NFS - Network File System

To install and configure NFS (Network File System) on Ubuntu securely, you need to ensure that the NFS server and client are properly set up, access is limited to trusted IP addresses, and encryption/authentication measures are in place. Here are the steps to install and configure NFS securely on an Ubuntu server:

Step 1: Install NFS Server and Client

Install the NFS server on your Ubuntu server:

sudo apt update
sudo apt install nfs-kernel-server

Install the NFS client on the client machine (if you need to mount the NFS share):
```
sudo apt install nfs-common
```

Create the directory you want to share via NFS:
```
sudo mkdir -p /mnt/nfs_share
sudo chown nobody:nogroup /mnt/nfs_share
sudo chmod 777 /mnt/nfs_share
```
Note: Adjust permissions (777) as per your requirements. You may choose more restrictive permissions for security purposes.

Step 3: Configure `/etc/exports` File

Edit the /etc/exports file to define what directories will be shared and who has access:
```
sudo nano /etc/exports
```
Add an entry for the shared directory: Example:
```
/mnt/nfs_share   192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)
```
Explanation of options:
- 192.168.1.0/24: Specifies the IP range (replace with the appropriate IP address or subnet).
- rw: Allows read-write access.
- sync: Forces changes to be written to disk before a response is sent.
- no_subtree_check: Improves performance by skipping subtree checking.
- no_root_squash: This option can be risky as it allows root on the client to have root access on the server (use root_squash instead for more security).
For better security, you can restrict access only to specific IP addresses or subnets.

Step 4: Apply Changes

Export the shared directories:
```
sudo exportfs -a
```

Restart the NFS server:

sudo systemctl restart nfs-kernel-server

Step 5: Secure NFS with Firewall Rules

Allow NFS ports in the firewall (assuming you're using UFW):
```
sudo ufw allow from 192.168.1.0/24 to any port nfs
sudo ufw enable
```
Replace 192.168.1.0/24 with your trusted subnet.
Check the firewall status to ensure proper configuration:
```
sudo ufw status
```

Create a mount point on the client machine:
```
sudo mkdir -p /mnt/nfs_client_share
```
Mount the NFS share:
```
sudo mount 192.168.1.100:/mnt/nfs_share /mnt/nfs_client_share
```
Replace 192.168.1.100 with the IP address of your NFS server.
To mount the NFS share automatically on boot, add the following line to /etc/fstab:
```
192.168.1.100:/mnt/nfs_share /mnt/nfs_client_share nfs defaults 0 0
```

Step 7: Verify the Setup

Check NFS export status on the server:
```
showmount -e
```
Check the mounted NFS share on the client:
```
mount | grep nfs
```
Test reading/writing to the NFS share: On the client, try creating a file in the NFS mount directory:
```
touch /mnt/nfs_client_share/testfile
```

PreviousSamba - SMB NextFTP

Last updated 4 months ago

Step 1: Install NFS Server and Client

Step 2: Create the Directory to Share

Step 3: Configure /etc/exports File

Step 4: Apply Changes

Step 5: Secure NFS with Firewall Rules

Step 6: Mount the NFS Share on the Client

Step 7: Verify the Setup

Step 3: Configure `/etc/exports` File