Choose a different version or distribution
Introduction
Before we begin talking about how to install and configure an NFS Server on Ubuntu 18.04, let's briefly understand – What is NFS Server?
To facilitate the sharing of distant directories across a network, Network File System (NFS) was developed as a distributed file system protocol. You can "mount" remote directories on your system and read their contents as if they were local using Network File System (NFS). The NFS protocol, unlike Samba, does not automatically encrypt data and does not support user authentication.
In this tutorial, you will install and configure an NFS Server on Ubuntu 18.04. We will also address a few FAQs on how to install and configure an NFS Server on Ubuntu 18.04.
Advantages of NFS Server
- Efficient file sharing: NFS Server allows for seamless sharing of files and directories over a network.
- Simplified administration: It simplifies file management and access control, making it easier for administrators to manage resources.
- High performance: NFS Server offers fast data access and transfer speeds, optimizing file sharing in a network environment.
- Transparent remote access: It allows remote access to files as if they were stored locally, enabling easy collaboration among users.
- Scalability and flexibility: NFS Server supports scalable deployments, making it suitable for small offices and large enterprise networks with diverse needs.
Prerequisites
An Ubuntu 18.04 server and a server running another Linux distribution are assumed in this example. Clients and servers must be able to talk to one other over an encrypted connection. If your hosting company does not supply private IP addresses, you may still utilize the public IPs and restrict access to the port 2049 to just trusted clients by adjusting the firewall settings.
These computers' IP addresses are:
NFS Server IP: 192.168.33.10
NFS Clients IPs: From the 192.168.33.0/24 range
Set Up the NFS Server
Installing and configuring the NFS server will be our first step.
Installing the NFS server
Install the NFS server package and update the package index:
sudo apt update
sudo apt install nfs-kernel-server
After setup is complete, NFS services will immediately begin operating.
Ubuntu 18.04 does not let NFS version 2 be enabled by default. Both v3 and v4 support is turned on. You may use the following cat command to check if it works:
sudo cat /proc/fs/nfsd/versions
Output
-2 +3 +4 +4.1 +4.2
There's no use in enabling NFSv2, which is very outdated at this point.
In /etc/default/nfs-kernel-server and /etc/default/nfs-common, NFS server configuration settings are stored. In this situation, the defaults are OK.
Creating the file systems
When setting up an NFSv4 server, it's recommended to bind mount the real directories to the share mount point and utilize a global NFS root directory. The /srv/nfs4 directory will serve as the root of the NFS file system in this example.
To further illustrate how the NFS mounts may be configured, we will share two folders (/var/www and /opt/backups), each with its own unique set of configuration options.
Utilize the mkdir command to create the export file system:
sudo mkdir -p /srv/nfs4/backups
sudo mkdir -p /srv/nfs4/www
Install the relevant directories:
sudo mount --bind /opt/backups /srv/nfs4/backups
sudo mount --bind /var/www /srv/nfs4/www
Open the /etc/fstab file to permanently set the bind mounts:
sudo nano /etc/fstab
and add the following lines:
/opt/backups /srv/nfs4/backups none bind 0 0
/var/www /srv/nfs4/www none bind 0 0
Exporting the file systems
The next step is to specify the file systems to be exported, the sharing options to be used, and the clients that will have access to those file systems through the NFS server. You may accomplish this by editing the /etc/exports file:
sudo nano /etc/exports
/etc/exports file.This requires us to export the www and backups folders and restrict access to the 192.168.33.0/24 subnet.
/srv/nfs4 192.168.33.0/24(rw,sync,no_subtree_check,crossmnt,fsid=0)
/srv/nfs4/backups 192.168.33.0/24(ro,sync,no_subtree_check) 192.168.33.3(rw,sync,no_subtree_check)
/srv/nfs4/www 192.168.33.110(rw,sync,no_subtree_check)
In the first line, we have fsid=0, which indicates that /srv/nfs4 is the root of the NFS file system. Only hosts in the 192.168.33.0/24 network are authorized to access this NFS share. Subdirectories inside an exported directory cannot be shared without the crossmnt option.
Multiple export rules may be specified for a single file system, as seen in the second line. The whole 192.168.33.0/24 subnet is restricted to read-only access, but the 192.168.33.3 subnet is accessible for both reading and writing. The export exposes the /srv/nfs4/backups directory. When the sync option is used, NFS is instructed to save any modifications to the disc before responding.
It's assumed that the last sentence requires no explanation. To learn more about the exporting choices, you may enter man exports into the terminal.
Save the file and export the shares:
sudo exportfs -ra
You need to run the command above each time you alter the /etc/exports file. If there are any faults or warnings, they will be presented on the terminal.
To see the current active exports and their status, use:
sudo exportfs -v
Each share and its associated choices will be included in the final product. You can see that there are choices available that we haven't made any explicit definitions for in /etc/exports. You must explicitly specify the alternatives if you wish to modify the defaults.
Output
/srv/nfs4/backups
192.168.33.3(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/www 192.168.33.110(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4 192.168.33.0/24(rw,wdelay,crossmnt,root_squash,no_subtree_check,fsid=0,sec=sys,rw,secure,root_squash,no_all_squash)
/srv/nfs4/backups
192.168.33.0/24(ro,wdelay,root_squash,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
root_squash is enabled by default on Ubuntu. This is a critical consideration for any NFS storage solution. It stops clients' root users from being able to access mounted shares with root rights. The root UID and GID will be assigned the nobody/nogroup identities.
NFS requires consistency between the user and group IDs on the server and the clients for proper authentication and permissions. NFSv4's id mapping capability may also be used to map user and group IDs to names and vice versa.
Now that you have an NFS server up and running on your Ubuntu server, you may share files across computers. Connecting clients to the NFS server is the next step, after which you may proceed to step 2.
Firewall configuration
If your network has a firewall, a rule must be added to allow communication over the NFS port.
The following command must be executed if the 192.168.33.0/24 subnet is to be accessible via the firewall managed by UFW:
sudo ufw allow from 192.168.33.0/24 to any port nfs
To verify the change run:
sudo ufw status
The result should indicate that traffic in the port 2049 is legitimate:
Output
To Action From
-- ------ ----
2049 ALLOW 192.168.33.0/24
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Set Up the NFS Clients
Clients must be configured before remote file systems may be mounted, but that can wait until the NFS server is ready and shares have been exported.
Although this tutorial will concentrate on Linux, the NFS share may be mounted on macOS and Windows computers as well.
Installing the NFS client
We simply need to install the tools necessary to mount a remote NFS file system on the client computers.
- Install NFS client on Debian and Ubuntu
NFS-common is the name of the package that contains the tools needed to mount NFS file systems on Debian-based distributions. Run the following command to install it.
sudo apt update
sudo apt install nfs-common
- Install NFS client on CentOS and Fedora
The nfs-utils package should be installed on Red Hat and its derivatives:
sudo yum install nfs-utils
Mounting file systems
The client computer with IP 192.168.33.110 will be used for this task. It has read and write access to the /srv/nfs4/www file system and read-only access to the /srv/nfs4/backups file system.
For the mount points, create two new folders. These folders may be created anywhere you choose.
sudo mkdir -p /backups
sudo mkdir -p /srv/www
The mount command should be used to mount the exported file systems:
sudo mount -t nfs -o vers=4 192.168.33.10:/backups /backups
sudo mount -t nfs -o vers=4 192.168.33.10:/www /srv/www
The NFS server at 192.168.33.10 is accessible from the network. The hostname can also be used in place of the IP address, but the client system must be able to resolve it. This is usually done by mapping the hostname to the IP address in the /etc/hosts file.
When mounting the NFSv4 file system, you need to delete the NFS root directory, so instead of /srv/nfs4/backups you need to use /backups.
Verify that the remote file systems have been mounted successfully with the mount or df command:
df -h
All mounted file systems will be printed by the command. The mounted shares are shown in the last two lines:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 38G 1.7G 36G 5% /
devtmpfs 236M 0 236M 0% /dev
tmpfs 244M 0 244M 0% /dev/shm
tmpfs 244M 4.5M 240M 2% /run
tmpfs 244M 0 244M 0% /sys/fs/cgroup
/dev/sda2 1014M 87M 928M 9% /boot
tmpfs 49M 0 49M 0% /run/user/1000
192.168.33.10:/backups 9.7G 1.2G 8.5G 13% /backups
192.168.33.10:/www 9.7G 1.2G 8.5G 13% /srv/www
Open the /etc/fstab file to permanently establish the mounts upon reboot:
sudo nano /etc/fstab
and add the following lines:
192.168.33.10:/backups /backups nfs defaults,timeo=900,retrans=5,_netdev 0 0
192.168.33.10:/www /srv/www nfs defaults,timeo=900,retrans=5,_netdev 0 0
Type man nfs in the terminal to learn more about the mounting options for an NFS file system.
The autofs utility or a custom systemd unit may also be used to mount remote file systems.
Testing NFS Access
Let's create a new file on each of the shares to check the access to them.
At first, use the touch command to see whether you can create a test file in the /backups folder:
sudo touch /backups/test.txt
You will notice a Permission refused error message because the /backup file system is exported as read-only:
Output
touch: cannot touch ‘/backups/test’: Permission denied
Next, try using the Sudo command to add a test file as root to the /srv/www directory:
sudo touch /srv/www/test.txt
You will once again see the notice "Permission refused."
Output
touch: cannot touch ‘/srv/www’: Permission denied
This remote share lacks write rights for the root user since the root_squash option has been selected. This is because the www-data user owns the /var/www directory.
If you'll remember, the /var/www directory is owned by the www-data user. This share has the root_squash option set, which maps the root user to the nobody user and nogroup group, neither of which has write access to the remote share.
Assuming you have installed nginx on both the local computer and the distant server, the www-data user on the local machine should have the same UID and GID as the www-data user on the remote server, therefore you may try to create a file as user www-data with:
sudo -u www-data touch /srv/www/test.txt
Successful creation of the file will result in the command producing no output.
The files in the /srv/www directory may be checked by listing them:
ls -la /srv/www
The recently generated file should appear in the output:
Output
drwxr-xr-x 3 www-data www-data 4096 Jun 23 22:18 .
drwxr-xr-x 3 root root 4096 Jun 23 22:29 ..
-rw-r--r-- 1 www-data www-data 0 Jun 23 21:58 index.html
-rw-r--r-- 1 www-data www-data 0 Jun 23 22:18 test.txt
Unmounting NFS File System
In the event that you no longer need access to the remote NFS share, you may simply unmount it using the umount command. To remove the /backup share, for instance, you would type:
sudo umount /backups
Be careful to delete the line or comment it out by adding # at the beginning of the line if the mount point is specified in the /etc/fstab file.
FAQs to Install and Configure an NFS Server on Ubuntu 18.04
How do I export a specific directory with NFS?
Add a line to the /etc/exports file in the format: /path/to/directory clientIP(options). Then, run sudo exportfs -a and restart NFS.
How can I control access to NFS shares?
Use the options field in /etc/exports to specify access controls, such as IP restrictions and read/write permissions for clients.
How can I check if NFS Server is running?
Run the command sudo systemctl status nfs-kernel-server to view the server's status.
How can I mount NFS shares on client machines?
Use the mount command, specifying the NFS server's IP and shared directory path, such as sudo mount serverIP:/path/to/shared /mount/point.
Can I use NFS Server to share files between Ubuntu and Windows?
Yes, but Windows requires additional software like NFS client or third-party tools such as Services for NFS.
How do I troubleshoot NFS Server issues on Ubuntu 18.04?
Check logs using sudo journalctl -xe, verify firewall settings, ensure correct exports configuration, and verify client-side permissions.
How can I secure NFS Server installations?
Use firewall rules to restrict access to NFS ports, limit NFS access to trusted networks, and enable NFSv4 with Kerberos for secure authentication and encryption.
Conclusion
In this tutorial, we covered the basics of configuring an NFS server and mounting remote file systems on the client-side. When putting NFS into production and exchanging sensitive data, using Kerberos authentication is recommended.
When mounting remote folders using SSH, SSHFS may be used as an alternative to NFS. With SSHFS, data is secured by default, and it's considerably simpler to set up and use.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.
