1RPC.STATD(8)                System Manager's Manual               RPC.STATD(8)
2
3
4

NAME

6       rpc.statd - NSM service daemon
7

SYNOPSIS

9       rpc.statd  [-dh?FLNvVw]  [-H  prog] [-n my-name] [-o outgoing-port] [-p
10       listener-port] [-P path ]
11

DESCRIPTION

13       File locks are not part of persistent file system state.  Lock state is
14       thus lost when a host reboots.
15
16       Network file systems must also detect when lock state is lost because a
17       remote host has rebooted.  After an NFS client reboots, an  NFS  server
18       must  release  all file locks held by applications that were running on
19       that client.  After a server reboots, a client must remind  the  server
20       of file locks held by applications running on that client.
21
22       For  NFS  version  2 [RFC1094] and NFS version 3 [RFC1813], the Network
23       Status Monitor protocol (or NSM for short) is used to notify NFS  peers
24       of  reboots.   On  Linux, two separate user-space components constitute
25       the NSM service:
26
27       rpc.statd
28              A daemon that listens for reboot notifications from other hosts,
29              and manages the list of hosts to be notified when the local sys‐
30              tem reboots
31
32       sm-notify
33              A helper program that notifies NFS peers after the local  system
34              reboots
35
36       The  local  NFS  lock manager alerts its local rpc.statd of each remote
37       peer that should be monitored.  When the local system reboots, the  sm-
38       notify  command  notifies  the  NSM  service  on monitored peers of the
39       reboot.  When a remote reboots, that peer notifies the local rpc.statd,
40       which in turn passes the reboot notification back to the local NFS lock
41       manager.
42

NSM OPERATION IN DETAIL

44       The first file locking interaction between an  NFS  client  and  server
45       causes  the  NFS lock managers on both peers to contact their local NSM
46       service to store information about the opposite peer.   On  Linux,  the
47       local lock manager contacts rpc.statd.
48
49       rpc.statd  records information about each monitored NFS peer on persis‐
50       tent storage.  This information describes how to contact a remote  peer
51       in case the local system reboots, how to recognize which monitored peer
52       is reporting a reboot, and how to notify the local lock manager when  a
53       monitored peer indicates it has rebooted.
54
55       An  NFS  client sends a hostname, known as the client's caller_name, in
56       each file lock request.  An NFS server can use this  hostname  to  send
57       asynchronous  GRANT  calls  to a client, or to notify the client it has
58       rebooted.
59
60       The Linux NFS server  can  provide  the  client's  caller_name  or  the
61       client's  network  address  to  rpc.statd.  For the purposes of the NSM
62       protocol, this name  or  address  is  known  as  the  monitored  peer's
63       mon_name.   In addition, the local lock manager tells rpc.statd what it
64       thinks its own hostname is.  For the purposes of the NSM protocol, this
65       hostname is known as my_name.
66
67       There  is  no equivalent interaction between an NFS server and a client
68       to inform the  client  of  the  server's  caller_name.   Therefore  NFS
69       clients  do  not actually know what mon_name an NFS server might use in
70       an SM_NOTIFY request.  The Linux NFS client uses  the  server  hostname
71       from the mount command to identify rebooting NFS servers.
72
73   Reboot notification
74       When  the local system reboots, the sm-notify command reads the list of
75       monitored peers from persistent storage and sends an SM_NOTIFY  request
76       to  the  NSM  service on each listed remote peer.  It uses the mon_name
77       string as the destination.  To identify which host  has  rebooted,  the
78       sm-notify  command  sends  the my_name string recorded when that remote
79       was  monitored.   The  remote  rpc.statd  matches  incoming   SM_NOTIFY
80       requests  using this string, or the caller's network address, to one or
81       more peers on its own monitor list.
82
83       If rpc.statd does not find a peer on its monitor list that  matches  an
84       incoming  SM_NOTIFY  request,  the notification is not forwarded to the
85       local lock manager.  In addition, each peer has its own NSM state  num‐
86       ber, a 32-bit integer that is bumped after each reboot by the sm-notify
87       command.  rpc.statd uses this  number  to  distinguish  between  actual
88       reboots and replayed notifications.
89
90       Part of NFS lock recovery is rediscovering which peers need to be moni‐
91       tored again.  The sm-notify command clears the monitor list on  persis‐
92       tent storage after each reboot.
93

OPTIONS

95       -d, --no-syslog
96              Causes  rpc.statd  to write log messages on stderr instead of to
97              the system log, if the -F option was also specified.
98
99       -F, --foreground
100              Keeps rpc.statd attached to its controlling terminal so that NSM
101              operation can be monitored directly or run under a debugger.  If
102              this option is not specified, rpc.statd backgrounds itself  soon
103              after it starts.
104
105       -h, -?, --help
106              Causes rpc.statd to display usage information on stderr and then
107              exit.
108
109       -H, --ha-callout prog
110              Specifies a high availability callout program.  If  this  option
111              is  not  specified,  no  callouts  are performed.  See the High-
112              availability callouts section below for details.
113
114       -L, --no-notify
115              Prevents rpc.statd from running the sm-notify  command  when  it
116              starts  up, preserving the existing NSM state number and monitor
117              list.
118
119              Note: the sm-notify command contains a check to ensure  it  runs
120              only  once  after  each  system  reboot.  This prevents spurious
121              reboot notification if rpc.statd restarts without the -L option.
122
123       -n, --name ipaddr | hostname
124              Specifies the bind address used for RPC listener  sockets.   The
125              ipaddr  form  can be expressed as either an IPv4 or an IPv6 pre‐
126              sentation address.  If this option is not  specified,  rpc.statd
127              uses a wildcard address as the transport bind address.
128
129              This  string  is also passed to the sm-notify command to be used
130              as the source address from which  to  send  reboot  notification
131              requests.  See sm-notify(8) for details.
132
133       -N     Causes  rpc.statd  to  run the sm-notify command, and then exit.
134              Since the sm-notify command  can  also  be  run  directly,  this
135              option is deprecated.
136
137       -o, --outgoing-port port
138              Specifies  the  source  port number the sm-notify command should
139              use when sending reboot  notifications.   See  sm-notify(8)  for
140              details.
141
142       -p, --port port
143              Specifies  the  port  number  used for RPC listener sockets.  If
144              this  option  is  not  specified,  rpc.statd  chooses  a  random
145              ephemeral port for each listener socket.
146
147              This  option  can be used to fix the port value of its listeners
148              when SM_NOTIFY requests must traverse a firewall between clients
149              and servers.
150
151       -P, --state-directory-path pathname
152              Specifies  the  pathname of the parent directory where NSM state
153              information resides.  If this option is not specified, rpc.statd
154              uses /var/lib/nfs/statd by default.
155
156              After  starting, rpc.statd attempts to set its effective UID and
157              GID to the owner and group of this directory.
158
159       -v, -V, --version
160              Causes rpc.statd to display version information  on  stderr  and
161              then exit.
162

SECURITY

164       The  rpc.statd  daemon  must  be  started as root to acquire privileges
165       needed to create sockets with privileged source ports,  and  to  access
166       the  state  information  database.  Because rpc.statd maintains a long-
167       running network service, however, it drops root privileges as  soon  as
168       it starts up to reduce the risk of a privilege escalation attack.
169
170       During  normal operation, the effective user ID it chooses is the owner
171       of the state directory.  This allows it to continue to access files  in
172       that  directory  after  it has dropped its root privileges.  To control
173       which user ID rpc.statd chooses, simply use chown(1) to set  the  owner
174       of the state directory.
175
176       You  can  also  protect  your rpc.statd listeners using the tcp_wrapper
177       library or iptables(8).  To use the tcp_wrapper library, add the  host‐
178       names  of peers that should be allowed access to /etc/hosts.allow.  Use
179       the daemon name statd even if the  rpc.statd  binary  has  a  different
180       filename.
181
182       For further information see the tcpd(8) and hosts_access(5) man pages.
183

ADDITIONAL NOTES

185       Lock  recovery after a reboot is critical to maintaining data integrity
186       and preventing unnecessary application hangs.  To help rpc.statd  match
187       SM_NOTIFY  requests  to NLM requests, a number of best practices should
188       be observed, including:
189
190              The UTS nodename of your systems should match the DNS names that
191              NFS peers use to contact them
192
193              The  UTS nodenames of your systems should always be fully quali‐
194              fied domain names
195
196              The forward and reverse DNS mapping of the UTS nodenames  should
197              be consistent
198
199              The  hostname  the  client uses to mount the server should match
200              the server's mon_name in SM_NOTIFY requests it sends
201
202       Unmounting an NFS file system does not necessarily stop either the  NFS
203       client  or  server from monitoring each other.  Both may continue moni‐
204       toring each other for a time in case subsequent NFS traffic between the
205       two results in fresh mounts and additional file locking.
206
207       On  Linux,  if the lockd kernel module is unloaded during normal opera‐
208       tion, all remote NFS peers are unmonitored.  This can happen on an  NFS
209       client, for example, if an automounter removes all NFS mount points due
210       to inactivity.
211
212   High-availability callouts
213       rpc.statd can exec a special callout program during processing of  suc‐
214       cessful  SM_MON,  SM_UNMON,  and SM_UNMON_ALL requests.  Such a program
215       may be used in High Availability NFS  (HA-NFS)  environments  to  track
216       lock state that may need to be migrated after a system reboot.
217
218       The  name  of the callout program is specified with the -H option.  The
219       program is run with 3 arguments: The first is either add-client or del-
220       client  depending  on  the  reason  for the callout.  The second is the
221       mon_name of the monitored peer.  The third is the  caller_name  of  the
222       requesting lock manager.
223
224   IPv6 and TI-RPC support
225       TI-RPC  is  a pre-requisite for supporting NFS on IPv6.  If TI-RPC sup‐
226       port is built into rpc.statd, it attempts to start listeners on network
227       transports  marked  /etc/netconfig.   As  long  as at least one network
228       transport listener starts successfully, rpc.statd will operate.
229

FILES

231       /var/lib/nfs/statd/sm    directory containing monitor list
232
233       /var/lib/nfs/statd/sm.bak
234                                directory containing notify list
235
236       /var/lib/nfs/statd/state NSM state number for this host
237
238       /var/run/run.statd.pid   pid file
239
240       /etc/netconfig           network transport capability database
241

SEE ALSO

243       sm-notify(8),     nfs(5),     rpc.nfsd(8),     rpcbind(8),     tcpd(8),
244       hosts_access(5), iptables(8), netconfig(5)
245
246       RFC 1094 - "NFS: Network File System Protocol Specification"
247       RFC 1813 - "NFS Version 3 Protocol Specification"
248       OpenGroup Protocols for Interworking: XNFS, Version 3W - Chapter 11
249

AUTHORS

251       Jeff Uphoff <juphoff@users.sourceforge.net>
252       Olaf Kirch <okir@monad.swb.de>
253       H.J. Lu <hjl@gnu.org>
254       Lon Hohberger <hohberger@missioncriticallinux.com>
255       Paul Clements <paul.clements@steeleye.com>
256       Chuck Lever <chuck.lever@oracle.com>
257
258
259
260                                1 November 2009                   RPC.STATD(8)
Impressum