Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure file shares can be mounted in Linux distributions using either the Server Message Block (SMB) protocol or the Network File System (NFS) protocol. This article is focused on mounting with NFS. For details on mounting SMB file shares, see Use Azure Files with Linux. For details on each of the available protocols, see Azure file share protocols.
Applies to
| Management model | Billing model | Media tier | Redundancy | SMB | NFS |
|---|---|---|---|---|---|
| Microsoft.FileShares | Provisioned v2 | SSD (premium) | Local (LRS) |  |
 |
| Microsoft.FileShares | Provisioned v2 | SSD (premium) | Zone (ZRS) | |
|
| Microsoft.Storage | Provisioned v2 | HDD (standard) | Local (LRS) | |
|
| Microsoft.Storage | Provisioned v2 | HDD (standard) | Zone (ZRS) | |
|
| Microsoft.Storage | Provisioned v2 | HDD (standard) | Geo (GRS) | |
|
| Microsoft.Storage | Provisioned v2 | HDD (standard) | GeoZone (GZRS) | |
|
| Microsoft.Storage | Provisioned v1 | SSD (premium) | Local (LRS) | |
|
| Microsoft.Storage | Provisioned v1 | SSD (premium) | Zone (ZRS) | |
|
| Microsoft.Storage | Pay-as-you-go | HDD (standard) | Local (LRS) | |
|
| Microsoft.Storage | Pay-as-you-go | HDD (standard) | Zone (ZRS) | |
|
| Microsoft.Storage | Pay-as-you-go | HDD (standard) | Geo (GRS) | |
|
| Microsoft.Storage | Pay-as-you-go | HDD (standard) | GeoZone (GZRS) | |
|
Prerequisite: Configure network security
NFSv4.1 file shares (both classic and those created with Microsoft.FileShares) can only be accessed from trusted networks. We recommend securing the data by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Microsoft Entra security, and access control lists (ACLs) can't be used to authorize an NFSv4.1 request. To learn more about how to set up NFS 4.1 file share, virtual machine, and networking setting, see how to create a classic file share, and how to create a file share for more information.
Mount an NFS Azure file share
You can mount the share using the AZNFS mount helper in Azure portal, or you can use the native NFS mount commands in CLI. You can also create a record in the /etc/fstab file to automatically mount the share every time the Linux server or VM boots.
You can use the nconnect Linux mount option to improve performance for NFS Azure file shares at scale. For more information, see Improve NFS Azure file share performance.
Default mount instructions
Classic NFS file share (Microsoft.Storage)
- Once the file share is created, select the share and then select Connect from Linux.
- Enter the mount path you'd like to use, then copy the script and run it on your client. Azure portal offers a step-by-step, ready-to-use installation script tailored to your selected Linux distribution for installing the AZNFS mount helper package and to securely mount the share using Encryption in Transit. Only the required mount options are included in the script, but you can add other recommended mount options.
Mount a classic NFS share using the NFS client mount in command line
You can also mount the Azure file share using NFS client mount in command line. Select the tab below for your Linux distribution to see the commands you need to run. Be sure to replace <YourStorageAccountName> and <FileShareName> with your information.
sudo apt-get -y update
sudo apt-get install nfs-common
/mount/<YourStorageAccountName>/<FileShareName>
sudo mkdir -p /mount/<YourStorageAccountName>/<FileShareName>
sudo mount -t nfs <YourStorageAccountName>.file.core.windows.net:/<YourStorageAccountName>/<FileShareName> /mount/<YourStorageAccountName>/<FileShareName> -o vers=4,minorversion=1,sec=sys,nconnect=4
NFS file share (Microsoft.FileShares)
Once the file share is created, select the share and then select Connect from Linux.
Enter the mount path you'd like to use, then copy the script and run it on your client. Azure portal offers a step-by-step, ready-to-use installation script tailored to your selected Linux distribution for installing the AZNFS mount helper package and to securely mount the share using Encryption in Transit. Only the required mount options are included in the script, but you can add other recommended mount options.
Mount an NFS share using the NFS client mount in command line
You can also mount the Azure file share using NFS client mount in command line. Select the tab below for your Linux distribution to see the commands you need to run. Be sure to replace <your-subscription-id>, <your-reource-group> and <your-file-share-name> with your information.
# Customize these placeholders:
# - `<your-subscription-id>` → Your Azure subscription ID.
# - `<your-resource-group>` → The resource group containing the file share.
# - `<your-file-share-name>` → The name of your file share.
# you will use $hostname later when mounting the file share.
hostName=$(az resource show \
--ids "/subscriptions/<your-subscription-id>/resourceGroups/<your-resource-group>/providers/Microsoft.FileShares/fileShares/<your-file-share-name>" \
--query "properties.hostName" \
--output tsv)
echo $hostName
# you will use shortName later when mounting the file share.
prefix=$(echo "$hostName" | sed 's/\.file\.storage\.azure\.net.*//')
shortName=$(echo "$prefix" | sed 's/\.[^.]*$//')
echo $shortName
sudo apt-get -y update
sudo apt-get install nfs-common
sudo mkdir -p /mount/<your-file-share-name>
sudo mount -t nfs $hostName:/$shortName/<your-file-share-name> /mount/<your-file-share-name> -o vers=4,minorversion=1,sec=sys
Mount with /etc/fstab
If you want the NFS file share to automatically mount every time the Linux server or VM boots, create a record in the /etc/fstab file for your Azure file share. The record will differ depending on whether or not you're using the AZNFS Mount Helper or the native NFS mount commands.
To determine whether the AZNFS Mount Helper package is installed on your client, run the following command:
systemctl is-active --quiet aznfswatchdog && echo -e "\nAZNFS Mount Helper is installed! \n"
If the package is installed, then the message AZNFS Mount Helper is installed! appears.
For classic file share, remember to replace <YourStorageAccountName> and <FileShareName> with your own values. For file share, remember to replace hostName and shortName with the correct values. For more information, enter the command man fstab from the Linux command line.
Mount with Aznfs helper with encryption in transit
The record in /etc/fstab should look like this if you're using the AZNFS Mount Helper and want to mount the share using encryption in transit.
# For Microsoft.Storage file share, use:
<YourStorageAccountName>.file.core.windows.net:/<YourStorageAccountName>/<FileShareName> /media/<YourStorageAccountName>/<FileShareName> aznfs defaults,sec=sys,vers=4.1,nolock,proto=tcp,nofail,_netdev 0 2
# For Microsoft.FileShares file share, use:
$hostName:/$shortName/<FileShareName> /media/$shortName/<FileShareName> aznfs defaults,sec=sys,vers=4.1,nolock,proto=tcp,nofail,_netdev 0 2
Mount with Aznfs helper without encryption in transit
If you're using the AZNFS Mount Helper but don't want to use encryption in transit, the record in /etc/fstab should look like this:
# For Microsoft.Storage file share, use:
<YourStorageAccountName>.file.core.windows.net:/<YourStorageAccountName>/<FileShareName> /media/<YourStorageAccountName>/<FileShareName> aznfs defaults,sec=sys,vers=4.1,nolock,proto=tcp,nofail,_netdev,notls 0 2
# For Microsoft.FileShares file share, use:
$hostName:/$shortName/<FileShareName> /media/$shortName/<FileShareName> aznfs defaults,sec=sys,vers=4.1,nolock,proto=tcp,nofail,_netdev,notls 0 2
Mount with native mount command
If you're using the native NFS mount without AZNFS, the record in /etc/fstab should look like this:
# For Microsoft.Storage file share, use:
<YourStorageAccountName>.file.core.windows.net:/<YourStorageAccountName>/<FileShareName> /media/<YourStorageAccountName>/<FileShareName> nfs vers=4,minorversion=1,_netdev,nofail,sec=sys 0 0
# For Microsoft.FileShares file share, use:
$hostName:/$shortName/<FileShareName> /media/$shortName/<FileShareName> nfs vers=4,minorversion=1,_netdev,nofail,sec=sys 0 0
Mount options
The following mount options are recommended or required when mounting NFS Azure file shares.
| Mount option | Recommended value | Description |
|---|---|---|
vers |
4 | Required. Specifies which version of the NFS protocol to use. Azure Files only supports NFSv4.1. |
minorversion |
1 | Required. Specifies the minor version of the NFS protocol. Some Linux distros don't recognize minor versions on the vers parameter. So instead of vers=4.1, use vers=4,minorversion=1. |
sec |
sys | Required. Specifies the type of security to use when authenticating an NFS connection. Setting sec=sys uses the local UNIX UIDs and GIDs that use AUTH_SYS to authenticate NFS operations. |
rsize |
1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS read operation. Specifying the maximum level of 1,048,576 bytes usually results in the best performance. |
wsize |
1048576 | Recommended. Sets the maximum number of bytes to be transferred in a single NFS write operation. Specifying the maximum level of 1,048,576 bytes usually results in the best performance. |
noresvport |
n/a | Recommended for kernels below 5.18. Tells the NFS client to use a nonprivileged source port when communicating with an NFS server for the mount point. Using the noresvport mount option helps ensure that your NFS share has uninterrupted availability after a reconnection. Using this option is recommended for achieving high availability. |
actimeo |
30-60 | Recommended. Specifying actimeo sets all of acregmin, acregmax, acdirmin, and acdirmax to the same value. Using a value lower than 30 seconds can cause performance degradation because attribute caches for files and directories expire too quickly. We recommend setting actimeo between 30 and 60 seconds. |
nconnect |
4 | Recommended. Nconnect increases performance by using multiple TCP connections between the client and your NFS share. We recommend configuring the mount options with the optimal setting of nconnect=4. Currently, there are no gains beyond four channels for the Azure Files implementation of nconnect. |
clean |
n/a | A non-TLS mount might fail if a prior TLS mount to the same server ended abruptly, leaving stale entries. To resolve this issue, remount the share using the clean option, which immediately clears any stale entries. This applies only for AZNFS mount. |
Validate connectivity
If your mount fails, it's possible that your private endpoint wasn't set up correctly or isn't accessible. For details on confirming connectivity, see Verify connectivity.
NFS file share snapshots
Customers using NFS Azure file shares can take file share snapshots. This capability allows users to roll back entire file systems or recover files that were accidentally deleted or corrupted. See Use share snapshots with Azure Files.
Next step
- If you experience any issues, see Troubleshoot NFS Azure file shares.