An NFS export is active only after the saved export definition has been loaded into the server export table. A directory can exist on disk and still be unavailable to clients when its export line is missing, ignored because of the drop-in filename, or reloaded with different client selectors than intended.
Linux NFS servers read export definitions from /etc/exports and from files ending in .exports under /etc/exports.d. A drop-in such as /etc/exports.d/projects.exports keeps one shared path separate from other exports, while /etc/exports remains acceptable for simple hosts with only a few rules.
Each export line starts with a local path, followed by one or more client selectors and optional parenthesized options. The example uses the documentation subnet 192.0.2.0/24 as a placeholder, grants write access with rw, applies writes synchronously with sync, avoids subtree checks for a dedicated export path, and keeps root_squash so client-side root maps to anonymous IDs instead of server-side root.
Related: Install an NFS server on Ubuntu
Related: List NFS exports from the server
Related: Troubleshoot NFS permission denied errors
Steps to create an NFS export:
- Open a shell on the NFS server with an account that can use sudo.
- Create a group for accounts that should write to the export.
$ sudo groupadd --system nfs-projects
Skip this command when an application group already controls the directory. Use a group whose numeric ID policy makes sense on the clients that will write files.
- Create the directory with shared group ownership and setgid permissions.
$ sudo install -d -o root -g nfs-projects -m 2775 /srv/nfs/projects
The setgid bit keeps new files under /srv/nfs/projects in the directory group. Filesystem ownership and mode still control writes even when the export uses rw.
With root_squash enabled, client UID/GID 0 maps to anonymous IDs. Do not depend on remote root access for writes; use matching user or group ownership for accounts that should create files.
Tool: chmod Calculator
- Create the export drop-in directory.
$ sudo install -d -o root -g root -m 0755 /etc/exports.d
Some systems create /etc/exports.d only after a package or administrator adds it. exportfs reads files in this directory only when their names end in .exports.
- Open the drop-in export file.
$ sudo vi /etc/exports.d/projects.exports
Use /etc/exports instead on small servers where keeping all export rules in one file is clearer.
- Add the export definition.
/srv/nfs/projects 192.0.2.0/24(rw,sync,no_subtree_check,root_squash)
Keep no whitespace between the client selector and its option list. 192.0.2.0/24(rw,sync) applies those options to that subnet, while 192.0.2.0/24 (rw,sync) changes how exports(5) parses the rule.
- Review the client selector before loading the export.
Avoid broad writeable exports such as *(rw,sync,no_subtree_check) unless the NFS server is intentionally isolated and every client on the reachable network is trusted.
- Reload the active export table.
$ sudo exportfs -rv exporting 192.0.2.0/24:/srv/nfs/projects
exportfs -r synchronizes the active table with /etc/exports and /etc/exports.d, including removal of saved entries that no longer exist.
Related: Reload NFS exports
- Verify that the export is loaded with the intended selector and options.
$ sudo exportfs -v /srv/nfs/projects 192.0.2.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)
exportfs may show defaults such as wdelay, hide, sec=sys, and no_all_squash in addition to the options saved in the file.
- Check the NFS server unit before client testing.
$ sudo systemctl is-active nfs-server active
Clients also need network access to the server's NFS ports. Check the server firewall when exportfs -v is correct but remote mounts time out.
Related: Check NFS server status
Related: Allow NFS through firewalld - Mount the export from a host allowed by the client selector.
$ sudo mount -t nfs4 files.example.net:/srv/nfs/projects /mnt/projects
Replace files.example.net with the NFS server name and use an empty local mount point. The client host must match 192.0.2.0/24 or the selector used in the saved export line.
Related: Mount an NFS export on Linux
- Confirm that the client sees the mounted export.
$ findmnt -o TARGET,SOURCE,FSTYPE,OPTIONS /mnt/projects TARGET SOURCE FSTYPE OPTIONS /mnt/projects files.example.net:/srv/nfs/projects nfs4 rw,relatime,vers=4.2,proto=tcp
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
