1rpc.mountd(8) System Manager's Manual rpc.mountd(8)
2
6 rpc.mountd - NFS mount daemon
7
9 /usr/sbin/rpc.mountd [options]
10
12 The rpc.mountd daemon implements the server side of the NFS MOUNT pro‐
13 tocol, an NFS side protocol used by NFS version 2 [RFC1094] and NFS
14 version 3 [RFC1813]. It also responds to requests from the Linux ker‐
15 nel to authenticate clients and provides details of access permissions.
16 The NFS server (nfsd) maintains a cache of authentication and autho‐
18 rization information which is used to identify the source of each re‐
19 quest, and then what access permissions that source has to any local
20 filesystem. When required information is not found in the cache, the
21 server sends a request to mountd to fill in the missing information.
22 Mountd uses a table of information stored in /var/lib/nfs/etab and
23 maintained by exportfs(8), possibly based on the contents of ex‐
24 ports(5), to respond to each request.
25 Mounting exported NFS File Systems
27 The NFS MOUNT protocol has several procedures. The most important of
28 these are MNT (mount an export) and UMNT (unmount an export).
29 A MNT request has two arguments: an explicit argument that contains the
31 pathname of the root directory of the export to be mounted, and an im‐
32 plicit argument that is the sender's IP address.
33 When receiving a MNT request from an NFS client, rpc.mountd checks both
35 the pathname and the sender's IP address against its export table. If
36 the sender is permitted to access the requested export, rpc.mountd re‐
37 turns an NFS file handle for the export's root directory to the client.
38 The client can then use the root file handle and NFS LOOKUP requests to
39 navigate the directory structure of the export.
40 The rmtab File
42 The rpc.mountd daemon registers every successful MNT request by adding
43 an entry to the /var/lib/nfs/rmtab file. When receivng a UMNT request
44 from an NFS client, rpc.mountd simply removes the matching entry from
45 /var/lib/nfs/rmtab, as long as the access control list for that export
46 allows that sender to access the export.
47 Clients can discover the list of file systems an NFS server is cur‐
49 rently exporting, or the list of other clients that have mounted its
50 exports, by using the showmount(8) command. showmount(8) uses other
51 procedures in the NFS MOUNT protocol to report information about the
52 server's exported file systems.
53 Note, however, that there is little to guarantee that the contents of
55 /var/lib/nfs/rmtab are accurate. A client may continue accessing an
56 export even after invoking UMNT. If the client reboots without sending
57 a UMNT request, stale entries remain for that client in
58 /var/lib/nfs/rmtab.
59 Mounting File Systems with NFSv4
61 Version 4 (and later) of NFS does not use a separate NFS MOUNT proto‐
62 col. Instead mounting is performed using regular NFS requests handled
63 by the NFS server in the Linux kernel (nfsd). Consequently
64 /var/lib/nfs/rmtab is not updated to reflect any NFSv4 activity.
65
67 -d kind or --debug kind
68 Turn on debugging. Valid kinds are: all, auth, call, general and
69 parse.
70 -l or --log-auth
72 Enable logging of responses to authentication and access re‐
73 quests from nfsd. Each response is then cached by the kernel
74 for 30 minutes (or as set by --ttl below), and will be refreshed
75 after 15 minutes (half the ttl time) if the relevant client re‐
76 mains active. Note that -l is equivalent to -d auth and so can
77 be enabled in /etc/nfs.conf with "debug = auth" in the [mountd]
78 section.
79 rpc.mountd will always log authentication responses to MOUNT re‐
81 quests when NFSv3 is used, but to get similar logs for NFSv4,
82 this option is required.
83 -i or --cache-use-ipaddr
85 Normally each client IP address is matched against each host
86 identifier (name, wildcard, netgroup etc) found in /etc/exports
87 and a combined identity is formed from all matching identifiers.
88 Often many clients will map to the same combined identity so
89 performing this mapping reduces the number of distinct access
90 details that the kernel needs to store. Specifying the -i op‐
91 tion suppresses this mapping so that access to each filesystem
92 is requested and cached separately for each client IP address.
93 Doing this can increase the burden of updating the cache
94 slightly, but can make the log messages produced by the -l op‐
95 tion easier to read.
96 -T or --ttl
98 Provide a time-to-live (TTL) for cached information given to the
99 kernel. The kernel will normally request an update if the in‐
100 formation is needed after half of this time has expired. In‐
101 creasing the provided number, which is in seconds, reduces the
102 rate of cache update requests, and this is particularly notice‐
103 able when these requests are logged with -l. However increasing
104 also means that changes to hostname to address mappings can take
105 longer to be noticed. The default TTL is 1800 (30 minutes).
106 -F or --foreground
108 Run in foreground (do not daemonize)
109 -h or --help
111 Display usage message.
112 -o num or --descriptors num
114 Set the limit of the number of open file descriptors to num. The
115 default is to leave the limit unchanged.
116 -N mountd-version or --no-nfs-version mountd-version
118 This option can be used to request that rpc.mountd do not offer
119 certain versions of NFS. The current version of rpc.mountd can
120 support both NFS version 2, 3 and 4. If the either one of these
121 version should not be offered, rpc.mountd must be invoked with
122 the option --no-nfs-version <vers> .
123 -n or --no-tcp
125 Don't advertise TCP for mount.
126 -p num or -P num or --port num
128 Specifies the port number used for RPC listener sockets. If
129 this option is not specified, rpc.mountd will try to consult
130 /etc/services, if gets port succeed, set the same port for all
131 listener socket, otherwise chooses a random ephemeral port for
132 each listener socket.
133 This option can be used to fix the port value of rpc.mountd's
135 listeners when NFS MOUNT requests must traverse a firewall be‐
136 tween clients and servers.
137 -H prog or --ha-callout prog
139 Specify a high availability callout program. This program re‐
140 ceives callouts for all MOUNT and UNMOUNT requests. This allows
141 rpc.mountd to be used in a High Availability NFS (HA-NFS) envi‐
142 ronment.
143 The callout program is run with 4 arguments. The first is mount
145 or unmount depending on the reason for the callout. The second
146 will be the name of the client performing the mount. The third
147 will be the path that the client is mounting. The last is the
148 number of concurrent mounts that we believe the client has of
149 that path.
150 This callout is not needed with 2.6 and later kernels. Instead,
152 mount the nfsd filesystem on /proc/fs/nfsd.
153 -s, --state-directory-path directory
155 Specify a directory in which to place state information (etab
156 and rmtab). If this option is not specified the default of
157 /var/lib/nfs is used.
158 -r, --reverse-lookup
160 rpc.mountd tracks IP addresses in the rmtab file. When a DUMP
161 request is made (by someone running showmount -a, for instance),
162 it returns IP addresses instead of hostnames by default. This
163 option causes rpc.mountd to perform a reverse lookup on each IP
164 address and return that hostname instead. Enabling this can
165 have a substantial negative effect on performance in some situa‐
166 tions.
167 -t N or --num-threads=N or --num-threads N
169 This option specifies the number of worker threads that
170 rpc.mountd spawns. The default is 1 thread, which is probably
171 enough. More threads are usually only needed for NFS servers
172 which need to handle mount storms of hundreds of NFS mounts in a
173 few seconds, or when your DNS server is slow or unreliable.
174 -u or --no-udp
176 Don't advertise UDP for mounting
177 -V version or --nfs-version version
179 This option can be used to request that rpc.mountd offer certain
180 versions of NFS. The current version of rpc.mountd can support
181 both NFS version 2 and the newer version 3.
182 -v or --version
184 Print the version of rpc.mountd and exit.
185 -g or --manage-gids
187 Accept requests from the kernel to map user id numbers into
188 lists of group id numbers for use in access control. An NFS re‐
189 quest will normally (except when using Kerberos or other crypto‐
190 graphic authentication) contains a user-id and a list of group-
191 ids. Due to a limitation in the NFS protocol, at most 16 groups
192 ids can be listed. If you use the -g flag, then the list of
193 group ids received from the client will be replaced by a list of
194 group ids determined by an appropriate lookup on the server.
195 Note that the 'primary' group id is not affected so a newgroup
196 command on the client will still be effective. This function
197 requires a Linux Kernel with version at least 2.6.21.
198
201 Many of the options that can be set on the command line can also be
202 controlled through values set in the [mountd] or, in some cases, the
203 [nfsd] sections of the /etc/nfs.conf configuration file. Values recog‐
204 nized in the [mountd] section include manage-gids, cache-use-ipaddr,
205 descriptors, port, threads, ttl, reverse-lookup, and state-directory-
206 path, ha-callout which each have the same effect as the option with the
207 same name.
208 The values recognized in the [nfsd] section include TCP, UDP, vers3,
210 and vers4 which each have the same meaning as given by rpc.nfsd(8).
211
214 TI-RPC is a pre-requisite for supporting NFS on IPv6. If TI-RPC sup‐
215 port is built into rpc.mountd, it attempts to start listeners on net‐
216 work transports marked 'visible' in /etc/netconfig. As long as at
217 least one network transport listener starts successfully, rpc.mountd
218 will operate.
219
221 /etc/exports input file for exportfs, listing exports, ex‐
222 port options, and access control lists
223 /var/lib/nfs/rmtab table of clients accessing server's exports
225
227 exportfs(8), exports(5), showmount(8), rpc.nfsd(8), rpc.rquotad(8),
228 nfs(5), nfs.conf(5), tcpd(8), iptables(8), netconfig(5)
229 RFC 1094 - "NFS: Network File System Protocol Specification"
231 RFC 1813 - "NFS Version 3 Protocol Specification"
232 RFC 7530 - "Network File System (NFS) Version 4 Protocol"
233 RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1 Proto‐
234 col"
235
237 Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.
238 31 Dec 2009 rpc.mountd(8)