Install NFS Server on Rocky Linux 10 / AlmaLinux 10 [Guide]

NFS (Network File System) is a distributed file system protocol that allows client machines to access files over a network as if they were on local storage. It is the standard for shared storage in Linux environments – used for home directories, application data, media files, and VM disk images across multiple servers.

This guide covers a complete NFS server and client setup on Rocky Linux 10, AlmaLinux 10, and RHEL 10. We configure NFSv4 exports on the server, open firewall ports, set SELinux booleans, mount the share on a client, and persist the mount through reboots with /etc/fstab. For NFS on Ubuntu or Debian, see Configure NFS Server on Ubuntu.

Prerequisites

2 servers running Rocky Linux 10, AlmaLinux 10, or RHEL 10
Root or sudo access on both servers
Network connectivity between the two servers on port 2049/TCP
Static IP addresses configured on both servers

Our lab setup uses two servers:

Role	Hostname	IP Address
NFS Server	nfs-server	10.0.1.10
NFS Client	nfs-client	10.0.1.11

Step 1: Install NFS Server on Rocky Linux 10 / AlmaLinux 10

Run all commands in this section on the NFS server (10.0.1.10). Start by setting the hostname and installing the NFS packages.

sudo hostnamectl set-hostname nfs-server

Install the nfs-utils package which provides the NFS server and client tools.

sudo dnf install -y nfs-utils

Enable and start the NFS server service.

sudo systemctl enable --now nfs-server

Verify the service is running.

$ sudo systemctl status nfs-server
● nfs-server.service - NFS server and services
     Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; preset: disabled)
     Active: active (exited) since Fri 2026-03-21 10:15:00 UTC; 5s ago

Check which NFS versions are enabled on the server.

$ cat /proc/fs/nfsd/versions
-3 +4 +4.1 +4.2

NFSv4 and NFSv4.2 are enabled by default. NFSv3 is disabled on RHEL 10 family systems – NFSv4 is the recommended protocol as it works through firewalls on a single port (2049/TCP) and supports ACLs.

Create a directory to share over NFS. In this example we create /srv/nfs/shared as the export directory.

sudo mkdir -p /srv/nfs/shared

Set ownership so that NFS clients can write to the share. Using nobody:nobody ensures a neutral owner that maps correctly across clients.

sudo chown nobody:nobody /srv/nfs/shared
sudo chmod 2770 /srv/nfs/shared

Now configure the NFS export. Open the exports file.

sudo vi /etc/exports

Add the following line to export /srv/nfs/shared to the 10.0.1.0/24 subnet with read-write access.

/srv/nfs/shared  10.0.1.0/24(rw,sync,no_subtree_check,root_squash)

Here is what each option does:

rw – Allow read and write access
sync – Write changes to disk before replying to the client (safer than async)
no_subtree_check – Disables subtree checking for better reliability
root_squash – Maps remote root user to the anonymous user (security best practice)

To export to a single host instead of a subnet, replace 10.0.1.0/24 with the client IP, for example 10.0.1.11(rw,sync,no_subtree_check,root_squash).

Apply the export configuration without restarting the NFS service.

$ sudo exportfs -rav
exporting 10.0.1.0/24:/srv/nfs/shared

Verify the active exports.

$ sudo exportfs -v
/srv/nfs/shared  10.0.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)

Step 3: Configure Firewall for NFS

NFSv4 uses a single port – 2049/TCP. Open it in firewalld. If you need to support NFSv3 clients, you must also open the mountd and rpc-bind services, but NFSv4-only setups just need port 2049. For a deeper look at firewalld on RHEL and Rocky Linux, check our dedicated guide.

sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --reload

Verify the rule is active.

$ sudo firewall-cmd --list-services
cockpit dhcpv6-client nfs ssh

Step 4: Set SELinux Booleans for NFS

SELinux is enforcing by default on Rocky Linux 10 / AlmaLinux 10 / RHEL 10. Enable the NFS-related SELinux booleans so the server can export read-write shares and clients can use NFS home directories.

sudo setsebool -P nfs_export_all_rw 1
sudo setsebool -P nfs_export_all_ro 1

If NFS clients will use the share as home directories, also enable this boolean.

sudo setsebool -P use_nfs_home_dirs 1

Verify the booleans are set.

$ getsebool -a | grep nfs_export
nfs_export_all_ro --> on
nfs_export_all_rw --> on

The NFS server is now fully configured and ready to serve shares. The remaining steps are performed on the client machine.

Run all commands in this section on the NFS client (10.0.1.11). Start by installing the NFS client utilities.

sudo hostnamectl set-hostname nfs-client
sudo dnf install -y nfs-utils

Verify the NFS server is exporting the share by querying it from the client.

$ showmount -e 10.0.1.10
Export list for 10.0.1.10:
/srv/nfs/shared 10.0.1.0/24

Create a local mount point and mount the NFS share.

sudo mkdir -p /mnt/nfs/shared
sudo mount -t nfs4 10.0.1.10:/srv/nfs/shared /mnt/nfs/shared

Verify the mount is active.

$ df -hT /mnt/nfs/shared
Filesystem                    Type  Size  Used Avail Use% Mounted on
10.0.1.10:/srv/nfs/shared     nfs4   50G  1.5G   49G   3% /mnt/nfs/shared

Test read and write access by creating a test file.

$ touch /mnt/nfs/shared/testfile.txt
$ ls -la /mnt/nfs/shared/testfile.txt
-rw-r--r--. 1 nobody nobody 0 Mar 21 10:30 /mnt/nfs/shared/testfile.txt

Step 6: Persist NFS Mount with /etc/fstab

The manual mount from the previous step does not survive a reboot. To auto-mount the NFS share at boot, add an entry to /etc/fstab. You can also use AutoFS for automatic NFS mounting if you prefer on-demand mounts.

sudo vi /etc/fstab

Add the following line at the end of the file.

10.0.1.10:/srv/nfs/shared  /mnt/nfs/shared  nfs4  defaults,_netdev  0  0

The _netdev option tells systemd to wait for network availability before attempting the mount – this prevents boot hangs if the NFS server is unreachable.

Test the fstab entry without rebooting.

sudo umount /mnt/nfs/shared
sudo mount -a

Verify it mounted correctly.

$ mount | grep nfs
10.0.1.10:/srv/nfs/shared on /mnt/nfs/shared type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.11,local_lock=none,addr=10.0.1.10)

NFS Export Options Reference

Here is a reference table of commonly used NFS export options for /etc/exports.

Option	Description
rw	Allow read and write access to the share
ro	Allow read-only access (default)
sync	Write data to disk before replying – safer but slower
async	Reply before data is written to disk – faster but risk of data loss on crash
root_squash	Map remote root (UID 0) to anonymous user – default and recommended
no_root_squash	Allow remote root to have full root privileges – needed for VM image storage
all_squash	Map all remote users to the anonymous user
no_subtree_check	Disable subtree checking – improves reliability when exporting subdirectories
sec=krb5p	Require Kerberos authentication with privacy (encryption)

For Kerberos-secured NFS, see our guide on configuring NFS with Kerberos authentication.

Troubleshooting NFS on Rocky Linux 10

If the client cannot mount the share, check these common issues.

Check NFS server is listening on port 2049.

$ ss -tlnp | grep 2049
LISTEN  0  64  0.0.0.0:2049  0.0.0.0:*

Check the firewall allows NFS traffic.

sudo firewall-cmd --list-services

Check SELinux denials in the audit log.

sudo ausearch -m avc -ts recent | grep nfs

Check the NFS server logs.

sudo journalctl -u nfs-server -f

Verify network connectivity between server and client.

nc -zv 10.0.1.10 2049

If you work with block storage instead of file-level NFS, consider setting up iSCSI Target and Initiator on Rocky Linux 10 for direct disk-level access over the network.

Conclusion

We configured a complete NFS server and client setup on Rocky Linux 10 / AlmaLinux 10 / RHEL 10 – from installing packages and creating exports to opening firewall ports, setting SELinux booleans, and persisting the mount with fstab. The NFS share is now accessible to all authorized clients on the network.

For production deployments, consider enabling Kerberos authentication with sec=krb5p for encrypted NFS traffic, setting up FS-Cache for NFS caching on clients to reduce network load, and monitoring NFS server performance with nfsstat. Refer to the RHEL NFS documentation for additional configuration options.