Debian / Ubuntu Linux: Setup NFSv4 File Server

Posted on in Categories , last updated September 7, 2011

How do I install and configure NFS version 4 server under Debian or Ubuntu Linux server operating systems using host-based authentication?

You need to install the following packages in Debian / Ubuntu Linux server:

  1. nfs-kernel-server: Linux kernel NFS version 3 and 4 server.
  2. portmap: RPC port mapper.
  3. nfs-common: NFS support files common to client and server. It also includes the following libraries:
    1. liblockfile1 – NFS-safe locking library, includes dotlockfile program.
    2. libnfsidmap2 – An nfs idmapping library.

Step #1: Install NFSv4 Server

Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following commands. You can also login using ssh command. Switch to the root user by typing su – and entering the root password, when prompted. Enter the command apt-get update && apt-get upgrade to tell apt to refresh its package information by querying the configured repositories and then upgrade the whole system:
# apt-get update && apt-get upgrade
Type the following command to install NFSv4 server package, enter:
# apt-get install nfs-kernel-server portmap nfs-common

Step #2: Configure Portmap

Edit /etc/default/portmap, enter:
# vi /etc/default/portmap
Make sure OPTIONS are set as follows, so that it can accept network connections from your LAN:


Save and close the file. Edit /etc/hosts.allow and add list of hosts (IP address or subnet) that are allowed to access the system using portmap, enter:
# vi /etc/hosts.allow
In this example allow to access the portmap:

portmap: 192.168.1.

Save and close the file. TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet and/or LAN based systems.

Step #3: Configure idmapd

The rpc.idmapd is the NFSv4 ID <-> name mapping daemon. It provides functionality to the NFSv4 kernel client and server, to which it communicates via upcalls, by translating user and group IDs to names, and vice versa. Edit /etc/default/nfs-common, enter:
# vi /etc/default/nfs-common
Start the idmapd daemon as it needed for NFSv4:


Save and close the file. The default /etc/idmapd.conf file as follows:
# cat /etc/idmapd.conf
Sample outputs:

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
Nobody-User = nobody
Nobody-Group = nogroup

I’m going to use the defaults. But, you can configure the mapping as per your setup. See idmapd.conf(5) man page for more info.

Step #4: Configure NFS

First, create a directory using the mkdir command, enter:
# mkdir /exports
Edit /etc/exports file and set the the access control list for filesystems which is exported to NFS clients, enter:
# vi /etc/exports
Append the following configuration, enter:


Save and close the file. Where,

  1. /exports: /exports is directory and it is set as an explicit export root of yourpseudofilesystem. You can mount other volumes under
    that using the mount command. See below for more information.
  2. You are exporting directories to all hosts on an IP sub network simultaneously called Only clients in are allowed to access our NFSv4 server.
  3. rw: Allow users to read and write requests on this NFS volume.
  4. no_root_squash: Turn off root squashing. This option is mainly useful for diskless clients.
  5. no_subtree_check: This option disables subtree checking, which has mild security implications. A home directory filesystem, which is normally exported at the root and may see lots of file renames, should be exported with subtree checking disabled.
  6. crossmnt: This option is similar to nohide but it makes it possible for clients to move from the filesystem marked with crossmnt to exported filesystems mounted on it. Thus when a child filesystem “B” is mounted on a parent “A”, setting crossmnt on “A” has the same effect as setting “nohide” on B.
  7. fsid=0: NFS server needs to be able to identify each filesystem that it exports. For NFSv4 server, there is a distinguished filesystem which is the root of all exported filesystem. This is specified with fsid=root or fsid=0 both of which mean exactly the same thing.

A Note About /exports Pseudo File System

The /exports act as the root of the pseudo file system for the export. You need to mount all the required filesystems under this directory. For example, you can share /home, /sales, /usr directory under /exports as follows using the mkdir command:
# cd /exports
# mkdir {home,sales,data,usr}

You can now bind the directories using the mount command as follows:
# cd /exports
# mount --bind /home data
# mount --bind /usr home
# mount --bind /data data
# mount --bind /sales sales

Update /etc/fstab to automatically bind the file system, enter:
# vi /etc/fstab
Update file as follows:

/home /exports/data    none bind
/usr /exports/home     none bind
/data /exports/data    none bind
/sales /exports/sales   none bind

Save and close the file. Make sure all services are running:
# /etc/init.d/portmap restart
# /etc/init.d/nfs-common restart
# /etc/init.d/nfs-kernel-server restart

Step #5: Client Configuration

You need to install nfs-common and portmap packages on the client computer running Debian or Ubuntu Linux desktop:
# apt-get install nfs-common portmap
Make sure those two services are running:
# /etc/init.d/nfs-common start
# /etc/init.d/portmap start

How Do I See Exported Directories From The Client Computer?

Type the following commands:
$ showmount -e
$ showmount -e server2

Where, is NFSv4 server IP address.

How Do I Mount the Directories From The Client Computer?

Type the following command, enter:
# mkdir /data
To mount the entire /exports, enter:
# mount.nfs4 /data
Only mount /exports/data, enter:
# mount.nfs4 /data
I suggest passing the following options to the mount command:
# mount.nfs4 /nfs -o soft,intr,rsize=8192,wsize=8192
See mount.nfs4 man page for more information.

How Do I Mount Directories Automatically Using /etc/fstab File?

You can mount NFS file systems Using /etc/fstab, enter:
# vi /etc/fstab
Append the entry, enter: /data nfs4 soft,intr,rsize=8192,wsize=8192
Save and close the file.

Kerberos Based Authentication

If you do not wish to use host-based authentication, you can use Kerberos-based authentication instead. In the next part of the series I will talk about Kerberos-based authentication for NFSv4 client and server running under Debian operating systems.

5 comment

  1. [email protected] says:

    i did all above steps but getting below error:
    [email protected]:~# /etc/init.d/nfs-common start
    -bash: /etc/init.d/nfs-common: No such file or directory

  2. Oh sorry should have read more closely:

    In more recent versions of Ubuntu the init.d process has evolved to service so you would type: service nfs-common restart or service nfs-kernel-server restart for the various services you wish to restart. If you don’t know the exact name you can type into the command line “service –status-all” for a list

  3. This was an awesome tutorial/instructional. First time user of debian (from fedora and centos) and I am loving it. This worked perfectly, right out of the gate!!!

    One small typo was the IP address for setting up the client:

    To mount the entire /exports, enter:
    # mount.nfs4 /data

    Only mount /exports/data, enter:
    # mount.nfs4 /data

    instead of, should be
    This was easily figured out and is not an issue. Just thought I would share for the the
    other newbies.

    Thank you so much for providing this.

Leave a Comment