rpc.mountd - NFS mount daemon
/usr/sbin/rpc.mountd [options]
The rpc.mountd daemon implements the server side of the NFS
MOUNT protocol, an NFS side protocol used by NFS version 2 [RFC1094] and NFS
version 3 [RFC1813]. It also responds to requests from the Linux kernel to
authenticate clients and provides details of access permissions.
The NFS server (nfsd) maintains a cache of authentication
and authorization information which is used to identify the source of each
request, and then what access permissions that source has to any local
filesystem. When required information is not found in the cache, the server
sends a request to mountd to fill in the missing information. Mountd
uses a table of information stored in /var/lib/nfs/etab and
maintained by exportfs(8), possibly based on the contents of
exports(5), to respond to each request.
The NFS MOUNT protocol has several procedures. The most important
of these are MNT (mount an export) and UMNT (unmount an export).
A MNT request has two arguments: an explicit argument that
contains the pathname of the root directory of the export to be mounted, and
an implicit argument that is the sender's IP address.
When receiving a MNT request from an NFS client, rpc.mountd
checks both the pathname and the sender's IP address against its export
table. If the sender is permitted to access the requested export,
rpc.mountd returns an NFS file handle for the export's root directory
to the client. The client can then use the root file handle and NFS LOOKUP
requests to navigate the directory structure of the export.
The rpc.mountd daemon registers every successful MNT
request by adding an entry to the /var/lib/nfs/rmtab file. When
receivng a UMNT request from an NFS client, rpc.mountd simply removes
the matching entry from /var/lib/nfs/rmtab, as long as the access
control list for that export allows that sender to access the export.
Clients can discover the list of file systems an NFS server is
currently exporting, or the list of other clients that have mounted its
exports, by using the showmount(8) command. showmount(8) uses
other procedures in the NFS MOUNT protocol to report information about the
server's exported file systems.
Note, however, that there is little to guarantee that the contents
of /var/lib/nfs/rmtab are accurate. A client may continue accessing
an export even after invoking UMNT. If the client reboots without sending a
UMNT request, stale entries remain for that client in
/var/lib/nfs/rmtab.
Version 4 (and later) of NFS does not use a separate NFS MOUNT
protocol. Instead mounting is performed using regular NFS requests handled
by the NFS server in the Linux kernel (nfsd). Consequently
/var/lib/nfs/rmtab is not updated to reflect any NFSv4 activity.
- -d kind or --debug
kind
- Turn on debugging. Valid kinds are: all, auth, call, general and
parse.
- -l or
--log-auth
- Enable logging of responses to authentication and access requests from
nfsd. Each response is then cached by the kernel for 30 minutes (or as set
by --ttl below), and will be refreshed after 15 minutes (half the
ttl time) if the relevant client remains active. Note that -l is
equivalent to -d auth and so can be enabled in /etc/nfs.conf
with "debug = auth" in the [mountd] section.
- rpc.mountd will always log authentication responses to MOUNT
requests when NFSv3 is used, but to get similar logs for NFSv4, this
option is required.
- -i or
--cache-use-ipaddr
- Normally each client IP address is matched against each host identifier
(name, wildcard, netgroup etc) found in /etc/exports and a combined
identity is formed from all matching identifiers. Often many clients will
map to the same combined identity so performing this mapping reduces the
number of distinct access details that the kernel needs to store.
Specifying the -i option suppresses this mapping so that access to
each filesystem is requested and cached separately for each client IP
address. Doing this can increase the burden of updating the cache
slightly, but can make the log messages produced by the -l option
easier to read.
- -T or --ttl
- Provide a time-to-live (TTL) for cached information given to the kernel.
The kernel will normally request an update if the information is needed
after half of this time has expired. Increasing the provided number, which
is in seconds, reduces the rate of cache update requests, and this is
particularly noticeable when these requests are logged with -l.
However increasing also means that changes to hostname to address mappings
can take longer to be noticed. The default TTL is 1800 (30 minutes).
- -F or --foreground
- Run in foreground (do not daemonize)
- -h or --help
- Display usage message.
- -o num or --descriptors
num
- Set the limit of the number of open file descriptors to num. The default
is to leave the limit unchanged.
- -N mountd-version or
--no-nfs-version mountd-version
- This option can be used to request that rpc.mountd do not offer
certain versions of NFS. The current version of rpc.mountd can
support both NFS version 2, 3 and 4. If the either one of these version
should not be offered, rpc.mountd must be invoked with the option
--no-nfs-version <vers> .
- -n or --no-tcp
- Don't advertise TCP for mount.
- -p num or -P num or --port
num
- Specifies the port number used for RPC listener sockets. If this option is
not specified, rpc.mountd will try to consult /etc/services,
if gets port succeed, set the same port for all listener socket, otherwise
chooses a random ephemeral port for each listener socket.
- This option can be used to fix the port value of rpc.mountd's
listeners when NFS MOUNT requests must traverse a firewall between clients
and servers.
- -H prog or --ha-callout
prog
- Specify a high availability callout program. This program receives
callouts for all MOUNT and UNMOUNT requests. This allows rpc.mountd
to be used in a High Availability NFS (HA-NFS) environment.
- The callout program is run with 4 arguments. The first is mount or
unmount depending on the reason for the callout. The second will be
the name of the client performing the mount. The third will be the path
that the client is mounting. The last is the number of concurrent mounts
that we believe the client has of that path.
- This callout is not needed with 2.6 and later kernels. Instead, mount the
nfsd filesystem on /proc/fs/nfsd.
- -s,
--state-directory-path directory
- Specify a directory in which to place state information (etab and rmtab).
If this option is not specified the default of /var/lib/nfs is
used.
- -r,
--reverse-lookup
- rpc.mountd tracks IP addresses in the rmtab file. When a
DUMP request is made (by someone running showmount -a, for
instance), it returns IP addresses instead of hostnames by default. This
option causes rpc.mountd to perform a reverse lookup on each IP
address and return that hostname instead. Enabling this can have a
substantial negative effect on performance in some situations.
- -t N or --num-threads=N
or --num-threads N
- This option specifies the number of worker threads that rpc.mountd spawns.
The default is 1 thread, which is probably enough. More threads are
usually only needed for NFS servers which need to handle mount storms of
hundreds of NFS mounts in a few seconds, or when your DNS server is slow
or unreliable.
- -u or --no-udp
- Don't advertise UDP for mounting
- -V version or --nfs-version
version
- This option can be used to request that rpc.mountd offer certain
versions of NFS. The current version of rpc.mountd can support both
NFS version 2 and the newer version 3.
- -v or --version
- Print the version of rpc.mountd and exit.
- -g or --manage-gids
- Accept requests from the kernel to map user id numbers into lists of group
id numbers for use in access control. An NFS request will normally (except
when using Kerberos or other cryptographic authentication) contains a
user-id and a list of group-ids. Due to a limitation in the NFS protocol,
at most 16 groups ids can be listed. If you use the -g flag, then
the list of group ids received from the client will be replaced by a list
of group ids determined by an appropriate lookup on the server. Note that
the 'primary' group id is not affected so a newgroup command on the
client will still be effective. This function requires a Linux Kernel with
version at least 2.6.21.
Many of the options that can be set on the command line can also
be controlled through values set in the [mountd] or, in some cases,
the [nfsd] sections of the /etc/nfs.conf configuration file.
Values recognized in the [mountd] section include manage-gids,
cache-use-ipaddr, descriptors, port, threads,
ttl, reverse-lookup, and state-directory-path,
ha-callout which each have the same effect as the option with the
same name.
The values recognized in the [nfsd] section include
TCP, UDP, vers3, and vers4 which each have the
same meaning as given by rpc.nfsd(8).
You can protect your rpc.mountd listeners using the
tcp_wrapper library or iptables(8).
Note that the tcp_wrapper library supports only IPv4
networking.
Add the hostnames of NFS peers that are allowed to access
rpc.mountd to /etc/hosts.allow. Use the daemon name
mountd even if the rpc.mountd binary has a different name.
Hostnames used in either access file will be ignored when they can
not be resolved into IP addresses. For further information see the
tcpd(8) and hosts_access(5) man pages.
TI-RPC is a pre-requisite for supporting NFS on IPv6. If TI-RPC
support is built into rpc.mountd, it attempts to start listeners on
network transports marked 'visible' in /etc/netconfig. As long as at
least one network transport listener starts successfully, rpc.mountd
will operate.
- /etc/exports
- input file for exportfs, listing exports, export options, and
access control lists
- /var/lib/nfs/rmtab
- table of clients accessing server's exports
exportfs(8), exports(5), showmount(8),
rpc.nfsd(8), rpc.rquotad(8), nfs(5),
nfs.conf(5), tcpd(8), hosts_access(5),
iptables(8), netconfig(5)
RFC 1094 - "NFS: Network File System Protocol
Specification"
RFC 1813 - "NFS Version 3 Protocol Specification"
RFC 7530 - "Network File System (NFS) Version 4 Protocol"
RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1
Protocol"
Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of
others.