RHEL7: Provide NFS network shares to specific clients.

Share this link

Note: This is a RHCE 7 exam objective.

In this tutorial, the NFS server is called nfsserver.example.com and the NFS client nfsclient.example.com.

NFS Server Configuration

Install the file-server package group:

# yum groupinstall -y file-server

Add a new service to the firewall:

# firewall-cmd --permanent --add-service=nfs

Reload the firewall configuration:

# firewall-cmd --reload

Activate the NFS services at boot:

# systemctl enable rpcbind nfs-server

Note: The nfs-idmap/nfs-idmapd (changes happened with RHEL 7.1) and nfs-lock services are automatically started by the nfs-server service. nfs-idmap/nfs-idmapd is required by NFSv4 but doesn’t allow you any UID/GID mismatches between clients and server. It is only used when setting ACL by names or to display user/group names.
All permission checks are still done with the UID/GID used by the server (see this thread about nfs-idmap for more details).

Start the NFS services:

# systemctl start rpcbind nfs-server

Note: By default, 8 NFS threads are used (RPCNFSDCOUNT=8 in the /etc/sysconfig/nfs file). This should be increased in a production environment to at least 32 (source: http://initrd.org/wiki/NFS_Setup).

Create directories to export and assign access rights:

# mkdir -p /home/tools
# chmod 0777 /home/tools
# mkdir -p /home/guests
# chmod 0777 /home/guests

Assign the correct SELinux contexts to the new directories:

# yum install -y setroubleshoot-server
# semanage fcontext -a -t public_content_rw_t "/home/tools(/.*)?"
# semanage fcontext -a -t public_content_rw_t "/home/guests(/.*)?"
# restorecon -R /home/tools
# restorecon -R /home/guests

Note: The public_content_rw_t context is not the only available, you can also use the public_content_ro_t (only read-only) or nfs_t (more limited) contexts according to your needs.

Check the SELinux booleans used for NFS:

# semanage boolean -l | egrep "nfs|SELinux"
SELinux boolean                State  Default Description
xen_use_nfs                    (off  ,  off)  Allow xen to use nfs
virt_use_nfs                   (off  ,  off)  Allow virt to use nfs
mpd_use_nfs                    (off  ,  off)  Allow mpd to use nfs
nfsd_anon_write                (off  ,  off)  Allow nfsd to anon write
ksmtuned_use_nfs               (off  ,  off)  Allow ksmtuned to use nfs
git_system_use_nfs             (off  ,  off)  Allow git to system use nfs
virt_sandbox_use_nfs           (off  ,  off)  Allow virt to sandbox use nfs
logrotate_use_nfs              (off  ,  off)  Allow logrotate to use nfs
git_cgi_use_nfs                (off  ,  off)  Allow git to cgi use nfs
cobbler_use_nfs                (off  ,  off)  Allow cobbler to use nfs
httpd_use_nfs                  (off  ,  off)  Allow httpd to use nfs
sge_use_nfs                    (off  ,  off)  Allow sge to use nfs
ftpd_use_nfs                   (off  ,  off)  Allow ftpd to use nfs
sanlock_use_nfs                (off  ,  off)  Allow sanlock to use nfs
samba_share_nfs                (off  ,  off)  Allow samba to share nfs
openshift_use_nfs              (off  ,  off)  Allow openshift to use nfs
polipo_use_nfs                 (off  ,  off)  Allow polipo to use nfs
use_nfs_home_dirs              (off  ,  off)  Allow use to nfs home dirs
nfs_export_all_rw              (on   ,   on)  Allow nfs to export all rw
nfs_export_all_ro              (on   ,   on)  Allow nfs to export all ro

Note1: The State column respectively shows the current boolean configuration and the Default column the permanent boolean configuration.
Note2: Here we are interested in the nfs_export_all_rw, nfs_export_all_ro and potentially use_nfs_home_dirs booleans.
Note3: The nfs_export_all_ro boolean allows files to be shared through NFS in read-only mode but doesn’t restrict them from being used in read-write mode. It’s the role of the nfs_export_all_rw boolean to allow read-write mode.

If necessary, assign the correct setting to the SELinux booleans:

# setsebool -P nfs_export_all_rw on
# setsebool -P nfs_export_all_ro on
# setsebool -P use_nfs_home_dirs on

Edit the /etc/exports file and add the following lines with the name (or IP address) of the client(s):

/home/tools nfsclient.example.com(rw,no_root_squash)
/home/guests nfsclient.example.com(rw,no_root_squash)

Note: Please, don’t put any space before the opening parenthesis, this would completely change the meaning of the line!

Export the directories:

# exportfs -avr
exporting nfsclient.example.com:/home/guests
exporting nfsclient.example.com:/home/tools
# systemctl restart nfs-server

Note: This last command shouldn’t be necessary in the future. But, for the time being, it avoids rebooting.

Check your configuration:

# showmount -e localhost
Export list for localhost:
/home/guests nfsclient.example.com
/home/tools  nfsclient.example.com

NFS Client Configuration

On the client side, the commands are:

# yum install -y nfs-utils
# mount -t nfs nfsserver.example.com:/home/tools /mnt

Additional Resources

The GeekDiary website provides a tutorial about Configuring a NFS server and NFS client.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave a Reply

24 Comments on "RHEL7: Provide NFS network shares to specific clients."

Notify of

Sort by:   newest | oldest
2 years 23 days ago

Following this manual
[root@rhel7-client ~]# mount -t nfs rhel7-server.local:/home/tools /mnt/
[root@rhel7-client ~]# ll /mnt/
total 0
[root@rhel7-client ~]# echo 123 > /mnt/file1
hangs for too long

1 year 7 months ago

be prepared to open 111 udp/tcp and whatever port you assign to Mountd 20048 udp/tcp (as configured in /etc/sysconfig/nfs) as “showmount -e servername” should work by doing “ls /net/servername” if you have automount turned on. Although NFSv4 does not actually require these ports for operation “showmount” does.

1 year 5 months ago

After a little search … grep.. these two services are located in the firewall default xml.

20048 udp/tcp service is know as mountd
111 udp/tcp service is know as rpcbind

firewall-cmd –add-service=mountd –permanent
firewall-cmd –add-service=rpc-bind –permanent

1 year 5 months ago

From the RedHat webpage:

Enable the services at boot time

# systemctl enable nfs-server
# systemctl enable rpcbind
# systemctl enable nfs-lock <– In RHEL7.1 (nfs-utils-1.3.0-8.el7) this does not work (No such file or directory). it does not need to be enabled since rpc-statd.service is static.
# systemctl enable nfs-idmap <– In RHEL7.1 (nfs-utils-1.3.0-8.el7) this does not work (No such file or directory). it does not need to be enabled since nfs-idmapd.service is static.

1 year 4 months ago

two of the commands at the start of the tutorial are broken.

# systemctl enable nfs-server
# systemctl enable nfs-lock

both fail with the mysterious error command. The cause seems to be a change to how links are made in the packages and systemctl doesn’t work with links to files…. at least the short version from Googling. The services do actually start with the start command listed, but it kind of breaks the tutorial. Also, a comment to how we can check the systemctl status for these would be helpful.

Thanks for the great tutorials!!!

1 year 3 months ago

If it takes too long or seems like a hang while creating files or folders in NFS shares then the reason could be the ownership issue. Try changing the ownership of the nfsshare at server to nfsnobody as :
chown -R nfsnobody:nfsnobody /nfsshare
chmod -R g+rxws /nfsshare

Now try creating…

1 year 2 months ago

you have configured to /etc/export for specific clients (“client1”, “client2”), but later in output of “showmount -e localhost” we see asterisks (*). Shouldn’t “client1” and “client2” be there?

1 year 24 days ago


When I tried to start nfs-lock and nfs-idmap services, there are problems.
[root@server1 ~]# systemctl enable nfs-lock
Failed to issue method call: No such file or directory
[root@server1 ~]# systemctl enable nfs-idmap
Failed to issue method call: No such file or directory

But the nfs service was working well.

I don’t know why there is nfs-lock and nfs-idmap services (I cant start/stop) but I can’t enable them.

3 months 20 hours ago

Why did you decide to use no_root_squash option for the /home/guests share? I imagine it should never be accessed by root on client…

2 months 20 days ago

When using automount for ldap user’s home directories, do those home directories need to exist on the servers side before we log into the client as the ldap user? Or will the home directory automatically be created on the nfs share when ldapuser logs on the client side?


RHCSA7: Task of the day

Allowed time: 10 minutes.
Archive and compress the content of the /opt directory (create files if none exists).
Uncompress and unarchive the resulting file in /root

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a NFS server that exports the /opt directory in read-only mode.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...