Skip to main content
macOSintermediate

How to Enable NFS Network Shares on macOS

Learn how to set up NFS (Network File System) shares on macOS to share files and directories with Linux and other Mac workstations over the network.

6 min readUpdated April 2026

Want us to handle this for you?

Get expert help →

NFS (Network File System) is the most efficient way to share files between macOS and Linux workstations. This guide walks you through creating NFS exports on macOS 10.5 or higher, enabling the NFS server, and testing the share from client machines.

Before You Begin

You will need:

  • Administrator access on the Mac that will host the share
  • The IP range of the network you want to allow (ask your network admin)
  • A folder path you want to share (this guide uses /Users as an example)
  • The Terminal application from /Applications/Utilities

Step 1: Open Terminal

  1. Open Finder
  2. Go to Applications > Utilities
  3. Double-click Terminal

You can also press Command + Space, type Terminal, and press Enter.

Step 2: Edit the Exports File

macOS reads NFS export definitions from /etc/exports. This file does not exist by default — creating or editing it requires root privileges.

  1. Run the following command: sudo nano /etc/exports
  2. Enter your administrator password when prompted
  3. Add a line defining the share. For example, to share /Users with the 192.168.0.0/16 subnet: /Users -network 192.168.0.0 -mask 255.255.0.0
  4. Press Control + O then Enter to save the file
  5. Press Control + X to exit nano

Export File Syntax

OptionPurpose
-network <subnet>Restrict access to a network range
-mask <netmask>Subnet mask for the network option
-roExport the directory read-only
-maproot=nobodyMap remote root user to nobody (recommended)
-alldirsAllow clients to mount any subdirectory

Change the IP and mask to match your network. For a typical home network, that might be -network 192.168.1.0 -mask 255.255.255.0.

Step 3: Enable the NFS Server

macOS ships with nfsd installed but disabled. Start it with:

sudo nfsd enable

Check the status to confirm it is running:

sudo nfsd status

You should see output similar to:

nfsd service is enabled
nfsd is running (pid XXXX, 8 threads)

If you later change /etc/exports, reload the export table without restarting the daemon:

sudo nfsd update

Step 4: Verify the Export

Run showmount to list the active exports:

showmount -e

Output should look similar to:

Exports list on localhost:
/Users                                Everyone

If the share does not appear, check /var/log/system.log for errors and re-verify the syntax in /etc/exports.

Step 5: Mount the Share From a Client

From a Linux Client

  1. Install the NFS client if needed (sudo apt install nfs-common on Debian/Ubuntu)
  2. Create a mount point: sudo mkdir /mnt/mac-users
  3. Mount the share: sudo mount -t nfs <mac-ip>:/Users /mnt/mac-users

From Another Mac

  1. Open Finder
  2. Press Shift + Command + G to open "Go to Folder"
  3. Enter: /net/<hostname>/Users
  4. The share mounts automatically via the amd automounter

You can also use Go > Connect to Server (Command + K) and enter nfs://<hostname>/Users.

Security Considerations

  • Never export to 0.0.0.0 on an untrusted or public network — NFS traffic is unencrypted by default
  • Use -maproot=nobody to prevent remote root users from gaining root access to exported directories
  • Prefer -ro (read-only) exports when clients do not need to write
  • Restrict by subnet using -network/-mask or list specific client IPs
  • Consider running NFS over a VPN or using Kerberos-authenticated NFS (sec=krb5p) for sensitive data
  • macOS firewall rules apply — ensure TCP/UDP port 2049 and portmapper (port 111) are allowed from trusted hosts

Troubleshooting

showmount: can't do exports rpc: RPC: Program not registered

The NFS server is not running. Start it with sudo nfsd enable and verify with sudo nfsd status.

Client cannot mount the share

  • Confirm the client IP falls within the -network/-mask range
  • Check for macOS firewall rules blocking port 2049
  • Run sudo nfsd checkexports to validate /etc/exports syntax

Permission denied on files after mount

This is usually a user ID (UID) mismatch. NFSv3 uses numeric UIDs from the server. Either align UIDs across machines or use -maproot / -mapall to remap ownership on the export.

Frequently Asked Questions

Find answers to common questions

NFS (Network File System) is a distributed file system protocol that lets you share directories across a network so remote machines can mount them as if they were local. On macOS it is the most efficient way to share files between Macs and Linux workstations because both operating systems support NFS natively without extra software. Compared to SMB, NFS typically offers lower overhead for UNIX-to-UNIX workflows and preserves POSIX permissions.

macOS ships with the NFS server (nfsd) installed but it is not running by default. After you create an /etc/exports file, you enable and start the daemon with sudo nfsd enable. You can verify it is running with sudo nfsd status and confirm exports are visible with showmount -e.

/etc/exports is owned by root, so you must use sudo to edit it. Running sudo nano /etc/exports will prompt for your administrator password. If you are on a managed Mac without admin rights, contact your IT administrator — you cannot create NFS exports without root access.

Use the -network and -mask options in /etc/exports to limit access to a specific subnet. For example, /Users -network 192.168.1.0 -mask 255.255.255.0 only allows hosts on the 192.168.1.0/24 subnet. For even tighter control, list individual hosts by IP or hostname after the export path. Avoid exporting to -network 0.0.0.0 on untrusted networks.

SIP does not block NFS exports themselves, but it does protect many system directories from being shared. You can export user directories like /Users and custom paths under /Volumes without issue. Exporting SIP-protected paths such as /System or /usr will either fail or expose read-only content.

Remove or comment out the line from /etc/exports, then run sudo nfsd update to reload the export table. To stop the NFS server entirely, run sudo nfsd disable. Verify the share is gone with showmount -e. Clients that still have the share mounted should unmount it with umount before you disable the service.

Need Professional IT & Security Help?

Our team of experts is ready to help protect and optimize your technology infrastructure.

Learn About Risk AssessmentExplore vCISO Services

Related Articles

How to Capture and Analyze Network Traffic on macOS With tcpdump and Wireshark

Learn how to capture and analyze network traffic on macOS using the built-in tcpdump command, the pktap pseudo-interface, and Wireshark for deep packet inspection.

Read More →

How to Use the macOS Firewall (pf) to Restrict Network Access

Learn how to configure both the macOS Application Firewall and the low-level pf packet filter to restrict inbound and outbound network access on macOS.

Read More →

How to Create and Deploy a Configuration Profile (.mobileconfig) on macOS

Learn how to create, sign, and deploy macOS configuration profiles (.mobileconfig) using Apple Configurator 2, iMazing Profile Editor, or hand-written XML.

Read More →
Back to macOS