NFS (Network File System) is a file sharing protocol that allow users to access remote files and directories from different systems as if they were stored on their local machine. It was developed by Sun Microsystems in the 1980s and is now widely used on Linux/Unix systems, as well as Windows and Mac OS.
Unlike SMB which is a Microsoft proprietary protocol, the NFS protocol is free.
In this article we will discover how to install and use NFS on Ubuntu 22.04.
NFS advantages
Centralized sharing :
It allows files to be centralized on a single server, making them easier to manage and backup. Users can access shared files from any machine connected to the network.
High availability :
It allows you to configure clustered file servers to ensure file availability even in the event of a server failure.
Read/write access :
Users can read and write files on a remote file system as if they were on their own computer.
Transparent to users :
Users do not need to know the details of the network configuration to access shared files.
Interoperability :
It is an open protocol, so it can be used with different platforms, including Windows, Linux, and UNIX.
Security :
It supports user authentication and can use security protocols such as Kerberos to protect data transmitted over the network.
Installing NFS server on Ubuntu 22.04
First, update your system with the command below:
root@nfsserver:~# apt update -y
Then install NFS package :
root@nfsserver:~# apt install nfs-kernel-server
Check if the NFS service is started :
root@nfsserver:~# systemctl status nfs-server ● nfs-server.service - NFS server and services Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled) Active: active (exited) since Sun 2023-02-05 17:12:02 +01; 2min 27s ago Main PID: 5958 (code=exited, status=0/SUCCESS) CPU: 9ms
Setting up Shared Directory
Once the package is installed, we will create the directory that the clients will access :
# mkdir /Data
Now change their ownership and the permission using the below command :
The user and group should be « nobody:nogroup » and the permission will be « 777 » to ensure shared directories is writable.
root@nfsserver:~# chown -R nobody:nogroup /Data root@nfsserver:~# chmod 777 /Data
The user and group should be « nobody:nogroup » and the permission will be « 777 » to ensure shared directories is writable.
Next, add the following configuration to the file /etc/exports :
/Data 192.168.139.0 (rw,sync,no_root_squash,no_subtree_check)
Save and close the file when you are done.
Here is the explanation of each option :
– 192.168.139.0 : Here I have specified the network addresses of the NFS clients that have the right to access my share. You can also specify a specific IP address.
– rw : Enable read and write for the shared directory.
– sync : Reply to requests only after the changes have been committed to stable storage.
– no_subtree_check : This option disables subtree checking, which has mild security implications, but can improve reliability in some circumstances.
– no_root_squash : It is important to understand this options :
It allows you to control how root users are treated when accessing shared files via NFS.
By default, when a root user accesses shared files via NFS, he is « remapped » to an anonymous user, which means that he loses all his privileges and cannot access the files with root permissions. This feature is called « root squashing ».
The no_root_squash option allows you to disable this feature and retain root privileges for users accessing shared files via NFS. This may be necessary in some situations, for example when you want root users on different systems to be able to administer shared files.
It is therefore important to note that using this option can pose security risks if not used appropriately. It is therefore recommended to use it only when absolutely necessary and to limit access to users who need these privileges.
Next, run the following command to apply and export our shared directory :
root@nfsserver:~# exportfs -a
Now run the following command to restart and verify the NFS service :
root@nfsserver:~# systemctl restart nfs-server root@nfsserver:~# systemctl status nfs-server ● nfs-server.service - NFS server and services Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled) Active: active (exited) since Sun 2023-02-05 20:03:33 +01; 5s ago Process: 6434 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS) Process: 6435 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS) Main PID: 6435 (code=exited, status=0/SUCCESS) CPU: 10ms
To check available directory on your NFS server, run the following command :
root@nfsserver:~# exportfs -v /Data 192.168.139.0(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
Firewall configuration
Now it’s time to configure the firewall to allow our clients to access the shared directory. The default firewall for Ubuntu is UFW.
To do this run the following commands :
root@nfsserver:~# ufw allow from 192.168.139.0/24 to any port nfs
Now reload the UFW firewall rule :
root@nfsserver:~# ufw reload
Installing and Configuring NFS Client
In the client we need to install the « nfs-common » package that allows us to mount the NFS server to our client machine.
First update your system by running the following command :
root@nfsserver:~# apt update
Now run the command bellow to install « nfs-common »
root@nfsserver:~# apt install nfs-common
How to download and install Kali Linux
Kill – Arrêter les processus sous linux
Enforce Password Complexity Policy On CentOS/RedHat
How to check the lock status of a user account in Linux
Fail2Ban : How to protect Linux services