NFS(Network File System) Server in Linux – Installation, Configuration, Interview Questions for Redhat/Centos

1. Introduction

NFS or Network File system was developed by Sun Microsystems(now Oracle) in 1984.
Allows the server to share some files/data over the network to various clients.
Works on ONC RPC i.e. Open Network Computing Remote procedure Call.


2. History
NFS V1
NFS V1 was used by Sun Microsystem for inhouse operations and experimental purposes.
v1 was not officially released outside, Sun made some changes and released v2 for public implementation.

NFS V2 (March 1989)
==> Operates on UDP(User Datagram Protocol), i.e. stateless operation.
==> Support of 2Gb file data only due to 32 bit limitation.

NFS V3 (June 1995)
==> Support for 64 bit filesize added.
==> Asynchronous write support added to improve performance
==> READDIRPLUS operation introduced to get file attributes while copying data

NFS V4(December 2000)
==> A stateful protocol introduced
==> Performance Improvement
==> Developed by IETF i.e. Internet Engineering Task force

NFS v4.1(Jan 2010) was introduced later with pNFS(parallel NFS) extension to improve performance on clustered environment. NFS v4.2(Nov 2016) came up with MAC security access implementation and pNFS extension.

To get complete difference list between NFS versions, please go through below page:
http://ngelinux.com/difference-between-nfs-v2-v3-v4-v4-1-and-v4-2/

3. Configuration of NFS Client
a. On client, there is no configuration required. We need to make sure if nfs-utils package is installed.

# rpm -qa | grep nfs-utils
or, yum install nfs-utils

b. If its installed fine, we can mmount the location using below command:

# mount -t nfs -o options host:/remote/export_directory /local/dir

c. To mount it permanently, we can edit the /etc/fstab file and make an entry.
# vi /etc/fstab
remote_host:/home/saket /local_host/saket nfs ro,nosuid 0 0

4. NFS Server Configuration

a. Install nfs server and rpcbind service package.

# yum install nfs-utils rpcbind

b. Enable below services:

# systemctl enable nfs-server    ### implements the server side mount requests from NFS clients.

# systemctl enable rpcbind      ### implements monitoring protocol (NSM) between NFS server and client

# systemctl enable nfs-lock    ### In RHEL7.1 (nfs-utils-1.3.0-8.el7) onwards, enabling nfs-lock is not required, since rpc-statd.service is static and nfs-lock is implemented in it by default.

# systemctl enable nfs-idmap    ### Maps NFSv4 names and local UIDs and GIDs


# systemctl enable nfs   ### Starts the nfs client service.


5. Share a directory via NFS
### a. Create a directory

# mkdir /testnfs

### b. Copy the required files and then make entry in /etc/exports.

# cat /etc/exports
/testnfs *(rw)

### The options can be made specific to clients.
### dir client1 (options) [client2(options)... etc]

### c. Refresh the exported share to NFS server.
# exportfs -r

6. Mount at NFS client

# showmount -e
# mount -t nfs -o options server:/testnfs /testdir

NFS client Options

ro / rw :
a) ro : clients get read only access to the share.
b) rw : clients get read write access to the share.

sync / async :
a) sync : NFS server accepts request only once the changes made by previous request are written to disk.
b) async : Makes the NFS server to write requests simultaneousluy without having to wait.

wdelay / no_wdelay
a) wdelay : delays committing write requests in case another write request is imminent.
b) no_wdelay : this option disables delay. no_wdelay option will only work if default sync option is enabled.

all_squash / no_all_squash :
a) all_squash : squash all remote users (including root).
b) no_all_squash : does not change mapping of remote users.

root_squash / no_root_squash :
a) root_squash : prevent remote root users connected to have root access. It squashes remote root user privileges.
b) no_root_squash : disables root squash and remote root user will get root access(risky).

Make sure to enable firewalld services to allow NFS server & client requests.

# firewall-cmd --add-service=nfs --zone=internal --permanent
# firewall-cmd --add-service=mountd --zone=internal --permanent
# firewall-cmd --add-service=rpc-bind --zone=internal --permanent


7.  Interview Questions (except the above details)

1. Which protocol used by NFS ?
NFS uses its own protocol usually referred as NFS.
For transfer NFS uses UDP protocol by default. From v3 onwards, we can use TCP protocol also.

2. Default port of NFS.
By default NFS uses 2049 TCP/UDP port.

3. How to fix port numbers of NFS services ?
"/etc/sysconfig/nfs" file provides various options to fix ports for RQUOTAD_PORT, MOUNTD_PORT, 
LOCKD_TCPPORT, LOCKD_UDPPORT and STATD_PORT.

4. How to get list of clients connected to our NFS server ?
# By using below command:
# showmount -a 

5. Difference between hard mount and soft mount in NFS ?
In case NFS server is not reachable due to any hardware/network issue, a soft mount NFS client will throw an error and 
a hard mounted NFS cient will keep in wait state until the server is reachable.
Read out complete difference here:  What is hard/soft mount and which option we should use ? 

6. How to view NFS server/client activity ?
By using below command:
# nfsstat

7. How to modify server settings in real time ?
Modify file /etc/exports and run command "exportfs -r".

8. What happens if a space is provided in between allowed_hosts and (options).
If a space is provided, the options will be applied to any and all IP addresses/hosts, which is dangerous if write permission is mentioned. 

9. Export a share without mentioning it in /etc/exportfs file.
# exportfs -o ssync 192.168.1.05:/testnfs

10. rpc.mountd daemon supports TCP_WRAPPERS or not ?
Yes its supported. We need to give NFS clients access to rpc.mountd to allow access to NFS server.

11. Check portmap service and NFS ports ?
# rpcinfo -p

12. Can we mount NFS share on Windows XP ?
No, Win XP do not support NFS protocol.

13. Can we protect NFS share by username/password ?
No, access is provided based on IP address.

Leave a Reply

avatar
  Subscribe  
Notify of