1093 words
5 minutes
Configuring NFS on Linux
2025-08-06
HowTo
Linux
/
NFS

What is NFS ?#

NFS, Network File System, is a distributed file system protocol used for sharing files and directories over a network. The files and directories can be accessed as if they were located on the remote computer.

Installing NFS server#

The following core packages need to be installed:

PackageDescription
nfs-kernel-serverDebian based distros onlyMain NFS server package on Debian based distributions.
nfs-utilsRed Hat based distros onlyNFS server components and client utilities.
rpcbindOnly for legacy NFSv2 & NFSv3Central mapping service for older NFS versions. This is replaced by a well-known port, 2049/tcp, in NFSv4. See NFSv4 Only Server
Debian
sudo apt-get update
sudo apt-get install nfs-kernel-server rpcbind -y
Red Hat
sudo yum update
sudo yum install nfs-utils rpcbind -y

Once the packages are installed, you can start the NFS server service.

sudo systemctl start nfs-server
sudo systemctl start rpcbind

Optionally, you may want to configure the service to auto-start on boot.

sudo systemctl enable nfs-server
sudo systemctl enable rpcbind

Sharing Directories with NFS#

Files or folders to be accessed by NFS clients are configured in the file /etc/exports.
This file is maintained by the system administrator.

Lines beginning with a # are treated as comments while empty lines are ignored.
A basic directory entry is in the following format:

[folder_path] [network_address](export_options)
NOTE

There is no space between network_address and export_options

Multiple allowed network addresses can also be specified for a single directory entry as follows:

[folder_path] [network_address_1](export_options) [network_address_2](export_options)
ValueOptionalDescription
folder_pathNAbsolute path in the server where the folder is located.
network_addressNAn ip or network allowed to access the shared folder. see network address formats
export_optionsYA list of options that specify access levels granted to nfs clients. see export options

Network Addresses#

IP addresses, Network addresses and Domain names are accepted values in the configuration file. Wildcard characters, *, ?, and character classes [] can be used to specify the network address.

The following are examples of accepted network address entries:

  • server1.mydomain.local
  • 192.168.101.100
  • 192.168.101.0/24
  • *.mydomain.local
  • client_?.mydomain.local
  • client_[123].mydomain.local
characterDescription
*Matches any sequence of characters.
?Matches any single character.
[]matches any character within the brackets.

Export Options#

Here are some common NFS options that are key when troubleshooting NFS issues.

optionDescription
roClients have read only access to files on the share.
rwClients have read-write access to files on the share.
syncForces the server to write to disk before replying to client.
asyncForces the server to reply to client even before changes are fully flushed to disk.
root_squashMaps the root user IDs on client machine to an anonymous user ID. This prevents the client’s root user from having root privileges on the NFS server’s file system.
no_root_squashDisables root_squash
all_squashMaps all client’s user IDs including root to an anonymous user ID. This is useful for read-only shares.
anonuid=Sets the UID for the anonymous user.
anongid=Sets the GID for the anonymous user.

Sample exports file#

/etc/exports
# allow clients by ip
/folders/myfolder1  192.168.22.10(rw,anoguid=34,anouid=34)
/folders/myfolder1  192.168.22.11(rw,anoguid=34,anouid=34)


# allow all ips in a network
/folders/myfolder2  192.168.22.0/24(rw,anoguid=12,anouid=12)


# allow multiple networks
/folders/myfolder3  192.168.22.0/24(rw) 192.168.23.0/24(rw,anoguid=12,anouid=12)


# using patterns to specify network address
/folders/myfolder4  192.168.*.0/24(rw) 192.168.23.0/24(rw)

Reloading the exports file#

Any time the file, etc/exports, has been modified, it needs to be reloaded.

# reload exports file
sudo exportfs -r


# view exported directory and file entries
sudo exportfs -v

Mounting NFS Shares in Linux#

Only clients specified, or match the rules specified, in /etc/exports can mount shared NFS directories. NFS client package must be installed to mount NFS directories: nfs-utils in Red Hat based distros and nfs-common in Debian based distros.

Debian
sudo apt-get update
sudo apt-get install nfs-common -y
Red Hat
sudo yum update
sudo yum install nfs-utils -y

Once the packages are installed, the NFS share can be mounted using mount command.

mount -t nfs nfs_server:folder_path mount_point -o mount_options

ValueDescription
nfs_serverNFS server address.
folder_pathShared directory in NFS server.
mount_pointLocation to mount the NFS share in local server or client.
mount_optionsA comma-separated list of options to control how the mount behaves.
NOTE

The mount_point must be a valid path in the client.

# mount /folders/myfolder1 shared by 168.10.100 at /mount_point
mount -t nfs 192.168.10.100:/folders/myfolder1 /mount_point

NFS Mount Options#

Here are some common mount options:

optionDescription
nfsvers=Force the use of a specific NFS version.
tcpForce TCP protocol to be used.
udpForce UDP protocol to be used.
nosuidDisables set-user-ID and set-group-ID bits.
noexecPrevents execution of executables on the mounted file system.
rsize=Read block size.
wsize=write block size.

Mounting NFS shares on system startup#

NFS shares can also be automatically mounted during startup. This requires NFS share entries to be added to /etc/fstab.

An NFS server entry in fstab is specified as follows:
nfs_server:folder_path mount_point nfs mount_options dump pass

/etc/fstab
192.168.10.100:/folders/myfolder1  /mount_point    nfs  defaults                     0 0
192.168.10.100:/folders_00         /mount_point_2  nfs  defaults,nfsvers=4,tcp,bg    0 0

Unmounting NFS shares in Linux#

To unmount the share, you can use the umount command by specifying either:

  • nfs_server:folder_path or
  • mount_point
# unmount by nfs_server:folder_path
umount 192.168.10.100:/folders/myfolder1


# unmount by mount_point
umount /mount_point

NFSv4 Only Server#

NFSv2 and NFSv3 rely on three core services: nfsd, mountd, and lockd. These services do not have fixed ports. When they start, they bind to dynamic ports. They then register the chosen ports with the rpcbind service. NFS clients have to query the rpcbind service on the server to discover the specific port numbers for each necessary NFS function.

NFSv4 integrates these functions into the main NFSv4 protocol itself. The protocol also uses a fixed well-known port, 2049/tcp, for communication. This eliminates the need for these decoupled services and hence the need for rpcbind service.

To run NFSv4 only server, all legacy NFS versions need to be disabled. In this case rpcbind is not needed and can be disable or masked. This is the recommended approach for a secure NFS server deployment.

Disabling legacy NFS versions#

To disable the legacy NFS versions, the recommended approach is to create a configuration file in /etc/nfs.conf.d/ with the appropriate configurations. The name of the configuration file does not matter as long as the extension is .conf.

/etc/nfs.conf.d/disable-nfs-v2-v3.conf
[nfsd]
vers2=n
vers3=n

Once the file is created, you can restart the NFS server to apply the changes.

sudo systemctl restart nfs-server

You can verify the enabled or disabled NFS versions by checking the file /proc/fs/nfsd/versions. A + indicates the version is enabled, while a - indicates it is disabled.

cat /proc/fs/nfsd/versions

Finally you need to disable or mask rpcbind service.

Disabling the service only prevents it from being auto-started on boot. The service can still be manually started.

# disable rpcbind
sudo systemctl disable --now rpcbind

Masking the service prevents it from being started completely. Attempts to start the service will fail.

# stop and mask rpcbind service
sudo systemctl stop rpcbind
sudo systemctl mask rpcbind

Summary#

  • nfs-kernel-server, nfs-utils, rpcbind packages are needed to run an NFS server depending on the desired NFS version and the server Linux distro.
  • NFS shares are configured in ‘/etc/exports’
  • NFS shares can be mounted on the client’s file system just like client local drives.
  • NFS shares can be added to /etc/fstab, hence being mounted on system startup.
  • For secure NFS deployments, prefer NFSv4 as it has evolved to a more secure protocol than v2 and v3.

Conclusion#

You should now be able to:

  • Deploy a secure NFS server.
  • Mount and unmount NFS shares on local file system.
  • Troubleshoot NFS server related problems.
  • Troubleshoot permission issues when dealing with mounted NFS shares.
NOTE

Happy File Sharing !!!

Configuring NFS on Linux
https://www.wizardofbits.com/posts/linux/configuring-nfs-on-linux/
Author
Nahashon Mwongera
Published at
2025-08-06
License
CC BY-NC-SA 4.0
Shell Scripting: Mutex Locks
Troubleshooting Windows ftp.exe
© 2025 Nahashon Mwongera. All Rights Reserved. / RSS / Sitemap
Powered by Astro