Setting Up Standard Linux File Systems and Configuring NFSv4 Server – Part 2

A Linux Foundation Certified Engineer​ (LFCE)​ is trained to set up, configure, manage, and troubleshoot network services in Linux systems, and is answerable for the design and implementation of system architecture and solving everyday related issues.​

Configuring NFS Server
Linux Foundation Certified Engineer – Part 2

Introducing The Linux Foundation Certification Program (LFCE).

In Part 1 of this series we explained how to install a NFS (Network File System) server, and set the service to start automatically on boot. If you haven’t already done so, please refer to that article and follow the outlined steps before proceeding.

  1. Installing Network Services and Configuring Automatic Startup at Boot – Part 1

I will now show you how to properly configure your NFSv4 server (without authentication security) so that you can set up network shares to use in Linux clients as if those file systems were installed locally. Note that you can use LDAP or NIS for authentication purposes, but both options are out of the scope of the LFCE certification.

Configuring a NFSv4 server

Once the NFS server is up and running, we will focus our attention on:

  1. specifying and configuring the local directories that we want to share over the network, and
  2. mounting those network shares in clients automatically, either through the /etc/fstab file or the automount kernel-based utility (autofs).

We will explain later when to choose one method or the other.

Before we being, we need to make sure that the idmapd daemon is running and configured. This service performs the mapping of NFSv4 names (user@mydomain) to user and group IDs, and is required to implement a NFSv4 server.

Edit /etc/default/nfs-common to enable idmapd.

NEED_IDMAPD=YES

And edit /etc/idmapd.conf with your local domain name (the default is the FQDN of the host).

Domain = yourdomain.com

Then start idmapd.

# service nfs-common start 	[sysvinit / upstart based systems]
# systemctl start nfs-common 	[systemd based systems]

Exporting Network Shares

The /etc/exports file contains the main configuration directives for our NFS server, defines the file systems that will be exported to remote hosts and specifies the available options. In this file, each network share is indicated using a separate line, which has the following structure by default:

/filesystem/to/export client1([options]) clientN([options])

Where /filesystem/to/export is the absolute path to the exported file system, whereas client1 (up to clientN) represents the specific client (hostname or IP address) or network (wildcards are allowed) to which the share is being exported. Finally, options is a list of comma-separated values (options) that are taken into account while exporting the share, respectively. Please note that there are no spaces between each hostname and the parentheses it precedes.

Here is a list of the most-frequent options and their respective description:

  1. ro (short for read-only): Remote clients can mount the exported file systems with read permissions only.
  2. rw (short for read-write): Allows remote hosts to make write changes in the exported file systems.
  3. wdelay (short for write delay): The NFS server delays committing changes to disk if it suspects another related write request is imminent. However, if the NFS server receives multiple small unrelated requests, this option will reduce performance, so the no_wdelay option can be used to turn it off.
  4. sync: The NFS server replies to requests only after changes have been committed to permanent storage (i.e., the hard disk). Its opposite, the async option, may increase performance but at the cost of data loss or corruption after an unclean server restart.
  5. root_squash: Prevents remote root users from having superuser privileges in the server and assigns them the user ID for user nobody. If you want to “squash” all users (and not just root), you can use the all_squash option.
  6. anonuid / anongid: Explicitly sets the UID and GID of the anonymous account (nobody).
  7. subtree_check: If only a subdirectory of a file system is exported, this option verifies that a requested file is located in that exported subdirectory. On the other hand, if the entire file system is exported, disabling this option with no_subtree_check will speed up transfers. The default option nowadays is no_subtree_check as subtree checking tends to cause more problems than it is worth, according to man 5 exports.
  8. fsid=0 | root (zero or root): Specifies that the specified file system is the root of multiple exported directories (only applies in NFSv4).

In this article we will use the directories /NFS-SHARE and /NFS-SHARE/mydir on 192.168.0.10 (NFS server) as our test file systems.

We can always list the available network shares in a NFS server using the following command:

# showmount -e [IP or hostname]
Check NFS Shares
Check NFS Shares

In the output above, we can see that the /NFS-SHARE and /NFS-SHARE/mydir shares on 192.168.0.10 have been exported to client with IP address 192.168.0.17.

Our initial configuration (refer to the /etc/exports directory on your NFS server) for the exported directory is as follows:

/NFS-SHARE  	192.168.0.17(fsid=0,no_subtree_check,rw,root_squash,sync,anonuid=1000,anongid=1000)
/NFS-SHARE/mydir    	192.168.0.17(ro,sync,no_subtree_check)

After editing the configuration file, we must restart the NFS service:

# service nfs-kernel-server restart 		[sysvinit / upstart based system]
# systemctl restart nfs-server			[systemd based systems]
Mounting exported network shares using autofs

You may want to refer to Part 5 of the LFCS series (“How to Mount/Unmount Local and Network (Samba & NFS) Filesystems in Linux”) for details on mounting remote NFS shares on-demand using the mount command or permanently through the /etc/fstab file.

The downside of mounting a network file system using these methods is that the system must allocate the necessary resources to keep the share mounted at all times, or at least until we decide to unmount them manually. An alternative is to mount the desired file system on-demand automatically (without using the mount command) through autofs, which can mount file systems when they are used and unmount them after a period of inactivity.

Autofs reads /etc/auto.master, which has the following format:

[mount point]	[map file]

Where [map file] is used to indicate multiple mount points within [mount point].

This master map file (/etc/auto.master) is then used to determine which mount points are defined, and then starts an automount process with the specified parameters for each mount point.

Mounting exported NFS shares using autofs

Edit your /etc/auto.master as follows:

/media/nfs	/etc/auto.nfs-share	--timeout=60

and create a map file named /etc/auto.nfs-share with the following contents:

writeable_share  -fstype=nfs4 192.168.0.10:/
non_writeable_share  -fstype=nfs4 192.168.0.10:/mydir

Note that the first field in /etc/auto.nfs-share is the name of a subdirectory inside /media/nfs. Each subdirectory is created dynamically by autofs.

Now, restart the autofs service:

# service autofs restart 			[sysvinit / upstart based systems]
# systemctl restart autofs 			[systemd based systems]

and finally, to enable autofs to start on boot, run the following command:

# chkconfig --level 345 autofs on
# systemctl enable autofs 			[systemd based systems]
Examining mounted file systems after starting the autofs daemon

When we restart autofs, the mount command shows us that the map file (/etc/auto.nfs-share) is mounted on the specified directory in /etc/auto.master:

NFS Share Mounted
NFS Share Mounted

Please note that no directories have actually been mounted yet, but will be automatically when we try to access the shares specified in /etc/auto.nfs-share:

Automount NFS Shares
Automount NFS Shares

As we can see, the autofs service “mounts” the map file, so to speak, but waits until a request is made to the file systems to actually mount them.

Performing write tests in exported file systems

The anonuid and anongid options, along with the root_squash as set in the first share, allow us to map requests performed by the root user in the client to a local account in the server.

In other words, when root in the client creates a file in that exported directory, its ownership will be automatically mapped to the user account with UID and GID = 1000, provided that such account exists on the server:

Perform NFS Write Tests
Perform NFS Write Tests

Conclusion

I hope you were able to successfully setup and configure a NFS server fit for your environment using this article as a guide. You may also want to refer to the relevant man pages for further help (man exports and man idmapd.conf, for example).

Feel free to experiment with other options and test cases as outlined earlier and do not hesitate to use the form below to send your comments, suggestions, or questions. We will be glad to hear from you.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Gabriel Cánepa
Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

17 Comments

Leave a Reply
  1. Can you please go to your server and do:

    ls -ld /NFS-SHARE /NFS-SHARE/mydir

    I need to see your permissions, the owner and the group of these folders, in order to troubleshoot some of my permission problems.

    Reply
  2. Hi Gabriel,

    Many thanks for this guide….

    But I was not able to find /etc/default/nfs-common under my CENTOS 7, i have installed the nfs-utils package.

    What I could find is /etc/idmapd.conf that pertains to IDMAPD..

    Any idea about this

    Reply
    • I have been trying to setup this up under Centos 7.1 but RPCBIND service is always giving an error when I check the status:

      root@LFCE ~]# service rpcbind status
      Redirecting to /bin/systemctl status rpcbind.service
      rpcbind.service – RPC bind service
      Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; static)
      Active: failed (Result: exit-code) since Wed 2015-08-19 13:47:23 WAT; 15min ago
      Main PID: 2412 (code=exited, status=2)
      CGroup: /system.slice/rpcbind.service

      Aug 19 13:46:03 LFCE.local systemd[1]: rpcbind.service: main process exited, code=exited, status=2/INVALIDARGUMENT
      Aug 19 13:46:03 LFCE.local systemd[1]: Unit rpcbind.service entered failed state.
      Aug 19 13:46:03 LFCE.local systemd[1]: Starting RPC bind service…
      Aug 19 13:46:04 LFCE.local systemd[1]: Started RPC bind service.
      Aug 19 13:47:23 LFCE.local systemd[1]: Stopping RPC bind service…
      Aug 19 13:47:23 LFCE.local systemd[1]: rpcbind.service: main process exited, code=exited, status=2/INVALIDARGUMENT
      Aug 19 13:47:23 LFCE.local systemd[1]: Stopped RPC bind service.
      Aug 19 13:47:23 LFCE.local systemd[1]: Unit rpcbind.service entered failed state.

      The LFCE exam is now using Centos 7! We need to fix this soon..

      Reply
  3. Hello, I have a problem when I do the mount | grep nfs-share step, nfs-share is not mounted I tried over and over and is not mounted,
    Thanks

    Reply
    • @Eduardo,
      What distribution are you using? Should not make a significant difference but I just wanted to know.
      Please write an outline of all the steps (both on the server and on the client) that you took and send it to me via email at gacanepa gmail dot com. I will take a look when I have a few minutes and then get back to you.

      Reply
  4. Hey,

    I had this set of tutorials bookmarked for a while now, and was just getting in to it, but I seem to be finding some problems following this one in particular.
    In the first tutorial you pointed that we should install portmap, and I cannot find it anywhere, but when I try to install it yum (I’m using a minimal install of CENTOS 6.6) tells me that there’s no need to install it because I have rpcbind installed (so I think that’s settled, and that it is not a problem, but I thought I might as well bring it up too).
    And on this one, I can’t seem to install nfs-common, and there’s no /etc/nfs-common file to edit either (consequently, I’d say). I don’t know if this is a problem, but the idmapd service seems to be run by a package called rpc.idmapd. So basically I was wondering if this is a problem, and if so if it is solved by creating the /etc/nfs-common instead of editing it and then starting the rpcidmapd service instead of nfs-common, or if I’m missing some package, or if the solution is elsewhere I’m not seeing.

    As a side note, the rest of the article is perfectly well written and clear. Also, I’m relatively new to Linux, only having completed the Intro to Linux course on EDx and not much else, so my doubts may be due to this.

    Thanks for all the help and keep up the good work!

    Reply
    • @JNat,
      I am sorry it’s taken me so long to post a reply to your question. I used a Debian box as NFS server for this article, so it’s likely that some of the package name may differ a little. You may want to refer to this link for details on installing the server using a CentOS box: https://www.howtoforge.com/setting-up-an-nfs-server-and-client-on-centos-6.3. Hope it helps! Don’t hesitate to drop another comment if for some reason it doesn’t work for you – I promise to reply faster than this time.
      On a side note, if you’re relatively new to Linux, I’d highly recommend you download The Linux Command Line from linuxcommand.org. It is by far the best introductory book to Linux.
      Finally, thanks for your kind words about my work.

      Reply
  5. Hi,

    I think this tutorial is missing the firewall configuration part that needs to be done in order to manage to mount and also access the share from another system.
    Probably the firewall configuration will be covered in part 8 but I think you will have to mention the ports that need to be opened.
    I have found a good guide here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-config.html

    Thanks.

    Reply
    • @Vlad,
      Thank you for taking the time to read and to comment on this article. Yes, you’re right, I will be covering firewall configuration later on the series but in Part 10 actually, where I will discuss firewall applications. That is why I did not cover the setup of a transparent proxy with Squid in Part 5 either (which will be covered in Part 10).
      Just FYI, Part 8 will be more of setting up and configuring iptables, than specific applications as mentioned before.
      Thanks also for the link that you shared. Both I and the rest of the readers thank you for that!
      Best,
      Gabriel

      Reply
      • @Gabriel
        Thanks for your feedback I am looking forward to see the next tutorials.
        I noticed the selinux blocks the nfs connection if I disable it it works ok, for the moment I don’t know how to setup selinux for this job.
        So in the LFCE context the configuration of the nfs should be done with selinux enabled?

        Thanks,
        Vlad

        Reply
  6. @Devil,
    This article was prepared using a real system, as you can see in the images above.
    If something does not work ok in your setup, please make sure you are using one of the distributions listed in the LFCE options.
    Then feel free to get back to us if you run into any issues.
    Thanls.

    Reply
  7. Hi,

    Your article is very interesting as usual.
    However, I saw a confusing thing: you are writing the term imapd instead of idmapd (I suppose) at least twice in the article.
    Could you fix this mistake to avoid any confusion for all the beginners who are reading your series of articles?

    Regards.

    Reply
    • @CertDepot,
      I just checked and can’t find the typo you’re referring to. Maybe it was fixed by the editor when you submitted your comment. Either way, you’re right, when we’re talking about NFS it should be idmapd and not imapd.
      On a side note, I checked your web site the other day and liked it very much! Congrats for your work!

      Reply
      • thats not sufficent for nfs server like to deep the solutions for nfs4 version
        this typewritten i wii check but some kind of error is there like mount.nfs4 like that………………..please nfs4 berifly understand me ………..

        Reply
    • @Deepanjan,
      Mounting network shares in Windows clients is out of the scope of this series. However, I like your question because you’ve brought up an interesting topic anyway. I do not have access to a Windows box right now but I promise to look into it later when I get home.
      Thanks for taking the time to comment on this post.

      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.