Access a general-purpose NAS NFS file system from a Linux ECS instance through an access point.
Prerequisites
-
A general-purpose NAS NFS file system is created. Create a file system.
-
An access point is created. Create an access point.
-
A Linux ECS instance with an EIP or public IP address is available in the same region as the file system. Create an instance.
Procedure
-
Connect to the ECS instance. Methods for connecting to ECS instances.
ImportantThe NAS client download requires public network access. Ensure the ECS instance has an EIP or public IP address.
-
Install the NAS client.
Alibaba Cloud Linux
-
Download the client.
wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.generic.x86_64.rpm -
Install the client.
sudo yum install aliyun-alinas-utils-*.rpm -
Verify that the NAS client is installed.
which mount.alinasA path such as /usr/sbin/mount.alinas confirms successful installation.

CentOS
-
Download the client.
-
CentOS 7.x
wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el7.x86_64.rpm -
CentOS 8.x
wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el8.x86_64.rpm
-
-
Install the client.
sudo yum install aliyun-alinas-utils-*.rpm -
Verify that the NAS client is installed.
which mount.alinasA path such as /usr/sbin/mount.alinas confirms successful installation.

Red Hat Enterprise Linux
-
Download the client.
-
Red Hat Enterprise Linux 7.x
wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el7.x86_64.rpm -
Red Hat Enterprise Linux 8.x
wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el8.x86_64.rpm
-
-
Install the client.
sudo yum --disablerepo=rhui-rhel-7-server-rhui-extras-debug-rpms install aliyun-alinas-utils-*.rpm -
Verify that the NAS client is installed.
which mount.alinasA path such as /usr/sbin/mount.alinas confirms successful installation.

Ubuntu and Debian
-
Download the client.
wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.deb -
Install the client.
sudo apt update sudo dpkg -i aliyun-alinas-utils-*.deb sudo apt-get install -f sudo dpkg -i aliyun-alinas-utils-*.deb -
Verify that the NAS client is installed.
which mount.alinasA path such as /usr/sbin/mount.alinas confirms successful installation.

-
-
Mount the NFS file system.
Without a RAM policy
-
NFSv3
sudo mount -t alinas -o tls,vers=3 <access-point>:/ /mnt -
NFSv4.0
sudo mount -t alinas -o tls,vers=4.0 <access-point>:/ /mntKey parameters:
Parameter
Description
tls
Enables encryption in transit.
ImportantYou must enable encryption in transit when using an access point.
<access-point>:/
The access point address in
: format. -
access point domain name: To obtain the domain name, log on to the Apsara File Storage NAS console, go to the File System List page, and click Manage next to the target file system. From there, go to the Mount Targets page and click the Access Point tab. View an access point domain name. Example:
ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com. -
Relative path: Typically
/.NoteIf the access point root directory is
/test, the relative path/maps to/teston the NAS file system. A path like/path/to/dirmaps to/test/path/to/dir. Ensure/test/path/to/direxists on the file system.
/mnt
The mount point directory on your ECS instance.
Must be an existing directory, such as /mnt.
-
With a RAM policy
-
Configure RAM credentials.
-
Create the
/etc/aliyun/alinas/.credentialsfile.touch /etc/aliyun/alinas/.credentials -
Run the
vi /etc/aliyun/alinas/.credentialscommand to open the/etc/aliyun/alinas/.credentialsfile and add content based on your authentication method.-
RAM user
[NASCredentials] accessKeyID = your_accesskey_id accessKeySecret = your_accesskey_secretReplace
your_accesskey_idandyour_accesskey_secretwith the AccessKey ID and AccessKey Secret of the RAM user. The RAM user must have the permissions in the access point client permission policy. For information about how to obtain an AccessKey pair, see Obtain an AccessKey pair. -
RAM role
[NASCredentials] accessKeyID = your_accesskey_id accessKeySecret = your_accesskey_secret securityToken = your_security_tokenReplace
your_accesskey_id,your_accesskey_secret, andyour_security_tokenwith the temporary credentials of a RAM role. The RAM role must have the permissions that are described in (Optional) Configure an access point policy. You can call the AssumeRole API operation to obtain the security token, AccessKey ID, and AccessKey Secret of the RAM role.
-
-
-
Mount the NFS file system.
-
NFSv3
sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt -
NFSv4.0
sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mntKey parameters:
Parameter
Description
tls
Enables encryption in transit.
ImportantYou must enable encryption in transit when using an access point.
ram
Mounts the file system with configured RAM credentials. The default credentials file is
/etc/aliyun/alinas/.credentials. To use a different path, add theram_config_file=<your-path>option.<access-point>:/
The access point address in
: format. -
Access point domain name: In the Apsara File Storage NAS console, on the File System List page, click Manage for the target file system. On the Mount Targets page, click the Access Point tab to obtain the access point domain name. View access point domain names. For example,
ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com. -
Relative path: Typically
/.NoteIf the access point root directory is
/test, the relative path/maps to/teston the NAS file system. A path like/path/to/dirmaps to/test/path/to/dir. Ensure/test/path/to/direxists on the file system.
/mnt
The mount point directory on your ECS instance.
Must be an existing directory, such as /mnt.
-
-
-
-
Verify the mount.
-
Run the following command:
mount -l -
View the output.
If the output includes the mounted file system entry, the mount succeeded.

After mounting, run the
df -hcommand to check file system capacity.If the mount fails, see Troubleshoot access point mount failures.
-
-
After mounting, you can read and write data on the ECS instance. Example file operations:
mkdir /mnt/dir1 mkdir /mnt/dir2 touch /mnt/file1 echo 'some file content' > /mnt/file2 ls /mnt -
Optional: Configure automatic mounting on startup.
Add a mount entry to the /etc/fstab file to persist the mount across ECS instance restarts.
-
Open the /etc/fstab file and add a mount entry.
-
If the access point does not have a RAM policy enabled, add the following entry:
access-point:/ /mnt alinas _netdev,tls,vers=3 0 0 -
If the access point has a RAM policy enabled, add the following entry:
access-point:/ /mnt alinas _netdev,tls,vers=3,ram 0 0For key parameters, see the parameter descriptions above. Additional parameters:
Parameter
Description
_netdev
Defers mounting until the network is ready.
vers
The NFS protocol version.
-
vers=3: Mounts the file system by using the NFSv3 protocol.
-
vers=4.0: Mounts the file system by using the NFSv4.0 protocol.
0 (first digit)
Controls backup behavior for the
dumpcommand. Set to 0 for NAS file systems.0 (second digit)
Controls the
fsckcheck order at startup. Set to 0 to skip checking NAS file systems. -
-
-
Run the
rebootcommand to restart the ECS instance.NoteVerify manual mounting works before restarting to prevent boot failures. After the restart, run
df -hto confirm automatic mounting.
-
Troubleshoot access point mount failures
The mount: unknown filesystem type 'alinas' error
Reinstall the alinas-utils client. Install the NAS client.
How to resolve the mount.nfs: an incorrect mount option was specified error when mounting a file system?
-
Cause
The mount command is incorrect or the NAS client version is outdated.
-
Solution
-
Verify the mount command parameters are correct. Mount an NFS file system.
-
Check the NAS client version. If earlier than 1.1-8, update to the latest version.
rpm -qa | grep alinas
-
How do I resolve the mount.nfs: Unknown error 521 error when mounting a file system?
-
Possible causes
-
The access point domain name is incorrect.
-
The permission group for the access point is configured incorrectly.
-
A RAM policy is enabled, but a RAM policy is not configured or the
accessKeyIDoraccessKeySecretin the .credential configuration file is incorrect. -
The Security Token Service (STS) token has expired.
-
-
Solutions
-
Verify that the domain name in the mount command is correct.
-
Check the access point permission group configuration.
In the list of access points, click Manage in the Actions column. On the access point details page, view the permission group of the access point. Manage permission groups.
-
If a RAM policy is enabled for the access point:
-
Ensure the mount command includes the
ramparameter:NFSv3 protocol
sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mntNFSv4.0 protocol
sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt -
Verify that the AccessKey configuration for the RAM user is correct.
-
Verify the RAM user has nas:ClientMount permission and the access point client permission policy is correct.
-
If you use an STS token for access, verify that the token has not expired.
-
-