1rpc.mountd(8) System Manager's Manual rpc.mountd(8)
2
6 rpc.mountd - NFS mount daemon
7
9 /usr/sbin/rpc.mountd [options]
10
12 The rpc.mountd daemon implements the server side of the NFS MOUNT pro‐
13 tocol, an NFS side protocol used by NFS version 2 [RFC1094] and NFS
14 version 3 [RFC1813].
15 An NFS server maintains a table of local physical file systems that are
17 accessible to NFS clients. Each file system in this table is referred
18 to as an exported file system, or export, for short.
19 Each file system in the export table has an access control list.
21 rpc.mountd uses these access control lists to determine whether an NFS
22 client is permitted to access a given file system. For details on how
23 to manage your NFS server's export table, see the exports(5) and
24 exportfs(8) man pages.
25 Mounting exported NFS File Systems
27 The NFS MOUNT protocol has several procedures. The most important of
28 these are MNT (mount an export) and UMNT (unmount an export).
29 A MNT request has two arguments: an explicit argument that contains the
31 pathname of the root directory of the export to be mounted, and an
32 implicit argument that is the sender's IP address.
33 When receiving a MNT request from an NFS client, rpc.mountd checks both
35 the pathname and the sender's IP address against its export table. If
36 the sender is permitted to access the requested export, rpc.mountd
37 returns an NFS file handle for the export's root directory to the
38 client. The client can then use the root file handle and NFS LOOKUP
39 requests to navigate the directory structure of the export.
40 The rmtab File
42 The rpc.mountd daemon registers every successful MNT request by adding
43 an entry to the /var/lib/nfs/rmtab file. When receivng a UMNT request
44 from an NFS client, rpc.mountd simply removes the matching entry from
45 /var/lib/nfs/rmtab, as long as the access control list for that export
46 allows that sender to access the export.
47 Clients can discover the list of file systems an NFS server is cur‐
49 rently exporting, or the list of other clients that have mounted its
50 exports, by using the showmount(8) command. showmount(8) uses other
51 procedures in the NFS MOUNT protocol to report information about the
52 server's exported file systems.
53 Note, however, that there is little to guarantee that the contents of
55 /var/lib/nfs/rmtab are accurate. A client may continue accessing an
56 export even after invoking UMNT. If the client reboots without sending
57 a UMNT request, stale entries remain for that client in
58 /var/lib/nfs/rmtab.
59
61 -d kind or --debug kind
62 Turn on debugging. Valid kinds are: all, auth, call, general and
63 parse.
64 -F or --foreground
66 Run in foreground (do not daemonize)
67 -f export-file or --exports-file export-file
69 This option specifies the exports file, listing the clients that
70 this server is prepared to serve and parameters to apply to each
71 such mount (see exports(5)). By default, export information is
72 read from /etc/exports.
73 -h or --help
75 Display usage message.
76 -o num or --descriptors num
78 Set the limit of the number of open file descriptors to num. The
79 default is to leave the limit unchanged.
80 -N mountd-version or --no-nfs-version mountd-version
82 This option can be used to request that rpc.mountd do not offer
83 certain versions of NFS. The current version of rpc.mountd can
84 support both NFS version 2, 3 and 4. If the either one of these
85 version should not be offered, rpc.mountd must be invoked with
86 the option --no-nfs-version <vers> .
87 -n or --no-tcp
89 Don't advertise TCP for mount.
90 -p num or -P num or --port num
92 Specifies the port number used for RPC listener sockets. If
93 this option is not specified, rpc.mountd will try to consult
94 /etc/services, if gets port succeed, set the same port for all
95 listener socket, otherwise chooses a random ephemeral port for
96 each listener socket.
97 This option can be used to fix the port value of rpc.mountd's
99 listeners when NFS MOUNT requests must traverse a firewall
100 between clients and servers.
101 -H prog or --ha-callout prog
103 Specify a high availability callout program. This program
104 receives callouts for all MOUNT and UNMOUNT requests. This
105 allows rpc.mountd to be used in a High Availability NFS (HA-NFS)
106 environment.
107 The callout program is run with 4 arguments. The first is mount
109 or unmount depending on the reason for the callout. The second
110 will be the name of the client performing the mount. The third
111 will be the path that the client is mounting. The last is the
112 number of concurrent mounts that we believe the client has of
113 that path.
114 This callout is not needed with 2.6 and later kernels. Instead,
116 mount the nfsd filesystem on /proc/fs/nfsd.
117 -s, --state-directory-path directory
119 Specify a directory in which to place statd state information.
120 If this option is not specified the default of /var/lib/nfs is
121 used.
122 -r, --reverse-lookup
124 rpc.mountd tracks IP addresses in the rmtab file. When a DUMP
125 request is made (by someone running showmount -a, for instance),
126 it returns IP addresses instead of hostnames by default. This
127 option causes rpc.mountd to perform a reverse lookup on each IP
128 address and return that hostname instead. Enabling this can
129 have a substantial negative effect on performance in some situa‐
130 tions.
131 -t N or --num-threads=N or --num-threads N
133 This option specifies the number of worker threads that
134 rpc.mountd spawns. The default is 1 thread, which is probably
135 enough. More threads are usually only needed for NFS servers
136 which need to handle mount storms of hundreds of NFS mounts in a
137 few seconds, or when your DNS server is slow or unreliable.
138 -u or --no-udp
140 Don't advertise UDP for mounting
141 -V version or --nfs-version version
143 This option can be used to request that rpc.mountd offer certain
144 versions of NFS. The current version of rpc.mountd can support
145 both NFS version 2 and the newer version 3.
146 -v or --version
148 Print the version of rpc.mountd and exit.
149 -g or --manage-gids
151 Accept requests from the kernel to map user id numbers into
152 lists of group id numbers for use in access control. An NFS
153 request will normally (except when using Kerberos or other cryp‐
154 tographic authentication) contains a user-id and a list of
155 group-ids. Due to a limitation in the NFS protocol, at most 16
156 groups ids can be listed. If you use the -g flag, then the list
157 of group ids received from the client will be replaced by a list
158 of group ids determined by an appropriate lookup on the server.
159 Note that the 'primary' group id is not affected so a newgroup
160 command on the client will still be effective. This function
161 requires a Linux Kernel with version at least 2.6.21.
162
165 Many of the options that can be set on the command line can also be
166 controlled through values set in the [mountd] or, in some cases, the
167 [nfsd] sections of the /etc/nfs.conf configuration file. Values recog‐
168 nized in the [mountd] section include manage-gids, descriptors, port,
169 threads, reverse-lookup, and state-directory-path, ha-callout which
170 each have the same effect as the option with the same name.
171 The values recognized in the [nfsd] section include TCP, UDP, vers2,
173 vers3, and vers4 which each have same same meaning as given by
174 rpc.nfsd(8).
175
178 You can protect your rpc.mountd listeners using the tcp_wrapper library
179 or iptables(8).
180 Note that the tcp_wrapper library supports only IPv4 networking.
182 Add the hostnames of NFS peers that are allowed to access rpc.mountd to
184 /etc/hosts.allow. Use the daemon name mountd even if the rpc.mountd
185 binary has a different name.
186 Hostnames used in either access file will be ignored when they can not
188 be resolved into IP addresses. For further information see the tcpd(8)
189 and hosts_access(5) man pages.
190 IPv6 and TI-RPC support
192 TI-RPC is a pre-requisite for supporting NFS on IPv6. If TI-RPC sup‐
193 port is built into rpc.mountd, it attempts to start listeners on net‐
194 work transports marked 'visible' in /etc/netconfig. As long as at
195 least one network transport listener starts successfully, rpc.mountd
196 will operate.
197
199 /etc/exports input file for exportfs, listing exports,
200 export options, and access control lists
201 /var/lib/nfs/rmtab table of clients accessing server's exports
203
205 exportfs(8), exports(5), showmount(8), rpc.nfsd(8), rpc.rquotad(8),
206 nfs(5), nfs.conf(5), tcpd(8), hosts_access(5), iptables(8), netcon‐
207 fig(5)
208 RFC 1094 - "NFS: Network File System Protocol Specification"
210 RFC 1813 - "NFS Version 3 Protocol Specification"
211
213 Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.
214 31 Dec 2009 rpc.mountd(8)