{"id":18962,"date":"2023-10-11T20:30:26","date_gmt":"2023-10-11T17:30:26","guid":{"rendered":"https:\/\/kifarunix.com\/?p=18962"},"modified":"2024-03-10T11:40:48","modified_gmt":"2024-03-10T08:40:48","slug":"install-and-setup-nfs-server-on-debian-12","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-nfs-server-on-debian-12\/","title":{"rendered":"Install and Setup NFS Server on Debian 12"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1062\" height=\"594\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/10\/nfs-server-linux.png\" alt=\"Install and Setup NFS Server on Debian 12\" class=\"wp-image-18970\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/10\/nfs-server-linux.png?v=1697044901 1062w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/10\/nfs-server-linux-768x430.png?v=1697044901 768w\" sizes=\"(max-width: 1062px) 100vw, 1062px\" \/><\/figure><\/div>\n\n\n<p>In this tutorial, we will discuss how to install and setup NFS server on Debian 12. <a href=\"https:\/\/linux.die.net\/man\/5\/nfs\" target=\"_blank\" rel=\"noreferrer noopener\">Network File system (NFS)<\/a>&nbsp;<em>is a commonly used file-based storage system that&nbsp;allows remote systems&nbsp;to access files over a computer network&nbsp;and interact with them as if they were locally mounted. This enables system Administrators to group resources onto centralized servers on a network for easy sharing<\/em>.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-nfs-server-on-debian-12\">Installing NFS Server on Debian 12<\/a><ul><li><a href=\"#install-nfs-server\">Install NFS Server<\/a><\/li><li><a href=\"#define-nfs-server-domain-for-id-mapping\">Define NFS Server Domain for ID Mapping<\/a><\/li><li><a href=\"#setup-nfs-exports-on-debian-12\">Setup NFS Exports on Debian 12<\/a><\/li><li><a href=\"#export-nfs-shares\">Export NFS shares<\/a><\/li><li><a href=\"#allow-nfs-share-access-on-firewall\">Allow NFS Share Access on Firewall<\/a><\/li><\/ul><\/li><li><a href=\"#configure-nfs-client\">Configure NFS Client<\/a><ul><li><a href=\"#install-nfs-client-packages\">Install NFS Client Packages<\/a><\/li><li><a href=\"#create-a-directory-to-mount-the-remote-nfs-share\">Create a directory to mount the remote NFS share<\/a><\/li><li><a href=\"#listing-nfs-shares\">Listing NFS Shares<\/a><\/li><li><a href=\"#mount-nfs-shares-on-nfs-client\">Mount NFS Shares on NFS client<\/a><\/li><li><a href=\"#how-to-automount-nfs-share\">How to Automount NFS Share?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-nfs-server-on-debian-12\">Installing NFS Server on Debian 12<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-nfs-server\">Install NFS Server<\/h3>\n\n\n\n<p>In order to setup NFS server on Debian 12, you need to install the NFS kernel server package, which is the currently recommended NFS server for use with Linux, featuring features such as NFSv3 and NFSv4, Kerberos support via GSS, and much more.<\/p>\n\n\n\n<p>NFS operates in  server-client architecture. Hence, install the NFS kernel server on the NFS server system.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt update<\/pre>\n\n\n\n<p>Check if the system requires a reboot. If so, then reboot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91; -f \/var\/run\/reboot-required ] &amp;&amp; systemctl reboot -i<\/code><\/pre>\n\n\n\n<p>Install NFS Server package on Ubuntu;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install nfs-kernel-server<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"define-nfs-server-domain-for-id-mapping\">Define NFS Server Domain for ID Mapping<\/h3>\n\n\n\n<p>Next, optionally update the NFS domain in the <code><strong>\/etc\/idmapd.conf<\/strong><\/code> configuration file. The <code>\/etc\/idmapd.conf<\/code> file is used to configure the NFS idmapd daemon, which is responsible for mapping user and group IDs between the client and server in NFSv4 environments. The <code>Domain<\/code> parameter in this configuration file specifies the local domain for id mapping. This will by default is set to your system&#8217;s DNS domain if not specified and hence, may result in other systems in the different DNS domain not being able to mount the share.<\/p>\n\n\n\n<p>For example, the domain of my system is;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">hostname -d<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">kifarunix-demo.com<\/pre>\n\n\n\n<p>Hence, edit the&nbsp;<code>\/etc\/idmapd.conf<\/code>&nbsp;file and uncomment line 6 and set  the value of the <strong><code>Domain<\/code><\/strong> to the correct domain name.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sed -i \"s\/^# Domain = localdomain\/Domain = $(hostname -d)\/\" \/etc\/idmapd.conf<\/pre>\n\n\n\n<p>To verify;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">grep Domain \/etc\/idmapd.conf<\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Domain = kifarunix-demo.com<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"setup-nfs-exports-on-debian-12\">Setup NFS Exports on Debian 12<\/h3>\n\n\n\n<p>NFS Exports are&nbsp;file systems or directories on an NFS server that are shared or accessible to NFS clients.<\/p>\n\n\n\n<p>In this tutorial, we will create two directories\/NFS shares. A public and a private directory.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir \/media\/{public,private}<\/pre>\n\n\n\n<p>Next, edit the <code><strong>\/etc\/exports<\/strong><\/code> configuration file and configure the above directories as NFS shares.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">vim \/etc\/exports<\/pre>\n\n\n\n<p>To set up an NFS share:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Specify the directory to be shared<\/li>\n\n\n\n<li>IP addresses\/Networks or domain names (if you have DNS server) of the systems to share storage with<\/li>\n\n\n\n<li>the options associated with shared directory.<\/li>\n<\/ul>\n\n\n\n<p>The format of the NFS share in the <strong>\/etc\/exports<\/strong> should look like:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nfshare nfsclient_IP\/network\/domain &#91;sharingoptions]<\/code><\/pre>\n\n\n\n<p>In our setup, the general directory is shared with anyone and the private directory with specific clients.<\/p>\n\n\n\n<p><strong>NOTE: <\/strong><em><strong>ensure that there are no invisible characters or whitespace at the end of the directory path in your <code>\/etc\/exports<\/code> file<\/strong><\/em>. Otherwise, you may get <strong>&#8220;No such file or directory<\/strong>&#8221; error when exporting the share.<\/p>\n\n\n\n<p>In that case, below are our NFS exports configurations look like below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">\/media\/public *(ro,sync,root_squash,subtree_check)<\/pre>\n\n\n\n<pre id=\"block-205a6edc-8924-4137-93d8-bbab281b6913\" class=\"wp-block-preformatted\">\/media\/private 192.168.59.21(rw,sync,no_root_squash,no_subtree_check)<\/pre>\n\n\n\n<p>To allow multiple nodes\/systems to access the share;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/media\/private 192.168.59.21(rw,sync,no_root_squash,no_subtree_check) 192.168.59.22(rw,sync,no_root_squash,no_subtree_check) 192.168.59.23(rw,sync,no_root_squash,no_subtree_check)<\/code><\/pre>\n\n\n\n<p>The NFS share mount options used above are;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>ro<\/code>&nbsp;<\/strong>mounts the directory on the client with read only permissions.<\/li>\n\n\n\n<li><strong><code>rw<\/code><\/strong>&nbsp;mounts the shared directory on the client with read write permissions.<\/li>\n\n\n\n<li><strong><code>sync<\/code><\/strong>&nbsp;ensures that any changes made to the shared directory is synchronized between the server and the client.<\/li>\n\n\n\n<li><strong><code>root_squash<\/code><\/strong>&nbsp;maps the remote root user privileges into a non-privileged user on the NFS server.<\/li>\n\n\n\n<li><strong><code>no_root_squash<\/code><\/strong>&nbsp;allows remote user to access the share with full privileges of the root user on the NFS server.<\/li>\n\n\n\n<li><strong><code>subtree_check<\/code><\/strong>&nbsp;ensures that in case a directory instead of a block device is exported, the NFS server must check the existence of files in the shared directory for every request made.<\/li>\n\n\n\n<li><strong><code>no_subtree_check<\/code><\/strong>&nbsp;specifies that the NFS server should not verify the availability of the files in the export for every request.<\/li>\n<\/ul>\n\n\n\n<p>Consult <code><strong>man 5 exports<\/strong><\/code> for more NFS export mount options.<\/p>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>Restart NFS Server on Debian 12;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart nfs-server<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"export-nfs-shares\">Export NFS shares<\/h3>\n\n\n\n<p>Next, run the following command to export the shared directories.<\/p>\n\n\n\n<pre id=\"block-a807edee-bab8-454d-9363-f6eb91d432c8\" class=\"wp-block-preformatted\">exportfs -arvf<\/pre>\n\n\n\n<p> Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exporting 192.168.59.21:\/media\/private\nexporting *:\/media\/public<\/code><\/pre>\n\n\n\n<p>For more information on <code><strong>exportfs<\/strong><\/code> options used above,&nbsp;<code><strong>man exportfs<\/strong><\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"allow-nfs-share-access-on-firewall\">Allow NFS Share Access on Firewall<\/h3>\n\n\n\n<p>If firewall is running on Debian 12 NFS server, allow access to the nfs share from the clients.<\/p>\n\n\n\n<p>For example, to allow specific IPs\/Networks to access the shares above;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ufw allow from 192.168.59.0\/24 to any port nfs<\/pre>\n\n\n\n<p><strong>nfs<\/strong> actually opens port 2049.<\/p>\n\n\n\n<p>Check with:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">rpcinfo -p | grep nfs<\/pre>\n\n\n\n<p>Next, since we are using a port based firewall, you need to configure a fixed port for NFS rpc.mountd (more on <a href=\"http:\/\/wiki.debian.org\/SecuringNFS\" target=\"_blank\" rel=\"noreferrer noopener\">SecuringNFS<\/a>). It uses random ports by default, making access control a bit difficult.<\/p>\n\n\n\n<p>For example, let us say we want it to use port <strong><code>50001<\/code><\/strong>, then edit the file, \/<code><strong>etc\/default\/nfs-kernel-server<\/strong><\/code>;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/default\/nfs-kernel-server<\/code><\/pre>\n\n\n\n<p>and replace add the port to the line;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">RPCMOUNTDOPTS=\"--manage-gids\"<\/pre>\n\n\n\n<p>such that it looks like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">RPCMOUNTDOPTS=\"--manage-gids --port 50001\"<\/pre>\n\n\n\n<p>Save and exit the file once done editing.<\/p>\n\n\n\n<p>Restart NFS server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart nfs-server<\/pre>\n\n\n\n<p>Open the RPC mount port on firewall;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ufw allow from 192.168.59.0\/24 to any port 50001<\/pre>\n\n\n\n<p>Open NFS portmapper  port as well;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ufw allow from 192.168.59.0\/24 to any port 111<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configure-nfs-client\">Configure NFS Client<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-nfs-client-packages\">Install NFS Client Packages<\/h3>\n\n\n\n<p>On a system that acts as an NFS client, install NFS client packages:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo apt install nfs-common -y<\/pre>\n\n\n\n<p>Similarly, update the NFS share domain:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sed -i \"s\/# Domain = localdomain\/Domain = $(hostname -d)\/\" \/etc\/idmapd.conf<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-a-directory-to-mount-the-remote-nfs-share\">Create a directory to mount the remote NFS share<\/h3>\n\n\n\n<p>To access the remote shared directories on the NFS client, you need to mount those directories on the NFS client.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir -p \/nfs-shares\/{public,private}<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"listing-nfs-shares\">Listing NFS Shares<\/h3>\n\n\n\n<p>Run the following command to show mount information for an NFS server, whose IP address is 192.168.59.14.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">showmount -e 192.168.59.14<\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Export list for 192.168.59.14:\n\/media\/public  *\n\/media\/private 192.168.59.21<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"mount-nfs-shares-on-nfs-client\">Mount NFS Shares on NFS client<\/h3>\n\n\n\n<p>Mount the exports on NFS client as shown below;<\/p>\n\n\n\n<pre id=\"block-eca24732-ed10-4ee4-83a7-d58bc81461e8\" class=\"wp-block-preformatted\">sudo mount -t nfs 192.168.59.14:\/media\/public \/nfs-shares\/public<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo mount -t nfs 192.168.59.14:\/media\/private \/nfs-shares\/private\/<\/pre>\n\n\n\n<p>Verify the mounting with the following command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">df -hT -P \/nfs-shares\/private\/ \/nfs-shares\/public\/<\/pre>\n\n\n\n<pre class=\"scroll-sz\"><\/code>Filesystem                   Type  Size  Used Avail Use% Mounted on\n192.168.59.14:\/media\/private nfs4   14G  4.4G  8.7G  34% \/nfs-shares\/private\n192.168.59.14:\/media\/public  nfs4   14G  4.4G  8.7G  34% \/nfs-shares\/public\n<\/code><\/pre>\n\n\n\n<p>As you can see, both of the shares have been mounted.<\/p>\n\n\n\n<p>To finalize on this, let us create some files on the NFS server and verify that the same becomes available to the client.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">touch \/media\/public\/public-files.txt touch \/media\/private\/private-files.txt<\/pre>\n\n\n\n<p>On the client:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ls -1 \/nfs-shares\/public\/ \/nfs-shares\/private\/<\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\/nfs-shares\/private\/:\nprivate-files.txt\n\n\/nfs-shares\/public\/:\npublic-files.txt<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-to-automount-nfs-share\">How to Automount NFS Share?<\/h3>\n\n\n\n<p>You can use FSTAB or AutoFS deamon to mount NFS share automatically.<\/p>\n\n\n\n<p>Check an example on this page.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-nfs-server-on-rocky-linux-8\/#configuring-automounting\" target=\"_blank\" rel=\"noreferrer noopener\">Configure NFS Share Automounting<\/a><\/p>\n\n\n\n<p>And that marks the end of our tutorial on installing NFS server on Debian 12<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, we will discuss how to install and setup NFS server on Debian 12. Network File system (NFS)&nbsp;is a commonly used file-based storage<\/p>\n","protected":false},"author":10,"featured_media":18970,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121],"tags":[7267,7268,7266],"class_list":["post-18962","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","tag-debian-12-nfs-server","tag-linux-nfs-server","tag-nfs-server-setup-debian-12","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/18962"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=18962"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/18962\/revisions"}],"predecessor-version":[{"id":20861,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/18962\/revisions\/20861"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/18970"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=18962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=18962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=18962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}