Editing the /etc/exports File

The following steps describe how to configure shared directories using the /etc/exports file.

Configure the directories that an NFS server exports, including which clients can access those directories and what permissions they have, by editing the /etc/exports file.

Note:

You can also configure exports in files that you create under the /etc/exports.d directory. For example, /etc/exports.d/myexports.

1. Install nfs-utils.

   If it's not already installed, install the nfs-utils package.

   sudo dnf install nfs-utils

2. Configure the /etc/exports file.

   Edit the /etc/exports file to define the directories that the server makes available for clients to mount, for example:

   /var/folder 192.0.2.102(rw,async)
   /usr/local/apps *(all_squash,anonuid=501,anongid=501,ro)
   /var/projects/proj1 192.168.1.0/24(ro) mgmtpc(rw)

   Each entry includes the local path to the exported directory, followed by a list of clients that can mount the directory and then client-specific export options (in parentheses). There can't be any spaces between the client specifier and the parenthesized list of options that apply to that client.

   The following information explains the example export file entries in greater detail:

   • Only the client system with the IP address 192.0.2.102 can mount the /var/folder directory with read and write permissions. All writes to the disk are asynchronous. This means that the server doesn't wait for write requests to be written to disk before responding to further requests from the client.

   • As indicated by the wildcard (*), all clients can mount the /usr/local/apps directory as read-only. All connecting users, including root users, are mapped to the local, unprivileged user with UID 501 and GID 501.

   • All clients on the 192.168.1.0/24 subnet can mount the /var/projects/proj1 directory as read-only. However, the client system named mgmtpc can mount the directory with read/write permissions.

   For more information on the format of the etc/exports file, see the exports(5) manual page.

3. Configure the /etc/idmapd.conf file for NFSv4 clients.

   If the server serves NFSv4 clients, edit the /etc/idmapd.conf file's definition for the Domain parameter by specifying the server's domain name.

   Domain = mydom.com

   This setting prevents the owner and group from being incorrectly listed as the anonymous user or group (nobody or nogroup) on NFS clients when the all_squash mount option isn't specified.

4. Configure the firewall to enable access only for NFSv4 clients.

   To enable access through the firewall for NFSv4 clients only, use the following commands:

   sudo firewall-cmd --permanent --zone=zone --add-service=nfs

   This configuration assumes that rpc.nfsd listens for client requests on the default TCP port 2049.

5. Configure the firewall to enable access for NFSv3 and NFSv4 clients.

   To enable access through the firewall for NFSv3 and NFSv4 clients, do the following:

   1. Edit the /etc/nfs.conf file to specify the port settings for handling network mount requests (mountd section) and status monitoring (statd section). Also, set the TCP port on which the network lock manager listens in the lockd section. For example:

      # Ports that various services should listen on.
      
      [mountd]
      port = 892
      
      [statd]
      port = 662
      
      [lockd]
      port = 32803

      If any of these ports are already in use, NFS fails to start. Use the lsof -i command to find an unused port and then change the setting in the /etc/nfs.conf file as appropriate.

      To confirm on which ports RPC services are listening, use the rpcinfo -p command.

   2. Restart the firewall service and configure the firewall to let NFSv3 connections through:

      sudo firewall-cmd --permanent --zone=zone --add-port=2049/tcp --add-port=111/tcp --add-port=32803/tcp --add-port=892/tcp --add-port=662/tcp

   3. Reboot the server.

      sudo systemctl reboot

6. Start the nfs-server service.

   Start the nfs-server service and configure the service to start automatically when the system boots:

   sudo systemctl enable --now nfs-server

7. Verify which versions of NFS the server works with.

   Run the following command to check that the server provides the NFS versions that you have configured:

   sudo cat /proc/fs/nfsd/versions

   For example, the following output shows that the server provides NFS3, NFS4, NFS4.1, and NFS 4.2:

   +3 +4 +4.1 +4.2

8. List the exported directories.

   Display a list of the exported directories.

   sudo showmount -e

   Export list for host01.mydom.com
   /var/folder 192.0.2.102
   /usr/local/apps *
   /var/projects/proj1 192.168.1.0/24 mgmtpc

   The exportfs command on the server displays the same information as the showmount -e command.

   sudo /usr/sbin/exportfs -v

   The showmount -a command displays all the current clients and all the exported directories that the clients have mounted.

   Note:

   To enable use of the showmount command from NFSv4 clients, specify a port number to the MOUNTD_PORT parameter in /etc/nfs.conf. Then, create a firewall rule to enable access to this TCP port.