The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To configure an NFS server:
Install the
nfs-utils
package:#
yum install nfs-utils
Edit the
/etc/exports
file to define the directories that the server will make available for clients to mount, for example:/var/folder 192.0.2.102(rw,async) /usr/local/apps *(all_squash,anonuid=501,anongid=501,ro) /var/projects/proj1 192.168.1.0/24(ro) mgmtpc(rw)
Each entry consists of the local path to the exported directory, followed by a list of clients that can mount the directory with client-specific mount options in parentheses. If this example:
The client system with the IP address 192.0.2.102 can mount
/var/folder
with read and write permissions. All writes to the disk are asynchronous, which means that the server does not wait for write requests to be written to disk before responding to further requests from the client.All clients can mount
/usr/local/apps
read-only, and all connecting users includingroot
are mapped to the local unprivileged user with UID 501 and GID 501.All clients on the 192.168.1.0 subnet can mount
/var/projects/proj1
read-only, and the client system namedmgmtpc
can mount the directory with read-write permissions.
NoteThere is no space between a client specifier and the parenthesized list of options.
For more information, see the
exports(5)
manual page.If the server will serve NFSv2 and NFSv3 clients, start the
rpcbind
service, and configure the service to start following a system reboot:#
service rpcbind start
#chkconfig rpcbind on
Start the
nfs
service, and configure the service to start following a system reboot:#
service nfs start
#chkconfig nfs on
If the server will serve NFSv2 and NFSv3 clients, start the
nfslock
service, and configure the service to start following a system reboot:#
service nfslock start
#chkconfig nfslock on
If the server will serve NFSv4 clients, edit
/etc/idmapd.conf
and edit the definition for the Domain parameter to specify the DNS domain name of the server, for example:Domain = mydom.com
This setting prevents the owner and group being unexpectedly listed as the anonymous user or group (
nobody
ornogroup
) on NFS clients when theall_squash
mount option has not been specified.If you need to allow access through the firewall for NFSv4 clients only, use the following commands to configure
iptables
to allow NFSv4 connections and save the change to the firewall configuration:#
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
#service iptables save
This configuration assumes that
rpc.nfsd
listens for client requests on TCP port 2049.If you need to allow access through the firewall for NFSv2 and NFSv3 clients as well as NFSv4 clients:
Stop the firewall service:
#
service iptables stop
Edit
/etc/sysconfig/nfs
and create entries for the following port settings:# TCP port rpc.lockd should listen on. LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 # Port rpc.mountd should listen on. MOUNTD_PORT=892 # Port rpc.statd should listen on. STATD_PORT=662
The port values shown in this example are the default settings that are commented-out in the file.
To verify that none of the ports specified in
/etc/sysconfig/nfs
is in use, enter the following commands:#
lsof -i tcp:32803
#lsof -i udp:32769
#lsof -i :892
#lsof -i :662
If any port is in use, use the lsof -i command to determine an unused port and amend the setting in
/etc/sysconfig/nfs
.Stop and restart the
nfslock
andnfs
services:#
service nfslock stop
#service nfs stop
#service nfs start
#service nfslock start
NFS fails to start if one of the specified ports is in use, and reports an error in
/var/log/messages
. Edit/etc/sysconfig/nfs
to use a different port number for the service that could not start, and attempt to restart thenfslock
andnfs
services. You can use the rpcinfo -p command to confirm on which ports RPC services are listening.Restart the firewall service, configure
iptables
to allow NFSv2 and NFSv3 connections, and save the change to the firewall configuration:#
service iptables start
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
#iptables -I INPUT -p udp -m udp --dport 2049 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
#iptables -I INPUT -p udp -m udp --dport 111 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 32803 -j ACCEPT
#iptables -I INPUT -p udp -m udp --dport 32769 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
#iptables -I INPUT -p udp -m udp --dport 892 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
#iptables -I INPUT -p udp -m udp --dport 662 -j ACCEPT
#service iptables save
The port values shown in this example assume that the default port settings in
/etc/sysconfig/nfs
are available for use by RPC services. This configuration also assumes thatrpc.nfsd
andrpcbind
listen on ports 2049 and 111 respectively.
Use the showmount -e command to display a list of the exported file systems, for example:
#
showmount -e
Export list for host01.mydom.com /var/folder 192.0.2.102 /usr/local/apps * /var/projects/proj1 192.168.1.0/24 mgmtpcshowmount -a lists the current clients and the file systems that they have mounted, for example:
#
showmount -a
mgmtpc.mydom.com:/var/projects/proj1NoteTo be able to use the showmount command from NFSv4 clients,
MOUNTD_PORT
must be defined in/etc/sysconfig/nfs
and a firewall rule must allow access on this TCP port.
If you want to export or unexport directories without editing
/etc/exports
and restarting the NFS service,
use the exportfs command. The following
example makes /var/dev
available with read
and write access by all clients, and ignores any existing
entries in /etc/exports
.
# exportfs -i -o ro *:/var/dev
For more information, see the exportfs(8)
,
exports(5)
, and
showmount(8)
manual pages.