How to Set Up an NFS Mount on Debian or Ubuntu

Introduction

NFS, or Network File System, is a distributed file system protocol that allows you to mount remote directories on your server. This allows you to manage storage space in a different location and write to that space from multiple clients. NFS provides a relatively standard and performant way to access remote systems over a network and works well in situations where the shared resources must be accessed regularly.

In this guide, you’ll go over how to install the software needed for NFS functionality on Debian, configure two NFS mounts on a server and client, and mount and unmount the remote shares.

Step 1 — Downloading and Installing the Components

You’ll begin by installing the necessary components on each server.

On the Host

On the host server, install the nfs-kernel-server package, which will allow you to share your directories. Since this is the first operation that you’re performing with apt in this session, refresh your local package index before the installation:

sudo apt update
sudo apt install nfs-kernel-server

Once these packages are installed, switch to the client server.

On the Client

On the client server, you need to install a package called nfs-common, which provides NFS functionality without including any server components. Again, refresh the local package index prior to installation to ensure that you have up-to-date information:

sudo apt update
sudo apt install nfs-common

Now that both servers have the necessary packages, you can start configuring them.

Step 2 — Creating the Share Directories on the Host

You’re going to share two separate directories with different configuration settings, in order to illustrate two key ways that NFS mounts can be configured with respect to superuser access.

Superusers can do anything anywhere on their system. However, NFS-mounted directories are not part of the system on which they are mounted, so by default, the NFS server refuses to perform operations that require superuser privileges. This default restriction means that superusers on the client cannot write files as root, reassign ownership, or perform any other superuser tasks on the NFS mount.

Sometimes, however, there are trusted users on the client system who need to perform these actions on the mounted file system but who have no need for superuser access on the host. You can configure the NFS server to allow this, although it introduces an element of risk, as such a user could gain root access to the entire host system.

Example 1: Exporting a General Purpose Mount

In the first example, you’ll create a general-purpose NFS mount that uses default NFS behavior to make it difficult for a user with root privileges on the client machine to interact with the host using those client superuser privileges. You might use something like this to store files which were uploaded using a content management system or to create space for users to easily share project files.

First, make the share directory on the host server:

sudo mkdir /var/nfs/general -p

The -p option for mkdir creates the directory and, if required, all parent directories.

Since you’re creating it with sudo, the directory is owned by the host’s root user:

ls -dl /var/nfs/general

Output

drwxr-xr-x 2 root root 4096 Apr 17 23:51 /var/nfs/general

NFS will translate any root operations on the client to the nobody:nogroup credentials as a security measure. Therefore, you need to change the directory ownership to match those credentials.

sudo chown nobody:nogroup /var/nfs/general
Output
drwxr-xr-x 2 nobody nogroup 4096 Apr 17 23:51 /var/nfs/general

You’re now ready to export this directory.

Example 2: Exporting the Home Directory

In the second example, the goal is to make user home directories stored on the host available on client servers, while allowing trusted administrators of those client servers the access they need to conveniently manage users.

To do this, you’ll export the /home directory. Since it already exists, you don’t need to create it. You won’t change the permissions, either. If you did, it could lead to a range of issues for anyone with a home directory on the host machine.

Step 3 — Configuring the NFS Exports on the Host Server

Next, you’ll dive into the NFS configuration file to set up the sharing of these resources.

On the host machine, open the /etc/exports file in your text editor with root privileges:

sudo nano /etc/exports

The file has comments showing the general structure of each configuration line. The syntax is as follows:

/etc/exports

directory_to_share client(share_option1,...,share_optionN)

You’ll need to create a line for each of the directories that you plan to share. Be sure to change the client_ip placeholder shown here to your actual client public IP address:

/etc/exports

/var/nfs/general client_ip(rw,sync,no_subtree_check) /home client_ip(rw,sync,no_root_squash,no_subtree_check)

Here, you’re using the same configuration options for both directories with the exception of no_root_squash. Take a look at what each of these options mean:

• rw: This option gives the client computer both read and write access to the volume.
• sync: This option forces NFS to write changes to disk before replying. This results in a more stable and consistent environment since the reply reflects the actual state of the remote volume. However, it also reduces the speed of file operations.
• no_subtree_check: This option prevents subtree checking, which is a process where the host must check whether the file is actually still available in the exported tree for every request. This can cause many problems when a file is renamed while the client has it opened. In almost all cases, it is better to disable subtree checking.
• no_root_squash: By default, NFS translates requests from a root user remotely into a non-privileged user on the server. This was intended as security feature to prevent a root account on the client from using the file system of the host as root. no_root_squash disables this behavior for certain shares.

When you are finished making your changes, save and close the file. Then, to make the shares available to the clients that you configured, restart the NFS server with the following command:

sudo systemctl restart nfs-kernel-server

Before you can actually use the new shares, however, you’ll need to be sure that traffic to the shares is permitted by firewall rules.

Step 4 — Creating Mount Points and Mounting Directories on the Client

Now that the host server is configured and serving its shares, you’ll prepare your client.

In order to make the remote shares available on the client, you need to mount the directories on the host that you want to share to empty directories on the client.

Note: If there are files and directories in your mount point, they will become hidden as soon as you mount the NFS share. To avoid the loss of important files, be sure that if you mount in a directory that already exists that the directory is empty.

You’ll create two directories for your mounts on the client machine:

sudo mkdir -p /nfs/general
sudo mkdir -p /nfs/home

Now that you have a location to put the remote shares and you’ve opened the firewall, you can mount the shares using the IP address of your host server:

sudo mount host_ip:/var/nfs/general /nfs/general
sudo mount host_ip:/home /nfs/home

These commands will mount the shares from the host computer onto the client machine. You can double-check that they mounted successfully in several ways. You can check this with a mount or findmnt command, but the df -h command, which lists available disk space, provides a more readable output:

df -h

Copy

Output

Output
Filesystem                   Size  Used Avail Use% Mounted on
tmpfs                        198M  972K  197M   1% /run
/dev/vda1                     50G  3.5G   47G   7% /
tmpfs                        989M     0  989M   0% /dev/shm
tmpfs                        5.0M     0  5.0M   0% /run/lock
/dev/vda15                   105M  5.3M  100M   5% /boot/efi
tmpfs                        198M  4.0K  198M   1% /run/user/1000
10.124.0.3:/var/nfs/general   25G  5.9G   19G  24% /nfs/general
10.124.0.3:/home              25G  5.9G   19G  24% /nfs/home

Both of the shares you mounted appear at the bottom. Because they were mounted from the same file system, they show the same disk usage. To see how much space is actually being used under each mount point, use the disk usage command du and the path of the mount. The -s flag provides a summary of usage rather than displaying the usage for every file. The -h prints human-readable output.

For example:

du -sh /nfs/home

Output
36K /nfs/home

This shows us that the contents of the entire home directory is using only 36K of the available space.