NFS (Network File System) lets Linux servers share directories over the network so other machines can mount and access them as if they were local storage. NFS is widely used for shared home directories, centralized backup targets, media servers, and any scenario where multiple hosts need access to the same files.
This guide covers setting up an NFS server and client on Rocky Linux 10 or AlmaLinux 10 using NFSv4, the current default protocol version. We also cover NFSv3 configuration for legacy clients that need it.
Prerequisites
- NFS Server: Rocky Linux 10 or AlmaLinux 10 with root access
- NFS Client: any Linux distribution
- Both machines on the same network or routable to each other
- Ports 2049 (NFS), 111 (rpcbind), and 20048 (mountd) open on the server
Install NFS Server
The nfs-utils package provides both the NFS server and client tools:
sudo dnf install -y nfs-utilsVerify the installed version:
rpm -q nfs-utilsRocky Linux 10 ships nfs-utils 2.8.x with full NFSv3 and NFSv4 support.
Configure NFS Exports
Create the directory you want to share and set appropriate permissions:
sudo mkdir -p /srv/nfs/shared
sudo chmod 755 /srv/nfs/sharedDefine which networks can access this share by editing the exports file:
sudo vi /etc/exportsAdd the export definition. Replace 192.168.1.0/24 with your network range:
/srv/nfs/shared 192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)Export options explained:
rw– read-write access (userofor read-only)sync– writes are committed to disk before the server replies (safer, slight performance cost)no_subtree_check– disables subtree checking for better reliabilityno_root_squash– allows root on the client to act as root on the NFS share. Useroot_squash(default) in untrusted environments
For multiple exports, add one line per directory:
/srv/nfs/shared 192.168.1.0/24(rw,sync,no_subtree_check)
/srv/nfs/backups 192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)
/srv/nfs/public 192.168.1.0/24(ro,sync,no_subtree_check)Start the NFS Server
Enable and start the NFS server service:
sudo systemctl enable --now nfs-serverApply the export configuration:
sudo exportfs -raVerify the exports are active:
sudo exportfs -vThe output shows each exported directory with its options and allowed networks:
/srv/nfs/shared
192.168.1.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)Check which NFS versions are running:
rpcinfo -p localhost | grep nfsYou should see NFSv3 and NFSv4 on port 2049:
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfsConfigure Firewall
Open the NFS, mountd, and rpcbind services in firewalld:
sudo firewall-cmd --permanent --add-service=nfs
sudo firewall-cmd --permanent --add-service=mountd
sudo firewall-cmd --permanent --add-service=rpc-bind
sudo firewall-cmd --reloadVerify the services are open:
sudo firewall-cmd --list-servicesThe output should include nfs, mountd, and rpc-bind.
Configure the NFS Client
On the client machine, install the NFS client utilities:
sudo dnf install -y nfs-utilsFor Ubuntu/Debian clients, install nfs-common instead:
sudo apt install -y nfs-commonCheck what the server is exporting:
showmount -e 192.168.1.100Replace 192.168.1.100 with the NFS server’s IP. The output lists available exports.
Mount the NFS share
Create a mount point and mount the share:
sudo mkdir -p /mnt/nfs
sudo mount -t nfs4 192.168.1.100:/srv/nfs/shared /mnt/nfsVerify the mount:
df -h /mnt/nfsTest read/write access:
echo "NFS test from client" | sudo tee /mnt/nfs/client-test.txt
cat /mnt/nfs/client-test.txtPersistent mount via /etc/fstab
To mount the share automatically on boot, add it to /etc/fstab:
sudo vi /etc/fstabAdd this line at the end:
192.168.1.100:/srv/nfs/shared /mnt/nfs nfs4 defaults,_netdev 0 0The _netdev option tells systemd to wait for the network before attempting the mount, preventing boot failures when the NFS server is unreachable.
Test the fstab entry without rebooting:
sudo umount /mnt/nfs
sudo mount -a
df -h /mnt/nfsSELinux Considerations
Rocky Linux 10 enables the NFS export SELinux booleans by default. Verify they are set:
getsebool nfs_export_all_rw nfs_export_all_roBoth should show on. If sharing home directories or custom paths, the SELinux context must be correct:
sudo semanage fcontext -a -t nfs_t "/srv/nfs(/.*)?"
sudo restorecon -Rv /srv/nfsNFS Ports Reference
| Port | Protocol | Service |
|---|---|---|
| 2049 | TCP/UDP | NFS (main data transfer) |
| 111 | TCP/UDP | rpcbind (port mapper) |
| 20048 | TCP/UDP | mountd (mount protocol) |
Troubleshooting
mount.nfs4: access denied by server
The client’s IP is not in the allowed network range in /etc/exports. Check the export definition and run exportfs -ra after making changes. Also verify firewalld allows the NFS service.
mount.nfs4: Connection timed out
The firewall on the server is blocking NFS traffic. Verify port 2049 is open with firewall-cmd --list-services. Also check network connectivity with ping.
Permission denied when writing files
Check three things: the directory permissions on the server (chmod), the export options (rw vs ro), and SELinux booleans (nfs_export_all_rw must be on).
Conclusion
NFS is sharing files between your Rocky Linux 10 / AlmaLinux 10 servers over the network. For production deployments, use root_squash instead of no_root_squash to limit root access from clients, restrict exports to specific IP addresses rather than entire subnets, and consider Kerberos authentication for environments that need strong user-level access control. Refer to the RHEL 10 NFS documentation for Kerberos setup and advanced export options.
