Mount NFS Azure file shares on Linux
Azure file shares can be mounted in Linux distributions using either the Server Message Block (SMB) protocol or the Network File System (NFS) protocol. This article is focused on mounting with NFS. For details on mounting SMB Azure file shares, see Use Azure Files with Linux. For details on each of the available protocols, see Azure file share protocols.
Applies to
File share type | SMB | NFS |
---|---|---|
Standard file shares (GPv2), LRS/ZRS | ||
Standard file shares (GPv2), GRS/GZRS | ||
Premium file shares (FileStorage), LRS/ZRS |
Support
Currently, only NFS version 4.1 is supported. NFS 4.1 shares are only supported within the FileStorage storage account type (premium file shares only).
NFS Azure file shares support most features from the 4.1 protocol specification. Some features such as delegations and callback of all kinds, Kerberos authentication, and encryption-in-transit aren't supported.
The nconnect mount option is currently in preview and isn't recommended for production use.
Regional availability
NFS Azure file shares are supported in all the same regions that support premium file storage. See Azure products available by region.
Step 1: Create an NFS Azure file share
If you haven't already done so, create an NFS Azure file share.
Step 2: Configure network security
NFS shares can only be accessed from trusted networks. Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request.
Important
The NFSv4.1 protocol runs on port 2049. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through port 2049. If you've granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through port 2049.
Create a private endpoint or service endpoint
To use NFS Azure file shares, you must either create a private endpoint (recommended) or restrict access to your public endpoint.
Disable secure transfer
Azure Files doesn't currently support encryption-in-transit with the NFS protocol and relies instead on network-level security. Therefore, you'll need to disable secure transfer on your storage account.
Sign in to the Azure portal and access the storage account containing the NFS share you created.
Select Configuration.
Select Disabled for Secure transfer required.
Select Save.
Enable hybrid access through VPN or ExpressRoute (optional)
To enable hybrid access to an NFS Azure file share, use one of the following networking solutions:
Step 3: Mount an NFS Azure file share
You can mount the share using the Azure portal. You can also create a record in the /etc/fstab file to automatically mount the share every time the Linux server or VM boots.
Mount an NFS share using the Azure portal
You can use the nconnect
Linux mount option to improve performance for NFS Azure file shares at scale. For more information, see Improve NFS Azure file share performance.
Once the file share is created, select the share and select Connect from Linux.
Enter the mount path you'd like to use, then copy the script.
Connect to your client and use the provided mounting script. Only the required mount options are included in the script, but you can add other recommended mount options.
You have now mounted your NFS share.
Mount an NFS share using /etc/fstab
If you want the NFS file share to automatically mount every time the Linux server or VM boots, create a record in the /etc/fstab file for your Azure file share. Replace YourStorageAccountName
and FileShareName
with your information.
<YourStorageAccountName>.file.core.windows.net:/<YourStorageAccountName>/<FileShareName> /media/<YourStorageAccountName>/<FileShareName> nfs vers=4,minorversion=1,_netdev,nofail,sec=sys 0 0
For more information, enter the command man fstab
from the Linux command line.
Mount options
The following mount options are recommended or required when mounting NFS Azure file shares.
Mount option | Recommended value | Description |
---|---|---|
vers |
4 | Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFSv4.1. |
minorversion |
1 | Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the vers parameter. So instead of vers=4.1 , use vers=4,minorversion=1 . |
sec |
sys | Required. Specifies the type of security to use when authenticating an NFS connection. Setting sec=sys uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations. |
rsize |
1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
wsize |
1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1048576 bytes will usually result in the best performance. |
noresvport |
n/a | Recommended for kernels below 5.18. Tells the NFS client to use a non-privileged source port when communicating with an NFS server for the mount point. Using the noresvport mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is strongly recommended for achieving high availability. |
actimeo |
30-60 | Recommended. Specifying actimeo sets all of acregmin , acregmax , acdirmin , and acdirmax to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting actimeo between 30 and 60 seconds. |
Step 4: Validate connectivity
If your mount fails, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see Verify connectivity.
NFS file share snapshots
Customers using NFS Azure file shares can take file share snapshots. This capability allows users to roll back entire file systems or recover files that were accidentally deleted or corrupted. See Use share snapshots with Azure Files.
Next step
- If you experience any issues, see Troubleshoot NFS Azure file shares.