NFS
NFS exports and mounts, autofs automounting, and Kerberos-secured NFS with krb5 authentication.
Server Configuration
Define NFS exports β /etc/exports syntax
# /etc/exports
/srv/nfs/shared 10.50.1.0/24(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/readonly 10.50.1.0/24(ro,sync,no_subtree_check)
/srv/nfs/homes 10.50.1.0/24(rw,sync,no_subtree_check,root_squash)
No space between hostname and options. 10.50.1.0/24 (rw) exports to the world read-only and to the subnet read-write β a common misconfig.
|
Apply export changes without restarting NFS β re-reads /etc/exports
sudo exportfs -raShow current active exports with options β verify what is actually shared
sudo exportfs -vEnable and start NFS server on systemd
sudo systemctl enable --now nfs-server.serviceClient Operations
Show what a server exports β probe before mounting
showmount -e 10.50.1.10Mount an NFS share manually β NFSv4 (default)
sudo mount -t nfs 10.50.1.10:/srv/nfs/shared /mnt/sharedMount with explicit NFSv3 β when server requires it or NFSv4 fails
sudo mount -t nfs -o vers=3 10.50.1.10:/srv/nfs/shared /mnt/sharedPersistent NFS mount via fstab β survives reboot
10.50.1.10:/srv/nfs/shared /mnt/shared nfs defaults,_netdev 0 0
_netdev delays mount until network is up. Without it, boot hangs if NFS server is unreachable.
|
Mount with soft timeout β returns error instead of hanging indefinitely
sudo mount -t nfs -o soft,timeo=30,retrans=3 10.50.1.10:/srv/nfs/shared /mnt/sharedNFSv4 vs NFSv3
Check which NFS version is in use on a mounted share
nfsstat -mNFSv4 uses a single port (2049) β simpler firewall rules
sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --reloadNFSv3 requires multiple ports β rpcbind, mountd, statd, lockd
sudo firewall-cmd --permanent --add-service={nfs,rpc-bind,mountd}
sudo firewall-cmd --reloadAutofs
Install autofs β auto-mount NFS on access, unmount on idle
sudo pacman -S autofsConfigure auto.master β define mount point and map file
# /etc/auto.master
/mnt/auto /etc/auto.nfs --timeout=300Configure the map file β key = subdirectory, value = NFS source
# /etc/auto.nfs
shared -rw,soft 10.50.1.10:/srv/nfs/shared
homes -rw,soft 10.50.1.10:/srv/nfs/homesEnable autofs β directories appear under /mnt/auto/ on first access
sudo systemctl enable --now autofs.serviceWildcard autofs map β auto-mount any user’s home from NFS
# /etc/auto.home
* -rw,soft 10.50.1.10:/srv/nfs/homes/&Kerberos-Secured NFS
Export with Kerberos security β krb5p provides encryption + integrity
# /etc/exports
/srv/nfs/secure *(rw,sync,sec=krb5p,no_subtree_check)Mount with Kerberos security flavor
sudo mount -t nfs -o sec=krb5p 10.50.1.10:/srv/nfs/secure /mnt/secure| Requires working Kerberos infrastructure β keytab on both client and server, time synchronization via NTP. |
Troubleshooting
Check RPC services β verify NFS daemons are registered and listening
rpcinfo -p 10.50.1.10NFS statistics β client and server operation counts, errors, retransmissions
nfsstat -cServer-side NFS stats β which operations are called most
nfsstat -sDebug mount failures β verbose mount output
sudo mount -v -t nfs 10.50.1.10:/srv/nfs/shared /mnt/sharedCheck if NFS ports are reachable β 2049 for NFSv4, 111 for rpcbind
ss -tlnp | awk '/2049|111/'Stale NFS handle β force unmount a hung NFS mount
sudo umount -f /mnt/sharedLazy unmount β detach immediately, clean up when not busy
sudo umount -l /mnt/sharedRHCSA Patterns
Full server setup β create share, export, open firewall, start service
sudo mkdir -p /srv/nfs/exam
sudo chown nobody:nobody /srv/nfs/exam
echo '/srv/nfs/exam 10.50.1.0/24(rw,sync,no_root_squash)' | sudo tee -a /etc/exports
sudo exportfs -ra
sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --reload
sudo systemctl enable --now nfs-server.serviceFull client setup β mount, verify, persist
sudo mkdir -p /mnt/exam
sudo mount -t nfs 10.50.1.10:/srv/nfs/exam /mnt/exam
df -h /mnt/exam
echo '10.50.1.10:/srv/nfs/exam /mnt/exam nfs defaults,_netdev 0 0' | sudo tee -a /etc/fstabSee Also
-
Networking — network layer NFS depends on
-
Permissions — UID/GID mapping and ACLs for NFS shares