Debian / Ubuntu Linux: Setup NFSv4 File Server

Posted on in Categories , , , last updated May 3, 2017

How do I install and configure NFS version 4 server under Debian or Ubuntu Linux server operating systems using host-based authentication?

You need to install the following packages in Debian / Ubuntu Linux server:

  1. nfs-kernel-server: Linux kernel NFS version 3 and 4 server.
  2. portmap: RPC port mapper.
  3. nfs-common: NFS support files common to client and server. It also includes the following libraries:
    1. liblockfile1 – NFS-safe locking library, includes dotlockfile program.
    2. libnfsidmap2 – An nfs idmapping library.

Step #1: Install NFSv4 Server

Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following commands. You can also login using ssh command. Switch to the root user by typing su – and entering the root password, when prompted. Enter the command apt-get update && apt-get upgrade to tell apt to refresh its package information by querying the configured repositories and then upgrade the whole system:
# apt-get update && apt-get upgrade
Type the following command to install NFSv4 server package, enter:
# apt-get install nfs-kernel-server portmap nfs-common

Step #2: Configure Portmap

Edit /etc/default/portmap, enter:
# vi /etc/default/portmap
Make sure OPTIONS are set as follows, so that it can accept network connections from your LAN:

OPTIONS=""

Save and close the file. Edit /etc/hosts.allow and add list of hosts (IP address or subnet) that are allowed to access the system using portmap, enter:
# vi /etc/hosts.allow
In this example allow 192.168.1.0/24 to access the portmap:

portmap: 192.168.1.

Save and close the file. TCP Wrapper is a host-based Networking ACL system, used to filter network access to Internet and/or LAN based systems.

Step #3: Configure idmapd

The rpc.idmapd is the NFSv4 ID <-> name mapping daemon. It provides functionality to the NFSv4 kernel client and server, to which it communicates via upcalls, by translating user and group IDs to names, and vice versa. Edit /etc/default/nfs-common, enter:
# vi /etc/default/nfs-common
Start the idmapd daemon as it needed for NFSv4:

NEED_IDMAPD=YES

Save and close the file. The default /etc/idmapd.conf file as follows:
# cat /etc/idmapd.conf
Sample outputs:

[General]
 
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
 
[Mapping]
 
Nobody-User = nobody
Nobody-Group = nogroup

I’m going to use the defaults. But, you can configure the mapping as per your setup. See idmapd.conf(5) man page for more info.

Step #4: Configure NFS

First, create a directory using the mkdir command, enter:
# mkdir /exports
Edit /etc/exports file and set the the access control list for filesystems which is exported to NFS clients, enter:
# vi /etc/exports
Append the following configuration, enter:

/exports   192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,crossmnt,fsid=0)

Save and close the file. Where,

  1. /exports: /exports is directory and it is set as an explicit export root of yourpseudofilesystem. You can mount other volumes under
    that using the mount command. See below for more information.
  2. 192.168.1.0/255.255.255.0: You are exporting directories to all hosts on an IP sub network simultaneously called 192.168.1.0/24. Only clients in 192.168.1.0/24 are allowed to access our NFSv4 server.
  3. rw: Allow users to read and write requests on this NFS volume.
  4. no_root_squash: Turn off root squashing. This option is mainly useful for diskless clients.
  5. no_subtree_check: This option disables subtree checking, which has mild security implications. A home directory filesystem, which is normally exported at the root and may see lots of file renames, should be exported with subtree checking disabled.
  6. crossmnt: This option is similar to nohide but it makes it possible for clients to move from the filesystem marked with crossmnt to exported filesystems mounted on it. Thus when a child filesystem “B” is mounted on a parent “A”, setting crossmnt on “A” has the same effect as setting “nohide” on B.
  7. fsid=0: NFS server needs to be able to identify each filesystem that it exports. For NFSv4 server, there is a distinguished filesystem which is the root of all exported filesystem. This is specified with fsid=root or fsid=0 both of which mean exactly the same thing.

A Note About /exports Pseudo File System

The /exports act as the root of the pseudo file system for the export. You need to mount all the required filesystems under this directory. For example, you can share /home, /sales, /usr directory under /exports as follows using the mkdir command:
# cd /exports
# mkdir {home,sales,data,usr}

You can now bind the directories using the mount command as follows:
# cd /exports
# mount --bind /home data
# mount --bind /usr home
# mount --bind /data data
# mount --bind /sales sales

Update /etc/fstab to automatically bind the file system, enter:
# vi /etc/fstab
Update file as follows:

/home /exports/data    none bind
/usr /exports/home     none bind
/data /exports/data    none bind
/sales /exports/sales   none bind

Save and close the file. Make sure all services are running:
# /etc/init.d/portmap restart
# /etc/init.d/nfs-common restart
# /etc/init.d/nfs-kernel-server restart

Step #5: Client Configuration

You need to install nfs-common and portmap packages on the client computer running Debian or Ubuntu Linux desktop:
# apt-get install nfs-common portmap
Make sure those two services are running:
# /etc/init.d/nfs-common start
# /etc/init.d/portmap start

How Do I See Exported Directories From The Client Computer?

Type the following commands:
$ showmount -e 192.168.1.10
$ showmount -e server2

Where, 192.168.1.10 is NFSv4 server IP address.

How Do I Mount the Directories From The Client Computer?

Type the following command, enter:
# mkdir /data
To mount the entire /exports, enter:
# mount.nfs4 192.168.1.4:/ /data
Only mount /exports/data, enter:
# mount.nfs4 192.168.1.4:/data /data
I suggest passing the following options to the mount command:
# mount.nfs4 192.168.1.10:/ /nfs -o soft,intr,rsize=8192,wsize=8192
See mount.nfs4 man page for more information.

How Do I Mount Directories Automatically Using /etc/fstab File?

You can mount NFS file systems Using /etc/fstab, enter:
# vi /etc/fstab
Append the entry, enter:
192.168.1.10:/data /data nfs4 soft,intr,rsize=8192,wsize=8192
Save and close the file.

Kerberos Based Authentication

If you do not wish to use host-based authentication, you can use Kerberos-based authentication instead. In the next part of the series I will talk about Kerberos-based authentication for NFSv4 client and server running under Debian operating systems.

This entry is 2 of 15 in the Linux / UNIX NFS File Server Tutorial series. Keep reading the rest of the series:
  1. CentOS / Redhat: Setup NFS v4.0 File Server
  2. Debian / Ubuntu Linux: Setup NFSv4 File Server
  3. Mac Os X: Mount NFS Share / Set an NFS Client
  4. RHEL: How Do I Start and Stop NFS Service?
  5. How To Restart Linux NFS Server Properly When Network Become Unavailable
  6. Linux Iptables Allow NFS Clients to Access the NFS Server
  7. Debian / Ubuntu Linux Disable / Remove All NFS Services
  8. Linux: Tune NFS Performance
  9. Mount NFS file system over a slow and busy network
  10. Linux Track NFS Directory / Disk I/O Stats
  11. Linux Disable / Remove All NFS Services
  12. Linux: NFS4 mount Error reason given by server: No such file or directory
  13. Linux NFS Mount: wrong fs type, bad option, bad superblock on fs2:/data3 Error And Solution
  14. CentOS / RHEL CacheFS: Speed Up Network File System (NFS) File Access
  15. Increase NFS Client Mount Point Security

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

5 comment

  1. [email protected] says:

    i did all above steps but getting below error:
    [email protected]:~# /etc/init.d/nfs-common start
    -bash: /etc/init.d/nfs-common: No such file or directory

  2. Oh sorry should have read more closely:

    In more recent versions of Ubuntu the init.d process has evolved to service so you would type: service nfs-common restart or service nfs-kernel-server restart for the various services you wish to restart. If you don’t know the exact name you can type into the command line “service –status-all” for a list

  3. This was an awesome tutorial/instructional. First time user of debian (from fedora and centos) and I am loving it. This worked perfectly, right out of the gate!!!

    One small typo was the IP address for setting up the client:

    To mount the entire /exports, enter:
    # mount.nfs4 192.168.1.4:/ /data

    Only mount /exports/data, enter:
    # mount.nfs4 192.168.1.4:/data /data

    instead of 192.168.1.4, should be 192.168.1.10
    This was easily figured out and is not an issue. Just thought I would share for the the
    other newbies.

    Thank you so much for providing this.

Comments are closed.