How to Set Up NFS File Sharing on RHEL 9

November 28, 2025
Linux
Comment off

NFS (Network File System) is the standard protocol for sharing directories over a network between Linux and Unix systems. On RHEL 9, NFS is provided by the nfs-utils package and integrates with firewalld and SELinux out of the box. NFS allows multiple clients to mount and access a shared directory on a server as if it were a local filesystem, making it ideal for shared home directories, application data, and centralized storage in enterprise environments. This tutorial covers configuring both the NFS server and client on RHEL 9, including persistent mounts and an overview of security options.

Prerequisites

Two RHEL 9 systems on the same network: one server, one client
Root or sudo access on both systems
firewalld running on the server
Both systems able to reach each other by IP or hostname

Step 1 — Install NFS Utilities and Create the Export Directory

Install the nfs-utils package on both the server and the client:

# Run on both server and client
dnf install -y nfs-utils

# On the server: create the directory to export
mkdir -p /srv/share
chown nobody:nobody /srv/share
chmod 0755 /srv/share

Using nobody ownership with NFS is a safe default for publicly readable shares. Adjust ownership to match your use case.

Step 2 — Configure /etc/exports

The /etc/exports file controls which directories are exported and to which clients. Each line specifies a path, a client specification, and mount options in parentheses:

# /etc/exports — basic syntax
/srv/share  192.168.1.0/24(rw,sync,no_subtree_check)

# Export to a single specific client
/srv/share  192.168.1.50(rw,sync,no_root_squash)

# Export read-only to all clients in a subnet
/srv/share  192.168.1.0/24(ro,sync)

# Apply changes after editing
exportfs -arv

Key options: rw — read/write; sync — write data to disk before replying (safer than async); no_subtree_check — disables subtree checking for better reliability; no_root_squash — preserves root privileges from client (use cautiously); root_squash (default) — maps remote root to anonymous user.

Step 3 — Start the NFS Server and Open the Firewall

Enable and start the NFS server service, then allow NFS traffic through the firewall:

# Enable and start NFS server
systemctl enable --now nfs-server.service

# Verify exports are active
exportfs -v
showmount -e localhost

# Open firewall for NFS (NFSv4 only needs nfs; NFSv3 also needs mountd, rpc-bind)
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload

Step 4 — Mount the Share on the Client

On the client system, create a mount point and mount the NFS share:

# Create the local mount point
mkdir -p /mnt/share

# Mount manually (replace 192.168.1.100 with your server IP)
mount -t nfs 192.168.1.100:/srv/share /mnt/share

# Verify the mount
df -h /mnt/share
ls /mnt/share

To check which exports a server offers before mounting:

showmount -e 192.168.1.100

Step 5 — Make the Mount Persistent with /etc/fstab

To mount the NFS share automatically at boot, add an entry to /etc/fstab on the client with appropriate NFS-specific options:

# /etc/fstab entry for NFS
192.168.1.100:/srv/share  /mnt/share  nfs  rw,sync,hard,timeo=150,_netdev  0 0

Option reference: hard — keep retrying if the server is unreachable (safer than soft); timeo=150 — timeout in tenths of a second before retrying; _netdev — tells systemd to wait for network before mounting; nfsvers=4 — force NFSv4.

# Test the fstab entry
umount /mnt/share
mount -a
df -h /mnt/share

Step 6 — NFSv4 vs NFSv3 and Kerberos Security

RHEL 9 defaults to NFSv4, which improves on NFSv3 in several ways: it uses a single TCP port (2049) simplifying firewall rules, supports stateful connections, and has built-in ACL support. NFSv3 requires rpcbind, mountd, and statd daemons with dynamic ports.

For production environments requiring authentication and encryption, NFS supports Kerberos security via three modes configurable in /etc/exports:

# Kerberos NFS export modes
/srv/share  *(sec=krb5)       # authentication only (identity verified)
/srv/share  *(sec=krb5i)      # authentication + integrity (data signed)
/srv/share  *(sec=krb5p)      # authentication + integrity + privacy (encrypted)

# Requires nfs-secure.service and a valid Kerberos KDC
# Enable NFS security service on both server and client
systemctl enable --now nfs-secure.service

Conclusion

You have set up a fully functional NFS server on RHEL 9, configured exports with appropriate options, opened the firewall, and mounted the share persistently on a client. NFS remains the most efficient way to share filesystems between Linux systems in a local network, and with NFSv4 and Kerberos, it can be secured for enterprise deployments.

Next steps: How to Configure Samba File Sharing on RHEL 9, How to Configure LVM on RHEL 9, and How to Automate Backups with rsync and cron on RHEL 9.