Network File System (NFS): A Guide to Shared Storage

💡 Theory: Understanding NFS
Network File System (NFS) is a distributed file system protocol that allows a user on a client computer to access files over a computer network much like local storage is accessed. The core goal is transparency—users shouldn't need to know if a file is local or remote.

Key Concepts
Client-Server Model: NFS operates with a designated Server that exports directories (shares) and Clients that mount and access those shares.

Protocol: NFS uses Remote Procedure Call (RPC) to communicate between the client and server. The client sends an RPC to the server to perform a file operation (like read, write, lookup), and the server executes it and returns the result.

Exporting: On the server, a directory must be explicitly exported to specify which clients can access it and what permissions they have. This is typically configured in the /etc/exports file.

Mounting: On the client, the remote NFS share is mounted to a local directory (a mount point), making the remote files and directories available to the local system.

---

Stateless vs. Stateful (NFSv3 vs. NFSv4):

NFSv3 (Stateless): The server does not maintain information (state) about open files or clients. If the server crashes, the client can simply retry the last request. This simplifies recovery but adds complexity for features like file locking.

NFSv4 (Stateful): This version introduced state (sessions, mandatory file locking) which improved performance, security, and added new features like better firewall traversal. It is the modern standard.

Security & ID Mapping: A critical security feature is root squash (default for NFSv3/v4), which maps the client's root user to an unprivileged user (nobody or nfsnobody) on the server. This prevents a user with root access on a client from having root access to all files on the server.

---

⚙️ Practical Example: Setting up an NFS Share on Ubuntu
This example demonstrates setting up an NFS Server and then mounting its share on a Client machine, using the IP addresses for simplicity.

Role    IP Address
NFS Server  192.168.1.100
NFS Client  192.168.1.200

Step 1: Install NFS Server on the Server (192.168.1.100)
First, update your package list and install the nfs-kernel-server package.

 Update package lists
sudo apt update

 Install the NFS server package
sudo apt install nfs-kernel-server -y

 Enable and start the NFS service (usually done automatically)
sudo systemctl enable nfs-server
sudo systemctl start nfs-server

Step 2: Create and Configure the Shared Directory
Create the directory you want to share and set the appropriate permissions. For a general-purpose share, you might assign ownership to a non-root user and allow access to others.

 Create the directory to share
sudo mkdir -p /mnt/nfs_share

Set permissions for general access (optional, depending on your security needs)
This changes ownership to the default unprivileged NFS user/group

sudo chown nobody:nogroup /mnt/nfs_share

Set permissions to read/write/execute for owner, group, and others
sudo chmod 777 /mnt/nfs_share

Step 3: Export the Directory
Edit the NFS exports configuration file, /etc/exports, to define which clients can access the share and what permissions they have.

sudo nano /etc/exports

Add the following line to the file:

/mnt/nfs_share    192.168.1.200(rw,sync,no_subtree_check)

/mnt/nfs_share: The local directory to be shared.

192.168.1.200: The IP address of the client allowed to connect. You can use a subnet (e.g., 192.168.1.0/24) or * for all.

(rw,sync,no_subtree_check): Export Options

rw: Allows both read and write access. Use ro for read-only.

sync: Ensures that all writes are committed to disk before a client request is acknowledged. This is safer than async.

no_subtree_check: Disables subtree checking, which can improve reliability and speed but slightly reduces security. It's often recommended.

Step 4: Apply Exports and Configure Firewall
Apply the changes to the exports list without rebooting and ensure the firewall is open.

Export the directories defined in /etc/exports

sudo exportfs -a

Reload the NFS server service to ensure changes take effect

sudo systemctl restart nfs-server

Configure the firewall (using UFW for Ubuntu)

sudo ufw allow from 192.168.1.200 to any port nfs
sudo ufw enable # if firewall is not already active
sudo ufw status # check the new rule

Step 5: Configure NFS Client and Mount the Share on the Client (192.168.1.200)
On the client machine, you need to install the common NFS package and mount the share.

Install the NFS client package

sudo apt update
sudo apt install nfs-common -y

Create a local mount point

sudo mkdir -p /nfs/projects

Mount the remote share
Syntax: [Server IP]:[Shared Directory] [Local Mount Point]

sudo mount 192.168.1.100:/mnt/nfs_share /nfs/projects

Verify the mount

df -hT

You should see the NFS share listed in the output of df -hT. Now, any file you create in /nfs/projects on the client will be stored on the /mnt/nfs_share directory on the server!

📝 Example Test
On the Client (192.168.1.200):

Create a test file on the mounted share

echo "Hello from the NFS client!" | sudo tee /nfs/projects/client_test.txt

On the Server (192.168.1.100):

Check the contents of the shared directory

cat /mnt/nfs_share/client_test.txt

Check the contents of the shared directory

cat /mnt/nfs_share/client_test.txt

Check the contents of the shared directory

cat /mnt/nfs_share/client_test.txt

The output on the server should be: Hello from the NFS client!

Thank you for reading. Please like and share your insights.

---