Tags Archives: nfs server

Installing and Configuring NFS

How to Install NFS on Ubuntu


root@len:/# apt install nfs-kernel-server
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed
0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
Need to get 98.9 kB of archives.
After this operation, 420 kB of additional disk space will be used.
Get:1 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 nfs-kernel-server amd64 1:1.3.4-2.5ubuntu3.4 [98.9 kB]
Fetched 98.9 kB in 0s (871 kB/s)
Selecting previously unselected package nfs-kernel-server.
(Reading database … 213177 files and directories currently installed.)
Preparing to unpack …/nfs-kernel-server_1%3a1.3.4-2.5ubuntu3.4_amd64.deb …
Unpacking nfs-kernel-server (1:1.3.4-2.5ubuntu3.4) …
Setting up nfs-kernel-server (1:1.3.4-2.5ubuntu3.4) …
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /lib/systemd/system/nfs-server.service.
Job for nfs-server.service canceled.

Creating config file /etc/exports with new version

Creating config file /etc/default/nfs-kernel-server with new version
Processing triggers for man-db (2.9.1-1) …
Processing triggers for systemd (245.4-4ubuntu3.16) …



On Ubuntu 20.04, NFS version 2 is disabled. Versions 3 and 4 are enabled.

Verify by running:


sudo cat /proc/fs/nfsd/versions


root@len:~# cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2


NFS server configuration is defined in /etc/default/nfs-kernel-server and /etc/default/nfs-common files.

The default settings are adequate for most environments.


NFS Version 4 uses a global root directory, where exported directories are relative to this directory.


You link the share mountpoint to the directories you want to export by using bind mounts.


For example:


first set the /srv/nfs4 directory as NFS root.


We will share two directories (/var/www and /opt/backups) with different settings.


/var/www/ is owned by user www-data,


while /opt/backups is owned by root.


First we create the root directory and the share mountpoints:


sudo mkdir -p /srv/nfs4/backups
sudo mkdir -p /srv/nfs4/www


Bind the NFS Mount Points




MAKE SURE YOU INCLUDE THE BIND COMMAND – AND – ADD THIS TO THE /etc/fstab if it should be automatically activated on reboots!


Next we bind mount the directories to the share mountpoints:


sudo mount –bind /opt/backups /srv/nfs4/backups
sudo mount –bind /var/www /srv/nfs4/www



To make the bind mounts permanent across reboots, add the following to the /etc/fstab file:


/opt/backups /srv/nfs4/backups none bind 0 0
/var/www /srv/nfs4/www none bind 0 0


This is important – otherwise the NFS mounts will not be connected from /srv/nfs4 to their respective server mounts!



then export the file systems


We do this by adding the file systems to be exported and the clients to be permitted access to those shares to the /etc/exports file:


Each line for an exported file system looks like this:


export host(options)


for our example, we could have something like this, for various networks and client machines:



The first line contains the fsid=0 option to define the NFS root directory (here it is /srv/nfs4).


Access to this NFS volume is permitted solely to the clients from subnet


The crossmnt option allows us to share directories that are sub-directories of an exported directory.


The second line demonstrates how to specify multiple export rules for one specific filesystem. Read access is granted to subnet range, and both read and write access only for the client machine.


Finally the sync option tells NFS to write changes to the disk before responding.


After saving the file, export the shares by running:


exportfs -ar


Whenever you modify the /etc/exports file this command must be executed so that the file is re-read by the NFS server.



Practical example:



root@len:/srv# mkdir nfs4
root@len:/srv# cd nfs4/
root@len:/srv/nfs4# ls
root@len:/srv/nfs4# mkdir PRIMARY_MEDIA
root@len:/srv/nfs4# mkdir PRIMARY_BACKUP


mount –bind /media/kevin/PRIMARY_MEDIA /srv/nfs4/PRIMARY_MEDIA


mount –bind /media/kevin/PRIMARY_BACKUP /srv/nfs4/PRIMARY_BACKUP


root@len:/srv/nfs4# mount –bind /media/kevin/PRIMARY_MEDIA /srv/nfs4/PRIMARY_MEDIA
root@len:/srv/nfs4# mount –bind /media/kevin/PRIMARY_BACKUP /srv/nfs4/PRIMARY_BACKUP



verify with:




/dev/sdb1 2063187344 1504043404 454269956 77% /srv/nfs4/PRIMARY_MEDIA
/dev/sdb2 1031069848 326633048 651991616 34% /srv/nfs4/PRIMARY_BACKUP



then enter in the /etc/exports:



root@len:/srv/nfs4# cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)


# allow only asusvpn to mount:







root@len:/srv/nfs4# exportfs -va


systemd service nfs-kernel-server has to be running:


root@len:/srv/nfs4# systemctl status nfs-kernel-server
● nfs-server.service – NFS server and services
Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2022-04-29 23:43:12 BST; 10min ago
Process: 272163 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 272164 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Main PID: 272164 (code=exited, status=0/SUCCESS)

Apr 29 23:43:11 len systemd[1]: Starting NFS server and services…
Apr 29 23:43:12 len systemd[1]: Finished NFS server and services.



you can then mount on the client




How To Display NFS Version



NFS Server version:

nfsstat -s


NFS Client version:

nfsstat -c




root@len:/srv/nfs4# nfsstat –help
Usage: nfsstat [OPTION]…


-m, –mounts Show statistics on mounted NFS filesystems
-c, –client Show NFS client statistics
-s, –server Show NFS server statistics
-2 Show NFS version 2 statistics
-3 Show NFS version 3 statistics
-4 Show NFS version 4 statistics
-o [facility] Show statistics on particular facilities.
nfs NFS protocol information
rpc General RPC information
net Network layer statistics
fh Usage information on the server’s file handle cache
io Usage information on the server’s io statistics
ra Usage information on the server’s read ahead cache
rc Usage information on the server’s request reply cache
all Select all of the above
-v, –verbose, –all Same as ‘-o all’
-r, –rpc Show RPC statistics
-n, –nfs Show NFS statistics
-Z[#], –sleep[=#] Collects stats until interrupted.
Cumulative stats are then printed
If # is provided, stats will be output every
# seconds.
-S, –since file Shows difference between current stats and those in ‘file’
-l, –list Prints stats in list format
–version Show program version
–help What you just did





Firewalling for NFS


rpcinfo -p | grep nfs


Port 111 (TCP and UDP) and 2049 (TCP and UDP) for the NFS server.



This will give a list of all ports used by all NFS-related program:


rpcinfo -p | awk ‘{print $3″ “$4}’ | sort -k2n | uniq

root@intel:/media/kevin# rpcinfo -p | awk '{print $3" "$4}' | sort -k2n | uniq
proto port
tcp 111
udp 111
tcp 2049
udp 2049
tcp 36705
tcp 39599
udp 39774
udp 40836
tcp 44743
udp 48795
tcp 49095
udp 58224


NFS Ports


need to open following ports:


ufw allow in from to any port 111
ufw allow in from to any port 2049
ufw allow in from to any port 33333


root@intel:/home/kevin# ufw allow in from to any port 111 
Rule added
root@intel:/home/kevin# ufw allow in from to any port 2049
Rule added
root@intel:/home/kevin# ufw allow in from to any port 33333
Rule added


then do:


root@intel:/home/kevin# iptables-save > /etc/iptables.rules



also make sure the exportfs -ra is run else there wont be any nfs volumes to export!


root@intel:/# cat /etc/exports




and restart nfs-kernel-server:


systemctl restart nfs-kernel-server


root@intel:~# systemctl status nfs-kernel-server
● nfs-server.service - NFS server and services
Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
Active: active (exited) since Fri 2021-06-04 20:08:31 CEST; 1h 11min ago
Process: 25565 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 25566 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Main PID: 25566 (code=exited, status=0/SUCCESS)

Jun 04 20:08:30 intel systemd[1]: Starting NFS server and services...
Jun 04 20:08:31 intel systemd[1]: Finished NFS server and services.


Error Message: chown: operation not permitted


By default the root_squash export option is set, this means NFS does not allow a root user from a connecting nfs client to perform operations as root on the nfs server.


rsync: [receiver] chown "/home/kevin/file.txt" failed: Operation not permitted (1)

To resolve this, set the no_root_squash option for the share in the /etc/exports file




root@intel:/# cat /etc/exports





Showmount -e 


root@len:/srv/nfs4# showmount -e
Export list for len:




root@gemini:~# rpcinfo | egrep “service|nfs”
program version netid address service owner
100003 3 tcp nfs superuser
100003 4 tcp nfs superuser
100003 3 udp nfs superuser
100003 3 tcp6 ::.8.1 nfs superuser
100003 4 tcp6 ::.8.1 nfs superuser
100003 3 udp6 ::.8.1 nfs superuser



To export the Root NFS tree


For security reasons, NFS shares should be defined using the NFS root directory definition.



For example with the following definitions in /etc/exports:






In this case the first line defines /srv/nfs4 as the NFS root


remember to run exportfs  -ra after editing the /etc/exports file so that the directives are read by the NFS server.



Then, to mount the NFS root directory from client do:


mount -v -t nfs4 geminivpn:/ /media/kevin/nfs4


You can then access the shares under /media/kevin/nfs4 by simply cd’ing to the desired directory share.




cd Downloads




Continue Reading