Installing and configuring NFS server / client in Centos 7

Network file system (NFS) Is a network file system access protocol originally developed by Sun Microsystems in 1984. It is based on the remote procedure call protocol. Allows you to mount (mount) remote file systems over a network. NFS provides clients with transparent access to files and the file system of the server. Unlike FTP, NFS only accesses the parts of the file that the process has accessed, and its main advantage is that it makes this access transparent. This means that any client application that can work with a local file can just as well work with an NFS file, without any modifications to the program itself.

Installing and configuring an NFS server

Install the utility (maybe already installed by default)

$ sudo yum install nfs-utils

Adding rules to the firewall

$ sudo firewall-cmd --permanent --zone=public --add-service=nfs
$ sudo firewall-cmd --permanent --zone=public --add-service=mountd
$ sudo firewall-cmd --permanent --zone=public --add-service=rpc-bind
$ sudo firewall-cmd --reload
$ sudo firewall-cmd --list-all

Set the rights to the directory to which access will be

$ sudo chown -R nfsnobody:nfsnobody /mnt/storage
$ sudo chmod -R 777 /mnt/storage

Let’s edit the file with the settings for accessing the NFS server

$ sudo nano /etc/exports
/mnt/storage ,sync,no_root_squash,no_subtree_check),sync,no_root_squash,no_subtree_check)

An example of settings for access to different directories

$ sudo nano /etc/exports
  • rw – write permission
  • ro – read only
  • sync – synchronous access mode. sync (async) – Indicates that the server should only respond to requests after the changes made by those requests are written to disk. The async option tells the server not to wait for information to be written to disk, which improves performance but decreases reliability
  • no_root_squash – By default, the root user on the client machine will not have access to the server’s shared directory. With this option we remove this limitation.
  • no_all_squash – enable custom authorization
  • all_squash – all connections will be made from an anonymous user
  • subtree_check (no_subtree_check) – in some cases it is necessary to export not the entire section, but only part of it. However, the NFS server must perform additional validation on client accesses to ensure that they are attempting to access only files in the appropriate subdirectories. This kind of subtree checks slows down the interaction with clients, but if you do not, there can be problems with system security. You can uncheck a subtree using the no_subtree_check option. The subtree_check option to enable such controls is assumed by default. Subtree control can be omitted if the exported directory coincides with the disk partition;
  • anonuid = 1000 – binds an anonymous user to a “local” user;
  • anongid = 1000 – Binds the anonymous user to the group of the “local” user.

Add rpcbind and nfs services to startup and start them

$ sudo systemctl enable rpcbind nfs-server
$ sudo systemctl start rpcbind nfs-server

The nfs-server daemon automatically rereads the / etc / exports file, but it happens that you need to manually start rereading the config

$ sudo exportfs -r

Exportfs command shows which resource is published

$ sudo exportfs

If you receive an error when entering – Function not implemented, it means that the rpcbind and nfs-server services are not running

Installing and configuring the NFS client

Install software

$ sudo yum install nfs-utils

Turn on and start turn on rpcbind services

$ sudo systemctl start rpcbind
$ sudo systemctl enable rpcbind

Create a directory in which the ball will be mounted and mount it

$ sudo mkdir /mnt/nfs-share
$ sudo mount -t nfs /mnt/nfs-share

where is the IP address of the NFS server

Configuring automatic mount on server reboot

$ sudo nano /etc/fstab
...  /mnt/nfs-share     nfs    defaults    0 0