Create an NFS server on Oracle Linux

Introduction

The following tutorial provides step-by-step procedures to install and configure an NFS Server and mount the NFS shares. This tutorial is targeted at users of Oracle Linux.

Objectives

In this lab, you'll:

Install nfs-utils
Configure an NFS server
Mount NFS shares

What Do You Need?

Two systems with Oracle Linux installed.

Install the NFS Utilities Package on the Server Instance

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

Open a terminal and connect to your server instance.
Install the NFS utilities package.
```
sudo dnf install -y nfs-utils
```
This command will install the daemon and tools associated with the kernel NFS server.
Dnf will display the nfs-utils package and all dependencies and complete the installation.
If the package is already installed, then the following message will appear.

Create a directory to contain your shared files.
```
sudo mkdir /nfs-share
```

Create a series of test files.

sudo fallocate -l 10MB /nfs-share/file1
sudo fallocate -l 10MB /nfs-share/file2
echo "This is a shared text file." | sudo tee /nfs-share/shared-text.txt > /dev/null

These commands create two 10BM files and a standard text file.

Verify the files created successfully.
```
ls -lh /nfs-share
```
Change permissions on the files.
```
sudo chmod -R 777 /nfs-share
```
For ease, we use chmod -R 777, which sets the local file permissions to read/write/execute for everyone. This minimalizes the need for additional NFS share options in this exercise where the UID/GUID of the client user does not match the server and defaults to the nobody account on the server.
Evaluate if these permissions are appropriate for your environment before using them in production.
For more details, check out man nfs.
Define the share in /etc/exports.
Each entry has the format export host1(options1) host2(options2) host3(options3).
```
echo "/nfs-share  <CLIENT_IP_ADDRESS>(rw)" | sudo tee -a /etc/exports > /dev/null
```
The <CLIENT_IP_ADDRESS> is the IP address of the client instance and (rw) indicates the share is read-write for the set IP address.
If the entry was /nfs-share <CLIENT_IP_ADDRESS> (rw), notice the space between <CLIENT_IP_ADDRESS> and (rw), then the single client mentioned would have read-only (default) access, while the rest of the world has read/write.

Start the NFS Server

Set the firewall to allow NFS traffic.
```
sudo firewall-cmd --permanent --zone=public --add-service=nfs
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
```
- --permanent ensures the setting persists a system reboot.
- --list-all will display the firewall settings and show that NFS traffic is allowed.
Enable and start the NFS service.
```
sudo systemctl enable --now nfs-server
showmount -e
```
The showmount command displays the shares available using the NFS server.

Create a new folder.
```
sudo mkdir /nfs-share2
```
Create a new share using exportfs.
```
sudo exportfs -i -o rw *:/nfs-share2
showmount -e
```
- -i causes the new share to ignore any values set in /etc/exports
- -o passes the share options
- * makes the share available to all clients
Show the new share added using exportfs does not persist a service restart.
```
sudo systemctl restart nfs-server
showmount -e
```
Add the new share to /etc/exports to persist system restarts.
```
echo "/nfs-share2 *(rw)" | sudo tee -a /etc/exports > /dev/null
sudo exportfs -r
showmount -e
```
- -r in exportfs refreshes the export list with any changes made to /etc/exports.

Install the NFS Utilities Package on the Client Instance

Open a terminal and connect to your client instance.
Install the NFS utilities package.
```
sudo dnf install -y nfs-utils
```
This command will install the daemon and tools associated with the kernel NFS server.
Dnf will display the nfs-utils package and all dependencies and complete the installation.
If the package is already installed, then the following message will appear.

Create a directory for the mount point.
```
sudo mkdir /nfs-mount
```
Mount the share and get a directory listing.
```
sudo mount <SERVER_IP_ADDRESS>:/nfs-share /nfs-mount
ls -lh /nfs-mount
```
Where <SERVER_IP_ADDRESS> is the IP address of the server instance used earlier in this tutorial.

Test access to the NFS share.

echo "Hello World!" >> /nfs-mount/shared-text.txt
cat /nfs-share/shared-text.txt

show file change

Root Squashing

Enabled by default in Oracle Linux, "root squashing" is a share-level configuration option that prevents a remote root user from having root access to the network file system. It is recommended to leave "root squashing" enabled for proper security, but the following steps will show available access when disabled.

Try changing permissions on a file in the NFS share from the client instance.
```
sudo chmod 766 /nfs-mount/shared-text.txt
```
The output shows permission denied even though the command uses sudo.
Disable root_squash on the share using the server instance.
```
echo "/nfs-share <CLIENT_IP_ADDRESS>(rw,no_root_squash)" | sudo tee /etc/exports > /dev/null
```
Where <CLIENT_IP_ADDRESS> is the IP address of the client instance used in this tutorial
Restart the NFS server.
```
sudo systemctl restart nfs-server
```
Try changing permissions on the file again from the client instance.
```
sudo chmod 766 /nfs-mount/shared-text.txt
ls -lh /nfs-mount
```
The output shows the execute permissions removed from the group and other columns.

To have the mounted share available after a reboot of the client instance, add an entry to the fstab file.

Unmount the NFS share.
```
sudo umount /nfs-mount
ls -lh /nfs-mount
```
The ls -lh shows the directory is empty and therefore not mounted.
Update the fstab file.
```
echo "<SERVER_IP_ADDRESS>:/nfs-share  /nfs-mount  nfs  rw  0 0" | sudo tee -a /etc/fstab > /dev/null
tail -n5 /etc/fstab
```
Replace <SERVER_IP_ADDRESS> with the IP address of the server instance.
tail -n5 displays the last 5 lines in the /etc/fstab file.
Mount and verify the share is accessible.
```
sudo mount -a
ls -lh /nfs-mount
```