Mount NFS Azure file shares on Linux

Azure file shares can be mounted in Linux distributions using either the Server Message Block (SMB) protocol or the Network File System (NFS) protocol. This article is focused on mounting with NFS. For details on mounting SMB Azure file shares, see Use Azure Files with Linux. For details on each of the available protocols, see Azure file share protocols.

Applies to

File share type SMB NFS
Standard file shares (GPv2), LRS/ZRS No No
Standard file shares (GPv2), GRS/GZRS No No
Premium file shares (FileStorage), LRS/ZRS No Yes

Support

Currently, only NFS version 4.1 is supported. NFS 4.1 shares are only supported within the FileStorage storage account type (premium file shares only).

NFS Azure file shares support most features from the 4.1 protocol specification. Some features such as delegations and callback of all kinds, Kerberos authentication, and encryption-in-transit aren't supported.

The nconnect mount option is currently in preview and isn't recommended for production use.

Regional availability

NFS Azure file shares are supported in all the same regions that support premium file storage. See Azure products available by region.

Step 1: Create an NFS Azure file share

If you haven't already done so, create an NFS Azure file share.

Step 2: Configure network security

NFS shares can only be accessed from trusted networks. Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request.

Important

The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you've granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.

Create a private endpoint or service endpoint

To use NFS Azure file shares, you must either create a private endpoint (recommended) or restrict access to your public endpoint.

Disable secure transfer

Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you'll need to disable secure transfer on your storage account.

  1. Sign in to the Azure portal and access the storage account containing the NFS share you created.

  2. Select Configuration.

  3. Select Disabled for Secure transfer required.

  4. Select Save.

    Screenshot of storage account configuration screen with secure transfer disabled.

Enable hybrid access through VPN or ExpressRoute (optional)

To enable hybrid access to an NFS Azure file share, use one of the following networking solutions:

Step 3: Mount an NFS Azure file share

You can mount the share using the Azure portal. You can also create a record in the /etc/fstab file to automatically mount the share every time the Linux server or VM boots.

Mount an NFS share using the Azure portal

You can use the nconnect Linux mount option to improve performance for NFS Azure file shares at scale. For more information, see Improve NFS Azure file share performance.

  1. Once the file share is created, select the share and select Connect from Linux.

  2. Enter the mount path you'd like to use, then copy the script.

  3. Connect to your client and use the provided mounting script. Only the required mount options are included in the script, but you can add other recommended mount options.

    Screenshot of file share connect blade.

You have now mounted your NFS share.

Mount an NFS share using /etc/fstab

If you want the NFS file share to automatically mount every time the Linux server or VM boots, create a record in the /etc/fstab file for your Azure file share. Replace YourStorageAccountName and FileShareName with your information.

<YourStorageAccountName>.file.core.windows.net:/<YourStorageAccountName>/<FileShareName> /media/<YourStorageAccountName>/<FileShareName> nfs vers=4,minorversion=1,_netdev,nofail,sec=sys 0 0

For more information, enter the command man fstab from the Linux command line.

Mount options

The following mount options are recommended or required when mounting NFS Azure file shares.

Mount option Recommended value Description
vers 4 Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFSv4.1.
minorversion 1 Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the vers parameter. So instead of vers=4.1, use vers=4,minorversion=1.
sec sys Required. Specifies the type of security to use when authenticating an NFS connection. Setting sec=sys uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations.
rsize 1048576 Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance.
wsize 1048576 Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance.
noresvport n/a Recommended for kernels below 5.18. Tells the NFS client to use a non-privileged source port when communicating with an NFS server for the mount point. Using the noresvport mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is strongly recommended for achieving high availability.
actimeo 30-60 Recommended. Specifying actimeo sets all of acregmin, acregmax, acdirmin, and acdirmax to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting actimeo between 30 and 60 seconds.

Step 4: Validate connectivity

If your mount fails, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see Verify connectivity.

NFS file share snapshots

Customers using NFS Azure file shares can take file share snapshots. This capability allows users to roll back entire file systems or recover files that were accidentally deleted or corrupted. See Use share snapshots with Azure Files.

Next step