Setting up an NFS server: Difference between revisions

Latest revision as of 08:33, 16 January 2025

This page documents configuring Network File System (NFS) on both server and client side including autofs and Kerberos authentication.

Installation

Install the following package for both NFS client and NFS server service.

# apk add nfs-utils

Configuration

Setting up NFS service on Alpine Linux is no different from other Linux distributions.

NFS server

Setup export dirs in /etc/exports on your server with IP address 10.10.10.1. For example:

Contents of /etc/exports

/data 10.10.10.0/24(rw,nohide,no_subtree_check,no_root_squash)    

After editing /etc/exports, reload your setting:

# exportfs -afv

To make NFS server service to autostart on boot:

# rc-update add nfs

To start NFS server service now:

# rc-service nfs start

NFS client

To mount NFS shares automatically, an entry needs to made to /etc/fstab as follows:

Contents of /etc/fstab

10.10.10.1:/data /mount/point nfs4 rw,_netdev 0 0

To mount nfs share from /etc/fstab file at booting of the system:

# rc-update add nfsmount

To mount the nfs shares from /etc/fstab file now:

# rc-service nfsmount start

You can check your boot services:

# rc-status

Tip: netmount is a general service for all network-based filesystems, while nfsmount is specifically tailored for NFS.

To use netmount, here are the equivalent commands:

# rc-service netmount start # rc-update add netmount

Using autofs

Autofs is another alternative for mounting filesystems like NFS. Autofs aims to provide on-demand mounting and race free automatic unmounting of various other filesystems.

Ensure that autofs package is installed, if not installed already.

apk add autofs

Add an entry in the file /etc/auto.master that points to a map file to define the mount points for the /mnt/nfs directory.. For example:

Contents of /etc/auto.master

/mnt/nfs /etc/auto.nfs --timeout=60

Create the Map File /etc/auto.nfs that maps the NFS share 10.10.10.1:/data to /mnt/nfs/share as follows:

Contents of /etc/auto.nfs

share -rw 10.10.10.1:/data

Start and Enable autofs:

# rc-update add autofs # rc-service autofs start

Eventhough autofs is primarily a client-side tool it can also be used on servers for dynamic mounting if required. For an use case of using Autofs on servers, refer to Sharing a Disk page.

Kerberos authentication

By default, NFS security only validates the IP of the client. You can add user level authentication with a Kerberos authentication protocol. The choices are:

MIT KRB5 available in krb5 package
Heimdal available in heimdal package

Note: It is recommended to have the same Kerberos flavor across the network as both implementations are not completely mutually compatible.

The example given below uses MIT KRB5 syntax. So install the server package krb5-server on server and krb5 package for client machines.

Server configuration

Assuming you setup Kerberos in the in the network, create ticket to your NFS machine :

# kadmin: addprinc -randkey nfs/nfs1.example.com@EXAMPLE.COM

And add it to the machines krb5.keytab file:

# kadmin: ktadd nfs/nfs1.example.com@EXAMPLE.COM

Then, edit your /etc/exports, and add sec=krb5 (only authentication), sec=krb5i (also hmac signing) or sec=krb5p (also encryption). For example:

Contents of /etc/exports

/data 10.10.10.0/24(rw,nohide,no_subtree_check,sec=krb5p,no_root_squash)    

After editing /etc/exports, reload your setting

# exportfs -afv

User id mapping is managed by nfsidmap utility from nfs-utils package.

Client configuration

In order for the client to connect to NFS via kerberos, enable and start rpc.gssd service.

# rc-update add rpc.gssd

# rc-service rpc.gssd start

@@ Line 1: / Line 1: @@
+This page documents configuring Network File System (NFS) on both server and client side including autofs and Kerberos authentication.
 == Installation ==
-Install the following package for both NFS client and NFS server service.
-{{Cmd|# apk add nfs-utils}}
+Install the following package for both NFS client and NFS server service. {{Cmd|# apk add nfs-utils}}
 == Configuration ==
 Setting up NFS service on Alpine Linux is no different from other Linux distributions.
-=== NFS Server ===
+=== NFS server ===
-Setup export dirs in /etc/exports. For example:
+Setup export dirs in {{Path|/etc/exports}} on your server with IP address 10.10.10.1. For example: {{Cat|/etc/exports|<nowiki>/data 10.10.10.0/24(rw,nohide,no_subtree_check,no_root_squash)
-{{Cat|/etc/exports|<nowiki>/data 10.10.10.0/24(rw,nohide,no_subtree_check,no_root_squash)
 </nowiki>}}
-After editing /etc/exports, reload your setting
+After editing {{Path|/etc/exports}}, reload your setting: {{Cmd|# exportfs -afv}}
-{{Cmd|# exportfs -afv}}
+To make NFS server service to autostart on boot: {{Cmd|# rc-update add nfs}}
+To start NFS server service now: {{Cmd|# rc-service nfs start}}
-To make NFS server service to autostart on boot:
+=== NFS client ===
-{{Cmd|# rc-update add nfs}}
+To mount NFS shares automatically, an entry needs to made to {{Path|/etc/fstab}} as follows:{{Cat|/etc/fstab|10.10.10.1:/data /mount/point nfs4 rw,_netdev 0 0}}
-To start NFS server service now
+To mount nfs share from {{Path|/etc/fstab}} file at booting of the system:{{Cmd|# rc-update add nfsmount}}
+To mount the nfs shares from /etc/fstab file now:{{Cmd|# rc-service nfsmount start}}
-{{Cmd|# rc-service nfs start}}
+You can check your boot services:{{Cmd|# rc-status}}
-=== NFS Client ===
+{{Tip| netmount is a general service for all network-based filesystems, while nfsmount is specifically tailored for NFS.}}
+To use netmount, here are the equivalent commands:{{Cmd|<nowiki># rc-service netmount start
+# rc-update add netmount</nowiki>}}
-To mount NFS shares automatically, an entry needs to made to /etc/fstab. To mount nfs share from /etc/fstab file at booting of the system
+== Using autofs ==
-{{Cmd|# rc-update add nfsmount}}
+[https://docs.kernel.org/filesystems/autofs.html Autofs] is another alternative for mounting filesystems like NFS. Autofs aims to provide on-demand mounting and race free automatic unmounting of various other filesystems.
-To mount the nfs shares from /etc/fstab file now:
+Ensure that {{pkg|autofs}} package is installed, if not installed already. {{Cmd|apk add autofs}}
-{{Cmd|# rc-service nfsmount start}}
+Add an entry in the file {{Path|/etc/auto.master}} that points to a map file to define the mount points for the {{ic|/mnt/nfs}} directory.. For example:{{Cat|/etc/auto.master|<nowiki>/mnt/nfs /etc/auto.nfs --timeout=60</nowiki>}}
+Create the Map File {{Path|/etc/auto.nfs}} that maps the NFS share {{ic|10.10.10.1:/data}} to {{ic|/mnt/nfs/share}} as follows:{{Cat|/etc/auto.nfs|share -rw 10.10.10.1:/data}}
+Start and Enable autofs:{{Cmd|<nowiki># rc-update add autofs
+# rc-service autofs start</nowiki>}}
-{{Cmd|# rc-update add netmount}}
+Eventhough autofs is primarily a client-side tool it can also be used on servers for dynamic mounting if required. For an use case of using Autofs on servers, refer to [[Raspberry_Pi_4_-_Persistent_system_acting_as_a_NAS_and_Time_Machine#Adding_and_Sharing_a_Disk|Sharing a Disk]] page.
-You can check your boot services:
+== Kerberos authentication ==
-{{Cmd|# rc-status}}
-{{Cmd|# rc-service netmount start}}
+By default, NFS security only validates the IP of the client. You can add user level authentication with a Kerberos authentication protocol. The choices are:
+* [https://web.mit.edu/kerberos/www/ MIT KRB5] available in {{pkg|krb5}} package
+* [https://github.com/heimdal/ Heimdal] available in {{pkg|heimdal}} package
-== Kerberos Authentication ==
+{{Note|It is recommended to have the same Kerberos flavor across the network as both implementations are not completely mutually compatible.}}
-By default, NFS security only validates the IP of the client. You can add user level authentication with a Kerberos installation ([https://pkgs.alpinelinux.org/package/edge/main/armhf/krb5 MIT KRB5] or [https://pkgs.alpinelinux.org/package/edge/main/x86/heimdal Heimdal]). It is recommended to have the same Kerberos flavor across the network as both implementations are not completely mutually compatible.
+The example given below uses MIT KRB5 syntax. So install the server package {{pkg|krb5-server}} on server and {{pkg|krb5}} package for client machines.
-=== Server Configuration ===
+=== Server configuration ===
-Assuming you setup Kerberos in the in the network, create ticket to your NFS machine (examples are in MIT KRB5 syntax):
+Assuming you setup Kerberos in the in the network, create ticket to your NFS machine :
 {{Cmd|# kadmin: addprinc -randkey nfs/nfs1.example.com@EXAMPLE.COM}}
@@ Line 53: / Line 64: @@
 {{Cmd|# kadmin: ktadd nfs/nfs1.example.com@EXAMPLE.COM}}
-Then, edit your /etc/exports, and add sec=krb5 (only authentication), sec=krb5i (also hmac signing) or sec=krb5p (also encryption). For example:
+Then, edit your {{Path|/etc/exports}}, and add sec=krb5 (only authentication), sec=krb5i (also hmac signing) or sec=krb5p (also encryption). For example:
 {{Cat|/etc/exports|<nowiki>/data 10.10.10.0/24(rw,nohide,no_subtree_check,sec=krb5p,no_root_squash)
 </nowiki>}}
-After editing /etc/exports, reload your setting
+After editing {{Path|/etc/exports}}, reload your setting
 {{Cmd|# exportfs -afv}}
-User id mapping is managed by nfsidmap.
+User id mapping is managed by <code>nfsidmap</code> utility from {{pkg|nfs-utils}} package.
-=== Client Configuration ===
+=== Client configuration ===
-In order for the client to connect to NFS via kerberos, enable and start rpc.gssd.
+In order for the client to connect to NFS via kerberos, enable and start rpc.gssd service.
 {{Cmd|# rc-update add rpc.gssd}}
 {{Cmd|# rc-service rpc.gssd start}}
-== see Also ==
+== See also ==
 * [https://wiki.archlinux.org/title/NFS NFS in Arch wiki]
 * [https://wiki.gentoo.org/wiki/Nfs-utils NFS in Gentoo Wiki]
+* [[Raspberry_Pi_4_-_Persistent_system_acting_as_a_NAS_and_Time_Machine]]
 [[Category:Server]]