- 1 Goal
- 2 Required packages
- 3 Setting up the server
- 4 Setting up the client
- 5 Troubleshooting
- 6 Links & References
The goal of this article is to assist in setting up an nfs-server for sharing files over a network.
Note: for NFSv4, see NFSv4
Required packages for both the server and the client are minimal.
You'll only need to install:
- core/rpcbind (or core/portmap which was replaced)
As the packages are in the [core] repository, they will be included by default in new Arch installations.
Setting up the server
You can now edit your configuration and start the daemons. You need to be root to execute the following commands.
This file (/etc/exports) defines the various shares on the nfs server, and their permissions.
A few examples:
/files *(ro,sync) ; Read-only access to anyone /files 192.168.0.100(rw,sync) ; Read-write access to a client on 192.168.0.100 /files 192.168.1.1/24(rw,sync) ; Read-write access to all clients from 192.168.1.1 to 192.168.1.255
If you make changes to /etc/exports after starting the daemons, you can make them effective by issuing the following command:
If you decide to make your NFS share public and writable, you can use the all_squash option in combination with anonuid and the anongid option. For example, to set the privileges for the user nobody in the group nobody, you can do the following:
; Read-write access to a client on 192.168.0.100, with rw access for the user 99 with gid 99 /files 192.168.0.100(rw,sync,all_squash,anonuid=99,anongid=99))
This also means, that if you want write access to this directory, nobody.nobody must be the owner of the share directory:
chown -R nobody.nobody /files
Full details on the exports file are provided by the exports man page.
Note: This file is replaced by "/etc/conf.d/nfs-common" & "/etc/conf.d/nfs-server".
Edit this file to pass appropriate run-time options to nfsd, mountd, statd, and sm-notify. The default Arch NFS init scripts require the --no-notify option for statd, as follows:
Others may be left at the provided defaults, or changed according to your requirements. Please refer to the relevant man pages for full details.
To allow network access to the nfs server you should edit /etc/hosts.allow.
The following example opens these services to anyone:
nfsd: ALL rpcbind: ALL mountd:ALL
This is a very insecure way of allowing host access. To get better control over who is allowed to access the daemons hosts.deny should be everyone, and hosts.allow should specifically allow certain people. In this example, 192.168.0.101 should be the IP address of the person(s) allowed to access it. The numbers after the '/' is not a netmask!
nfsd: 192.168.0.101/255.255.255.255 rpcbind: 192.168.0.101/255.255.255.255 mountd: 192.168.0.101/255.255.255.255
This examples enables access for anyone on that network
nfsd: 192.168.0.0/255.255.255.0 rpcbind: 192.168.0.0/255.255.255.0 mountd: 192.168.0.0/255.255.255.0
For finer control, read the hosts_access(5) man page.
You can now start the server with the following commands:
/etc/rc.d/rpcbind start (or: /etc/rc.d/portmap start) /etc/rc.d/nfs-common start (or: /etc/rc.d/nfslock start) /etc/rc.d/nfs-server start (or: /etc/rc.d/nfsd start)
Please note that they must be started in that order.
To start the server at boot time, add these daemons to the DAEMONS array in /etc/rc.conf.
Setting up the client
Edit this file to pass appropriate run-time options to statd - the remaining options are for server use only. Do NOT use the --no-notify option on the client side, unless you are fully aware of the consequences of doing so.
Please refer to the statd man page for full details.
You'll need to allow rpcbind for the server's ip
Start the portmap and nfslock daemons:
/etc/rc.d/rpcbind start (or: /etc/rc.d/portmap start) /etc/rc.d/nfs-common start (or: /etc/rc.d/nfslock start)
Please note that they must be started in that order OR start only nfs-common, as rpcbind will be started as a dependency.
To start the daemons at boot time, add them to the DAEMONS array in /etc/rc.conf.
Then just mount as normal:
mount server:/files /files
NOTE: Unlike CIFS shares or rsync, NFS exports must be called by the full path on the server. Example: if /home/fred/music is defined in /etc/exports on server ELROND, you must call
mount ELROND:/home/fred/music /mnt/point
instead of just using
mount ELROND:music /mnt/point
or you will get mount.nfs: access denied by server while mounting
Auto-mount on boot
If you want to mount on boot, make sure network, rpcbind (portmap), nfs-common (nfslock) and netfs are in the DAEMONS array in /etc/rc.conf. Make sure the order is this one. It's better not to put any '@' in front of them (although you could safely use @netfs). For instance :
DAEMONS=(... network rpcbind nfs-common @netfs ...)
DAEMONS=(... network portmap nfslock @netfs ...)
Add an appropriate line in /etc/fstab, for example:
server:/files /files nfs defaults 0 0
If you wish to specify a packet size for read and write packets, specify them in your fstab entry. The values listed below are the defaults if none are specified:
server:/files /files nfs rsize=32768,wsize=32768 0 0
Read the nfs man page for further information, including all available mount options.
Unreliable performance, slow data transfer, and/or high load when using NFS and gigabit
This is a result of the default packetsize used by NFS, which causes significant fragmentation on gigabit networks. You can modify this behavior by the rsize and wsize mount parameters. Using rsize=32768,wsize=32768 should suffice. Please note that this problem does not occur on 100Mb networks, due to the lower packet transfer speed.
Note: Default value for NFS4 is 32768. Maximum is 65536. Increase from default in increments of 1024 until maximum transfer rate is achieved.
Portmap daemon fails to start at boot
Make sure you place portmap BEFORE netfs in the daemons array in /etc/rc.conf .
Nfsd fails to start with "nfssvc: No such device"
Make sure the nfs and nfsd modules are loaded in the kernel.
Nfsd seems to work, but I can't connect from MacOS X clients
When trying to connect from a MacOS X client, you'll see that everything is ok at logs, but MacOS X refuses to mount your NFS share. You have to add insecure option to your share and re-run exportfs -r.
Links & References
- See also Avahi, a Zeroconf implementation which allows automatic discovery of NFS shares.
- HOWTO: Diskless network boot NFS root
- Very helpful
- If you are setting up the Archlinux NFS server for use by Windows clients through Microsoft's SFU, you will save a lot of time and hair-scratching by looking at this forum post first !