Server OS: Ubuntu 16.04.3

NFS can be a bit quirky, but I needed to use it recently in a local development environment. I ran into a few issues connecting from MacOS that I do not usually with Linux-only client/server connections.

NFSv4 permissions are based on your user's UID and GID, something that will likely differ between your MacOS user and Linux user. This will result in you being able to connect, but not modify or write any files. Therefore, you will need to set up NFS to alias your MacOS user to your Linux user.

Before performing these steps, please read and note the warnings. Ensure you are as secure as possible.

Also, make sure you need NFS. For regular file sharing and access, SMB will be a much better solution.

Linux NFS Server

First, let's get the UID for your current user on the server (the user exporting the NFS share):

id -u $USER

Then get the GID for that user:

id -g $USER

Remember these for later use in our export configuration.

Then, let's install the NFS server on your linux host:

sudo apt-get install nfs-kernel-server

Now we need to tell the server what directory we want to export and what settings to use. To do this edit your exports file:

sudo vim /etc/exports

You'll see some example exports in the file, but we'll write a new one:

/local/directory/to/export *(rw,sync,all_squash,anonuid=1000,anongid=1000)

Be sure to change the path to your local path and anonuid/anongid to the values you observed earlier.

READ THIS: Few things to note:

  1. The * is a wildcard that will allow incoming NFS connections from any source. This is a security issue, so you really should substitue for a static IP if at all possible.
  2. rw: read/write. If you only need read, substitute with ro
  3. sync: Reply to requests only after the changes have been committed to stable storage.
  4. all_squash: Since NFS operates on a shared-user permissions system, we need the connecting user to have the same UID and GID as the local user. By default, we won't have that when connecting with a MacOS user. There are a couple options, but we will squash (or force) the connected client's UID and GID to an anonymous user.
  5. anonuid and anongid: Tell NFS to set the anonymous user's UID and GID to the UID/GID of your $USER account.

Again, be warned that these settings allow any account to read/write to the NFS share from any client. This essentially allows full access to the shared files to anyone who can connect. Lock this down as much as you can and minimize your attack surface.

If you are concerned about this method, consider setting up a user account on the server with the correct UID/GID for your client user.

You can now start NFS service:

sudo systemctl start nfs-kernel-server.service

If you make any changes to /etc/exports, be sure to restart the NFS service:

sudo systemctl restart nfs-kernel-server.service

MacOS NFS Client

I have had little luck connecting through the Finder and mount my NFS share through the command line.

First, we need an empty directory we can use as a mount point. I put mine inside my home directory in a parent called Shares.

mkdir -p ~/Shares/mountname

Then we can mount our NFS share to that directory:

sudo mount -t nfs -o resvport serveraddress:/exported/directory/on/server ~/Shares/mountname

I have found that I need to use -o resvport on MacOS 10.13 or I get an Operation not permitted. resvport tells the client to use a privileged port (< 1024) because the Linux server requires it by default. AFAIK, the Linux NFS client does not require this setting as it uses a privileged port by default.