Mounting File Systems From UNIX-Style Instances
Users of Ubuntu and Linux operating systems can use the command line to connect to a file system and write files. Mount targets serve as network access points for file systems. After your mount target is assigned an IP address, you can use it together with the export path to mount the file system. On the instance from which you want to mount the file system, you need to install an NFS client and create a mount point. When you mount the file system, the mount point effectively represents the root directory of the File Storage file system, allowing you to write files to the file system from the instance. You can mount to any directory within the file system.
Prerequisites
- The file system must have at least one export in at least one mount target. When you create a new file system, an export for the file system is created at the same time. See Creating File Systems for more information.
- Correctly configured security rules for the mount target. See Security Rules for information about how security rules work in Oracle Cloud Infrastructure. Use the instructions in Configuring VCN Security Rules for File Storage to set up security rules correctly for your file systems.
Mounting File Systems
You can use the following instructions to construct your mount commands, or use the Console to get mount command samples that include all the information for a specific mount target and file system. For more information, see Mount Command Samples.
Mount command samples mount the file system at the file system root directory. Mount command samples don't include subdirectory information for the file system. If you want to mount your Linux-type instance at a subdirectory of the file system, you must edit the sample to append the subdirectory path to the export path. For more information, see To mount a file system subdirectory.
When mounting file systems, the following mount option combination is not supported by the File Storage service:
soft
when the file system is mounted with the read/write mount option (-o rw
). This combination can cause corruption of your data.
The following mount options or mount option combinations are not recommended for use with the File Storage service:
soft
when the file system is mounted with the read-only mount option (-o ro
) and thetimeo
has been specified as less than300
seconds. This combination can cause a profusion of I/O error responses.rsize
, orwsize
. These options cause issues with performance.
When mounting file systems, Network Lock Manager (NLM) is enabled for file locking by default. The default requires no specified mount option. Typical NFS workloads function normally using the default.
Some applications might require you to specify the nolock
mount option. Refer to your application documentation for best practices regarding this mount option.
- Open a command window. Then, get the NFS client by copying and pasting the Install Command from the Console or type the following:
sudo apt-get install nfs-common
- Create a mount point by copying and pasting the Create Mount Point Command from the Console or type the following, replacing
yourmountpoint
with the local directory from which you want to access your file system.sudo mkdir -p /mnt/yourmountpoint
-
Mount the file system by copying and pasting the Mount Command from the Console or type the following:
sudo mount -o nosuid,resvport,sec=sys 10.x.x.x:/fs-export-path /mnt/yourmountpoint
- Replace
10.x.x.x:
with the local subnet IP address assigned to your mount target.Note
If the export uses Kerberos authentication, use the fully qualified domain name (FQDN) of the mount target instead of the IP address. -
Replace
fs-export-path
with the export path you specified when associating the file system with the mount target. - Replace
yourmountpoint
with the path to the local mount point. - If the export is using AUTH_SYS alone, the
sec
option is optional. If the export uses Kerberos authentication, replacesys
withkrb5
,krb5i
, orkrb5p
.Note
If an NFS client uses an export which has multiple authentication types, and file system is mounted without specifyingsec=<auth_type>
, the client should automatically pick the strongest authentication type supported by the export.
Tip
IP address, hostname, FQDN, and export path information is available in the Details page of the mount target associated with your file system. See Getting a Mount Target's Details for more information.Caution
Omitting the-o nosuid
option may allow unprivileged users to escalate their permissions to 'root'. Thenosuid
option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.Note
The-o resvport
option is required when the "Require Privileged Source Port" export option is used and otherwise optional. It causes the mounting filesystem to connect from a privileged source port (1-1023). See Working with NFS Exports and Export Options for more information. - Replace
- View the file system.
df -h
-
Write a file to the file system by typing the following. Replace
yourmountpoint
with the path to the local mount point andhelloworld
with your file name.sudo touch /mnt/yourmountpoint/helloworld
-
Verify that you can view the file by typing the following. Replace
yourmountpoint
with the path to the local mount point.cd /mnt/yourmountpoint
ls
See Mount Command Fails in Troubleshooting a File System for more information about common issues you may encounter.
- Open a command window.
- Create a mount point by typing the following, replacing
yourmountpoint
with the local directory from which you want to access your file system.sudo mkdir -p /mnt/yourmountpoint
-
Mount the file system by typing the following:
sudo mount -F nfs -o vers=3,sec=sys 10.x.x.x:/fs-export-path /mnt/yourmountpoint
- Replace
10.x.x.x:
with the local subnet IP address assigned to your mount target.Note
If the export uses Kerberos authentication, use the fully qualified domain name (FQDN) of the mount target instead of the IP address. -
Replace
fs-export-path
with the export path you specified when associating the file system with the mount target. - Replace
yourmountpoint
with the path to the local mount point. - If the export is using AUTH_SYS alone, the
sec
option is optional. If the export uses Kerberos authentication, replacesys
withkrb5
,krb5i
, orkrb5p
.Note
If an NFS client uses an export which has multiple authentication types, and file system is mounted without specifyingsec=<auth_type>
, the client should automatically pick the strongest authentication type supported by the export.
Tip
IP address, hostname, FQDN, and export path information is available in the Details page of the mount target associated with your file system. See Getting a Mount Target's Details for more information. - Replace
-
View the file system.
df -h
-
Write a file to the file system by typing the following. Replace
yourmountpoint
with the path to the local mount point andhelloworld
with your file name.sudo touch /mnt/yourmountpoint/helloworld
-
Verify that you can view the file by typing the following. Replace
yourmountpoint
with the path to the local mount point.cd /mnt/yourmountpoint
ls
See Mount Command Fails in Troubleshooting a File System for more information about common issues you may encounter.
- Open a command window. Then, get the NFS client by copying and pasting the Install Command from the Console or typing the following:
sudo yum install nfs-utils
- Create a mount point by copying and pasting the Create Mount Point Command
from the Console or type the following, replacing
yourmountpoint
with the local directory from which you want to access your file system.sudo mkdir -p /mnt/yourmountpoint
-
Mount the file system by copying and pasting the Mount Command from the Console or type the following:
sudo mount -o nosuid,resvport,sec=sys 10.x.x.x:/fs-export-path /mnt/yourmountpoint
- Replace
10.x.x.x:
with the local subnet IP address assigned to your mount target.Note
If the export uses Kerberos authentication, use the fully qualified domain name (FQDN) of the mount target instead of the IP address. -
Replace
fs-export-path
with the export path you specified when associating the file system with the mount target. - Replace
yourmountpoint
with the path to the local mount point. - If the export is using AUTH_SYS alone, the
sec
option is optional. If the export uses Kerberos authentication, replacesys
withkrb5
,krb5i
, orkrb5p
.Note
If an NFS client uses an export which has multiple authentication types, and file system is mounted without specifyingsec=<auth_type>
, the client should automatically pick the strongest authentication type supported by the export.
Tip
IP address, hostname, FQDN, and export path information is available in the Details page of the mount target associated with your file system. See Getting a Mount Target's Details for more information.Caution
Omitting the-o nosuid
option may allow unprivileged users to escalate their permissions to 'root'. Thenosuid
option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.Note
The-o resvport
option is required when the "Require Privileged Source Port" export option is used and otherwise optional. It causes the mounting file system to connect from a privileged source port (1-1023). See Working with NFS Exports and Export Options for more information. - Replace
- View the file system.
df -h
-
Write a file to the file system by typing the following. Replace
yourmountpoint
with the path to the local mount point andhelloworld
with your file name.sudo touch /mnt/yourmountpoint/helloworld
-
Verify that you can view the file by typing the following. Replace
yourmountpoint
with the path to the local mount point.cd /mnt/yourmountpoint
ls
See Mount Command Fails in Troubleshooting a File System for more information about common issues you may encounter. See if you want to mount a subdirectory of the file system.
Database VM instances are built on Oracle Linux 6.8, unlike Oracle Linux compute instances, which run on version 7.4. The NFS Utilities package is pre-installed on DB instances, but the Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility is disabled by default. Oracle Linux 6.8 does not have systemd, so DB instances are managed differently than OL compute instances. An Oracle DB instance comes with a set of iptables rules that excludes any non-database ports and need to be updated to allow mount target traffic.
-
SSH to the DB system.
ssh -i <private_key_path> opc@<db_system_ip_address>
-
Start the rpcbind service by typing the following:
sudo service rpcbind start
-
Use the chkconfig command to enable starting rpcbind service at system startup.
sudo chkconfig rpcbind on
-
Change the default configuration of iptables to include the mount target IP address and allow traffic by typing the following. Replace
10.x.x.x
with the local subnet address assigned to the mount target for the file system. Save the new iptables entries.sudo iptables -A INPUT -p tcp -s 10.x.x.x -j ACCEPT
sudo iptables -A OUTPUT -p tcp -s 10.x.x.x -j ACCEPT
sudo service iptables save
-
Create a mount point by typing the following, replacing
yourmountpoint
with the local directory from which you want to access your file system.sudo mkdir -p /mnt/yourmountpoint
-
Mount the file system by copying and pasting the Mount Command from the Console or type the following:
sudo mount -t nfs -o nosuid,resvport,tcp,vers=3,sec=sys 10.x.x.x:/fs-export-path /mnt/yourmountpoint
- Replace
10.x.x.x:
with the local subnet IP address assigned to your mount target.Note
If the export uses Kerberos authentication, use the fully qualified domain name (FQDN) of the mount target instead of the IP address. -
Replace
fs-export-path
with the export path you specified when associating the file system with the mount target. - Replace
yourmountpoint
with the path to the local mount point. - If the export is using AUTH_SYS alone, the
sec
option is optional. If the export uses Kerberos authentication, replacesys
withkrb5
,krb5i
, orkrb5p
.Note
If an NFS client uses an export which has multiple authentication types, and file system is mounted without specifyingsec=<auth_type>
, the client should automatically pick the strongest authentication type supported by the export.
Tip
IP address, hostname, FQDN, and export path information is available in the Details page of the mount target associated with your file system. See Getting a Mount Target's Details for more information.Caution
Omitting the-o nosuid
option may allow unprivileged users to escalate their permissions to 'root'. Thenosuid
option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.Note
The-o resvport
option is required when the "Require Privileged Source Port" export option is used and otherwise optional. It causes the mounting file system to connect from a privileged source port (1-1023). See Working with NFS Exports and Export Options for more information. - Replace
See Mount Command Fails in Troubleshooting a File System for more information about common issues you may encounter.
Auto-mount ensures that a file system is automatically re-mounted on an instance if it is rebooted.
- Open a command window. Then, mount the file system using the steps described in the previous section.
- Type the following command to get the file system entry
point:
sudo cat /etc/mtab | grep -i nfs
- Copy the file system entry point, and open the
/etc/fstab
file:cd /etc
vi fstab
-
Add the following line to the
fstab
file:<file_system_ip_address>:<file_system_path_name> <your_local_mount_point> nfs defaults,nofail,nosuid,resvport 0 0
Caution
Omitting the-o nosuid
option may allow unprivileged users to escalate their permissions to 'root'. Thenosuid
option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.Important
Be sure to add thenofail
option to each entry. This option ensures that an unavailable file system does not cause the instance reboot process to fail.Note
The-o resvport
option is required when the "Require Privileged Source Port" export option is used and otherwise optional. It causes the mounting filesystem to connect from a privileged source port (1-1023). See Working with NFS Exports and Export Options for more information. - Save the
fstab
file.
See Mount Command Fails in Troubleshooting a File System for more information about common issues you may encounter.
Mounting File System Subdirectories
If your file system has an existing directory structure, you can mount any file system subdirectory. The subdirectory becomes the effective root directory at the mount point of the instance, and excludes sibling directories.
For example, suppose "FileSystem1" has an export path of /FileSystem1
and a directory structure like this:
The file system is exported from "MountTarget1" which has an IP address of 10.0.0.16
.
The following command mounts directoryA
to the instance mount point /mnt/mymountpoint
:
sudo mount -o nosuid,resvport 10.0.0.16:/FileSystem1/rootdirectory/directoryA /mnt/mymountpoint
Neither directoryB
or FileB
would be accessible from the instance mount point.
Mounting a subdirectory to limit access to sibling directories is not sufficient to secure your file system. For information on security methods, see About File Storage Security.
- Open a command window. Then, get the NFS client by copying and pasting the Install Command from the Console or typing the following:
sudo yum install nfs-utils
- Create a mount point by copying and pasting the Create Mount Point Command from the Console or type the following, replacing
yourmountpoint
with the local directory from which you want to access your file system.sudo mkdir -p /mnt/yourmountpoint
-
Mount the file system by copying and editing the Mount Command from the Console or type the following:
sudo mount -o nosuid,resvport 10.x.x.x:/fs-export-path/directory-path /mnt/yourmountpoint
- Replace
10.x.x.x:
with the local subnet IP address assigned to your mount target. -
Replace
fs-export-path
with the export path you specified when associating the file system with the mount target. - Replace
directory-path
with the path from the root directory to subdirectory you want to mount. - Replace
yourmountpoint
with the path to the local mount point.
Tip
IP address and export path information is available in the Details page of the mount target associated with your file system. See Getting a Mount Target's Details for more information.Caution
Omitting the-o nosuid
option may allow unprivileged users to escalate their permissions to 'root'. Thenosuid
option disables set-user-identifier or set-group-identifier bits within the mounted system, which are rarely used.Note
The-o resvport
option is required when the "Require Privileged Source Port" export option is used and otherwise optional. It causes the mounting file system to connect from a privileged source port (1-1023). See Working with NFS Exports and Export Options for more information. - Replace
- View the file system.
df -h
-
Write a file to the file system by typing the following. Replace
yourmountpoint
with the path to the local mount point andhelloworld
with your file name.sudo touch /mnt/yourmountpoint/helloworld
-
Verify that you can view the file by typing the following. Replace
yourmountpoint
with the path to the local mount point.cd /mnt/yourmountpoint
ls
- Open a terminal window on the instance.
-
Use the following command to unmount the file system:
sudo umount /mnt/yourmountpoint
Replace
yourmountpoint
with the path to the local mount point.
Writing to File Systems
When a file system is created, its root directory is owned by the root user. If you're connecting from an instance that uses a Linux or CentOS platform image, the default user is opc. If you're connecting from an instance that uses an Ubuntu platform image, the default user is ubuntu. These default users are not root users, so you can't initially write a file or directory to a new file system with these users. Depending on your security requirements, there are several ways to proceed:
- Connect as the root user. Then, create files or directories in the new file system.
-
Connect as the root user. Then, change the ownership or permissions of the file system root directory to allow other users (such as opc or ubuntu) to write to the file system.
-
Connect as the root user. Then, create subdirectories with ownership or permissions that allow other users to write to the subdirectory.
Learn more about updating file and directory ownership and permissions.
-
Connect as the default user. Then, use the
sudo
command to write or to change permissions or ownership of files or directories. Thesudo
command temporarily provides a regular user with root user permissions. Here's an example of using thesudo
command to write to the file system:sudo touch /mnt/yourmountpoint/helloworld
For more information about accessing instances, see Connecting to an Instance.
Unmounting File Systems
- Open a terminal window.
-
Unmount the file system by typing the following command:
sudo umount 10.x.x.x:/fs-export-path /mnt/yourmountpoint
- Replace
10.x.x.x:
with the local subnet IP address assigned to your mount target. -
Replace
fs-export-path
with the export path you specified when associating the file system with the mount target. - Replace
yourmountpoint
with the path to the local mount point.
Note
Unmounting might require using the-f
flag in theumount
command. For example:sudo umount -f 10.x.x.x:/fs-export-path /mnt/yourmountpoint
- Replace