Solaris · NFS

Solaris · Lesson 22

NFS

NFS lets you share files and directories over the network so that remote systems can access them as if they were local. In Solaris, NFS is tightly integrated with SMF and IPS, making it easy to set up reliable file sharing between Unix systems.

NFS overview – server, client and exports

NFS (Network File System) allows one Solaris system to act as an NFS server and share directories, while other systems act as NFS clients and mount those shared directories over the network.

NFS Server

Exports directories to the network using dfstab/SMF and provides file data to clients.

NFS Client

Mounts exported directories and accesses them as if they were local filesystems.

Exports

Shared directories controlled by share/dfstab with options like rw, ro, root, anon and client lists.

Sharing to specific clients with custom permissions

NFS exports in Solaris support fine-grained access control. You can specify:

Common share options

  • rw → read/write access for allowed clients
  • ro → read-only access
  • rw=host1 → only host1 has rw (others denied unless explicitly listed)
  • ro=host2 → host2 read-only
  • root=host3 → allow root access from host3 (no root-squash)
  • anon=uid → map anonymous users to UID (0 = root, often unsafe)

Example usage

  • share -F nfs -o rw=10.0.0.10 /export/projects
  • share -F nfs -o ro=10.0.0.20 /export/reports
  • share -F nfs -o rw=10.0.0.10,ro=10.0.0.20,root=adminhost /export/projects

Step-by-step: NFS server and client in Solaris

Walk through these examples in your lab environment using two VMs: one as server and one as client.

1. Check and install NFS packages (server & client)

Most Solaris 11 systems already have NFS, but you can verify and install using IPS.

terminal — nfs
solaris-lab
[root@localhost:~]# pkg list nfs
NAME (PUBLISHER) VERSION IFO
service/network/nfs 0.5.11-0.175.3.0.0.30.0 i--
 
# If not installed:
[root@localhost:~]# pkg install pkg://solaris/service/network/nfs

2. Enable and start NFS server service (SMF)

Use svcadm to enable NFS server and svcs to verify it is online.

terminal — nfs
solaris-lab
[root@localhost:~]# svcadm enable svc:/network/nfs/server
 
# Start/restart immediately:
[root@localhost:~]# svcadm restart svc:/network/nfs/server
 
# Verify status:
[root@localhost:~]# svcs svc:/network/nfs/server
STATE STIME FMRI
online 10:21:03 svc:/network/nfs/server:default

3. Configure a basic NFS share in /etc/dfs/dfstab

dfstab defines which directories are exported. shareall reads this file and activates exports.

terminal — nfs
solaris-lab
[root@localhost:~]# vi /etc/dfs/dfstab
 
# Example line inside dfstab:
share -F nfs -o rw,anon=0 /export/home
 
# Meaning:
# -F nfs → NFS share
# -o rw → read/write for allowed clients
# anon=0 → map anonymous users to root (lab only, not recommended in prod)
# /export/home → directory to export
 
# Apply all shares from dfstab:
[root@localhost:~]# shareall
 
# See active shares:
[root@localhost:~]# share
- /export/home rw "NFS export of home"

4. Share directory with specific clients and permissions

Use rw= / ro= / root= to control which clients and hosts get which access level.

terminal — nfs
solaris-lab
[root@localhost:~]# vi /etc/dfs/dfstab
 
# Example: project share with different access per client
share -F nfs -o rw=10.0.0.10,ro=10.0.0.20,root=adminhost /export/projects
 
# Explanation:
# rw=10.0.0.10 → client 10.0.0.10 has read/write access
# ro=10.0.0.20 → client 10.0.0.20 is read-only
# root=adminhost → root user from 'adminhost' is not squashed
# (other clients are denied by default)
 
[root@localhost:~]# shareall
[root@localhost:~]# share
- /export/projects rw=10.0.0.10,ro=10.0.0.20,root=adminhost

5. Firewall ports needed for NFS (conceptual)

On systems with firewall/pf configured, make sure NFS-related ports are allowed.

terminal — nfs
solaris-lab
# Typical ports (varies by version/config):
# 2049/tcp,udp → NFS
# 111/tcp,udp → rpcbind
# 20048/tcp,udp → mountd (in some configurations)
 
# On Solaris 11 with IPF or ipfilter/pf, adjust rules accordingly.
# This is environment-specific, so follow local security policy.

6. Mount NFS share on client temporarily

Mount the exported directory on a local mountpoint. Great for testing.

terminal — nfs
solaris-lab
# On NFS client:
[root@client:~]# mkdir -p /mnt/nfs_home
 
[root@client:~]# mount -F nfs 192.168.1.10:/export/home /mnt/nfs_home
 
# Verify:
[root@client:~]# mount
...
192.168.1.10:/export/home on /mnt/nfs_home remote/read-write/setuid/devices/rstchown/xattr/dev=2560002 on Fri Jan 10 11:05:43 2025

7. Automount NFS share using /etc/vfstab

Add an entry so the share mounts automatically at boot on the client.

terminal — nfs
solaris-lab
# On NFS client:
[root@client:~]# vi /etc/vfstab
 
# Example line:
192.168.1.10:/export/home - /mnt/nfs_home nfs - yes rw
 
# Fields:
# server:/path - mountpoint fstype - mount-at-boot mount-options
 
# After saving, either reboot or run:
[root@client:~]# mount /mnt/nfs_home

8. Verify exports from server and mounts from client

Use share/showmount on server, mount on client to confirm configuration.

terminal — nfs
solaris-lab
# On NFS server:
[root@server:~]# share
- /export/home rw "Home export"
- /export/projects rw=10.0.0.10,ro=10.0.0.20,root=adminhost
 
[root@server:~]# showmount -e
export list for server:
/export/home (everyone)
/export/projects 10.0.0.10,10.0.0.20
 
# On NFS client:
[root@client:~]# mount | grep nfs
192.168.1.10:/export/home on /mnt/nfs_home ...

9. Unmount NFS share on client

Always unmount cleanly before removing vfstab entries or shutting down server for maintenance.

terminal — nfs
solaris-lab
[root@client:~]# umount /mnt/nfs_home

10. Troubleshooting common NFS issues

Use svcs, showmount, logs and ping to diagnose most problems.

terminal — nfs
solaris-lab
# 1) Check NFS server service:
[root@server:~]# svcs svc:/network/nfs/server
STATE STIME FMRI
online 10:21:03 svc:/network/nfs/server:default
 
# 2) Check exports:
[root@server:~]# share
[root@server:~]# showmount -e
 
# 3) On client – test ping:
[root@client:~]# ping 192.168.1.10
 
# 4) Check logs for errors:
[root@server:~]# tail -50 /var/adm/messages
[root@server:~]# tail -50 /var/log/syslog
 
# 5) If mount fails, verify dfstab syntax and run:
[root@server:~]# shareall

Quick NFS cheat sheet (Solaris)

On the NFS server

  • pkg list nfs / pkg install nfs
  • svcadm enable svc:/network/nfs/server
  • edit /etc/dfs/dfstab → add share lines
  • shareall → activate all exports
  • share / showmount -e → verify

On the NFS client

  • pkg list nfs / pkg install nfs (if needed)
  • mkdir /mnt/nfs_home
  • mount -F nfs server:/export/home /mnt/nfs_home
  • edit /etc/vfstab for permanent mounts
  • mount /mnt/nfs_home, umount /mnt/nfs_home

Security and best practices for NFS

  • Avoid using anon=0 and wide-open root access in production; prefer mapping anonymous users to non-privileged UIDs.
  • Restrict NFS shares to specific clients using rw= and ro= options instead of exporting to everyone.
  • Document all NFS exports and their allowed clients to avoid confusion later.
  • Monitor logs in /var/adm/messages and /var/log/syslog for NFS-related errors regularly.

NFS is often combined with ZFS and zones – in later lessons, you can export ZFS datasets and mount them inside Solaris zones for flexible architectures.