How to Install and Configure an NFS Server on Ubuntu 20.04

Introduction

Before we begin talking about how to install NFS Server on Ubuntu 20.04, let's briefly understand – What is NFS Server?

The NFS server, short for Network File System server, is a technology that allows for the sharing of files and resources across a network. It enables multiple computers to access and use files stored on a central server, enhancing collaboration and efficiency. NFS simplifies file management, as users can access files as if they were stored locally on their own computers.

This powerful server-client model facilitates seamless data sharing and improves productivity in various environments, such as businesses and educational institutions. With NFS, users can enjoy secure and fast file access, making it an essential tool for network file sharing.

In this tutorial, we will explain how to set up an NFSv4 Server on Ubuntu 20.04. We will also address a few FAQs on how to install NFS Server on Ubuntu 20.04.

Advantages of NFS Server

1. Efficient File Sharing: NFS enables seamless sharing of files and resources across a network, enhancing collaboration and productivity.
2. Simplified File Management: Users can access files as if they were stored locally, streamlining file organization and access.
3. Centralized Storage: NFS allows for centralized storage on a server, making it easier to manage and backup files.
4. Secure Access: NFS provides secure access control, ensuring that only authorized users can access and modify files.
5. High Performance: NFS offers fast data transfer speeds, optimizing file access and retrieval across the network.

Prerequisites to Install and Configure an NFS Server on Ubuntu 20.04

Utilizing two computers, one running Ubuntu 20.04 as an NFS server and the other as any other Linux distribution, we will mount the share on the second computer. It should be possible for the server and clients to interact with one another via a private network. Use public IP addresses and set the server firewall such that only trustworthy sources are permitted to send traffic on port 2049.

The following IP addresses identify the devices in this example:

NFS Server IP: 192.168.33.10
NFS Clients IPs: From the 192.168.33.0/24 range

Set Up the NFS Server

The NFS server has to be set up first. We'll build and export the NFS folders, install the required programs, and set up the firewall.

Installing the NFS server

The user-space assistance required to execute the NFS kernel server is provided by the NFS server package. Run: to install the package.

sudo apt update
sudo apt install nfs-kernel-server

NFS services will begin immediately when installation is complete.

NFS version 2 is not enabled in Ubuntu 20.04. Both versions 3 and 4 may be used. By using the cat command shown below, you may confirm that:

sudo cat /proc/fs/nfsd/versions

Output

-2 +3 +4 +4.1 +4.2

There is no purpose to activate NFSv2 since it is already rather outdated.

The /etc/default/nfs-kernel-server and /etc/default/nfs-common files provide configuration information for NFS servers. For the majority of scenarios, the default settings are enough.

Creating the file systems

The exported directories are relative to the global root directory that the NFSv4 server uses. Using bind mounts, you may connect the folders you wish to export to the share mount point.

We'll make the /srv/nfs4 directory the NFS root in this case. We'll share two directories with various configuration options (/var/www and /opt/backups) in order to further illustrate how NFS mounts may be set up. The user www-data is the owner of, while the root is the owner of /opt/backups.

The root directory and the share mount points should be created first:

sudo mkdir -p /srv/nfs4/backups
sudo mkdir -p /srv/nfs4/www

Bind the directories to the mount points for the shares:

sudo mount --bind /opt/backups /srv/nfs4/backups
sudo mount --bind /var/www /srv/nfs4/www

Open the /etc/fstab file to make the bind mounts persistent across reboots:

sudo nano /etc/fstab

and add the following lines:

/opt/backups /srv/nfs4/backups  none   bind   0   0
/var/www     /srv/nfs4/www      none   bind   0   0

Exporting the file systems

The /etc/exports file must then be updated to include the file systems that will be exported, as well as the clients authorized to access those shares.

An exported file system has the following line format for each line:

export host(options)

Where host is a hostname or IP address/range that may access the export, options are the host options, and export is the exported directory.

Add the following lines to the /etc/exports file:

sudo nano /etc/exports

/srv/nfs4         192.168.33.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 192.168.33.0/24(ro,sync,no_subtree_check) 192.168.33.3(rw,sync,no_subtree_check)
/srv/nfs4/www     192.168.33.20(rw,sync,no_subtree_check)

The fsid=0 option on the first line specifies the location of the NFS root directory (/srv/nfs4). The only clients with access to this NFS volume are those from the 192.168.33.0/24 network. To share directories that are children of an exported directory, use the crossmnt option.

For one filesystem, several export rules may be specified on the second line. Only the IP address 192.168.33.3 is authorized for reading access, while the whole 192.168.33.0/24 range is allowed for writing access. NFS is instructed to write updates to the disc before responding via the sync option.

The last sentence needs no explanation. Enter man exports in your terminal to learn more about all the choices available.

Export the shares and save the file:

sudo exportfs -ar

Every time you make changes to the /etc/exports file, you must perform the aforementioned command. Any errors or warnings will be shown on the terminal if any exist.

Use the following command to display the list of active exports currently in progress.

sudo exportfs -v

All shares with their options will be included in the output. As you can see, the /etc/exports file also contains options that we haven't defined. These are the default settings, so you must specifically specify them if you wish to modify them.

Output

/srv/nfs4/backups
		192.168.33.3(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/www 	192.168.33.20(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4     	192.168.33.0/24(rw,wdelay,crossmnt,root_squash,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups
		192.168.33.0/24(ro,wdelay,root_squash,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)

Root_Squash is enabled by default on Ubuntu. One of the most significant choices for NFS security is this one. Mapping root UID and GID to nobody/nogroup UID and GID prohibit root users connected to the clients from having root access to the mounted shares.

NFS needs the user and group IDs on the client to match those on the server for the users on the client computers to gain access. Utilizing the NFSv4 ID mapping function, which converts user and group IDs to names and vice versa, is an additional choice.

You have now configured an NFS server on your Ubuntu server. The next step is to set up the clients and establish a connection to the NFS server.

Firewall configuration

You must allow access to the NFS port if you're installing Jenkins on a remote Ubuntu server that is protected by a firewall:

sudo ufw allow from 192.168.33.0/24 to any port nfs

Verify the change:

sudo ufw status

The output should show that the traffic in the port 2049 is allowed:

Output

To                         Action      From
--                         ------      ----
2049                       ALLOW       192.168.33.0/24           
22/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)  

Set Up the NFS Clients

The next step is to set up the clients and mounts the remote file systems once the NFS server has been set up and shares have been exported.

We'll concentrate on Linux systems, although Windows and macOS computers can also mount the NFS share.

Installing the NFS client

We simply need to install the tools necessary to mount a remote NFS file system on the client computers.

Install NFS client on Debian and Ubuntu

On Debian-based distributions, the utilities for mounting NFS file systems are contained in a package called nfs-common. Run: to install it.

sudo apt update
sudo apt install nfs-common

Install NFS client on CentOS and Fedora

The nfs-utils package should be installed on Red Hat and its derivatives:

sudo yum install nfs-utils

Mounting file systems

The client computer with IP 192.168.33.20 will be used for this task. It has read and write access to the /srv/nfs4/www file system and read-only access to the /srv/nfs4/backups file system.

New folders should be created for the mount points:

sudo mkdir -p /backups
sudo mkdir -p /srv/www

The folders may be created anywhere you choose.

The mount command should be used to mount the exported file systems:

sudo mount -t nfs -o vers=4 192.168.33.10:/backups /backups
sudo mount -t nfs -o vers=4 192.168.33.10:/www /srv/www

Where 192.168.33.10 is the IP of the NFS server. The hostname can also be used in place of the IP address, but the client system must be able to resolve it. This is usually done by mapping the hostname to the IP in the /etc/hosts file.

When mounting an NFSv4 filesystem, omit the NFS root directory. Use /backups, instead of /srv/nfs4/backups.

Verify that the remote file systems are mounted successfully using either the mount or df command:

df -h

All mounted file systems will be printed by the command. The mounted shares are shown in the last two lines:

Filesystem              Size  Used Avail Use% Mounted on
udev                    951M     0  951M   0% /dev
tmpfs                   199M  676K  199M   1% /run
/dev/sda3               124G  2.8G  115G   3% /
tmpfs                   994M     0  994M   0% /dev/shm
tmpfs                   5.0M     0  5.0M   0% /run/lock
tmpfs                   994M     0  994M   0% /sys/fs/cgroup
/dev/sda1               456M  197M  226M  47% /boot
tmpfs                   199M     0  199M   0% /run/user/1000
192.168.33.10:/backups  124G  2.8G  115G   3% /backups
192.168.33.10:/www      124G  2.8G  115G   3% /srv/www

When rebooting, enter the /etc/fstab file and add the following lines to make the mounts permanent:

sudo nano /etc/fstab

192.168.33.10:/backups /backups   nfs   defaults,timeo=900,retrans=5,_netdev	0 0
192.168.33.10:/www /srv/www       nfs   defaults,timeo=900,retrans=5,_netdev	0 0

Type man nfs in your terminal to learn more about the options available when mounting an NFS file system.

Creating a system unit or using the autofs utility are further options for mounting remote file systems.

Testing NFS Access

Let's create a new file on each of the shares to check the access to them.

First, try using the touch command to add a test file to the /backups directory:

sudo touch /backups/test.txt

You will notice a Permission refused error message because the /backup file system is exported as read-only:

Output

touch: cannot touch ‘/backups/test’: Permission denied

Next, try using the Sudo command to add a test file as root to the /srv/www directory:

sudo touch /srv/www/test.txt

Again, you will see Permission denied message.

Output

touch: cannot touch ‘/srv/www’: Permission denied

If you remember, the www-data user is the owner of the /var/www directory. The root user is mapped to the nobody user and nogroup group, who do not have write access to the remote share, thanks to root_squash an option being set on this share.

If you have a www-data user on the client computer with the same UID and GID as on the distant server, you can try to create a file as that user (which should be the case if, for example, you installed nginx on both machines).

sudo -u www-data touch /srv/www/test.txt

There won't be any output from the command, indicating that the file was successfully created.

List the files in the /srv/www directory to confirm it:

ls -la /srv/www

The recently generated file should appear in the output:

Output

drwxr-xr-x 3 www-data www-data 4096 Apr 10 22:18 .
drwxr-xr-x 3 root     root     4096 Apr 10 22:29 ..
-rw-r--r-- 1 www-data www-data    0 Apr 10 21:58 index.html
-rw-r--r-- 1 www-data www-data    0 Apr 10 22:18 test.txt

Unmounting NFS File System

If the remote NFS share is no longer required, you may unmount it using the umount the command just like any other mounted file system.

For instance, you might run the following command to unmount the /backup share.

sudo umount /backups

Be careful to delete the line or comment it out by adding # at the beginning of the line if the mount point is specified in the /etc/fstab file.

FAQs to Install and Configure an NFS Server on Ubuntu 20.04

Conclusion

We have shown how to configure an NFS server and mount remote file systems on client computers. Enabling Kerberos authentication is a good idea if you're using NFS in production and exchanging sensitive data.

SSHFS may be used to mount remote folders through an SSH connection as an alternative to NFS. SSHFS is significantly simpler to set up and use because it is encrypted by default.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them.