1080*80 ad
Home » Blog » Setting up an NFS Server on Rocky Linux 8

Setting up an NFS Server on Rocky Linux 8

Benhcmark Administrator Benhcmark Administrator
04/08/2025
2 Views 0
Setting up an NFS Server on Rocky Linux 8

How to Set Up an NFS Server on Rocky Linux 8: A Step-by-Step Guide

Network File System (NFS) is a powerful and widely-used protocol that allows you to share directories and files with other Linux clients over a network. By setting up an NFS server, you can create a centralized storage location, making data access more efficient and manageable for multiple users and systems. This is especially useful in enterprise environments for sharing home directories, application data, or backup repositories.

This comprehensive guide will walk you through every step of configuring a fully functional NFS server on Rocky Linux 8, from installation to securing your shares.

Prerequisites

Before you begin, ensure you have the following:

  • A system running Rocky Linux 8.
  • Root or sudo privileges.
  • The IP address of the server and any client machines that will connect to it.

Step 1: Install the Necessary NFS Packages

The first step is to install the core utilities required to run an NFS server. These tools manage the NFS services, exports, and connections.

Open your terminal and run the following command to install the nfs-utils package:

sudo dnf install nfs-utils

This command uses the DNF package manager to download and install the NFS server and client tools on your system.

Step 2: Start and Enable the NFS Service

Once the installation is complete, you need to start the NFS service and enable it to launch automatically on system boot. This ensures your file shares are always available after a restart.

Execute the following commands:

sudo systemctl start nfs-server
sudo systemctl enable nfs-server

You can verify that the service is running correctly with this command:

sudo systemctl status nfs-server

You should see an “active (running)” status in the output.

Step 3: Create and Configure the Shared Directory

Now, it’s time to create the directory you want to share over the network. For this guide, we will create a directory at /nfs/shared, but you can choose any location you prefer.

  1. Create the directory:

    sudo mkdir -p /nfs/shared

  2. Set appropriate permissions: It’s crucial to assign proper ownership to the shared directory to avoid permission errors. Setting the ownership to nobody:nobody is a common practice that helps prevent privilege escalation issues.
    bash
    sudo chown -R nobody:nobody /nfs/shared
    sudo chmod 777 /nfs/shared

    While 777 permissions are used here for simplicity, in a production environment, you should use more restrictive permissions based on your specific security requirements.

Step 4: Define the NFS Export in /etc/exports

The /etc/exports file is the primary configuration file for your NFS server. This is where you specify which directories to share and which clients are allowed to access them.

Open the file with a text editor like nano or vi:

sudo nano /etc/exports

Add a line to this file using the following syntax:

<directory_to_share> client_ip(options)

For example, to share our /nfs/shared directory with a client at IP address 192.168.1.101, you would add:

/nfs/shared 192.168.1.101(rw,sync,no_root_squash)

Here’s a breakdown of the common options:

  • rw: Grants the client read and write access to the directory. Use ro for read-only access.
  • sync: This option forces NFS to write changes to the disk before replying to the client. This is safer and more reliable, though slightly slower than async.
  • norootsquash: By default, NFS “squashes” the root user, meaning if a user with root privileges on the client machine accesses the share, they are mapped to the anonymous nobody user. no_root_squash disables this behavior, allowing the client’s root user to have root-level access to the shared files. Use this option with extreme caution as it has significant security implications.

Save and close the /etc/exports file.

Step 5: Export the Shared Directory

After modifying the /etc/exports file, you need to apply the changes. The exportfs command allows you to refresh the NFS server’s export table without a full restart.

Run the following command:

sudo exportfs -arv
  • -a: Export all directories listed in /etc/exports.
  • -r: Re-export all directories, syncing /etc/exports with the system’s export table.
  • -v: Verbose output, showing what is being exported.

Step 6: Configure Firewall Rules

By default, the firewall on Rocky Linux 8 will block incoming NFS traffic. You must explicitly add rules to allow connections for the necessary services.

Use the firewall-cmd utility to permanently allow the nfs, rpc-bind, and mountd services:

sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=rpc-bind
sudo firewall-cmd --permanent --add-service=mountd

After adding the rules, reload the firewall to apply them:

sudo firewall-cmd --reload

Your NFS server is now fully configured and ready to accept client connections.

Actionable Advice: Connecting from a Client Machine

To access your newly created NFS share, follow these brief steps on a client machine (e.g., another Rocky Linux or CentOS system).

  1. Install NFS utilities on the client:
    bash
    sudo dnf install nfs-utils
  2. Create a mount point: This is an empty local directory where the remote share will be mounted.
    bash
    sudo mkdir -p /mnt/nfs_share
  3. Mount the NFS share: Use the mount command, replacing server_ip with your NFS server’s IP address.
    bash
    sudo mount server_ip:/nfs/shared /mnt/nfs_share
  4. Verify the mount: Check if the share is mounted successfully using the df -h command. You should see the NFS share listed.

To make the mount persistent across reboots, add an entry to the client’s /etc/fstab file:

server_ip:/nfs/shared   /mnt/nfs_share   nfs   defaults   0 0

Essential Security Tips for Your NFS Server

  • Be Specific with IP Addresses: Never use wildcards (*) in your /etc/exports file unless absolutely necessary. Always specify individual IP addresses or secure subnets to limit access.
  • Principle of Least Privilege: Only grant rw (read-write) access if it’s required. If clients only need to read data, use the ro (read-only) option.
  • Understand root_squash: The default root_squash setting is a critical security feature. Avoid using no_root_squash unless you have a specific administrative need and fully understand the risk of giving a remote root user full control over the shared files.
  • Keep Your Firewall Active: Always ensure your firewall is active and correctly configured to only allow traffic from trusted clients.

Source: https://kifarunix.com/install-and-configure-nfs-server-on-rocky-linux-8/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket