Adding NFS Shares

About UNIX (NFS) Shares

Creating a Network File System (NFS) share on TrueNAS makes a lot of data available for anyone with share access. Depending on the share configuration, it can restrict users to read or write privileges.

NFS treats each dataset as its own file system. When creating the NFS share on the server, the specified dataset is the location that client accesses. If you choose a parent dataset as the NFS file share location, the client cannot access any nested or child datasets beneath the parent.

If you need to create shares that include child datasets, SMB sharing is an option. Note that Windows NFS Client versions currently support only NFSv2 and NFSv3.

Adding an NFS Share Dataset

Before creating an NFS share, create the dataset you want the share to use for data storage.

It is best practice to use a dataset instead of a full pool for SMB and/or NFS shares. Sharing an entire pool makes it more difficult to later restrict access if needed.

We recommend creating a new dataset with the Share Type set to Generic for the new NFS share.

Creating a Dataset

To create a dataset using the default settings, go to Datasets. Default settings include the settings datasets inherit from the parent dataset.

Select a dataset (root, parent, or child), then click Add Dataset.

Enter a value in Name.

For the Sync option, we recommend production systems with critical data use the default Standard choice or increase to Always. Choosing Disabled is only suitable in situations where data loss from system crash or power loss is acceptable.

Select either Sensitive or Insensitive from the Case Sensitivity dropdown.

Select the Share Type, then click Save. Options are Generic, Multiprotocol, SMB, or Apps.

You can create datasets optimized for SMB shares or with customized settings for your dataset use cases.

If you plan to deploy container applications, the system automatically creates the ix-applications dataset, but it is not used for application data storage. If you want to store data by application, create the dataset first, then deploy your application. When creating a dataset for an application, select App as the Share Type setting. This optimizes the dataset for use by an application.

Review the Share Type and Case Sensitivity options on the configuration screen before clicking Save. You cannot change these or the Name setting after clicking Save.

Creating an NFS Share

Go to Shares > Unix (NFS) Shares and click Add to open the Add NFS Share configuration screen.

Add NFS Share
Figure 3: Add NFS Share

Enter the path or use the arrow_right icon to the left of folder/mnt to locate the dataset and populate the path.

Enter text to help identify the share in Description.

If needed, enter allowed networks and hosts.

If needed, adjust access permissions.

Click Save to create the share.

After adding the first NFS share, the system opens an enable service dialog.

Enable Service Dialog
Figure 4: Enable Service Dialog

Enable Service turns the NFS service on and changes the toolbar status to Running. If you wish to create the share without immediately enabling it, select Cancel.

Adding NFS Share Networks and Hosts

If you want to enter allowed networks, click Add to the right of Networks. Enter an IP address in Network and select the mask CIDR notation. Click Add for each network address and CIDR you want to define as an authorized network. Defining an authorized network restricts access to all other networks. Leave empty to allow all networks.

If you want to enter allowed systems, click Add to the right of Hosts. Enter a host name or IP address to allow that system access to the NFS share. Click Add for each allowed system you want to define. Defining authorized systems restricts access to all other systems. Press the X to delete the field and allow all systems access to the share.

Adjusting Access Permissions

If you want to tune the NFS share access permissions or define authorized networks, click Advanced Options.

Advanced Options Access Settings
Figure 5: Advanced Options Access Settings

Select Read-Only to prohibit writing to the share.

To map user permissions to the root user, enter a string or select the user from the Maproot User dropdown list. To map the user permissions to all clients, enter a string or select the user from the Mapall User dropdown list.

To map group permissions to the root user, enter a string or select the group from the Maproot Group dropdown list. To map the group permissions to all clients, enter a string or select the group from the Mapall Group dropdown list.

Select an option from the Security dropdown. If you select KRB5 security, you can use a Kerberos ticket. Otherwise, everything is based on IDs.

Security Types
SYSUses locally acquired UIDs and GIDs. No cryptographic security.
KRB5Uses Kerberos for authentication.
KRB5IUses Kerberos for authentication and includes a hash with each transaction to ensure integrity.
KRB5PUses Kerberos for authentication and encrypts all traffic between the client and server. KRB5P is the most secure but also incurs the most load.

Editing an NFS Share

To edit an existing NFS share, go to Shares > Unix Shares (NFS) and click the share you want to edit. The Edit NFS screen settings are identical to the share creation options.

Starting the NFS Service

To begin sharing, click the more_vert on the toolbar and select Turn On Service. Turn Off Service displays if NFS is on. Turn On Service displays if NFS is off.

Unix (NFS) Shares Widget Options
Figure 6: Unix (NFS) Shares Widget Options

Or you can go to System Settings > Services, locate NFS, and click the toggle to running. Select Start Automatically if you want NFS to activate when TrueNAS boots.

The NFS service does not automatically start on boot if all NFS shares are encrypted and locked.

Configuring NFS Service

To configure NFS service settings, click on the System Settings > Services screen.

Unless you need specific settings, we recommend using the default NFS settings.

When TrueNAS is already connected to Active Directory, setting NFSv4 and Require Kerberos for NFSv4 also requires a Kerberos Keytab.

Connecting to the NFS Share

Although you can connect to an NFS share with various operating systems, we recommend using a Linux/Unix OS.

First, download the nfs-common kernel module. You can do this using the installed distribution package manager. For example, on Ubuntu/Debian, enter command sudo apt-get install nfs-common in the terminal.

After installing the module, connect to an NFS share by entering sudo mount -t nfs {IPaddressOfTrueNASsystem}:{path/to/nfsShare} {localMountPoint}. Where {IPaddressOfTrueNASsystem} is the remote TrueNAS system IP address that contains the NFS share, {path/to/nfsShare} is the path to the NFS share on the TrueNAS system, and {localMountPoint} is a local directory on the host system configured for the mounted NFS share. For example, sudo mount -t nfs /mnt mounts the NFS share NFS_Share to the local directory /mnt.

You can also use the Linux nconnect function to let your NFS mount support multiple TCP connections. To enable nconnect, enter sudo mount -t nfs -o rw,nconnect=16 {IPaddressOfTrueNASsystem}:{path/to/nfsShare} {localMountPoint}. Where {IPaddressOfTrueNASsystem}, {path/to/nfsShare}, and {localMountPoint} are the same ones you used when connecting to the share. For example, sudo mount -t nfs -o rw,nconnect=16 /mnt.

By default, anyone that connects to the NFS share only has read permission. To change the default permissions, edit the share, open the Advanced Options, and change the Access settings.

You must have ESXI 6.7 or later for read/write functionality with NFSv4 shares.