Red Hat Enterprise Linux

NFS & Automounter

Accessing Network-Attached Storage

CIS238RH | RHEL System Administration 2
Mesa Community College

Learning Objectives

Understand NFS concepts

How NFS works, exports, clients, and versions

Mount NFS shares manually

Use mount command and /etc/fstab for persistent mounts

Configure the automounter (autofs)

Set up on-demand mounting with master and map files

Troubleshoot NFS access issues

Diagnose connectivity, permissions, and mount problems

What is NFS?

Network File System (NFS) is a distributed filesystem protocol that allows clients to access files over a network as if they were on local storage. Developed by Sun Microsystems, it is the standard for Unix/Linux file sharing.

NFS Server
Exports /shared

↔

Network
Port 2049 TCP

↔

NFS Client
Mounts to /mnt/data

Server (Exports)

Shares directories for remote access. Controls who can connect and what permissions they have.

Client (Mounts)

Connects to server exports and mounts them locally. Users access files transparently.

NFS Versions

Version	Key Features	Status
NFSv3	Stateless, UDP/TCP, widely compatible, multiple ports	Legacy, still supported
NFSv4	Stateful, TCP only, single port 2049, built-in security	Current RHEL default
NFSv4.1	Parallel NFS (pNFS), session trunking	Supported, enterprise
NFSv4.2	Server-side copy, sparse files, space reservation	Latest, RHEL 8/9 default

# Check NFS version of a mounted share
[student@client ~]$ nfsstat -m
/mnt/data from server:/export
 Flags: rw,relatime,vers=4.2,rsize=1048576,wsize=1048576...

# Force specific version when mounting
[root@client ~]# mount -t nfs -o vers=4.2 server:/export /mnt/data
[root@client ~]# mount -t nfs -o nfsvers=3 server:/export /mnt/legacy

RHEL default: NFSv4.2 uses only TCP port 2049, dramatically simplifying firewall rules compared to NFSv3 (which needed portmapper and multiple dynamic ports).

Discovering Exports

# Install NFS client tools if not present
[root@client ~]# dnf install nfs-utils

# List exports available from an NFS server
[root@client ~]# showmount -e nfsserver.example.com
Export list for nfsserver.example.com:
/export/data    192.168.1.0/24
/export/home    *.example.com
/export/public  *

# Show clients currently mounting from a server
[root@client ~]# showmount -a nfsserver.example.com
All mount points on nfsserver.example.com:
192.168.1.100:/export/data
192.168.1.101:/export/home

# NFSv4: browse root export to discover shares
[root@client ~]# mount -t nfs server:/ /mnt/tmp && ls /mnt/tmp

NFSv4 note: showmount uses the NFSv3 protocol. Pure NFSv4 servers may not respond to showmount. In that case, mount the server root export (server:/) and browse its directories.

Manual Mounting

mount -t nfs [options] server:/export /mountpoint

# Create mount point and mount an NFS export
[root@client ~]# mkdir -p /mnt/data
[root@client ~]# mount -t nfs server:/export/data /mnt/data

# Verify the mount
[student@client ~]$ mount | grep nfs
server:/export/data on /mnt/data type nfs4 (rw,relatime,vers=4.2...)

[student@client ~]$ df -h /mnt/data
Filesystem           Size  Used Avail Use% Mounted on
server:/export/data   50G   10G   40G  20% /mnt/data

# Access files — transparent to applications
[student@client ~]$ ls /mnt/data
file1.txt  file2.txt  project/

Temporary: Manual mounts are lost on reboot or when unmounted. Use /etc/fstab for persistent mounts that survive reboots.

NFS Mount Options

# Read-only mount
[root@client ~]# mount -t nfs -o ro server:/export /mnt/readonly

# Soft mount — returns error after timeout if server unavailable
[root@client ~]# mount -t nfs -o soft,timeo=30 server:/export /mnt/data

# Background retry if initial mount fails (important for fstab)
[root@client ~]# mount -t nfs -o bg server:/export /mnt/data

# Combined: read-write, specific version, soft with timeout
[root@client ~]# mount -t nfs -o rw,vers=4.2,soft,timeo=30 server:/export /mnt/data

Option	Description
`rw` / `ro`	Read-write or read-only access
`hard` (default)	Keep retrying forever if server down — processes hang
`soft`	Return I/O error after timeout — processes get an error
`bg`	Background retry if initial mount fails — prevents boot hang
`timeo=N`	Timeout in tenths of seconds for soft mounts
`vers=N`	Force NFS version (3, 4, 4.1, 4.2)
`sec=MODE`	Security: sys (default), krb5, krb5i, krb5p

Persistent Mounts: /etc/fstab

# /etc/fstab format:
# device                mountpoint    type  options          dump pass

# Basic NFS mount — always use 0 0 for dump/pass with NFS
server:/export/data     /mnt/data     nfs   defaults         0    0

# Recommended options — bg prevents boot hang if server unavailable
server:/export/data     /mnt/data     nfs   rw,bg,soft       0    0

# Read-only documentation share
server:/export/docs     /mnt/docs     nfs   ro,bg            0    0

# Home directories with specific version
nfs.example.com:/home   /home         nfs   rw,bg,vers=4.2   0    0

# Test fstab entry without rebooting
[root@client ~]# mount /mnt/data       # Mount just this entry
[root@client ~]# mount -a              # Mount ALL fstab entries

Always test! After editing fstab, run mount -a to verify all entries work. A bad fstab entry can prevent the system from booting — it may drop to emergency mode.

Unmounting NFS

# Standard unmount
[root@client ~]# umount /mnt/data

# If busy — find what is using the mount
[root@client ~]# umount /mnt/data
umount: /mnt/data: target is busy.

[root@client ~]# fuser -mv /mnt/data
                     USER        PID ACCESS COMMAND
/mnt/data:           root     kernel mount /mnt/data
                     alice      1234 ..c.. bash
                     alice      1235 ..c.. vim

# Option 1: Close applications listed by fuser, change out of directory

# Option 2: Lazy unmount — detach now, clean up when last user closes
[root@client ~]# umount -l /mnt/data

# Option 3: Force unmount — may cause data loss!
[root@client ~]# umount -f /mnt/data

Caution: Force unmount (-f) can cause data loss if there are pending writes. Use only when the server is unreachable and lazy unmount is not sufficient.

The Automounter (autofs)

autofs mounts NFS shares on-demand when accessed and unmounts them automatically after a period of inactivity (default 5 minutes). The system boots successfully even if NFS servers are unavailable.

fstab / Manual Mounts

Always connected — uses resources continuously
Boot can hang if server unavailable
Good for always-needed storage

Automounter (autofs)

Mounts only on access — conserves resources
Boot succeeds without NFS servers
Ideal for home dirs and optional shares

# Install and enable autofs
[root@client ~]# dnf install autofs
[root@client ~]# systemctl enable --now autofs

Autofs Architecture

/etc/auto.master
Master map

→

/etc/auto.misc
Map file

→

Mount on access
Unmount on idle

# Master map: /etc/auto.master (or /etc/auto.master.d/*.autofs)
# Format: mountpoint    map-file    [options]
/misc    /etc/auto.misc
/home    /etc/auto.home

# Map file: /etc/auto.misc
# Format: key    [options]    server:/export
data     -rw,soft    server:/export/data
docs     -ro         server:/export/docs

How it works: Accessing /misc/data triggers autofs → looks up /misc in master map → finds /etc/auto.misc → looks up data → mounts server:/export/data to /misc/data on demand.

Direct vs Indirect Maps

Indirect Maps — most common

Mount point = base directory + key

# auto.master
/data   /etc/auto.data

# auto.data
projects  server:/export/proj
archive   server:/export/archive

# Result: /data/projects, /data/archive

Direct Maps — specific paths

Mount point = full absolute path (key)

# auto.master
/-      /etc/auto.direct

# auto.direct (full paths)
/mnt/data     server:/export/data
/opt/shared   server:/export/shared

# Result: /mnt/data, /opt/shared

When to use: Indirect maps for organizing related mounts under one directory (home dirs, project shares). Direct maps when applications expect specific paths you can't reorganize (e.g., /mnt/data, /opt/shared).

Configuring Indirect Maps

# Step 1: Create master map entry (preferred: use auto.master.d/)
[root@client ~]# vi /etc/auto.master.d/shares.autofs
/shares    /etc/auto.shares

# Step 2: Create the map file
[root@client ~]# vi /etc/auto.shares
data       -rw,soft,timeo=30    nfsserver:/export/data
documents  -ro                   nfsserver:/export/docs
projects   -rw                   nfsserver:/export/projects

# Step 3: Reload autofs to pick up changes
[root@client ~]# systemctl reload autofs

# Step 4: Test — just access the directory
[student@client ~]$ ls /shares/data
file1.txt  file2.txt  subdir/

# Confirm it mounted
[student@client ~]$ mount | grep shares
nfsserver:/export/data on /shares/data type nfs4 (rw,relatime,...)

No pre-creation needed: autofs creates /shares/data on first access and removes it after the idle timeout (default 5 minutes). Just access the path.

Configuring Direct Maps

# Step 1: Create direct map entry in master map
[root@client ~]# vi /etc/auto.master.d/direct.autofs
/-    /etc/auto.direct

# Step 2: Create map file with full absolute paths as keys
[root@client ~]# vi /etc/auto.direct
/mnt/nfsdata       -rw,soft    nfsserver:/export/data
/opt/shared        -ro         nfsserver:/export/shared
/var/log/remote    -ro         logserver:/logs

# Step 3: Create the mount point directories (REQUIRED for direct maps)
[root@client ~]# mkdir -p /mnt/nfsdata /opt/shared /var/log/remote

# Step 4: Reload autofs
[root@client ~]# systemctl reload autofs

# Step 5: Test access
[student@client ~]$ ls /mnt/nfsdata

Key difference: Direct map mount point directories must exist before autofs is loaded. Unlike indirect maps, autofs does not create them automatically.

Automounting Home Directories

# Master map entry for home directories
[root@client ~]# vi /etc/auto.master.d/home.autofs
/home    /etc/auto.home

# Map file using wildcard — one line handles all users
[root@client ~]# vi /etc/auto.home
*    -rw    nfsserver:/home/&

# The * matches any username (key)
# The & substitutes the matched value (alice, bob, etc.)
# /home/alice -> nfsserver:/home/alice
# /home/bob   -> nfsserver:/home/bob

# Reload and test
[root@client ~]# systemctl reload autofs
[root@client ~]# su - alice
[alice@client ~]$ pwd
/home/alice

Wildcard power: * matches any key (username). & substitutes the matched value in the server path. One configuration line handles unlimited users automatically.

Autofs Options

# Adjust global timeout in /etc/autofs.conf
[root@client ~]# vi /etc/autofs.conf
timeout = 600    # 10 minutes (default: 300)

# Per-mount timeout in map file
data    -rw,soft,--timeout=120    server:/export/data

# Browse mode — create ghost dirs so ls shows available mounts
# In /etc/auto.master.d/shares.autofs:
/shares    /etc/auto.shares    --browse

# With browse mode, ls shows entries without mounting them
[student@client ~]$ ls /shares
data  documents  projects

# Verify configured maps
[root@client ~]# automount -m
autofs dump map information
/shares:
  data | -rw,soft | nfsserver:/export/data

Browse mode: Without --browse, ls /shares shows nothing — entries only appear when accessed. With browse mode, ghost directories are created so users can discover available mounts with tab completion.

Troubleshooting NFS

# Step 1: Verify basic connectivity
[student@client ~]$ ping nfsserver
[root@client ~]# showmount -e nfsserver    # Can we see exports?

# Step 2: Check NFS client services
[root@client ~]# systemctl status nfs-client.target

# Step 3: Test manual mount — if this fails, fix it before blaming autofs
[root@client ~]# mount -t nfs -v nfsserver:/export/data /mnt/test

# Step 4: Check firewall (NFSv4 needs TCP 2049)
[root@client ~]# firewall-cmd --list-all    # Server: allow 2049/tcp inbound

# Step 5: Check RPC services on the server
[root@client ~]# rpcinfo -p nfsserver

# Step 6: Check SELinux denials
[root@client ~]# ausearch -m avc -ts recent | grep nfs

Systematic approach: connectivity → services → manual mount → firewall → RPC → SELinux. Fix the lowest layer first. If manual mount fails, autofs will also fail.

Troubleshooting Autofs

# Check autofs service status
[root@client ~]# systemctl status autofs

# View autofs logs
[root@client ~]# journalctl -u autofs

# Enable verbose logging for detailed diagnostics
[root@client ~]# vi /etc/sysconfig/autofs
LOGGING="verbose"
[root@client ~]# systemctl restart autofs

# Verify parsed map configuration — catches typos
[root@client ~]# automount -m

# Remember: always reload after ANY config change
[root@client ~]# systemctl reload autofs

# Force unmount all autofs mounts (for testing)
[root@client ~]# automount -f

Common mistakes: Typos in map file syntax (missing dash before options), forgetting to reload after config changes, not creating directories for direct maps, and underlying NFS issue mistakenly blamed on autofs.

NFS Security

# Server-side export options in /etc/exports
/export/data    192.168.1.0/24(rw,sync,root_squash)
/export/public  *(ro,all_squash)

# root_squash (DEFAULT): remote root mapped to nobody
# no_root_squash: remote root stays root (DANGEROUS)
# all_squash: ALL remote users mapped to nobody

# Client: mount with Kerberos security
[root@client ~]# mount -t nfs -o sec=krb5p server:/export /mnt/secure

sec= option	Authentication	Integrity	Encryption
`sec=sys`	Unix UID/GID (default)	No	No
`sec=krb5`	Kerberos	No	No
`sec=krb5i`	Kerberos	Yes	No
`sec=krb5p`	Kerberos	Yes	Yes

Never use no_root_squash in production. Without root squash, any root user on a trusted client has root access to NFS server files — a major security vulnerability.

Best Practices

Do

Use autofs for home dirs and optional shares
Use fstab with bg for always-needed mounts
Test fstab entries with mount -a before reboot
Use NFSv4 unless legacy compatibility required
Verify exports with showmount before mounting
Use soft mounts for non-critical data
Reload autofs after every config change

Do Not

Use hard mounts without bg in fstab
Skip testing after configuration changes
Use no_root_squash in production
Mix autofs and manual management on same path
Force unmount unless absolutely necessary
Ignore timeout tuning for your workload
Assume NFS works without testing connectivity

Rule of thumb: Use autofs for user-facing shares (home dirs, project folders). Use fstab for system-level storage that applications depend on.

Key Takeaways

NFS Basics: Server exports directories, client mounts them. Use showmount -e to discover exports. NFSv4.2 is the RHEL default — one port (2049), simpler firewalls.

Manual Mounting: mount -t nfs server:/export /mnt. Use /etc/fstab with bg option for persistent mounts. Always test with mount -a before rebooting.

Automounter: Configure in /etc/auto.master.d/ and map files. Use wildcards (* and &) for home directories. Reload with systemctl reload autofs after changes.

Troubleshooting: Test NFS manually first. Check connectivity, firewall port 2049, and autofs logs. Always reload autofs after configuration changes.

Graded Lab

Mount an NFS share manually and verify access with mount and df -h
Add a persistent NFS mount to /etc/fstab with bg and soft options; test with mount -a
Configure autofs indirect map for shared directories under /shares
Set up autofs wildcard map for home directories using * and &
Configure a direct map for a specific path
Troubleshoot a failing NFS mount — check connectivity, exports, and autofs logs

Next: Installing Red Hat Enterprise Linux