Create an NFS Server on Oracle Linux

7
0
Send lab feedback

Create an NFS server on Oracle Linux

Introduction

The following tutorial provides step-by-step procedures to install and configure an NFS Server and mount the NFS shares. This tutorial is targeted at users of Oracle Linux.

Objectives

In this lab, you'll:

  • Install nfs-utils
  • Configure an NFS server
  • Mount NFS shares

What Do You Need?

  • Two systems with Oracle Linux installed.

Install the NFS Utilities Package on the Server Instance

Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.

  1. Open a terminal and connect to your server instance.

  2. Install the NFS utilities package.

    sudo dnf install -y nfs-utils

    This command will install the daemon and tools associated with the kernel NFS server.

  3. Dnf will display the nfs-utils package and all dependencies and complete the installation.

  4. If the package is already installed, then the following message will appear.

    dnf package installed

Create an NFS Share

  1. Create a directory to contain your shared files.

    sudo mkdir /nfs-share
  2. Create a series of test files.

    sudo fallocate -l 10MB /nfs-share/file1
    sudo fallocate -l 10MB /nfs-share/file2
    echo "This is a shared text file." | sudo tee /nfs-share/shared-text.txt > /dev/null

    These commands create two 10BM files and a standard text file.

  3. Verify the files created successfully.

    ls -lh /nfs-share

    share file listing

  4. Change permissions on the files.

    sudo chmod -R 777 /nfs-share

    For ease, we use chmod -R 777, which sets the local file permissions to read/write/execute for everyone. This minimalizes the need for additional NFS share options in this exercise where the UID/GUID of the client user does not match the server and defaults to the nobody account on the server.

    Evaluate if these permissions are appropriate for your environment before using them in production.

    For more details, check out man nfs.

  5. Define the share in /etc/exports.

    Each entry has the format export host1(options1) host2(options2) host3(options3).

    echo "/nfs-share  <CLIENT_IP_ADDRESS>(rw)" | sudo tee -a /etc/exports > /dev/null

    The <CLIENT_IP_ADDRESS> is the IP address of the client instance and (rw) indicates the share is read-write for the set IP address.

    If the entry was /nfs-share <CLIENT_IP_ADDRESS> (rw), notice the space between <CLIENT_IP_ADDRESS> and (rw), then the single client mentioned would have read-only (default) access, while the rest of the world has read/write.

Start the NFS Server

  1. Set the firewall to allow NFS traffic.

    sudo firewall-cmd --permanent --zone=public --add-service=nfs
    sudo firewall-cmd --reload
    sudo firewall-cmd --list-all
    • --permanent ensures the setting persists a system reboot.
    • --list-all will display the firewall settings and show that NFS traffic is allowed.

    firewall rules

  2. Enable and start the NFS service.

    sudo systemctl enable --now nfs-server
    showmount -e

    The showmount command displays the shares available using the NFS server.

    start service nfs mounts

Add Another Share

  1. Create a new folder.

    sudo mkdir /nfs-share2
  2. Create a new share using exportfs.

    sudo exportfs -i -o rw *:/nfs-share2
    showmount -e
    • -i causes the new share to ignore any values set in /etc/exports
    • -o passes the share options
    • * makes the share available to all clients

    nfs mounts

  3. Show the new share added using exportfs does not persist a service restart.

    sudo systemctl restart nfs-server
    showmount -e

    nfs mounts

  4. Add the new share to /etc/exports to persist system restarts.

    echo "/nfs-share2 *(rw)" | sudo tee -a /etc/exports > /dev/null
    sudo exportfs -r
    showmount -e
    • -r in exportfs refreshes the export list with any changes made to /etc/exports.

    nfs mounts

Install the NFS Utilities Package on the Client Instance

  1. Open a terminal and connect to your client instance.

  2. Install the NFS utilities package.

    sudo dnf install -y nfs-utils

    This command will install the daemon and tools associated with the kernel NFS server.

  3. Dnf will display the nfs-utils package and all dependencies and complete the installation.

  4. If the package is already installed, then the following message will appear.

    dnf package installed

Mount the NFS Share

  1. Create a directory for the mount point.

    sudo mkdir /nfs-mount
  2. Mount the share and get a directory listing.

    sudo mount <SERVER_IP_ADDRESS>:/nfs-share /nfs-mount
    ls -lh /nfs-mount

    Where <SERVER_IP_ADDRESS> is the IP address of the server instance used earlier in this tutorial.

    share file listing

  3. Test access to the NFS share.

    echo "Hello World!" >> /nfs-mount/shared-text.txt
    cat /nfs-mount/shared-text.txt

    show file change

Root Squashing

Enabled by default in Oracle Linux, "root squashing" is a share-level configuration option that prevents a remote root user from having root access to the network file system. It is recommended to leave "root squashing" enabled for proper security, but the following steps will show available access when disabled.

  1. Try changing permissions on a file in the NFS share from the client instance.

    sudo chmod 766 /nfs-mount/shared-text.txt

    sudo chmod fail

    The output shows permission denied even though the command uses sudo.

  2. Disable root_squash on the share using the server instance.

    echo "/nfs-share <CLIENT_IP_ADDRESS>(rw,no_root_squash)" | sudo tee /etc/exports > /dev/null

    Where <CLIENT_IP_ADDRESS> is the IP address of the client instance used in this tutorial

  3. Restart the NFS server.

    sudo systemctl restart nfs-server
  4. Try changing permissions on the file again from the client instance.

    sudo chmod 766 /nfs-mount/shared-text.txt
    ls -lh /nfs-mount

    sudo chmod success

    The output shows the execute permissions removed from the group and other columns.

Mount Share Using fstab

To have the mounted share available after a reboot of the client instance, add an entry to the fstab file.

  1. Unmount the NFS share.

    sudo umount /nfs-mount
    ls -lh /nfs-mount

    The ls -lh shows the directory is empty and therefore not mounted.

    unmount

  2. Update the fstab file.

    echo "<SERVER_IP_ADDRESS>:/nfs-share  /nfs-mount  nfs  rw  0 0" | sudo tee -a /etc/fstab > /dev/null
    tail -n5 /etc/fstab

    Replace <SERVER_IP_ADDRESS> with the IP address of the server instance.

    tail -n5 displays the last 5 lines in the /etc/fstab file.

    show fstab

  3. Mount and verify the share is accessible.

    sudo mount -a
    ls -lh /nfs-mount

    share file listing

SSR