NFSD(8)
NAME
nfsd - NFS service daemon
SYNOPSIS
/usr/sbin/rpc.nfsd [ -f exports-file ] [ -d facility ]
[ -P port ] [ -R dirname ] [ -Fhlnprstv ]
[ --debug facility ] [ --exports-file=file ]
[ --foreground ] [ --help ] [ --allow-non-root ]
[ --re-export ] [ --public-root dirname ] [ --port port ]
[ --log-transfers ] [ --version ] [ numservers ]
DESCRIPTION
The nfsd program is an NFS service daemon that handles
client filesystem requests. Unlike on some other systems,
nfsd operates as a normal user-level process. The server
also differs from other NFS server implementations in that
it mounts an entire file hierarchy not limited by the
boundaries of physical file-systems. The implementation
allows the clients read-only or read-write access to the
file hierarchy of the server machine.
The mountd program starts an ancillary user-level mount
daemon.
Running from inetd
Usually, nfsd will be started at system boot time. How-
ever, you may also invoke it from inetd by adding the fol-
lowing two lines to /etc/inetd.conf:
nfs/2 dgram rpc/udp wait root /usr/sbin/rpc.nfsd rpc.nfsd
nfs/2 stream rpc/tcp wait root /usr/sbin/rpc.nfsd rpc.nfsd
When run from inetd, will terminate after a certain period
of inactivity.
OPTIONS
-f or --exports-file
This option specifies the exports file, listing the
clients that this server is prepared to serve and
parameters to apply to each such mount (see
exports(5)). By default exports are read from
/etc/exports.
-d facility or --debug facility
Log operations verbosely. Legal values for facility
are currently call for the logging of RPC calls and
arguments, fhcache for the file handle cache opera-
tion, auth for the authentication routines, and
ugid for the uid mapping code, if used. Debug mes-
sages will be logged to syslog(8) unless the daemon
runs in the foreground.
-F or --foreground
Unlike in normal operation, nfsd will not detach
from the terminal when given this option. When
debugging is requested, it will be sent to standard
error.
-h or --help
Provide a short help summary.
-l or --log-transfers
Tries to catch all files retrieved from and written
the NFS server. This is mainly for the benefit of
anonymous NFS exports and is intended to mimick the
xferlog file supported by some FTP daemons. For
each file store or retrieve, a single line is writ-
ten to the system log daemon containing the
client's IP address, and the file name. The log
level of these transfer records is daemon.info.
-n or --allow-non-root
Allow incoming NFS requests to be honored even if
they do not originate from reserved IP ports. Some
older NFS client implementations require this.
Some newer NFS client implementations don't believe
in reserved port checking. This check can be turned
off for individual hosts by specifying the insecure
export option in /etc/exports.
-P portnum or --port portnum
Makes nfsd listen on port portnum instead of the
default port 2049. By default, nfsd will listen on
the nfs/udp port specified in /etc/services, or, if
that is undefined, on port 2049.
-p or --promiscuous
Put the server into promiscuous mode where it will
serve any host on the network.
-r or --re-export
Allow remotely mounted file-systems to be exported.
This can be used to turn a machine into a multi-
plier for NFS or Novell servers. Caution should be
used when re-exporting loopback NFS mounts because
re-entering the mount point will result in deadlock
between the NFS client and the NFS server.
I should be noted that (on Linux) nfsd looks at the
major device number of the file system to find out
whether it is a remote volume; if the major number
is not 0, it assumes the file system is local. How-
ever, not only remote file systems use major number
0, also procfs does. If you choose to re-export NFS
file systems, beware that this potentially includes
/proc if you have the file system root exported.
This poses a security problem, and you should avoid
this situation if possible.
-R or --public-root
Specifies the directory associated with the public
file handle. See the section on WebNFS below.
-v or --version
Report the current version number of the program.
numcopies
This is an experimental feature that lets you run
several instances of nfsd in parallel. When given a
value of numcopies greater than one, nfsd will fork
as many times as specified by this value. However,
the servers do not share a common file handle
cache, which makes certain file operations impossi-
ble.
For this reason, nfsd will disallow all write oper-
ations when invoked with this option. Although this
is very limiting, this feature may still prove use-
ful for exporting public FTP areas or Usenet News
spools.
WebNFS Support
WebNFS is an extension to the normal NFS protocol devel-
oped by Sun that is particularly well-suited for file
retrieval over the Internet, and is intended to be used
(among others) from Web browsers.
Central to the concept is the so-called public file han-
dle. This is a special NFS file handle used by the NFS
client (i.e. browser) to retrieve a file without having to
go through the mount protocol. This file handle must be
associated with a directory on the server machine, rela-
tive to which it evaluates filenames. This is the public
root directory, which can be specified using the --pub-
lic-root option. A Web server, for instance, would proba-
bly use the root of its Web server as the public root
(e.g. /home/httpd). A Web broser requesting the URL
nfs://foo.bar.edu/zappa.html would then be given the file
/home/httpd/zappa.html. For ease of maintenance, the pub-
lic root directory can also be specified using a special
entry in the exports file (see exports(5) for details).
Naming a public root does not automatically export it; you
still must explicitly do that in /etc/exports in order to
actually make the directory accessible. A useful set of
options to export data to WebNFS clients is
ro,all_squash,insecure. Please refer to exports(5) for a
detailed explanation of these flags.
Also note that a WebNFS client can also access files not
located below the public root directory as long as they
are exported to him. In particular, if you have /home/ftp
exported to the world in addition to the Web server's home
directory, a web client may be able to access FTP files
via nfs://foo.bar.edu/../ftp/README. Of course, this does
not apply to files that are not exported to the client.
SIGNALS
nfsd recognizes the following signals:
SIGHUP causes nfsd to re-read the export file and flush
the file handle cache. If a public root was speci-
fied, this will also regenerate the file handle
associated with the public directory name (useful
when exporting a removable file system).
SIGUSR1
When nfsd was invoked with debugging options, send-
ing this signal toggles generation of debug infor-
mation.
SIGIOT When compiled with with the -DCALL_PROFILING
option, sending a SIGIOT to nfsd will cause dump
the average execution times per NFS operation into
/tmp/nfsd.profile.
BUGS
nfsd does not support the retrieval of index.html files
when asked to look up a directory file name. This is not
an RFC requirement, so it's rather a feature absent than a
true bug.
The --log-transfers option is not always accurate since
there is no equivalent to the UNIX file system open() and
close() calls in the NFS protocol. Instead, nfsd writes
out a transfer record whenever it encounters a READ or
WRITE request at offset zero.
SEE ALSO
exports(5) mountd(8) ugidd(8C)
AUTHORS
Mark Shand wrote the orignal unfsd. Don Becker extended
unfsd to support authentication and allow read-write
access and called it hnfs. Rick Sladkey added host match-
ing, showmount -e support, mountd authentication, inetd
support, and all of the portability and configuration
code. Olaf Kirch fixed one or two security holes and
other bugs, added the uid mapping and a couple of other
things.