NFS Server and Client on RHEL 9

Network File System (NFS) is a core Linux service that allows systems to share files and directories over a network. On RHEL 9, NFS is robust, secure, and simple to configure, making it ideal for shared storage, backups, or centralizing application data. This guide walks you step-by-step through setting up an NFS server and client, with all essential details for real-world administration.

Step 1: Install NFS Packages

Before starting, ensure both server and client have the required packages:

$ sudo dnf install -y nfs-utils

Verify installation:

$ sudo rpm -qa | grep nfs-utils

nfs-utils provides both server and client functionality.
Ensure your system is updated to avoid compatibility issues.

Step 2: Configure the NFS Server

The server is responsible for sharing directories. For this guide, we’ll share /srv/nfs_share.

Create the directory:

$ sudo mkdir -p /srv/nfs_share

$ sudo chown nfsnobody:nfsnobody /srv/nfs_share

$ sudo chmod 755 /srv/nfs_share

Define exports in /etc/exports:

$ sudo vi /etc/exports

Add:

/srv/nfs_share 192.168.10.0/24(rw,sync,no_root_squash)

Explanation:

192.168.10.0/24 → subnet allowed to access the share.
rw → read/write access.
sync → writes are confirmed to disk before returning (safer).
no_root_squash → allows client root to act as root (use carefully).

NFS Server Export each parameter:

Option	Meaning
`rw`	Read and write access for the client. Without this, it’s read-only (`ro`).
`sync`	Ensures that changes are written to disk before the server replies to the client. Safer than async.
`no_root_squash`	Allows the client’s root user to act as root on the server. Default is `root_squash` which maps root to `nfsnobody`. Be careful: this can be a security risk.
`ro`	Read-only access (opposite of `rw`).
`all_squash`	Maps all client users to `nfsnobody`. Useful for anonymous access.
`anonuid` / `anongid`	Specify the UID/GID for squashed users. Useful with `all_squash`.
`no_subtree_check`	Disables subtree checking. Improves performance when directories move but can reduce security.
`subtree_check`	Default. Checks file location in the exported directory (safer).
`root_squash`	Maps root on client to `nfsnobody` on server (default).
`secure`	Requires clients to connect from ports <1024 (default).
`insecure`	Allows ports >1024. Required for some clients behind NAT/firewall.
`fsid=<num>`	Assign a filesystem ID. Needed for NFSv4 sometimes.

Enable and start NFS services:

$ sudo systemctl enable --now nfs-server rpcbind

$ sudo systemctl start nfs-server rpcbind

Export the directories:

$ sudo exportfs -rav

-r → re-export all shares.

-a → export all directories from /etc/exports.

-v → verbose output.

Verify exports:

$ sudo exportfs -v

Step 3: Configure NFS Ports and Firewall

NFS uses multiple services with specific ports:

Service	Port Number	Protocol
NFS daemon	2049	TCP/UDP
rpcbind	111	TCP/UDP
mountd	Dynamic*	TCP/UDP
statd	Dynamic*	TCP/UDP
lockd	Dynamic*	TCP/UDP

Dynamic ports can be set static via /etc/nfs.conf.

Firewall setup on RHEL 9:

$ sudo firewall-cmd --permanent --add-service=nfs

$ sudo firewall-cmd --permanent --add-service=rpc-bind

$ sudo firewall-cmd --permanent --add-service=mountd

$ sudo firewall-cmd --reload

Static ports configuration:

Edit $ sudo vi /etc/nfs.conf:

[lockd]

port=32803

[statd]

port=662

[mountd]

port=892

Restart services:

$ sudo systemctl restart nfs-server

Open these ports in firewall:

$ sudo firewall-cmd --permanent --add-port=2049/tcp

$ sudo firewall-cmd --permanent --add-port=2049/udp

$ sudo firewall-cmd --permanent --add-port=111/tcp

$ sudo firewall-cmd --permanent --add-port=111/udp

$ sudo firewall-cmd --permanent --add-port=892/tcp

$ sudo firewall-cmd --permanent --add-port=892/udp

$ sudo firewall-cmd --permanent --add-port=662/tcp

$ sudo firewall-cmd --permanent --add-port=662/udp

$ sudo firewall-cmd --permanent --add-port=32803/tcp

$ sudo firewall-cmd --permanent --add-port=32803/udp

$ sudo firewall-cmd --reload

Step 4: Configure the NFS Client

On the client system:

Create a mount point:

$ sudo mkdir -p /mnt/nfs_share

Mount the NFS share manually:

$ sudo mount -t nfs 192.168.10.100:/srv/nfs_share /mnt/nfs_share

Replace 192.168.10.100 with the NFS server IP.

Verify the mount:

$ df -h | grep nfs_share

Each line in /etc/fstab has 6 fields:

<fs_spec> <mount_point> <fs_type> <options> <dump> <pass>

For your example:

Field	Value	Meaning
`fs_spec`	`192.168.10.100:/srv/nfs_share`	The remote NFS share (or device/partition)
`mount_point`	`/mnt/nfs_share`	Where the filesystem will be mounted
`fs_type`	`nfs`	Filesystem type
`options`	`defaults`	Mount options (read/write, auto, etc.)
`dump`	`0`	Used by `dump` command for backups (0 = ignore)
`pass`	`0`	Determines fsck order at boot (0 = don’t check)

dump (5th field):

Value 0 → The filesystem will not be backed up using the dump utility.

Value 1 → Would mark it for backup.

pass (6th field):

Value 0 → The filesystem will not be checked by fsck at boot.

Value 1 → Root filesystem (checked first).

Value 2 → Other filesystems (checked after root).

NFS Client Mount Options each parameter:

Option	Meaning
`rw`	Read/write access (matches server `rw`).
`ro`	Read-only mount.
`sync`	Writes are synchronous (safer, matches server).
`async`	Asynchronous writes (faster, less safe).
`_netdev`	Mount waits until network is ready (important for boot).
`vers=4`	Use NFSv4 (default in RHEL 9). Can also specify `vers=3` if needed.
`proto=tcp`	Use TCP (recommended over UDP).
`rsize=32768,wsize=32768`	Read/write buffer sizes. Can tune for performance.
`timeo=600,retrans=2`	Timeout and retransmission options. Useful for unreliable networks.

Make the mount permanent:

Edit $ sudo vi /etc/fstab:

192.168.1.100:/srv/nfs_share /mnt/nfs_share nfs defaults 0 0

Test read/write access:

$ touch /mnt/nfs_share/testfile

$ ls -l /mnt/nfs_share

Step 5: SELinux and Permissions

If SELinux is enforcing:

$ sudo chcon -t nfs_t /srv/nfs_share -R

Ensure proper filesystem permissions for NFS users.

Test with normal and root users to verify expected behavior.

Step 6: Troubleshooting

Mount failed / RPC timeout → Check rpcbind, firewall, and NFS services.
Permission denied → Check /etc/exports, SELinux, and filesystem permissions.
Cannot write files → Confirm rw option and directory ownership.

Useful commands:

$ sudo showmount -e 192.168.10.100 # List NFS exports from server

$ sudo mount -t nfs 192.168.10.100:/srv/nfs_share /mnt/test

Conclusion:

Configuring NFS on RHEL 9 is straightforward once you understand:

The server exports
Client mounts
Ports, firewall, and SELinux considerations

Once set up, NFS allows centralized file storage accessible by multiple systems, reducing redundancy and simplifying administration. This setup works for small labs, enterprise apps, and shared data solutions in production environments.

Unix System Administrator

Welcome to TechSysAdm, your go-to blog for practical insights, troubleshooting tips, and best practices in managing mission-critical enterprise systems. Here, we cover everything from AIX, RHEL, SUSE Linux, Solaris, VMware, and Windows servers to enterprise databases and DevOps environments, helping IT professionals optimize performance, ensure reliability, and solve complex system challenges.

adminCtrlX – Simplifying System Administration

Pages

NFS Server and Client on RHEL 9

No comments:

Post a Comment