NFS (Network File System)¶
What Is It?¶
NFS is a distributed file system protocol that allows a machine to mount and access directories located on a remote server as if they were part of its own local filesystem. Originally developed by Sun Microsystems in 1984 and standardized as an open protocol, NFS is the standard way to share files between Linux and Unix systems.
NFS is particularly useful for server environments where multiple machines need read/write access to the same files — for example, a web cluster sharing uploaded content, or a Kubernetes cluster using a shared storage backend.
Installation¶
dnf install nfs-utils
This package provides both the NFS server (nfs-server) and client (mount.nfs) utilities.
Key Files and Directories¶
| Path | Purpose |
|---|---|
/etc/exports | Defines which directories are exported and to whom |
/etc/nfs.conf | NFS daemon configuration (versions, ports) |
/proc/mounts | Currently mounted filesystems (including NFS mounts) |
/var/lib/nfs/ | NFS state files |
Configuration¶
Minimal Working Configuration¶
1. Create the export directory:
mkdir -p /data/nfs
2. Add an entry to /etc/exports:
/data/nfs *(rw,sync,no_root_squash)
3. Start the server and publish the exports:
systemctl enable --now nfs-server
exportfs -a
The /etc/exports Format¶
Each line in /etc/exports has the form:
<directory> <client>(<options>)
Multiple clients can appear on the same line, space-separated:
/data/nfs 127.0.0.1(rw,sync) 10.0.0.0/24(ro)
Important Export Options¶
| Option | Meaning |
|---|---|
rw | Allow read and write access |
ro | Allow read-only access |
sync | Write data to disk before acknowledging (safer, slower) |
async | Acknowledge writes before they hit disk (faster, less safe) |
no_root_squash | Allow the remote root user to act as root on this share |
root_squash | Map remote root to the anonymous user (default, safer) |
no_subtree_check | Disable subtree checking (recommended for reliability) |
* | Allow access from any host |
After every change to /etc/exports, run exportfs -a to apply it.
Common Commands¶
# Start and enable the NFS server
systemctl enable --now nfs-server
# Apply changes to /etc/exports without restarting
exportfs -a
# List currently exported shares (run on the server)
showmount -e localhost
# or from a client:
showmount -e <server-ip>
# Mount an NFS share manually (client)
mount -t nfs <server-ip>:/data/nfs /mnt/nfs
# Unmount
umount /mnt/nfs
# Check what is mounted
mount | grep nfs
# or
df -hT | grep nfs
Logging and Debugging¶
# View NFS server logs
journalctl -u nfs-server
# Check RPC services (must be running for NFS)
rpcinfo -p localhost
# Test that the server is reachable from the client
showmount -e <server-ip>
Common issues: - mount.nfs: access denied — the client IP is not in /etc/exports, or exportfs -a was not run after editing - mount.nfs: Connection timed out — firewall is blocking ports 111 or 2049 - mount.nfs: rpc.statd is not running — rpcbind or nfs-server service is stopped
Security Considerations¶
NFS does not encrypt traffic by default. Do not expose NFS exports to untrusted networks.
Firewall ports to open:
firewall-cmd --add-service=nfs --permanent
firewall-cmd --add-service=mountd --permanent
firewall-cmd --add-service=rpc-bind --permanent
firewall-cmd --reload
This opens ports 2049 (NFS) and 111 (rpcbind/portmapper). Alternatively, open them individually:
firewall-cmd --add-port=2049/tcp --permanent
firewall-cmd --add-port=111/tcp --permanent
firewall-cmd --reload
Export options: Avoid no_root_squash unless required. The default root_squash maps the remote root to nobody, limiting potential damage if a client is compromised.
Further Reading¶
Related Documentation¶
- Concepts: Filesystems
- SOPs: Filesystem Management