NFS stands for Network File System and is a easy way to share files across Linux systems. However the downside of NFS file sharing is that shared folder can’t be protected with a password. But you can limit access to particular IP addresses.

The Fedora Linux system comes up with NFS utilities by default. Otherwise you can install them using “yum” as shown below:

[root@techpulp ~]# yum install -y nfs-utils rpcbind

You can enable the NFS service to start at boot time using the following commands. The “rpcbind” service also needs to be enabled as NFS internally using RPC service. But if you are trying on RedHat9, you won’t find “rpcbind” service and enabling NFS service is good enough.

[root@techpulp ~]# chkconfig --level=35 rpcbind on
[root@techpulp ~]# chkconfig --level=35 nfs on

To export a directory using NFS, you need to place an entry in “/etc/exports” file. For example, adding the following line in /etc/exports file exports a directory named “/mypub” with read-only mode.

/mypub            *(ro,sync)

The “*” in the above line indicates that anybody can access this directory. You can limit access to a specific client by replacing “*” with IP address of the client system as shown below. The following entry allows access to the client system with IP address 192.168.1.1.

/mypub             192.168.1.1(ro,sync)

You can replace “ro” with “rw” if you want to client to have write access to this directory.

On the client system, you can mount the NFS directory using “mount” command. Assuming that the IP address of NFS server is 192.168.8.8, the following command run in the client system mounts the NFS exported volume in “/myimport” directory.

[root@client ~]# mount 192.168.8.8:/mypub /myimport -t nfs

This example explains basic usage of “/etc/exports” file on NFS server. However you can use “man exports” to find more options that can be used while exporting a NFS volume. Such options include allowing access to single NFS exported volume to multiple clients with different access permissions, allowing access to IP subnets, allowing access based on fully qualified domain names etc.

/               master(rw) trusty(rw,no_root_squash)
/projects       proj*.local.domain(rw)
/usr            *.local.domain(ro) @trusted(rw)
/home/neo       neo.techpulp.com(rw,all_squash,anonuid=500,anongid=500)
/pub            (ro,insecure,all_squash)
/srv/www        -sync,rw server @trusted @external(ro)