Kerberos can also provide encryption, as by default any content transferred over NFS will be sent in clear text which is not secure. There is not actually any authentication performed, for that we can use Kerberos enabled NFS exports. Note that this is only limiting the clients by IP address based on the configuration within the /etc/exports file on the NFS server. mount.nfs: access denied by server while mounting 192.168.0.200:/root/nfs If any other system other than 192.168.0.100 tries to mount this they will receive the below error after the mount fails.
192.168.0.200:/root/nfs /mnt nfs rw,async 0 0Īfter saving your changes to this file, you can first unmount /mnt with ‘umount /mnt’ and then run ‘mount -a’ which will attempt to mount everything not mounted already in /etc/fstab, this should mount 192.168.0.200:/root/nfs back to /mnt and this will also automatically happen on reboot. This mount is not persistent, if we perform a reboot of the client system this will not be mounted automatically, to do this we can add the following into the /etc/fstab file on the client server.
We can attempt to mount this with NFS with the mount command, the free space in the mount should then show up with the df command. The client systems will also need the nfs-utils package installed to be able to mount NFS.įirst on the client we can use the showmount command to view a list of mounts exported on the NFS server. Now that we have prepared the NFS share, only 192.168.0.100 should be able to mount it, let’s test. The -a flag will export all directories, the -r flag will reexport all directories and remove any old entries, while the -v flag provides verbosity and will output all of the NFS exports.
It is important to note that there is no space between the IP address and the options (rw,async), if there was a space here, then the IP address would have default options and the (rw,async) would instead apply to any other client that attempts to access the NFS share, which would essentially give read/write access to anyone.Īfter any changes to the /etc/exports file we need to use the exportfs command to update the table of exported NFS file systems. Hostnames can also be used instead of IP addresses. ~]# cat /etc/exportsĪs shown we are saying that the /root/nfs directory is available only to the IP address of 192.168.0.100, so only the system at this IP address will be able to successfully access and mount the directory. exports extension.īelow is an example NFS configuration within the /etc/exports file. Alternatively configuration files can also be created within the /etc/exports.d/ directory as long as they have the. The NFS server mount points are configured with the /etc/exports file, this file lists the directories that are available to be accessed over NFS. We’ll also create the directory on the NFS server that we are going to share over NFS, in this example it’s going to be /root/nfs however this can be elsewhere. The firewall configuration must also be reloaded as we have put a permanent rule in place which will not apply to the running configuration. This change will allow TCP port 2049 NFS traffic into the server from any source. Next the firewall must be configured in order to correctly allow NFS traffic through, this can be done as shown with firewalld. systemctl enable nfsįor further information on basic service management with systemctl, see our guide here. Once installed we can enable our NFS server to automatically start the required NFS service on boot, we’ll also start the service up now as it’s not running by default after installation. The server that has the data to share will act as the NFS server and needs the nfs-utils package installed. NFS Server: 192.168.0.200 – This Linux server will serve a directory over NFS.
Studying for your RHCE certification? Checkout our RHCE video course over at Udemy which is 20% off when you use the code ROOTUSER.
If you’re interested to see how different NFS versions perform be sure to check out our NFS benchmarks. To do this we are going to use the /etc/exports file on the NFS server and lock down shares to only be accessible by specific IP addresses. It is important to configure this properly and secure it as much as possible so that only the required clients have access to the NFS share, otherwise it may be possible for anyone to mount it and access the data. With NFS we can export specific directories within a file system over the network to other clients allowing us to share various files over the network.