1rpc.mountd(8)               System Manager's Manual              rpc.mountd(8)
2
3
4

NAME

6       rpc.mountd - NFS mount daemon
7

SYNOPSIS

9       /usr/sbin/rpc.mountd [options]
10

DESCRIPTION

12       The  rpc.mountd daemon implements the server side of the NFS MOUNT pro‐
13       tocol, an NFS side protocol used by NFS version  2  [RFC1094]  and  NFS
14       version  3 [RFC1813].  It also responds to requests from the Linux ker‐
15       nel to authenticate clients and provides details of access permissions.
16
17       The NFS server (nfsd) maintains a cache of  authentication  and  autho‐
18       rization  information  which is used to identify the source of each re‐
19       quest, and then what access permissions that source has  to  any  local
20       filesystem.   When  required information is not found in the cache, the
21       server sends a request to mountd to fill in  the  missing  information.
22       Mountd  uses  a  table  of  information stored in /var/lib/nfs/etab and
23       maintained by exportfs(8),  possibly  based  on  the  contents  of  ex‐
24       ports(5), to respond to each request.
25
26   Mounting exported NFS File Systems
27       The  NFS  MOUNT protocol has several procedures.  The most important of
28       these are MNT (mount an export) and UMNT (unmount an export).
29
30       A MNT request has two arguments: an explicit argument that contains the
31       pathname  of the root directory of the export to be mounted, and an im‐
32       plicit argument that is the sender's IP address.
33
34       When receiving a MNT request from an NFS client, rpc.mountd checks both
35       the  pathname and the sender's IP address against its export table.  If
36       the sender is permitted to access the requested export, rpc.mountd  re‐
37       turns an NFS file handle for the export's root directory to the client.
38       The client can then use the root file handle and NFS LOOKUP requests to
39       navigate the directory structure of the export.
40
41   The rmtab File
42       The  rpc.mountd daemon registers every successful MNT request by adding
43       an entry to the /var/lib/nfs/rmtab file.  When receivng a UMNT  request
44       from  an  NFS client, rpc.mountd simply removes the matching entry from
45       /var/lib/nfs/rmtab, as long as the access control list for that  export
46       allows that sender to access the export.
47
48       Clients  can  discover  the  list of file systems an NFS server is cur‐
49       rently exporting, or the list of other clients that  have  mounted  its
50       exports,  by  using  the showmount(8) command.  showmount(8) uses other
51       procedures in the NFS MOUNT protocol to report  information  about  the
52       server's exported file systems.
53
54       Note,  however,  that there is little to guarantee that the contents of
55       /var/lib/nfs/rmtab are accurate.  A client may  continue  accessing  an
56       export even after invoking UMNT.  If the client reboots without sending
57       a  UMNT  request,   stale   entries   remain   for   that   client   in
58       /var/lib/nfs/rmtab.
59
60   Mounting File Systems with NFSv4
61       Version  4  (and later) of NFS does not use a separate NFS MOUNT proto‐
62       col.  Instead mounting is performed using regular NFS requests  handled
63       by   the   NFS   server  in  the  Linux  kernel  (nfsd).   Consequently
64       /var/lib/nfs/rmtab is not updated to reflect any NFSv4 activity.
65

OPTIONS

67       -d kind  or  --debug kind
68              Turn on debugging. Valid kinds are: all, auth, call, general and
69              parse.
70
71       -l or --log-auth
72              Enable  logging  of  responses  to authentication and access re‐
73              quests from nfsd.  Each response is then cached  by  the  kernel
74              for 30 minutes (or as set by --ttl below), and will be refreshed
75              after 15 minutes (half the ttl time) if the relevant client  re‐
76              mains  active.  Note that -l is equivalent to -d auth and so can
77              be enabled in /etc/nfs.conf with "debug = auth" in the  [mountd]
78              section.
79
80              rpc.mountd will always log authentication responses to MOUNT re‐
81              quests when NFSv3 is used, but to get similar  logs  for  NFSv4,
82              this option is required.
83
84       -i or --cache-use-ipaddr
85              Normally  each  client  IP  address is matched against each host
86              identifier (name, wildcard, netgroup etc) found in  /etc/exports
87              and a combined identity is formed from all matching identifiers.
88              Often many clients will map to the  same  combined  identity  so
89              performing  this  mapping  reduces the number of distinct access
90              details that the kernel needs to store.  Specifying the  -i  op‐
91              tion  suppresses  this mapping so that access to each filesystem
92              is requested and cached separately for each client  IP  address.
93              Doing  this  can  increase  the  burden  of  updating  the cache
94              slightly, but can make the log messages produced by the  -l  op‐
95              tion easier to read.
96
97       -T  or  --ttl
98              Provide a time-to-live (TTL) for cached information given to the
99              kernel.  The kernel will normally request an update if  the  in‐
100              formation  is  needed  after half of this time has expired.  In‐
101              creasing the provided number, which is in seconds,  reduces  the
102              rate  of cache update requests, and this is particularly notice‐
103              able when these requests are logged with -l.  However increasing
104              also means that changes to hostname to address mappings can take
105              longer to be noticed.  The default TTL is 1800 (30 minutes).
106
107       -F  or  --foreground
108              Run in foreground (do not daemonize)
109
110       -h  or  --help
111              Display usage message.
112
113       -o num  or  --descriptors num
114              Set the limit of the number of open file descriptors to num. The
115              default is to leave the limit unchanged.
116
117       -N mountd-version  or  --no-nfs-version mountd-version
118              This  option can be used to request that rpc.mountd do not offer
119              certain versions of NFS. The current version of  rpc.mountd  can
120              support  both NFS version 2, 3 and 4. If the either one of these
121              version should not be offered, rpc.mountd must be  invoked  with
122              the option --no-nfs-version <vers> .
123
124       -n  or  --no-tcp
125              Don't advertise TCP for mount.
126
127       -p num  or  -P num  or  --port num
128              Specifies  the  port  number  used for RPC listener sockets.  If
129              this option is not specified, rpc.mountd  will  try  to  consult
130              /etc/services,  if  gets port succeed, set the same port for all
131              listener socket, otherwise chooses a random ephemeral  port  for
132              each listener socket.
133
134              This  option  can  be used to fix the port value of rpc.mountd's
135              listeners when NFS MOUNT requests must traverse a  firewall  be‐
136              tween clients and servers.
137
138       -H  prog or  --ha-callout prog
139              Specify  a  high availability callout program.  This program re‐
140              ceives callouts for all MOUNT and UNMOUNT requests.  This allows
141              rpc.mountd  to be used in a High Availability NFS (HA-NFS) envi‐
142              ronment.
143
144              The callout program is run with 4 arguments.  The first is mount
145              or  unmount depending on the reason for the callout.  The second
146              will be the name of the client performing the mount.  The  third
147              will  be  the path that the client is mounting.  The last is the
148              number of concurrent mounts that we believe the  client  has  of
149              that path.
150
151              This callout is not needed with 2.6 and later kernels.  Instead,
152              mount the nfsd filesystem on /proc/fs/nfsd.
153
154       -s, --state-directory-path directory
155              Specify a directory in which to place  state  information  (etab
156              and  rmtab).   If  this  option  is not specified the default of
157              /var/lib/nfs is used.
158
159       -r, --reverse-lookup
160              rpc.mountd tracks IP addresses in the rmtab file.  When  a  DUMP
161              request is made (by someone running showmount -a, for instance),
162              it returns IP addresses instead of hostnames  by  default.  This
163              option  causes rpc.mountd to perform a reverse lookup on each IP
164              address and return that hostname  instead.   Enabling  this  can
165              have a substantial negative effect on performance in some situa‐
166              tions.
167
168       -t N or --num-threads=N or --num-threads N
169              This  option  specifies  the  number  of  worker  threads   that
170              rpc.mountd  spawns.   The default is 1 thread, which is probably
171              enough.  More threads are usually only needed  for  NFS  servers
172              which need to handle mount storms of hundreds of NFS mounts in a
173              few seconds, or when your DNS server is slow or unreliable.
174
175       -u  or  --no-udp
176              Don't advertise UDP for mounting
177
178       -V version  or  --nfs-version version
179              This option can be used to request that rpc.mountd offer certain
180              versions  of  NFS. The current version of rpc.mountd can support
181              both NFS version 2 and the newer version 3.
182
183       -v  or  --version
184              Print the version of rpc.mountd and exit.
185
186       -g  or  --manage-gids
187              Accept requests from the kernel to  map  user  id  numbers  into
188              lists of group id numbers for use in access control.  An NFS re‐
189              quest will normally (except when using Kerberos or other crypto‐
190              graphic  authentication) contains a user-id and a list of group-
191              ids.  Due to a limitation in the NFS protocol, at most 16 groups
192              ids  can  be  listed.   If you use the -g flag, then the list of
193              group ids received from the client will be replaced by a list of
194              group  ids  determined  by  an appropriate lookup on the server.
195              Note that the 'primary' group id is not affected so  a  newgroup
196              command  on  the  client will still be effective.  This function
197              requires a Linux Kernel with version at least 2.6.21.
198
199

CONFIGURATION FILE

201       Many of the options that can be set on the command  line  can  also  be
202       controlled  through  values  set in the [mountd] or, in some cases, the
203       [nfsd] sections of the /etc/nfs.conf configuration file.  Values recog‐
204       nized  in  the  [mountd] section include manage-gids, cache-use-ipaddr,
205       descriptors, port, threads, ttl, reverse-lookup,  and  state-directory-
206       path, ha-callout which each have the same effect as the option with the
207       same name.
208
209       The values recognized in the [nfsd] section include  TCP,  UDP,  vers2,
210       vers3,  and  vers4  which  each  have  same  same  meaning  as given by
211       rpc.nfsd(8).
212
213

IPv6 and TI-RPC support

215       TI-RPC is a pre-requisite for supporting NFS on IPv6.  If  TI-RPC  sup‐
216       port  is  built into rpc.mountd, it attempts to start listeners on net‐
217       work transports marked 'visible' in  /etc/netconfig.   As  long  as  at
218       least  one  network  transport listener starts successfully, rpc.mountd
219       will operate.
220

FILES

222       /etc/exports             input file for exportfs, listing exports,  ex‐
223                                port options, and access control lists
224
225       /var/lib/nfs/rmtab       table of clients accessing server's exports
226

SEE ALSO

228       exportfs(8),  exports(5),  showmount(8),  rpc.nfsd(8),  rpc.rquotad(8),
229       nfs(5), nfs.conf(5), tcpd(8), iptables(8), netconfig(5)
230
231       RFC 1094 - "NFS: Network File System Protocol Specification"
232       RFC 1813 - "NFS Version 3 Protocol Specification"
233       RFC 7530 - "Network File System (NFS) Version 4 Protocol"
234       RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1  Proto‐
235       col"
236

AUTHOR

238       Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.
239
240
241
242                                  31 Dec 2009                    rpc.mountd(8)
Impressum