NFS is a great way to share files across a computer network. If you have a Ubuntu 18.04 server and want to share files to Windows 10 Pro or Enterprise clients (or Linux based clients), you've come to the right place.
Some time ago, I bought a Synology NAS because Synology has a nice app that can automate backups of local directories on my Windows computers to my Synology NAS. It gave me peace of mind with regard to backups, but it didn't solve another need that soon emerged: sharing some of these folders with other members of the household. I tried to use the built-in Synology NFS. It worked, but was painfully slow on my low-end, underpowered Synology with spindle drives. So I decided to set up my household i7 server with M2 disks instead. This is the short and sweet story of how I replaced my Synology and created shared folders for my household.
Set up the server (Ubuntu 18.04)
First, install the NFS server:
sudo apt-get install nfs-kernel-server
Now, prepare an NFS-share. I bind-mounted an existing directory on my Linux server to a short and sweet directory under /mnt, just to make the share-name shorter on the Windows client.
Create the mount point:
Then edit fstab and bind-mounted the directory with the actual files to my easy to remember and recognize share:
sudo vi /etc/fstab /deep/down/directory/with/files/to/share /mnt/myshare none defaults,bind 0 0 mount /mnt/myshare ls -la /mnt/myshare
Now, /mnt/myshare should have the contents of the deep down directory with files to share, and you are ready to share this directory from your NFS server.
To enable sharing, just edit the exports file and restart the service, like this:
sudo vi /etc/exports /mnt/myshare 192.168.100.0/24(rw,no_subtree_check) 192.168.1.25(rw,no_subtree_check) sudo service nfs-kernel-server restart
This will allow any client on the 192.168.100.0/24 network plus the single IP 192.168.1.25 to connect. You must make sure you trust the range and the IPs you allow to access your share. By defult, if the client says he's root, he's re-mapped to "nobody". If the client says he's a valid user, NFS will accept that in the current configuration. You can ovverride that and force a uid + gid if you want to.
My server lives in a secured VLAN with a dedicated external firewall granting client access. If you want to secure the server and tighten your firewall, take a look at this page.
In short, I allow traffic to my NFS server from trusted networks on TCP and UDP on the following ports:
Port 111 and 2049 are fixed. In order to fix the higher ports I changed / appended to the following files on my NFS host server:
# /etc/default/nfs-common (change) STATDOPTS="--port 32765 --outgoing-port 32766" # /etc/default/nfs-kernel-server (change) RPCMOUNTDOPTS="-p 32767" # /etc/default/quota (change) RPCRQUOTADOPTS="-p 32769" # /etc/services (append - optional) # NFS ports as per the NFS-HOWTO # http://www.tldp.org/HOWTO/NFS-HOWTO/security.html#FIREWALLS # Listing here does not mean they will bind to these ports. rpc.nfsd 2049/tcp # RPC nfsd rpc.nfsd 2049/udp # RPC nfsd rpc.nfs-cb 32764/tcp # RPC nfs callback rpc.nfs-cb 32764/udp # RPC nfs callback rpc.statd-bc 32765/tcp # RPC statd broadcast rpc.statd-bc 32765/udp # RPC statd broadcast rpc.statd 32766/tcp # RPC statd listen rpc.statd 32766/udp # RPC statd listen rpc.mountd 32767/tcp # RPC mountd rpc.mountd 32767/udp # RPC mountd rpc.lockd 32768/tcp # RPC lockd/nlockmgr rpc.lockd 32768/udp # RPC lockd/nlockmgr rpc.quotad 32769/tcp # RPC quotad rpc.quotad 32769/udp # RPC quotad
Then create the follwoing file with content:
sudo vi /etc/modprobe.d/local.conf # /etc/modprobe.d/local.conf options lockd nlm_udpport=32768 nlm_tcpport=32768 options nfs callback_tcpport=32764
Reload the system with new ports:
sysctl --system sudo service nfs-kernel-server restart
Set up the client (Windows 10 Pro/Enterprise)
Setting up the client is key to make this work. Remember, you can set up several clients towards the same share! If you have Windows 10 Home Edition, you're out of luck, though. It doesn't ship with the NFS client.
To set up the client:
Now, you need to tweak the client a bit for it to work correctly.
The first thing is to alter the UID and GID you connect to the share with. If you are allowed to connect to an NFS share, NFS also believes you are who you say you are(!). I chose to use the UID and GID of the owner of the files in the /mnt/myshare folder.
The second thing is to change the default permissions set on files created by the Windows client.
To see the client defaults and what other options you can configure, type the following command:
You can also stop and start the NFS client (but your mileage may vary):
To be completely safe, restart your computer for the changes to take effect.
Now, its' time to connect to your share:
And you're set!