All Products
Search
Document Center

File Storage NAS:Access a file system using an access point

Last Updated:Jun 08, 2026

Access a general-purpose NAS NFS file system from a Linux ECS instance through an access point.

Prerequisites

  • A general-purpose NAS NFS file system is created. Create a file system.

  • An access point is created. Create an access point.

  • A Linux ECS instance with an EIP or public IP address is available in the same region as the file system. Create an instance.

    Operating systems supported by access points

    Operating system

    Version

    Alibaba Cloud Linux

    • Alibaba Cloud Linux 2.1903 64-bit

    • Alibaba Cloud Linux 3.2104 LTS 64-bit

    Red Hat

    • Red Hat Enterprise Linux 7.x 64-bit

    • Red Hat Enterprise Linux 8.x 64-bit

    CentOS

    • CentOS 7.x 64-bit

    • CentOS 8.x 64-bit

    Ubuntu

    • Ubuntu 16.04 64-bit

    • Ubuntu 18.04 64-bit

    • Ubuntu 20.04 64-bit

    Debian

    • Debian 9.x 64-bit

    • Debian 10.x 64-bit

Procedure

  1. Connect to the ECS instance. Methods for connecting to ECS instances.

    Important

    The NAS client download requires public network access. Ensure the ECS instance has an EIP or public IP address.

  2. Install the NAS client.

    Alibaba Cloud Linux

    1. Download the client.

      wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.generic.x86_64.rpm
    2. Install the client.

      sudo yum install aliyun-alinas-utils-*.rpm
    3. Verify that the NAS client is installed.

      which mount.alinas

      A path such as /usr/sbin/mount.alinas confirms successful installation.

      image.png

    CentOS

    1. Download the client.

      • CentOS 7.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el7.x86_64.rpm
      • CentOS 8.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el8.x86_64.rpm
    2. Install the client.

      sudo yum install aliyun-alinas-utils-*.rpm
    3. Verify that the NAS client is installed.

      which mount.alinas

      A path such as /usr/sbin/mount.alinas confirms successful installation.

      image.png

    Red Hat Enterprise Linux

    1. Download the client.

      • Red Hat Enterprise Linux 7.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el7.x86_64.rpm
      • Red Hat Enterprise Linux 8.x

        wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.el8.x86_64.rpm
    2. Install the client.

      sudo yum --disablerepo=rhui-rhel-7-server-rhui-extras-debug-rpms install aliyun-alinas-utils-*.rpm
    3. Verify that the NAS client is installed.

      which mount.alinas

      A path such as /usr/sbin/mount.alinas confirms successful installation.

      image.png

    Ubuntu and Debian

    1. Download the client.

      wget https://aliyun-encryption.oss-cn-beijing.aliyuncs.com/aliyun-alinas-utils-1.9-0.20260310195315.816118.deb
    2. Install the client.

      sudo apt update
      sudo dpkg -i aliyun-alinas-utils-*.deb
      sudo apt-get install -f
      sudo dpkg -i aliyun-alinas-utils-*.deb
    3. Verify that the NAS client is installed.

      which mount.alinas

      A path such as /usr/sbin/mount.alinas confirms successful installation.

      image.png

  3. Mount the NFS file system.

    Without a RAM policy

    • NFSv3

      sudo mount -t alinas -o tls,vers=3 <access-point>:/ /mnt
    • NFSv4.0

      sudo mount -t alinas -o tls,vers=4.0 <access-point>:/ /mnt

      Key parameters:

      Parameter

      Description

      tls

      Enables encryption in transit.

      Important

      You must enable encryption in transit when using an access point.

      <access-point>:/

      The access point address in : format.

      • access point domain name: To obtain the domain name, log on to the Apsara File Storage NAS console, go to the File System List page, and click Manage next to the target file system. From there, go to the Mount Targets page and click the Access Point tab. View an access point domain name. Example: ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com.

      • Relative path: Typically /.

        Note

        If the access point root directory is /test, the relative path / maps to /test on the NAS file system. A path like /path/to/dir maps to /test/path/to/dir. Ensure /test/path/to/dir exists on the file system.

      /mnt

      The mount point directory on your ECS instance.

      Must be an existing directory, such as /mnt.

    With a RAM policy

    1. Configure RAM credentials.

      1. Create the /etc/aliyun/alinas/.credentials file.

        touch /etc/aliyun/alinas/.credentials
      2. Run the vi /etc/aliyun/alinas/.credentials command to open the /etc/aliyun/alinas/.credentials file and add content based on your authentication method.

        • RAM user

          [NASCredentials]
          accessKeyID = your_accesskey_id
          accessKeySecret = your_accesskey_secret

          Replace your_accesskey_id and your_accesskey_secret with the AccessKey ID and AccessKey Secret of the RAM user. The RAM user must have the permissions in the access point client permission policy. For information about how to obtain an AccessKey pair, see Obtain an AccessKey pair.

        • RAM role

          [NASCredentials]
          accessKeyID = your_accesskey_id
          accessKeySecret = your_accesskey_secret
          securityToken = your_security_token

          Replace your_accesskey_id, your_accesskey_secret, and your_security_token with the temporary credentials of a RAM role. The RAM role must have the permissions that are described in (Optional) Configure an access point policy. You can call the AssumeRole API operation to obtain the security token, AccessKey ID, and AccessKey Secret of the RAM role.

    2. Mount the NFS file system.

      • NFSv3

        sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt
      • NFSv4.0

        sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt

        Key parameters:

        Parameter

        Description

        tls

        Enables encryption in transit.

        Important

        You must enable encryption in transit when using an access point.

        ram

        Mounts the file system with configured RAM credentials. The default credentials file is /etc/aliyun/alinas/.credentials. To use a different path, add the ram_config_file=<your-path> option.

        <access-point>:/

        The access point address in : format.

        • Access point domain name: In the Apsara File Storage NAS console, on the File System List page, click Manage for the target file system. On the Mount Targets page, click the Access Point tab to obtain the access point domain name. View access point domain names. For example, ap-BLC2mN****.9e7de4b923-efr27.cn-zhangjiakou.nas.aliyuncs.com.

        • Relative path: Typically /.

          Note

          If the access point root directory is /test, the relative path / maps to /test on the NAS file system. A path like /path/to/dir maps to /test/path/to/dir. Ensure /test/path/to/dir exists on the file system.

        /mnt

        The mount point directory on your ECS instance.

        Must be an existing directory, such as /mnt.

  4. Verify the mount.

    • Run the following command:

      mount -l
    • View the output.

      If the output includes the mounted file system entry, the mount succeeded.

      493861480f6a55a971ad05c51b406a46.png

      After mounting, run the df -h command to check file system capacity.

      If the mount fails, see Troubleshoot access point mount failures.

  5. After mounting, you can read and write data on the ECS instance. Example file operations:

    mkdir /mnt/dir1
    mkdir /mnt/dir2
    touch /mnt/file1
    echo 'some file content' > /mnt/file2
    ls /mnt
  6. Optional: Configure automatic mounting on startup.

    Add a mount entry to the /etc/fstab file to persist the mount across ECS instance restarts.

    1. Open the /etc/fstab file and add a mount entry.

      • If the access point does not have a RAM policy enabled, add the following entry:

        access-point:/ /mnt alinas _netdev,tls,vers=3 0 0
      • If the access point has a RAM policy enabled, add the following entry:

        access-point:/ /mnt alinas _netdev,tls,vers=3,ram 0 0

        For key parameters, see the parameter descriptions above. Additional parameters:

        Parameter

        Description

        _netdev

        Defers mounting until the network is ready.

        vers

        The NFS protocol version.

        • vers=3: Mounts the file system by using the NFSv3 protocol.

        • vers=4.0: Mounts the file system by using the NFSv4.0 protocol.

        0 (first digit)

        Controls backup behavior for the dump command. Set to 0 for NAS file systems.

        0 (second digit)

        Controls the fsck check order at startup. Set to 0 to skip checking NAS file systems.

    2. Run the reboot command to restart the ECS instance.

      Note

      Verify manual mounting works before restarting to prevent boot failures. After the restart, run df -h to confirm automatic mounting.

Troubleshoot access point mount failures

The mount: unknown filesystem type 'alinas' error

Reinstall the alinas-utils client. Install the NAS client.

How to resolve the mount.nfs: an incorrect mount option was specified error when mounting a file system?

  • Cause

    The mount command is incorrect or the NAS client version is outdated.

  • Solution

    1. Verify the mount command parameters are correct. Mount an NFS file system.

    2. Check the NAS client version. If earlier than 1.1-8, update to the latest version.

      rpm -qa | grep alinas

How do I resolve the mount.nfs: Unknown error 521 error when mounting a file system?

  • Possible causes

    1. The access point domain name is incorrect.

    2. The permission group for the access point is configured incorrectly.

    3. A RAM policy is enabled, but a RAM policy is not configured or the accessKeyID or accessKeySecret in the .credential configuration file is incorrect.

    4. The Security Token Service (STS) token has expired.

  • Solutions

    1. Verify that the domain name in the mount command is correct.

      View access point domain names.

    2. Check the access point permission group configuration.

      In the list of access points, click Manage in the Actions column. On the access point details page, view the permission group of the access point. Manage permission groups.

    3. If a RAM policy is enabled for the access point:

      1. Ensure the mount command includes the ram parameter:

        NFSv3 protocol

        sudo mount -t alinas -o tls,vers=3,ram <access-point>:/ /mnt

        NFSv4.0 protocol

        sudo mount -t alinas -o tls,vers=4.0,ram <access-point>:/ /mnt
      2. Verify that the AccessKey configuration for the RAM user is correct.

        Configure RAM information.

      3. Verify the RAM user has nas:ClientMount permission and the access point client permission policy is correct.

        Configure an access point client permission policy.

      4. If you use an STS token for access, verify that the token has not expired.

Next steps