to learn more about the options available when mounting an NFS file system.
Creating a system unit or using the autofs
utility are further options for mounting remote file systems.
Testing NFS Access
Let's create a new file on each of the shares to check the access to them.
First, try using the touch
command to add a test file to the /backups
directory:
sudo touch /backups/test.txt
You will notice a Permission refused
error message because the /backup
file system is exported as read-only:
Output
touch: cannot touch ‘/backups/test’: Permission denied
Next, try using the Sudo
command to add a test file as root to the /srv/www
directory:
sudo touch /srv/www/test.txt
Again, you will see Permission denied
message.
Output
touch: cannot touch ‘/srv/www’: Permission denied
If you remember, the www-data
user is the owner of the /var/www
directory. The root user is mapped to the nobody
user and nogroup
group, who do not have write access to the remote share, thanks to root_squash
an option being set on this share.
If you have a www-data user on the client computer with the same UID and GID as on the distant server, you can try to create a file as that user (which should be the case if, for example, you installed nginx on both machines).
sudo -u www-data touch /srv/www/test.txt
There won't be any output from the command, indicating that the file was successfully created.
List the files in the /srv/www
directory to confirm it:
ls -la /srv/www
The recently generated file should appear in the output:
Output
drwxr-xr-x 3 www-data www-data 4096 Apr 10 22:18 .
drwxr-xr-x 3 root root 4096 Apr 10 22:29 ..
-rw-r--r-- 1 www-data www-data 0 Apr 10 21:58 index.html
-rw-r--r-- 1 www-data www-data 0 Apr 10 22:18 test.txt
Unmounting NFS File System
If the remote NFS share is no longer required, you may unmount it using the umount
the command just like any other mounted file system.
For instance, you might run the following command to unmount the /backup
share.
sudo umount /backups
Be careful to delete the line or comment it out by adding #
at the beginning of the line if the mount point is specified in the /etc/fstab
file.
FAQs to Install and Configure an NFS Server on Ubuntu 20.04
How do I start or restart the NFS server on Ubuntu 20.04?
To start or restart the NFS server on Ubuntu 20.04, you can use the command: sudo systemctl start nfs-kernel-server
or sudo systemctl restart nfs-kernel-server
.
How do I add a new NFS share on Ubuntu 20.04?
To add a new NFS share, edit the /etc/exports
file and add a new line specifying the directory you want to share and the client IP address or subnet allowed to access it. Then, restart the NFS server.
How do I mount an NFS share on a client machine?
On the client machine, use the command: sudo mount server_ip:/shared_directory /local_mount_point
to mount the NFS share from the server.
How do I set permissions for NFS shares on Ubuntu 20.04?
Permissions for NFS shares are controlled by the file system permissions on the server. Ensure appropriate permissions are set for the shared directories and files to control access.
How can I troubleshoot NFS server issues on Ubuntu 20.04?
Check the NFS server logs using the command: sudo journalctl -u nfs-kernel-server
to identify any errors. Verify network connectivity and ensure the correct configuration of the NFS server.
How do I secure my NFS server on Ubuntu 20.04?
Secure your NFS server by specifying only trusted client IP addresses in the /etc/exports
file and using firewall rules to limit access. Additionally, consider enabling NFSv4 with secure options.
Can I use NFSv4 on Ubuntu 20.04?
Yes, Ubuntu 20.04 supports NFSv4. You can configure NFSv4 by editing the /etc/default/nfs-kernel-server
file and setting the RPCNFSDOPTS
parameter to include appropriate security options.
Conclusion
We have shown how to configure an NFS server and mount remote file systems on client computers. Enabling Kerberos authentication is a good idea if you're using NFS in production and exchanging sensitive data.
SSHFS may be used to mount remote folders through an SSH connection as an alternative to NFS. SSHFS is significantly simpler to set up and use because it is encrypted by default.
If you have any queries, please leave a comment below, and we’ll be happy to respond to them.