Home » NFS Server on Ubuntu 20.04

NFS Server Configuration on Ubuntu 20.04 LTS

NFS (Network File System) is a distributed file system protocol that allows you to share directories and files with others over a network. With NFS, users can access files on remote systems as if they were local files.

Prerequisites

  • Ubuntu 20.04 LTS server
  • Minimum 1GB RAM (2GB recommended)
  • Sufficient disk space for your shared storage needs
  • Root or sudo privileges
  • Static IP address configured
  • Basic knowledge of Linux command line

1 System Preparation

Update your system and set the hostname:

sudo apt update && sudo apt upgrade -y
sudo hostnamectl set-hostname nfs-server
exec bash

Install necessary utilities:

sudo apt install -y wget curl nano

2 Install NFS Server

Install the NFS server package:

sudo apt install -y nfs-kernel-server

Check if NFS services are running:

sudo systemctl status nfs-server

Enable NFS to start on boot:

sudo systemctl enable nfs-server

3 Create Shared Directory

Create a directory for sharing:

sudo mkdir -p /srv/nfs/share1

Set appropriate permissions:

sudo chown nobody:nogroup /srv/nfs/share1
sudo chmod 777 /srv/nfs/share1
Note: These permissions allow anyone to read and write to the share. For more secure configurations, see the advanced section.

4 Configure NFS Exports

Edit the exports file to define shared directories:

sudo nano /etc/exports

Add the following lines to share your directory (replace client_ip with appropriate values):

# Basic share - read/write to specific client
/srv/nfs/share1 client_ip(rw,sync,no_subtree_check)

# Read-only share to a network
/srv/nfs/share2 192.168.1.0/24(ro,sync,no_subtree_check)

# Share with multiple options
/srv/nfs/share3 client_ip(rw,sync,no_subtree_check,no_root_squash)

Common NFS export options:

Option Description
rw Read-write access
ro Read-only access
sync Reply to requests only after changes committed
async Reply to requests before changes committed
no_subtree_check Disable subtree checking (improves reliability)
root_squash Map root user to anonymous (default)
no_root_squash Allow root access on client (security risk)

5 Apply NFS Configuration

Export the shared directories:

sudo exportfs -a

Restart the NFS server to apply changes:

sudo systemctl restart nfs-server

Verify the exports:

sudo exportfs -v

Show the current export list:

showmount -e

6 Configure Firewall

Allow NFS through the firewall:

sudo ufw allow from client_ip to any port nfs
sudo ufw enable

Alternatively, open specific ports for NFS:

sudo ufw allow 2049/tcp
sudo ufw allow 2049/udp
sudo ufw allow 111/tcp
sudo ufw allow 111/udp
sudo ufw allow from client_ip to any port 2049
sudo ufw enable

Verify the firewall status:

sudo ufw status

7 NFS Client Configuration

On the client machine, install NFS client packages:

sudo apt install -y nfs-common

Create a mount point on the client:

sudo mkdir -p /mnt/nfs/share1

Mount the NFS share temporarily:

sudo mount nfs-server-ip:/srv/nfs/share1 /mnt/nfs/share1

Verify the mount was successful:

df -hT

8 Permanent Mount Configuration

Edit the fstab file for automatic mounting at boot:

sudo nano /etc/fstab

Add the following line to the end of the file:

nfs-server-ip:/srv/nfs/share1  /mnt/nfs/share1  nfs  defaults,timeo=900,retrans=5,_netdev  0  0

Common fstab options for NFS:

Option Description
defaults Use default mount options
timeo=900 Timeout in tenths of a second (90 seconds)
retrans=5 Number of retransmission attempts
_netdev Wait for network to be available
soft Allow I/O operations to fail after retries
hard Keep retrying indefinitely (default)

Test the fstab configuration:

sudo mount -a

9 Advanced Configuration

Configure user ID mapping for consistent permissions:

sudo nano /etc/idmapd.conf

Set the domain to match your network (if applicable):

Domain = yourdomain.com

Create a more secure export with specific user mapping:

sudo nano /etc/exports

Add a secure share configuration:

/srv/nfs/secure client_ip(rw,sync,all_squash,anonuid=1000,anongid=1000,no_subtree_check)

Set up NFS with Kerberos security (advanced):

sudo apt install -y nfs-kernel-server krb5-config krb5-user
sudo nano /etc/exports

Add Kerberos-secured export:

/srv/nfs/krb5 client_ip(rw,sync,sec=krb5p,no_subtree_check)

10 Testing and Monitoring

Test NFS functionality from the client:

# Create a test file
echo "NFS Test File" | sudo tee /mnt/nfs/share1/testfile.txt

# Check file ownership and permissions
ls -la /mnt/nfs/share1/testfile.txt

Monitor NFS server performance:

# Show NFS statistics
nfsstat

# Show mounted shares
showmount

# Monitor NFS in real-time
sudo watch -n 1 'nfsstat -c; echo ---; nfsstat -s'

Check NFS server status and logs:

# Check service status
sudo systemctl status nfs-server

# View NFS logs
sudo tail -f /var/log/syslog | grep nfs

11 Troubleshooting Common Issues

Check NFS service status:

sudo systemctl status nfs-server nfs-mountd
sudo rpcinfo -p

Check NFS exports and connections:

sudo exportfs -v
showmount -e localhost
showmount -a

Check network connectivity and ports:

sudo netstat -tulnp | grep nfs
rpcinfo -p nfs-server-ip

Common issues and solutions:

Issue Solution
Permission denied errors Check export options and directory permissions
Mount hangs or times out Check firewall settings and network connectivity
Stale file handle errors Export might have been changed, remount the share
Read-only filesystem errors Check if export is configured as ro instead of rw
Previous: Samba Server Next: FTP Server
Command copied to clipboard!