Fedora 40: Install NFS Server

Introduction

In this article, we will explore the what, who, where, when, why, and how of Network File System (NFS) as Storage Server functionality on the Fedora 40 platform, so let's get started.

Overview Install and Configure NFS Server Install and Configure NFS Client Install and Configure NFS 4 ACL Tool

Navbar

• Overview
• Install and Configure NFS Server
• Install and Configure NFS Client
• Install and Configure NFS 4 ACL Tool

Overview

NFS enables multiple clients to access and share files over a network, providing a centralized storage solution that enhances collaboration and data management.

What

NFS is a network file system protocol developed by Sun Microsystems that allows file sharing across a network. It enables users to access files and directories located on remote servers as if they were locally available.

Who

NFS is used by organizations, enterprises, and educational institutions that require centralized and shared storage solutions. It is typically managed by IT professionals and system administrators.

Where

NFS can be implemented in various environments, including corporate networks, data centers, and academic institutions. It is widely used in Unix and Linux systems, but can also be configured on Windows and macOS.

When

NFS is used when there is a need to share files and directories among multiple users and systems over a network. It is especially useful in environments that require collaborative access to data and centralized storage management.

Why

Using NFS offers several advantages and some disadvantages:

Pros	Cons
Enables centralized storage management.	Performance can be affected by network issues.
Facilitates file sharing and collaboration.	Security concerns if not properly configured.
Reduces storage costs by consolidating resources.	Compatibility issues with different operating systems.
Scalable and flexible for growing storage needs.	Requires network bandwidth and can experience latency.

How

Setting up NFS involves several steps:

Install NFS Server Software	Use your operating system’s package manager to install NFS server software (e.g., `apt-get install nfs-kernel-server` on Ubuntu).
Configure NFS Exports	Edit the `/etc/exports` file to define which directories to share and the access permissions.
Start and Enable NFS Service	Start the NFS server service and enable it to start on boot (e.g., `systemctl start nfs-kernel-server` and `systemctl enable nfs-kernel-server`).
Mount NFS Shares	On client machines, use the `mount` command to mount the NFS shares (e.g., `mount -t nfs server:/path/to/share /mnt`).

Consequences

Implementing NFS has both positive and negative consequences:

Positive	Enhances collaboration by enabling file sharing across multiple users. Reduces costs by centralizing storage resources. Improves data management and backup processes. Provides scalable storage solutions for growing needs.
Negative	Performance can be impacted by network congestion. Potential security vulnerabilities if not configured properly. Requires consistent network connectivity for optimal performance. Compatibility issues with different operating systems and versions.

Conclusion

NFS is a powerful protocol for file sharing and centralized storage management. It provides significant benefits such as enhanced collaboration, cost reduction, and scalability. However, it requires careful configuration and network management to avoid performance and security issues. Overall, NFS is a valuable tool for organizations looking to streamline their data management and improve collaborative workflows.

Install and Configure NFS Server

Configure NFS Server to share directories on your Network. This example is based on the environment like follows.

+------------------------+           |           +-----------------------+
|    [ NFS Server ]      | 10.0.0.30 | 10.0.0.51 |    [ NFS Client ]     |
|   nfs.bizantum.local   +-----------+-----------+ node01.bizantum.local |
|                        |                       |                       |
+------------------------+                       +-----------------------+

Step [1]Configure NFS Server.

                    
[root@nfs ~]# dnf -y install nfs-utils
[root@nfs ~]# vi /etc/idmapd.conf
# line 5 : uncomment and change to your domain name
Domain = bizantum.local
[root@nfs ~]# vi /etc/exports
# create new
# for example, set [/home/nfsshare] as NFS share
/home/nfsshare 10.0.0.0/24(rw,no_root_squash)
[root@nfs ~]# mkdir /home/nfsshare
[root@nfs ~]# systemctl enable --now rpcbind nfs-server
                    
                

Step [2]If Firewalld is running, allow NFS service.

                    
[root@nfs ~]# firewall-cmd --add-service=nfs
success
# if use NFSv3, allow follows, too
[root@nfs ~]# firewall-cmd --add-service={nfs3,mountd,rpc-bind}
success
[root@nfs ~]# firewall-cmd --runtime-to-permanent
success
                    
                

Basic options of exports table:

Option	Description
rw	Allow both read and write requests on a NFS volume.
ro	Allow only read requests on a NFS volume.
sync	Reply to requests only after the changes have been committed to stable storage. (Default).
async	This option allows the NFS server to violate the NFS protocol and reply to requests before any changes made by that request have been committed to stable storage.
secure	This option requires that requests originate on an Internet port less than IPPORT_RESERVED (1024). (Default).
insecure	This option accepts all ports.
wdelay	Delay committing a write request to disc slightly if it suspects that another related write request may be in progress or may arrive soon. (Default).
no_wdelay	This option has no effect if async is also set. The NFS server will normally delay committing a write request to disc slightly if it suspects that another related write request may be in progress or may arrive soon. This allows multiple write requests to be committed to disc with the one operation which can improve performance. If an NFS server received mainly small unrelated requests, this behaviour could actually reduce performance, so no_wdelay is available to turn it off.
subtree_check	This option enables subtree checking. (Default).
no_subtree_check	This option disables subtree checking, which has mild security implications, but can improve reliability in some circumstances.
root_squash	Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive, such as user bin or group staff.
no_root_squash	Turn off root squashing. This option is mainly useful for disk-less clients.
all_squash	Map all uids and gids to the anonymous user. Useful for NFS exported public FTP directories, news spool directories, etc.
no_all_squash	Turn off all squashing. (Default).
anonuid=UID	These options explicitly set the uid and gid of the anonymous account. This option is primarily useful for PC/NFS clients, where you might want all requests appear to be from one user. As an example, consider the export entry for /home/joe in the example section below, which maps all requests to uid 150.
anongid=GID	Read above (anonuid=UID).

Install and Configure NFS Client

Configure NFS Client to mount NFS Share on Client computer. This example is based on the environment like follows.

+----------------------+           |           +-----------------------+
|    [ NFS Server ]    | 10.0.0.30 | 10.0.0.51 |    [ NFS Client ]     |
|  nfs.bizantum.local  +-----------+-----------+ node01.bizantum.local |
|                      |                       |                       |
+----------------------+                       +-----------------------+

Step [1]Install and Configure NFS Client.

                    
[root@node01 ~]# dnf -y install nfs-utils
[root@node01 ~]# vi /etc/idmapd.conf
# line 5 : uncomment and change to your domain name
Domain = bizantum.local
[root@node01 ~]# mount -t nfs nfs.bizantum.local:/home/nfsshare /mnt
[root@node01 ~]# df -hT
Filesystem                   Type      Size  Used Avail Use% Mounted on
/dev/mapper/fedora-root      xfs        15G  1.9G   14G  13% /
devtmpfs                     devtmpfs  4.0M     0  4.0M   0% /dev
tmpfs                        tmpfs     2.0G     0  2.0G   0% /dev/shm
tmpfs                        tmpfs     782M  1.1M  781M   1% /run
tmpfs                        tmpfs     2.0G     0  2.0G   0% /tmp
/dev/vda2                    xfs       960M  344M  617M  36% /boot
tmpfs                        tmpfs     391M  4.0K  391M   1% /run/user/0
nfs.bizantum.local:/home/nfsshare nfs4       15G  1.9G   14G  13% /mnt
# NFS share is mounted

# if mount with NFSv3, add [-o vers=3] option
[root@node01 ~]# mount -t nfs -o vers=3 nfs.bizantum.local:/home/nfsshare /mnt
[root@node01 ~]# df -hT /mnt
Filesystem                   Type  Size  Used Avail Use% Mounted on
nfs.bizantum.local:/home/nfsshare nfs    15G  1.9G   14G  13% /mnt
                    
                

Step [2]To mount NFS share automatically when System starts, add setting in [/etc/fstab].

                    
[root@node01 ~]# vi /etc/fstab
UUID=56cf980b-42c4-4645-9457-34ad4ea06288 /            xfs     defaults        0 0
UUID=13f03c0d-0edc-4014-8462-c9e9ee739784 /boot        xfs     defaults        0 0
# add to last line : set NFS share
nfs.bizantum.local:/home/nfsshare              /mnt         nfs     defaults        0 0
                    
                

Step [3]To mount NFS share dynamically when anyone access to there, Configure AutoFS.

                    
[root@node01 ~]# dnf -y install autofs
[root@node01 ~]# vi /etc/auto.master
# add to last line
/-    /etc/auto.mount

[root@node01 ~]# vi /etc/auto.mount
# create new : [mount point] [option] [location]
/mnt   -fstype=nfs,rw  nfs.bizantum.local:/home/nfsshare

[root@node01 ~]# systemctl enable --now autofs
# move to the mount point to verify mounting
[root@node01 ~]# cd /mnt
[root@node01 mnt]# df -hT /mnt
Filesystem                   Type  Size  Used Avail Use% Mounted on
nfs.bizantum.local:/home/nfsshare nfs4   15G  1.9G   14G  13% /mnt

[root@node01 mnt]# grep /mnt /proc/mounts
/etc/auto.mount /mnt autofs rw,relatime,fd=12,pgrp=1317,timeout=300,minproto=5,maxproto=5,direct,pipe_ino=12022 0 0
nfs.bizantum.local:/home/nfsshare /mnt nfs4 rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.0.51,local_lock=none,addr=10.0.0.30 0 0
                    
                

Install and Configure NFS 4 ACL Tool

It's possible to set ACL on NFS(v4) filesystem to install NFS 4 ACL tool. Usage is mostly the same with POSIX ACL Tool.

Step [1]Install NFS 4 ACL Tool on NFS clients that mounts NFS share with NFSv4.

                    
[root@node01 ~]# dnf -y install nfs4-acl-tools
                    
                

Step [2]On this example, it shows usage examples on the environment like follows.

                    
[root@node01 ~]# df -hT /mnt
Filesystem                   Type  Size  Used Avail Use% Mounted on
nfs.bizantum.local:/home/nfsshare nfs4   15G  1.9G   14G  13% /mnt

[root@node01 ~]# ll /mnt
total 4
drw-------. 2 root root   6 Apr 25 14:52 testdir
-rw-------. 1 root root 865 Apr 25 14:52 testfile.txt
                    
                

Step [3]Show ACL of a file or directory on NFSv4 filesystem.

                    
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy

[root@node01 ~]# nfs4_getfacl /mnt/testdir

# file: /mnt/testdir
A::OWNER@:rwaDxtTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy

# each entry means like follows
# ACE = Access Control Entry
# (ACE Type):(ACE Flags):(ACE Principal):(ACE Permissions)


                

ACE Type	Description
A	A = Allow : it means Allow accesses.
D	D = Deny : it means Deny accesses.
ACE Flags	Description
d	Directory-Inherit : New sub-directory inherits the same ACE.
f	File-Inherit : New file inherits the same ACE but not inherit inheritance-flag.
n	No-Propogate-Inherit : New sub-directory inherits the same ACE but not inherit inheritance-flag.
i	Inherit-Only : New file/sub-directory inherits the same ACE but this directory does not have ACE.
ACE Principal	Description
(USER)@(NFSDomain)	Common User For [NFSDomain], it is just the Domain name that is specified for [Domain] value in [idmapd.conf].
(GROUP)@(NFSDomain)	Common Group For group, Specify [g] flag like this ⇒ A:g:GROUP@NFSDomain:rxtncy
OWNER@	Special Principal : Owner
GROUP@	Special Principal : Group
EVERYONE@	Special Principal : Everyone
ACE Permissions	Description
r	Read data of files / List files in directory
w	Write data to files / Create new files in directory
a	Append data to files / Create new sub-directory
x	Execute files / Change directory
d	Delete files or directories
D	Delete files or sub-directories under the directory
t	Read attributes of files or directories.
T	Write attributes to files or directories.
n	Read named attributes of files or directories.
N	Write named attributes of files or directories.
c	Read ACL of files or directories.
C	Write ACL of files or directories.
o	Change ownership of files or directories.
ACE Permissions Aliases***	Description
R	R = rntcy : Generic Read.
W	W = watTNcCy : Generic Write.
X	X = xtcy : Generic Execute.

^*** For using nfs4_setfacl, possible to use Alias for ACE Permissions.

Step [4]Add or Delete ACE.

                    
[root@node01 ~]# ll /mnt
total 4
drwx------. 2 root root   6 Apr 25 14:52 testdir
-rw-------. 1 root root 865 Apr 25 14:52 testfile.txt

[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy

# add generic read/execute for [fedora] user to [/mnt/testfile.txt] file
[root@node01 ~]# nfs4_setfacl -a A::fedora@bizantum.local:rxtncy /mnt/testfile.txt
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
D::OWNER@:x
A::OWNER@:rwatTcCy
A::1000:rxtcy
A::GROUP@:tcy
A::EVERYONE@:tcy


# verify with [fedora] user
[fedora@node01 ~]$ ll /mnt
total 4
drwx------. 2 root root   6 Apr 25 14:52 testdir
-rw-r-x---. 1 root root 865 Apr 25 14:52 testfile.txt

[fedora@node01 ~]$ cat /mnt/testfile.txt
test file

# delete generic read/execute for [fedora] user from [/mnt/testfile.txt] file
[root@node01 ~]# nfs4_setfacl -x A::1000:rxtcy /mnt/testfile.txt
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
                    
                

Step [5]Edit ACL directly.

                    
[root@node01 ~]# nfs4_setfacl -e /mnt/testfile.txt

# $EDITOR is run and enter to ACL editing
# default $EDITOR on Fedora is [vim], if $EDITOR=null, default is set to [vi]
## Editing NFSv4 ACL for file: /mnt/testfile.txt
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
                    
                

Step [6]Add ACE from a file.

                    
# create ACL list
[root@node01 ~]# vi acl.txt
A::fedora@bizantum.local:RX
A::redhat@bizantum.local:RWX

# add ACL from the file
[root@node01 ~]# nfs4_setfacl -A acl.txt /mnt/testfile.txt
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
D::OWNER@:x
A::OWNER@:rwatTcCy
A::1000:rxtcy
A::1001:rwaxtcy
A::GROUP@:tcy
A::EVERYONE@:tcy
                    
                

Step [7]Replace current ACE to new ACE.

                    
# create ACL list
[root@node01 ~]# vi acl.txt
A::OWNER@:rwaxtTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy

# replace ACL from the file
[root@node01 ~]# nfs4_setfacl -S acl.txt /mnt/testfile.txt
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
A::OWNER@:rwaxtTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
                    
                

Step [8]Replace specific ACE to new ACE.

                    
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
A::OWNER@:rwaxtTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy

# replace EVERYONE's ACE to read/execute
[root@node01 ~]# nfs4_setfacl -m A::EVERYONE@:tcy A::EVERYONE@:RX /mnt/testfile.txt
[root@node01 ~]# nfs4_getfacl /mnt/testfile.txt

# file: /mnt/testfile.txt
A::OWNER@:rwaxtTcCy
A::GROUP@:rxtcy
A::EVERYONE@:rxtcy