22.2.1 Configuring an NFS Server

To configure an NFS server:

  1. Install the nfs-utils package:

    # yum install nfs-utils
  2. Edit the /etc/exports file to define the directories that the server will make available for clients to mount, for example:

    /var/folder 192.0.2.102(rw,async)
    /usr/local/apps *(all-squash,anonuid=501,anongid=501,ro)
    /var/projects/proj1 192.168.1.0/24(ro) mgmtpc(rw)

    Each entry consists of the local path to the exported directory, followed by a list of clients that can mount the directory with client-specific mount options in parentheses. If this example:

    • The client system with the IP address 192.0.2.102 can mount /var/folder with read and write permissions. All writes to the disk are asynchronous, which means that the server does not wait for write requests to be written to disk before responding to further requests from the client.

    • All clients can mount /usr/local/apps read-only, and all connecting users including root are mapped to the local unprivileged user with UID 501 and GID 501.

    • All clients on the 192.168.1.0 subnet can mount /var/projects/proj1 read-only, and the client system named mgmtpc can mount the directory with read-write permissions.

    Note

    There is no space between a client specifier and the parenthesized list of options.

    For more information, see the exports(5) manual page.

  3. Start the nfs-server service, and configure the service to start following a system reboot:

    # systemctl start nfs-server
    # systemctl enable nfs-server
  4. If the server will serve NFSv4 clients, edit /etc/idmapd.conf and edit the definition for the Domain parameter to specify the DNS domain name of the server, for example:

    Domain = mydom.com

    This setting prevents the owner and group being unexpectedly listed as the anonymous user or group (nobody or nogroup) on NFS clients when the all_squash mount option has not been specified.

  5. If you need to allow access through the firewall for NFSv4 clients only, use the following commands:

    # firewall-cmd --zone=zone --add-service=nfs
    # firewall-cmd --permanent --zone=zone --add-service=nfs

    This configuration assumes that rpc.nfsd listens for client requests on TCP port 2049.

  6. If you need to allow access through the firewall for NFSv3 clients as well as NFSv4 clients:

    1. Edit /etc/sysconfig/nfs and create port settings for handling network mount requests and status monitoring:

      # Port rpc.mountd should listen on.
      MOUNTD_PORT=892
      
      # Port rpc.statd should listen on.
      STATD_PORT=662

      The port values shown in this example are the default settings that are commented-out in the file.

    2. Edit /etc/sysctl.conf and configure settings for the TCP and UDP ports on which the network lock manager should listen:

      fs.nfs.nlm_tcpport = 32803
      fs.nfs.nlm_udpport = 32769
    3. To verify that none of the ports that you have specified in /etc/sysconfig/nfs or /etc/sysctl.conf is in use, enter the following commands:

      # lsof -i tcp:32803
      # lsof -i udp:32769
      # lsof -i :892
      # lsof -i :662

      If any port is in use, use the lsof -i command to determine an unused port and amend the setting in /etc/sysconfig/nfs or /etc/sysctl.conf as appropriate.

    4. Shut down and reboot the server.

      # systemctl reboot

      NFS fails to start if one of the specified ports is in use, and reports an error in /var/log/messages. Edit /etc/sysconfig/nfs or /etc/sysctl.conf as appropriate to use a different port number for the service that could not start, and attempt to restart the nfslock and nfs-server services. You can use the rpcinfo -p command to confirm on which ports RPC services are listening.

    5. Restart the firewall service and configure the firewall to allow NFSv3 connections:

      # systemctl restart firewalld
      # firewall-cmd --zone=zone \
        --add-port=2049/tcp --add-port=2049/udp \
        --add-port=111/tcp --add-port=111/udp \
        --add-port=32803/tcp --add-port=32769/udp \
        --add-port=892/tcp --add-port=892/udp \
        --add-port=662/tcp --add-port=662/udp
      # firewall-cmd --permanent --zone=zone \
        --add-port=2049/tcp --add-port=2049/udp \
        --add-port=111/tcp --add-port=111/udp \
        --add-port=32803/tcp --add-port=32769/udp \
        --add-port=892/tcp --add-port=892/udp \
        --add-port=662/tcp --add-port=662/udp

      The port values shown in this example assume that the default port settings in /etc/sysconfig/nfs and /etc/sysctl.conf are available for use by RPC services. This configuration also assumes that rpc.nfsd and rpcbind listen on ports 2049 and 111 respectively.

  7. Use the showmount -e command to display a list of the exported file systems, for example:

    # showmount -e
    Export list for host01.mydom.com
    /var/folder 192.0.2.102
    /usr/local/apps *
    /var/projects/proj1 192.168.1.0/24 mgmtpc

    showmount -a lists the current clients and the file systems that they have mounted, for example:

    # showmount -a
    mgmtpc.mydom.com:/var/projects/proj1
    Note

    To be able to use the showmount command from NFSv4 clients, MOUNTD_PORT must be defined in /etc/sysconfig/nfs and a firewall rule must allow access on this TCP port.

If you want to export or unexport directories without editing /etc/exports and restarting the NFS service, use the exportfs command. The following example makes /var/dev available with read and write access by all clients, and ignores any existing entries in /etc/exports.

# exportfs -i -o ro *:/var/dev

For more information, see the exportfs(8), exports(5), and showmount(8) manual pages.