All Products
Search

This Product

    File Storage NAS:Use an access point to access a file system on Linux

    Document Center

    File Storage NAS:Use an access point to access a file system on Linux

    Last Updated:Feb 26, 2026

    Access points simplify application access to NAS file systems by providing application-specific entry points with enforced permissions and root directories. This guide shows how to mount a General-purpose NAS NFS file system using an access point from a Linux ECS instance.

    Prerequisites

    • A General-purpose NFS file system: Active and created in your region. See Create a file system.

    • An access point: Configured with appropriate permissions. See Create an access point.

    • A Linux ECS instance: Must be in the same region as the file system with Internet access (EIP or public IP) to download the NAS client. See Creation methods.

      View the operating systems supported by access points

      Operating system

      Version

      Alibaba Cloud Linux

      • Alibaba Cloud Linux 2.1903 64-bit

      • Alibaba Cloud Linux 3.2104 LTS 64-bit

      Red Hat

      • Red Hat Enterprise Linux 7.x 64-bit

      • Red Hat Enterprise Linux 8.x 64-bit

      CentOS

      • CentOS 7.x 64-bit

      • CentOS 8.x 64-bit

      Ubuntu

      • Ubuntu 16.04 64-bit

      • Ubuntu 18.04 64-bit

      • Ubuntu 20.04 64-bit

      Debian

      • Debian 9.x 64-bit

      • Debian 10.x 64-bit

    Mount via access point

    1. Connect to the ECS instance. See Connection method overview.

      Important

      Ensure your ECS instance has an EIP or public IP address to download the NAS client.

    2. Install the NAS client.

      Alibaba Cloud Linux

      1. Download the NAS client. 

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20241223174338.6bfadb.al7.noarch.rpm

      2. Install the NAS client. 

        sudo yum install aliyun-alinas-utils-*.rpm

      3. Verify installation. 

        which mount.alinas

        A returned path (e.g., /usr/bin/mount.alinas) indicates successful installation.

        image.png

      CentOS

      1. Download the NAS client.

        • CentOS 7.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20241223174338.6bfadb.el7.noarch.rpm

        • CentOS 8.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20241223174338.6bfadb.el8.noarch.rpm

      2. Install the NAS client. 

        sudo yum install aliyun-alinas-utils-*.rpm

      3. Verify installation. 

        which mount.alinas

        A returned path indicates successful installation.

        image.png

      Red Hat Enterprise Linux

      1. Download the NAS client.

        • Red Hat Enterprise Linux 7.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20241223174338.6bfadb.el7.noarch.rpm

        • Red Hat Enterprise Linux 8.x

          wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20241223174338.6bfadb.el8.noarch.rpm

      2. Install the NAS client. 

        sudo yum --disablerepo=rhui-rhel-7-server-rhui-extras-debug-rpms install aliyun-alinas-utils-*.rpm

      3. Verify installation. 

        which mount.alinas

        A returned path indicates successful installation.

        image.png

      Ubuntu and Debian

      1. Download the NAS client. 

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.3-0.20241223174338.6bfadb.deb

      2. Install the NAS client. 

        sudo apt update
sudo dpkg -i aliyun-alinas-utils-*.deb
sudo apt-get install -f
sudo dpkg -i aliyun-alinas-utils-*.deb

      3. Verify installation. 

        which mount.alinas

        A returned path indicates successful installation.

        image.png

    3. Mount the file system.

      Without RAM policy

      • NFSv3

        sudo mount -t alinas -o tls,vers=3 <access-point>:/ /mnt

      • NFSv4.0

        sudo mount -t alinas -o tls,vers=4.0 <access-point>:/ /mnt

        Parameter descriptions:

        Parameter

        Description

        tls

        Enables Transport Layer Security (TLS). Required for access point connections.

        <access-point>:/

        Format: <Domain name of the access point>:<Relative path of the access point>. Replace with actual values.

        • Domain name of the access point: Log on to the NAS console. Choose File System > File System List. On the File System List page, click Manage in the Actions column. On the Mount Targets page, click the Access Point tab to view the domain name. See View the domain name of an access point. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com.

        • Relative path of the access point: Enter /.

          Note

          Example: If the access point root directory is /test, using / mounts directly to /test. Using a relative path /path/to/dir mounts to /test/path/to/dir. Ensure /test/path/to/dir exists before mounting.

        /mnt

        Mount directory on the ECS instance.

        Must be an existing subdirectory such as /mnt.

      With RAM policy

      1. Configure RAM credentials.

        1. Create the credentials file. 

          touch /etc/aliyun/alinas/.credentials

        2. Add your credentials. 

          vi /etc/aliyun/alinas/.credentials

          • RAM user

            [NASCredentials]
accessKeyID = your_accesskey_id
accessKeySecret = your_accesskey_secret

            Replace your_accesskey_id and your_accesskey_secret with your credentials. Ensure the access point client policy is attached to the RAM user. See (Optional) Configure a policy for the access point client and How do I obtain an AccessKey pair?

          • RAM role

            [NASCredentials]
accessKeyID = your_accesskey_id
accessKeySecret = your_accesskey_secret
securityToken = your_security_token

            Replace your_accesskey_id, your_accesskey_secret, and your_security_token with your RAM role credentials. Ensure the access point client policy is attached to the role. See (Optional) Configure a policy for the access point. Call AssumeRole to obtain the STS token and credentials.

      2. Mount the NFS file system.

        • NFSv3

          sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt

        • NFSv4.0

          sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt

          Parameter descriptions:

          Parameter

          Description

          tls

          Enables TLS. Required for access point connections.

          ram

          Uses RAM credentials from /etc/aliyun/alinas/.credentials. To use a different path, add ram_config_file=<path> to the mount options.

          <access-point>:/

          Indicates <Domain name of the access point>:<Relative path of the access point>. Replace the variables with the actual values.

          • Domain name of the access point: Log on to the NAS console. Choose File System > File System List. On the File System List page, click Manage in the Actions column. On the Mount Targets page, click the Access Point tab to view the domain name. See View the domain name of an access point. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com.

          • Relative path of the access point: Enter /.

            Note

            For example, when you create an access point, if you set the root directory of the access point to /test, the access point is directly mounted to the /test directory of the NAS file system by using /. If you set the value to another relative path /path/to/dir, the access point is mounted to the /test/path/to/dir directory of the NAS file system. Make sure that the /test/path/to/dir directory already exists in the NAS file system.

          /mnt

          The mount directory that resides on the current ECS instance.

          The value is a subdirectory such as /mnt of a Linux ECS instance. Make sure that the subdirectory exists in the on-premises file system.

    4. Verify the mount.

      Check mounted file systems:

      mount -l

      Expected output: Similar output indicates successful mounting. Use df -h to check capacity.

      493861480f6a55a971ad05c51b406a46.png

      If mounting fails, see Troubleshoot mount issues for access points.

    5. Test file system access.

      Verify read and write access by creating test files and directories:

      mkdir /mnt/dir1
mkdir /mnt/dir2
touch /mnt/file1
echo 'some file content' > /mnt/file2
ls /mnt

    6. Optional. Configure automatic mounting at startup.

      Configure /etc/fstab to mount automatically at boot. Manual mounts disconnect when the instance restarts.

      1. Edit the fstab file. 

        sudo nano /etc/fstab

        Add the mount configuration:

        • Without RAM policy: 

          access-point:/ /mnt alinas _netdev,tls,vers=3 0 0

        • With RAM policy: 

          access-point:/ /mnt alinas _netdev,tls,vers=3,ram 0 0

          See Mount parameters. Key parameters used in the preceding examples:

          Parameter

          Description

          _netdev

          Prevents mounting before network initialization. Required for network file systems.

          vers

          NFS protocol version.

          • vers=3: Uses NFSv3.

          • vers=4.0: Uses NFSv4.

          0 (the first value after ram)

          Controls dump command backups. Non-zero enables backup. Default is 0 (no backup) for NAS.

          0 (the second value after ram)

          Controls fsck check order at startup. Default is 0 (no check) for NAS.

      2. Run reboot to restart the instance.

        Note

        Verify manual mounting succeeds before restarting to avoid startup failures. After reboot, run df -h to verify automatic mounting.

    Troubleshoot mount issues for access points

    What do I do if mount: unknown filesystem type 'alinas' is returned when I mount a file system?

    Reinstall the client alinas-utils. See Install the NAS client.

    What do I do if mount.nfs: an incorrect mount option was specified is returned when I mount a file system?

    Cause

    The mount command contains incorrect parameters or the NAS client version is outdated.

    Solution

    Verify mount command parameters. See Mount the NFS file system.

    Check the NAS client version:

    rpm -qa | grep alinas

    If the version is earlier than 1.1-8, upgrade to the latest version.

    What do I do if mount.nfs: Unknown error 521 is returned when I mount a file system?

    Cause

    • The access point domain name is incorrect.

    • The permission group configuration is incorrect.

    • (With RAM policy) RAM credentials are missing or incorrect in .credentials.

    • The STS token has expired.

    Solution

    Verify the access point domain name in your mount command. See View the domain name of an access point.

    Check permission group settings in the NAS console: File System List > select your file system > Manage > Mount Targets > Access Point tab > Manage. See Manage permission groups.

    If using RAM policy:

    Verify the mount command includes the ram parameter:

    # NFSv3
sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt

# NFSv4.0
sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt

    Verify AccessKey credentials in /etc/aliyun/alinas/.credentials. See Configure the RAM information.

    Verify the RAM user has nas:ClientMount permission and the client policy is correctly configured. See Configure a policy for the access point client.

    If using STS tokens, verify the token has not expired.

    Next steps