/etc/exports

The /etc/exports file is a configuration file used by the Network File System (NFS) server on Unix-like operating systems to specify which directories are to be shared (exported) over the network and the access permissions for these directories.

Structure of /etc/exports

Each line in the /etc/exports file specifies a directory to be shared and the options for sharing it. The general syntax is:

directory  client(options) client(options) ...

  • directory: The path to the directory on the NFS server that is to be shared.

  • client: The hostname or IP address of the client that is allowed to access the shared directory.

  • options: A set of options specifying how the directory is shared and what permissions the client has.

Example /etc/exports File

# Share /srv/nfs to a specific client with read-write access
/srv/nfs 192.168.1.100(rw,sync,no_subtree_check)

# Share /home directory to all clients in the 192.168.1.0/24 network with read-only access
/home 192.168.1.0/24(ro,sync,no_subtree_check)

# Share /var/nfs with two specific clients with read-write access and root squashing
/var/nfs 192.168.1.101(rw,sync,no_subtree_check,root_squash) 192.168.1.102(rw,sync,no_subtree_check,root_squash)

Options Explained

  • rw: Allow read and write access to the shared directory.

  • ro: Allow read-only access to the shared directory.

  • sync: Ensure that changes to the shared directory are immediately written to disk.

  • no_subtree_check: Disable subtree checking, which improves performance.

  • root_squash: Map requests from root on the client to an anonymous UID/GID on the server, enhancing security.

  • no_root_squash: Allow root on the client to have root privileges on the server.

  • anonuid: Specify the UID of the anonymous account.

  • anongid: Specify the GID of the anonymous account.

  • all_squash: Map all user and group IDs to the anonymous user.

Managing NFS Exports

After editing /etc/exports, use the following commands to apply changes and manage the NFS server:

Apply Export Changes

Show Current NFS Exports

Start NFS Server

Enable NFS Server at Boot

Restart NFS Server

Setting Up an NFS Server and Client

NFS Server Setup

  1. Install NFS Server Package

    On Debian/Ubuntu:

    On CentOS/RHEL:

  2. Edit /etc/exports

    Add the directories you want to share.

  3. Apply Export Changes

  4. Start and Enable NFS Server

NFS Client Setup

  1. Install NFS Client Package

    On Debian/Ubuntu:

    On CentOS/RHEL:

  2. Create Mount Point

  3. Mount NFS Share

  4. Verify Mount

  5. Automatic Mount at Boot

    Add the following line to /etc/fstab:

Security Considerations

  • Restrict Access: Only allow specific clients or networks to access NFS shares.

  • Use Firewalls: Ensure that only trusted IP addresses can connect to the NFS server.

  • Secure Options: Use root_squash and other secure options to limit potential damage from compromised clients.

  • Network Security: Consider using a VPN or secure network for NFS traffic.

Conclusion

The /etc/exports file is a vital part of configuring an NFS server, allowing administrators to specify which directories are shared and the permissions granted to different clients. Proper management and security considerations are essential to ensure reliable and secure NFS operations.

Previous/etc/dovecotNext/etc/fstab

Last updated