If you need to share files on your home network,
setting up an NFS server using
a Raspberry Pi and an external hard drive
or SSD is a quick and easy way to do
just that.
If you've been following my Kubernetes on
Raspberry Pi series, the
server setup we will create in this video
can act as your persistent storage
provider as well.
Let's build it!
To follow along with this video, you will
need a RaspberryPi with Raspbian
installed and the Pi set to a static IP.
You will also need an external hard
drive or SSD with a USB interface.
For performance reasons, I suggest using a
Raspberry Pi 4 and a drive with USB 3.1.
Also, the drive used in this video is
formatted with the `ext4` file system.
You are free to use other file systems if
you prefer.
Just be aware you may have to change some
file system options at
various points in the video if you do.
Links are provided in the description to my
other videos that show you how to
install Raspbian and format a hard drive if
you are not familiar with those
operations.
With those materials gathered, let's get started.
First, we shell in to
the Pi with `ssh`.
My Pi's static IP is `192.168.0.3` so that's
the IP I'll be
using in the video.
We need to make a directory to mount the drive
on.
Let's use `/opt/nfs`.
Next we want to drive to be automatically
mounted when the Pi boots.
So we need
to add it's information to `/etc/fstab`.
Let's get it's partition identifier.
Copy the `PARTUUID`.
Now edit `/etc/fstab` and add in a line to
mount the drive.
Save and quit.
We could reboot and the drive would be mounted,
but we can also mount manually
just this once.
Let's do that to save a bit of time.
Ok.
Looks good.
Let's install the NFS server.
Easy enough.
Now we need some things to export.
Let's make a few sample export directories
and files.
Ok, now we need to tell NFS that we want these
directories exported.
We do that
by putting entries in `/etc/exports`.
The asterisk means that we want to export
the `everyone` directory to, well,
everyone.
The `rw` flag means we want the export to
be readable and writable.
We could have used `ro` to make it read only.
The `sync` and `no_subtree_check`
flags are defaults, but at some point NFS
switched the default values for these
flags, so it'll will gripe at us if we don't
specify them.
Let's add one more export.
By specifying the host address for this export,
we are limiting access through
NFS to a particular host.
We could also have used host names and/or
CIDR
notation to limit access to a particular network
or network subsection.
If you
are interested in the types of restrictions,
run `man exports` on your NFS
server Pi.
Ok, let's save and quit.
Now we need to tell NFS that we've changed
the exports file and that it needs to
re-evaluate what it's exporting.
That's all there is to it!
Let's switch back to our PC and test the exports.
In order to mount NFS file systems (at least
on Ubuntu-based systems) you need
to install the `nfs-common` package.
Without it, you'll get an error suggesting
that you need a helper program when you try
to mount.
With that installed, we can temporarily mount
the `everyone` export.
We can now see the files from the export!
We mounted the directory read/write, so let's
try to write a file.
Hmm, that didn't work.
So what's going on here?
This is where things get a
little complicated.
By default, the NFS permissions are the standard
Linux file
access permission that limit access by user
and group ids.
So, in order to
allow a write, the directory on the NFS server
has to be writable by the user ID
from the client.
In other words, users and groups between the
server and client
must match.
So what can we do?
Well, one option is to just make the directory
on the NFS
server world writable with something like
`chmod 777`.
That would work.
If that
trips your internal security senses, if you
are managing mostly single user
systems, we can take advantage of the fact
that many distributions start user
IDs off at 1000.
Notice that the pi user's id is 1000.
On my computer, my carpie id is 1000 as
well.
This is because pi and carpie are the first
end user ids created and both
Raspbian and Ubuntu start users at 1000.
So, we can just make the `everyone`
directory owned by the `pi` user on the server.
Now we can write.
If you are managing multiple users, you have
a couple of options.
The world
writable thing is an option.
Also, you could create a group on the NFS
server
and on each client machine with the same id.
You would then set the directory
you wanted writeable to be group writeable
and owned by the new group.
On the
client machines, you'd create the same group,
with the same id, and add any
users with access to the group.
That would work too.
If you wanted to get real
fancy, you could make the server use something
like LDAP to manage users.
I'm
going to leave those options as exercises
to the viewers.
Ok, that's the unrestricted export.
Let's unmount that and then try the restricted
one.
Good.
It was restricted to an IP that is not my
IP so it won't let me mount it.
Let's update the export to use my IP.
And now try that again.
Cool, now I have access, so the restrictions
are working.
So that's how we can mount the export temporarily.
What if we want it mounted
all the time.
We just need to put an entry in `/etc/fstab`
for that case.
So we mount the everyone export on `/srv`
this time, just to change things up.
You can mount on almost and directory you
want.
We use type `nfs`...
We want to mount read/write, we specify `user`
so that a normal non-root user
can mount or unmount the share.
And we'll specify `soft` so that our
connections don't hang if the server crashes
or we lose connection.
Finally we
don't want to dump the file system and we
don't need `fsck` to check it, so we
use 0 and 0 for the final two parameters.
Ok, save and exit.
Now we can mount as a normal user just by
saying `mount /srv`.
Also, the share
will be mounted automatically when we reboot.
If we wanted the easy `mount /srv` mounting
but didn't want to mount
automatically on boot, we could add the `noauto`
option in the `fstab` line.
If
you want to know more about the available
options, try running `man nfs`.
There we go!
We have a working NFS server.
That's all for this video.
Thanks
for watching!
