How to Set Up NFS File Sharing on RHEL 7
Network File System (NFS) is a distributed file system protocol that allows a server to share directories over a network, enabling client machines to mount and access those directories as if they were local storage. NFS has been a cornerstone of Unix and Linux networking for decades, and RHEL 7 ships with robust support for both NFSv3 and NFSv4. This tutorial covers everything you need to configure a fully functional NFS server on RHEL 7 — from installing the required packages and configuring exports to managing firewall rules and setting up persistent client mounts. Both server-side and client-side configuration steps are included.
Prerequisites
- Two RHEL 7 systems on the same network — one acting as the NFS server, one as the client
- Root or sudo access on both machines
- The server’s IP address or hostname resolvable from the client
- Firewalld running on both systems (or at least the server)
- A directory you wish to share from the server (e.g.,
/srv/nfsshare)
Step 1: Install nfs-utils on the Server
The nfs-utils package provides the NFS server daemon and associated utilities. Install it on the server:
yum install -y nfs-utilsThis installs nfsd, rpcbind, exportfs, showmount, and related tools. Verify the installation:
rpm -q nfs-utilsStep 2: Create and Prepare the Shared Directory
Create the directory you want to export over NFS and set appropriate permissions. For this example, we will share /srv/nfsshare:
mkdir -p /srv/nfsshare
chmod 755 /srv/nfsshareIf you want clients to write to the share, ensure the directory is owned by the appropriate user or set world-writable permissions carefully:
# Allow all users to write (adjust as appropriate for your security requirements)
chmod 777 /srv/nfsshare
# Or assign ownership to a specific user
chown nfsnobody:nfsnobody /srv/nfsshareCreate some test content to verify the share works later:
echo "NFS share is working" > /srv/nfsshare/test.txtStep 3: Configure /etc/exports
The /etc/exports file defines which directories the NFS server shares and which clients may access them. Each line follows this syntax:
/path/to/share client_spec(options)Edit /etc/exports to add your share definitions:
vi /etc/exportsAdd one of the following lines depending on your needs:
# Share with a specific client IP, read-write
/srv/nfsshare 192.168.1.101(rw,sync,no_subtree_check)
# Share with an entire subnet, read-only
/srv/nfsshare 192.168.1.0/24(ro,sync,no_subtree_check)
# Share with all clients, read-write with root access preserved
/srv/nfsshare *(rw,sync,no_subtree_check,no_root_squash)Key Export Options Explained
- rw — Allow read and write access (use ro for read-only)
- sync — Write changes to disk before replying to the client (safer; use async for performance at the cost of data integrity)
- no_subtree_check — Disables subtree checking, which reduces reliability issues when files in the exported directory are renamed. Recommended for most configurations.
- no_root_squash — Allows the root user on the client to have root privileges on the server’s share. Use with caution — this is a significant security consideration. By default, root is squashed to
nfsnobody. - root_squash — The default. Maps root on the client to the anonymous user
nfsnobodyon the server. - all_squash — Maps all client UIDs/GIDs to the anonymous user. Useful for public shares.
A typical production-safe configuration for a single trusted client:
/srv/nfsshare 192.168.1.101(rw,sync,no_subtree_check,root_squash)Step 4: Apply the Export Configuration
After editing /etc/exports, apply the changes with exportfs. The -ra flags re-export all entries and apply changes:
exportfs -raVerify the active exports:
exportfs -vSample output:
/srv/nfsshare 192.168.1.101(rw,wdelay,root_squash,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)Step 5: Start and Enable NFS Server Services
RHEL 7 uses systemctl to manage services. Start and enable the NFS server and rpcbind:
systemctl start rpcbind
systemctl start nfs-server
systemctl enable rpcbind
systemctl enable nfs-serverCheck the status of both services:
systemctl status nfs-server
systemctl status rpcbindFor NFSv4 environments you may also want to start the NFS lock manager:
systemctl start nfs-lock
systemctl enable nfs-lockStep 6: Configure Firewall Rules on the Server
NFS uses several ports that must be opened in the firewall. The easiest approach on RHEL 7 with firewalld is to use the predefined service definitions:
# Add NFS, mountd, and rpc-bind services to the firewall
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
# Reload firewall to apply changes
firewall-cmd --reloadVerify the rules were applied:
firewall-cmd --list-allYou should see nfs, mountd, and rpc-bind listed under services. NFSv4 uses only TCP port 2049, so if you are using NFSv4 exclusively you only strictly need the nfs service; mountd and rpc-bind are required for NFSv3.
Step 7: Install nfs-utils and Mount on the Client
On the client machine, install nfs-utils:
yum install -y nfs-utilsStart and enable rpcbind on the client:
systemctl start rpcbind
systemctl enable rpcbindBefore mounting, verify that the server is exporting the share as expected:
showmount -e 192.168.1.100Sample output:
Export list for 192.168.1.100:
/srv/nfsshare 192.168.1.101Create a local mount point and mount the NFS share:
mkdir -p /mnt/nfsdata
mount -t nfs 192.168.1.100:/srv/nfsshare /mnt/nfsdataTo force NFSv4 explicitly:
mount -t nfs -o vers=4 192.168.1.100:/srv/nfsshare /mnt/nfsdataVerify the mount:
df -hT /mnt/nfsdata
ls /mnt/nfsdataYou should see the test.txt file created earlier on the server.
Step 8: Persist the NFS Mount with /etc/fstab
To automatically mount the NFS share at boot, add an entry to /etc/fstab on the client. The _netdev option is critical — it tells the system to wait for network availability before attempting to mount:
vi /etc/fstabAdd the following line:
192.168.1.100:/srv/nfsshare /mnt/nfsdata nfs defaults,_netdev 0 0For NFSv4 with additional performance options:
192.168.1.100:/srv/nfsshare /mnt/nfsdata nfs4 rw,sync,hard,intr,_netdev 0 0Test the fstab entry:
umount /mnt/nfsdata
mount -a
df -hT /mnt/nfsdataStep 9: Understanding NFSv4 Benefits
NFSv4, the default on RHEL 7, provides significant improvements over NFSv3:
- Single port (TCP 2049) — NFSv4 uses only one TCP port, making firewall configuration simpler and more predictable than NFSv3, which required multiple ports for
mountd,rpcbind, and the lock manager. - Stateful protocol — NFSv4 maintains connection state, enabling better locking semantics and recovery after network interruptions.
- Integrated ACL support — NFSv4 has native support for ACLs that map well to POSIX permissions.
- Kerberos authentication — NFSv4 supports
sec=krb5,sec=krb5i, andsec=krb5psecurity flavors for encrypted and authenticated communication. - Delegation — NFSv4 supports file delegation, allowing clients to cache file operations locally and reduce round-trips to the server.
To confirm which NFS version is in use on an active mount:
nfsstat -mConclusion
Setting up NFS on RHEL 7 is straightforward once you understand the relationship between the /etc/exports configuration, the nfs-server and rpcbind services, and the firewall rules required for each NFS version. NFS remains one of the most efficient ways to share file system data across Linux systems on a trusted network, and with NFSv4 you get improved security and simpler firewall management. By persisting mounts with the _netdev option in /etc/fstab, you ensure that clients reconnect reliably after reboots, making NFS a dependable foundation for shared storage in small and large environments alike.
