How To Install NFS Server on Fedora 42

Setting up a Network File System (NFS) server on Fedora 42 enables seamless file sharing across your network infrastructure. This comprehensive guide walks you through every step of the installation and configuration process, ensuring your NFS server operates securely and efficiently.

Whether you’re managing a home lab, small business network, or enterprise environment, NFS provides a robust solution for centralized file storage and sharing. Fedora 42’s advanced package management and security features make it an excellent choice for hosting NFS services.

Understanding NFS Architecture and Core Components

What Is NFS and Why Use It?

Network File System (NFS) operates on a client-server architecture that allows remote file access as if files were stored locally. The protocol has evolved significantly since its inception, with NFSv4 offering enhanced security, performance, and cross-platform compatibility.

NFS excels in environments requiring shared storage, collaborative workspaces, and centralized data management. Unlike other file-sharing protocols, NFS integrates seamlessly with Unix-like systems, providing native performance and security features.

NFS Version Comparison

NFSv3 remains widely supported but lacks advanced security features. It requires additional services like rpc.lockd and rpc.statd for proper functionality. NFSv4 introduces significant improvements including built-in security, better caching mechanisms, and simplified firewall configuration.

NFSv4.1 and NFSv4.2 add parallel access capabilities, improved performance, and enhanced metadata handling. For Fedora 42 installations, NFSv4.2 is recommended for optimal performance and security.

Essential NFS Components

The nfs-utils package provides core NFS functionality including server daemons, client utilities, and configuration tools. rpcbind manages RPC services essential for NFS communication. mountd handles mount requests and authentication, while idmapd manages user and group ID mapping for NFSv4.

Prerequisites and System Requirements

Hardware and Software Requirements

Your Fedora 42 system requires minimum 1GB RAM and 10GB available disk space for NFS server functionality. Network connectivity with static IP addressing is essential for consistent client access.

Ensure your system has administrative privileges through sudo or root access. Time synchronization between server and clients prevents authentication issues and file corruption.

Network Planning Considerations

Plan your network topology carefully. Document IP ranges, subnet configurations, and firewall policies before beginning installation. NFS performance depends heavily on network bandwidth and latency characteristics.

Consider implementing VLANs or dedicated storage networks for high-performance requirements. Gigabit Ethernet provides adequate performance for most small to medium deployments.

Updating Fedora 42 Before Installation

System updates ensure compatibility, security patches, and optimal performance. Fresh installations may contain outdated packages or security vulnerabilities.

sudo dnf update -y
sudo reboot

The update process downloads and installs the latest package versions, kernel updates, and security patches. A system reboot ensures all updates take effect properly.

Verify the update completion by checking the system version:

cat /etc/fedora-release
uname -r

Installing Required NFS Packages

Package Installation Process

Fedora 42 includes NFS packages in the default repositories. The installation process downloads dependencies automatically, ensuring complete functionality.

sudo dnf install nfs-utils rpcbind -y

This command installs the complete NFS server stack including utilities, daemons, and configuration files. The -y flag automatically confirms installation prompts.

Verifying Package Installation

Confirm successful installation by checking package versions and available commands:

rpm -qa | grep nfs-utils
rpm -qa | grep rpcbind
which exportfs
which showmount

These commands verify package installation and confirm utility availability. Missing commands indicate incomplete installation requiring troubleshooting.

Additional Useful Packages

Consider installing supplementary packages for enhanced functionality:

sudo dnf install nfs4-acl-tools quota -y

nfs4-acl-tools provides advanced ACL management for NFSv4 exports. quota enables disk usage monitoring and limitation enforcement.

Creating and Organizing NFS Export Directories

Directory Structure Best Practices

Organize NFS exports using a logical hierarchy that simplifies management and enhances security. The /srv/nfs directory provides a standard location for NFS exports.

sudo mkdir -p /srv/nfs/{public,private,backup}
sudo mkdir -p /srv/nfs/users/{alice,bob,charlie}

This structure separates public and private content while providing individual user directories. Clear organization simplifies permission management and troubleshooting.

Setting Appropriate Permissions

Directory permissions directly impact NFS functionality and security. Establish proper ownership and access controls before configuring exports.

sudo chown -R nfsnobody:nfsnobody /srv/nfs/public
sudo chmod 755 /srv/nfs/public

sudo chown root:root /srv/nfs/private
sudo chmod 750 /srv/nfs/private

sudo chown -R nfsnobody:nfsnobody /srv/nfs/backup
sudo chmod 755 /srv/nfs/backup

The nfsnobody user provides secure default ownership for shared directories. Root ownership with restrictive permissions protects sensitive directories.

Advanced Storage Configuration

For production environments, consider using LVM or dedicated filesystems for NFS exports:

sudo pvcreate /dev/sdb
sudo vgcreate nfs_vg /dev/sdb
sudo lvcreate -L 50G -n nfs_lv nfs_vg
sudo mkfs.ext4 /dev/nfs_vg/nfs_lv

Create a dedicated mount point and configure automatic mounting:

sudo mkdir /mnt/nfs_storage
echo "/dev/nfs_vg/nfs_lv /mnt/nfs_storage ext4 defaults 0 2" | sudo tee -a /etc/fstab
sudo mount -a

Bind mount the storage to your NFS export directory:

echo "/mnt/nfs_storage /srv/nfs none bind 0 0" | sudo tee -a /etc/fstab
sudo mount -a

Configuring the NFS Exports File

Understanding /etc/exports Syntax

The exports file defines which directories are shared, access permissions, and client restrictions. Each line specifies an export path followed by client specifications and options.

Basic syntax follows this pattern:

/path/to/export client1(options) client2(options)

Common Export Options

rw grants read-write access while ro provides read-only access. sync ensures data writes complete before acknowledging requests, improving reliability at the cost of performance.

no_root_squash allows root users on clients to maintain root privileges on the server. Use this option carefully as it poses security risks. all_squash maps all client users to the anonymous user for enhanced security.

no_subtree_check improves performance by disabling subtree checking. secure requires requests originate from privileged ports below 1024.

Sample Export Configurations

Create a comprehensive exports configuration:

sudo nano /etc/exports

Add the following export definitions:

# Public read-only access for entire subnet
/srv/nfs/public 192.168.1.0/24(ro,sync,no_subtree_check)

# Private read-write access for specific hosts
/srv/nfs/private 192.168.1.10(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/private 192.168.1.11(rw,sync,no_subtree_check,all_squash)

# User directories with individual access
/srv/nfs/users/alice 192.168.1.20(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)
/srv/nfs/users/bob 192.168.1.21(rw,sync,no_subtree_check,all_squash,anonuid=1002,anongid=1002)

# Backup directory with restricted access
/srv/nfs/backup 192.168.1.0/24(rw,sync,no_subtree_check,root_squash)

Advanced Export Options

anonuid and anongid specify the user and group IDs for anonymous access. fsid=0 designates the NFSv4 root export. crossmnt allows clients to access subdirectory mounts automatically.

For NFSv4-only environments, configure a root export:

/srv/nfs *(rw,sync,fsid=0,crossmnt,no_subtree_check)
/srv/nfs/public *(ro,sync,no_subtree_check)
/srv/nfs/private 192.168.1.0/24(rw,sync,no_subtree_check)

Configuring Firewall for NFS on Fedora 42

Understanding NFS Port Requirements

NFS uses multiple ports for different services. NFSv4 simplifies firewall configuration by consolidating most traffic through port 2049. NFSv3 requires additional ports for auxiliary services.

Port 2049 handles NFS traffic. Port 111 manages RPC communications. mountd, statd, and lockd use dynamic ports that can be configured for firewall compatibility.

Configuring firewalld for NFS

Fedora 42 uses firewalld for firewall management. Enable NFS services using predefined firewall rules:

sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=mountd
sudo firewall-cmd --permanent --add-service=rpc-bind
sudo firewall-cmd --reload

Verify the firewall configuration:

sudo firewall-cmd --list-services
sudo firewall-cmd --list-ports

Custom Port Configuration

For enhanced security, configure static ports for NFS services:

sudo nano /etc/nfs.conf

Add the following configuration:

[statd]
port=32765

[lockd]
port=32803
udp-port=32769

[mountd]
port=32767

Update firewall rules for custom ports:

sudo firewall-cmd --permanent --add-port=32765/tcp
sudo firewall-cmd --permanent --add-port=32765/udp
sudo firewall-cmd --permanent --add-port=32803/tcp
sudo firewall-cmd --permanent --add-port=32769/udp
sudo firewall-cmd --permanent --add-port=32767/tcp
sudo firewall-cmd --permanent --add-port=32767/udp
sudo firewall-cmd --reload

Starting and Enabling NFS Services

Service Management with systemd

Fedora 42 uses systemd for service management. Enable and start required NFS services in the correct order:

sudo systemctl enable rpcbind
sudo systemctl start rpcbind
sudo systemctl enable nfs-server
sudo systemctl start nfs-server

The rpcbind service must start before nfs-server to ensure proper RPC communication initialization.

Verifying Service Status

Check service status and troubleshoot issues:

sudo systemctl status rpcbind
sudo systemctl status nfs-server
sudo systemctl status nfs-mountd
sudo systemctl status nfs-idmapd

Active services display “active (running)” status. Failed services require investigation through system logs.

Service Dependencies

NFS server depends on several auxiliary services. systemd manages these dependencies automatically, but manual intervention may be necessary for troubleshooting:

sudo systemctl enable nfs-idmapd
sudo systemctl start nfs-idmapd
sudo systemctl enable rpc-statd
sudo systemctl start rpc-statd

Advanced Configuration Files

Customizing /etc/nfs.conf

The main NFS configuration file controls server behavior and performance parameters:

sudo nano /etc/nfs.conf

Key configuration sections include:

[general]
# Enable NFSv4 only
vers2=n
vers3=n
vers4=y
vers4.0=y
vers4.1=y
vers4.2=y

[nfsd]
# Number of NFS server threads
threads=8
host=0.0.0.0
port=2049
grace-time=90
lease-time=90

[exportfs]
debug=0

NFSv4 Domain Configuration

Configure the NFSv4 domain for proper user and group ID mapping:

sudo nano /etc/idmapd.conf

Set the domain parameter:

[General]
Domain = example.com
Local-Realms = EXAMPLE.COM

[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody

The domain must match across all NFS servers and clients for proper ID mapping.

SELinux Configuration for NFS

Understanding SELinux and NFS

Security-Enhanced Linux (SELinux) provides mandatory access control for NFS services. Proper SELinux configuration ensures security while maintaining functionality.

Check current SELinux status:

sestatus
getsebool -a | grep nfs

Configuring SELinux Booleans

Enable necessary SELinux booleans for NFS operation:

sudo setsebool -P nfs_export_all_ro on
sudo setsebool -P nfs_export_all_rw on
sudo setsebool -P use_nfs_home_dirs on
sudo setsebool -P nfsd_anon_write on

The -P flag makes changes persistent across reboots.

Setting SELinux Contexts

Apply appropriate SELinux contexts to NFS export directories:

sudo semanage fcontext -a -t public_content_t "/srv/nfs/public(/.*)?"
sudo semanage fcontext -a -t public_content_rw_t "/srv/nfs/private(/.*)?"
sudo restorecon -R /srv/nfs/

Verify context application:

ls -laZ /srv/nfs/

Exporting Shares and Managing Exports

Activating NFS Exports

Apply export configuration changes without restarting services:

sudo exportfs -ra

The -r flag re-exports all directories, while -a exports all entries in /etc/exports.

Viewing Active Exports

Monitor current export status:

sudo exportfs -v
showmount -e localhost

These commands display detailed export information including options and connected clients.

Managing Export Changes

Add new exports temporarily without modifying /etc/exports:

sudo exportfs -o rw,sync,no_subtree_check 192.168.1.0/24:/tmp/test

Remove specific exports:

sudo exportfs -u 192.168.1.10:/srv/nfs/private

Testing NFS Server Functionality

Local Server Testing

Verify NFS server functionality from the local system:

showmount -e localhost
rpcinfo -p localhost

These commands confirm service availability and export visibility.

Client-Side Testing

Test NFS functionality from client systems:

# Install NFS client utilities
sudo dnf install nfs-utils -y

# Test server connectivity
showmount -e 192.168.1.100

# Create test mount point
sudo mkdir /mnt/nfs-test

# Mount NFS share
sudo mount -t nfs 192.168.1.100:/srv/nfs/public /mnt/nfs-test

# Verify mount
df -h | grep nfs
mount | grep nfs

Performance Testing

Evaluate NFS performance using standard benchmarks:

# Test write performance
time dd if=/dev/zero of=/mnt/nfs-test/testfile bs=1M count=100

# Test read performance
time dd if=/mnt/nfs-test/testfile of=/dev/null bs=1M

# Clean up test files
rm /mnt/nfs-test/testfile

NFS Client Configuration

Client Package Installation

Install NFS client utilities on client systems:

sudo dnf install nfs-utils -y
sudo systemctl enable rpcbind
sudo systemctl start rpcbind

Manual Mounting

Mount NFS shares manually for testing:

sudo mkdir -p /mnt/nfs/{public,private}
sudo mount -t nfs 192.168.1.100:/srv/nfs/public /mnt/nfs/public
sudo mount -t nfs4 192.168.1.100:/srv/nfs/private /mnt/nfs/private

Automatic Mounting with /etc/fstab

Configure persistent NFS mounts:

sudo nano /etc/fstab

Add NFS mount entries:

192.168.1.100:/srv/nfs/public /mnt/nfs/public nfs defaults,_netdev 0 0
192.168.1.100:/srv/nfs/private /mnt/nfs/private nfs4 defaults,_netdev,rw 0 0

The _netdev option ensures mounting occurs after network initialization.

AutoFS Configuration

Configure dynamic mounting using AutoFS:

sudo dnf install autofs -y
sudo systemctl enable autofs

Create AutoFS configuration:

sudo nano /etc/auto.master

Add master map entry:

/mnt/auto /etc/auto.nfs --timeout=60

Create the AutoFS map:

sudo nano /etc/auto.nfs

Define mount points:

public -rw,soft,intr 192.168.1.100:/srv/nfs/public
private -rw,soft,intr 192.168.1.100:/srv/nfs/private

Start AutoFS service:

sudo systemctl start autofs

Security Best Practices

Network-Level Security

Implement network segmentation and access control lists (ACLs) to restrict NFS traffic. Use VPNs or private networks for WAN deployments to encrypt traffic and prevent unauthorized access.

Configure export restrictions using specific IP addresses or subnets rather than wildcard entries. Monitor network traffic regularly for suspicious activity.

Authentication and Authorization

Consider implementing Kerberos authentication for enhanced security in enterprise environments:

sudo dnf install krb5-workstation krb5-libs -y

Configure Kerberos realm and obtain service tickets for secure NFS access. This approach provides strong authentication and prevents credential theft.

File System Permissions

Implement proper file system permissions beyond NFS export options. Use groups and ACLs to control access granularly:

sudo setfacl -m g:developers:rwx /srv/nfs/private/projects
sudo setfacl -m g:users:r-x /srv/nfs/public

Monitoring and Logging

Enable comprehensive logging for security monitoring:

sudo nano /etc/rsyslog.conf

Add NFS-specific logging:

# NFS server logging
daemon.* /var/log/nfs.log

Monitor logs regularly for authentication failures, unauthorized access attempts, and performance issues.

Performance Optimization

Server-Side Tuning

Optimize NFS server performance through configuration adjustments:

sudo nano /etc/nfs.conf

Adjust server threads based on expected load:

[nfsd]
threads=16
tcp=y
udp=n

Client-Side Optimization

Configure client mount options for optimal performance:

sudo mount -t nfs -o rsize=32768,wsize=32768,hard,intr 192.168.1.100:/srv/nfs/data /mnt/data

rsize and wsize parameters control read and write buffer sizes. hard mounts ensure reliability while intr allows interruption of hung operations.

Network Optimization

Implement jumbo frames for high-bandwidth environments:

sudo ip link set eth0 mtu 9000

Ensure all network devices support jumbo frames to prevent fragmentation issues.

Troubleshooting Common Issues

Service Startup Problems

Investigate service failures using systemd logs:

sudo journalctl -u nfs-server -f
sudo journalctl -u rpcbind -f

Common issues include port conflicts, missing dependencies, and configuration errors.

Mount Failures

Debug client mount issues:

sudo mount -t nfs -v 192.168.1.100:/srv/nfs/public /mnt/test
rpcinfo -p 192.168.1.100
telnet 192.168.1.100 2049

Check network connectivity, firewall rules, and export permissions.

Permission Issues

Resolve file access problems:

ls -la /srv/nfs/
getfacl /srv/nfs/directory

Verify ownership, permissions, and SELinux contexts match requirements.

Performance Problems

Diagnose performance issues using monitoring tools:

nfsstat -s
iostat -x 1
iftop

Monitor server statistics, disk I/O, and network utilization to identify bottlenecks.

Monitoring and Management

Server Monitoring

Monitor NFS server performance and activity:

nfsstat -s
watch -n 5 'nfsstat -s'

Track client connections and request statistics for capacity planning.

Log Analysis

Analyze NFS logs for issues and trends:

sudo tail -f /var/log/messages | grep nfs
sudo journalctl -u nfs-server --since "1 hour ago"

Regular log analysis helps identify security threats and performance degradation.

Maintenance Tasks

Perform regular maintenance activities:

# Update exports without restart
sudo exportfs -ra

# Check filesystem integrity
sudo fsck /dev/nfs_vg/nfs_lv

# Monitor disk usage
df -h /srv/nfs/
du -sh /srv/nfs/*

Schedule regular maintenance during low-usage periods.

Advanced Integration Options

Integration with LDAP

Configure NFS with LDAP for centralized user management:

sudo dnf install openldap-clients nss-pam-ldapd -y

Configure LDAP authentication to synchronize user accounts across NFS clients and servers.

Backup Strategies

Implement comprehensive backup solutions for NFS data:

# Snapshot-based backups using LVM
sudo lvcreate -L 5G -s -n nfs_snapshot /dev/nfs_vg/nfs_lv

# rsync-based backups
rsync -av --delete /srv/nfs/ /backup/nfs/

High Availability

Consider clustering solutions for mission-critical deployments:

sudo dnf install pacemaker corosync -y

Configure Pacemaker clustering for automatic failover and load distribution.

Congratulations! You have successfully set up the NFS Server. Thanks for using this tutorial for installing NFS Server on Fedora 42 Linux system. For additional help or useful information, we recommend you check the official NFS Server website.