Table of Contents
Understanding NFS in Practice
NFS (Network File System) lets you share directories over the network so that remote systems can mount them as if they were local. In this chapter, you’ll focus on how to deploy, manage, and troubleshoot NFS on Linux servers and clients.
NFS Versions and Key Concepts
NFSv3 vs NFSv4 (and 4.1+)
You’ll most commonly encounter:
- NFSv3
- Stateless protocol (server doesn’t track client state).
- Uses separate protocols/ports for file locking and mounts (lockd, mountd).
- Widely supported, simple, but less secure by default.
- NFSv4
- Stateful protocol with a single TCP port (2049) for most operations.
- Integrates locking and mount protocol into the main protocol.
- Supports stronger authentication (Kerberos), ACLs, and better performance over WANs.
- NFSv4.1+ adds parallel NFS (pNFS), sessions, and better scalability.
Key implications for administration:
- Firewalls are easier with NFSv4 (only port 2049 is required in simple setups).
- For secure environments, prefer NFSv4 with Kerberos.
- Mixed environments may require supporting both v3 and v4 exports.
Exports, Clients, and Mounts
Terminology specific to NFS:
- Export: A directory on the NFS server that is shared with clients.
- Client: A system mounting an exported directory.
- Mount: The client’s mapped view of the server export into its filesystem.
Example mapping:
- Server:
/srv/projectsexported to clients. - Client: Mounts it as
/mnt/projects(or anywhere else in its tree).
The client path does not need to match the server’s path.
Installing and Enabling NFS
Packages and Services
On common distributions:
- Debian/Ubuntu:
- Server:
nfs-kernel-server - Client:
nfs-common - RHEL/CentOS/Rocky/Alma/Fedora:
- Server:
nfs-utils(provides both client and server tools)
Core services (names may vary slightly by distro):
nfs-server(systemd unit; may benfs-kernel-serveron Debian/Ubuntu)- Supporting units:
nfs-mountd,rpcbind(for NFSv3 usage), etc.
To enable the server (example on a systemd-based distro):
sudo systemctl enable --now nfs-serverOn clients, ensure NFS client utilities are installed; you don’t usually need a dedicated service running permanently, but systemd may auto-start necessary helper units on mount.
Configuring NFS Exports
The `/etc/exports` File
This file defines which directories are shared and with which clients, plus export options.
Basic syntax:
directory client1(options) client2(options) ...Example:
/srv/projects 192.168.10.0/24(rw,sync,no_subtree_check) \
devhost.example.com(ro,sync)Common client spec formats:
- Single host:
host.example.comor192.168.10.12 - Subnet (CIDR):
192.168.10.0/24 - Netgroup (with NIS/LDAP):
@devs - Wildcards (less secure, not recommended in sensitive environments):
*.example.com
Export Options (Server Side)
Key options to understand:
- Access mode
ro: Read-only export.rw: Read-write export.- Root mapping
root_squash(default on many distros): Maps remoteroot(UID 0) to anonymous user. Important for security.no_root_squash: Remoterootstays root; dangerous, only for tightly controlled environments.all_squash: Map all users to anonymous user.anonuid/anongid: Set UID/GID used for squashed users, e.g.: