rpc.mountd - NFS mount daemon
/usr/sbin/rpc.mountd [options]
The
rpc.mountd daemon implements the server side of the NFS MOUNT
protocol, an NFS side protocol used by NFS version 2 [RFC1094] and NFS version
3 [RFC1813]. It also responds to requests from the Linux kernel to
authenticate clients and provides details of access permissions.
The NFS server (
nfsd) maintains a cache of authentication and
authorization information which is used to identify the source of each
request, and then what access permissions that source has to any local
filesystem. When required information is not found in the cache, the server
sends a request to
mountd to fill in the missing information. Mountd
uses a table of information stored in
/var/lib/nfs/etab and maintained
by
exportfs(8), possibly based on the contents of
exports(5), to
respond to each request.
The NFS MOUNT protocol has several procedures. The most important of these are
MNT (mount an export) and UMNT (unmount an export).
A MNT request has two arguments: an explicit argument that contains the pathname
of the root directory of the export to be mounted, and an implicit argument
that is the sender's IP address.
When receiving a MNT request from an NFS client,
rpc.mountd checks both
the pathname and the sender's IP address against its export table. If the
sender is permitted to access the requested export,
rpc.mountd returns
an NFS file handle for the export's root directory to the client. The client
can then use the root file handle and NFS LOOKUP requests to navigate the
directory structure of the export.
The
rpc.mountd daemon registers every successful MNT request by adding an
entry to the
/var/lib/nfs/rmtab file. When receivng a UMNT request from
an NFS client,
rpc.mountd simply removes the matching entry from
/var/lib/nfs/rmtab, as long as the access control list for that export
allows that sender to access the export.
Clients can discover the list of file systems an NFS server is currently
exporting, or the list of other clients that have mounted its exports, by
using the
showmount(8) command.
showmount(8) uses other
procedures in the NFS MOUNT protocol to report information about the server's
exported file systems.
Note, however, that there is little to guarantee that the contents of
/var/lib/nfs/rmtab are accurate. A client may continue accessing an
export even after invoking UMNT. If the client reboots without sending a UMNT
request, stale entries remain for that client in
/var/lib/nfs/rmtab.
Version 4 (and later) of NFS does not use a separate NFS MOUNT protocol. Instead
mounting is performed using regular NFS requests handled by the NFS server in
the Linux kernel (
nfsd). Consequently
/var/lib/nfs/rmtab is not
updated to reflect any NFSv4 activity.
- -d kind or --debug kind
- Turn on debugging. Valid kinds are: all, auth, call,
general and parse.
-
-l or --log-auth
- Enable logging of responses to authentication and access
requests from nfsd. Each response is then cached by the kernel for 30
minutes (or as set by --ttl below), and will be refreshed after 15
minutes (half the ttl time) if the relevant client remains active. Note
that -l is equivalent to -d auth and so can be enabled in
/etc/nfs.conf with "debug = auth" in the
[mountd] section.
-
rpc.mountd will always log authentication responses
to MOUNT requests when NFSv3 is used, but to get similar logs for NFSv4,
this option is required.
-
-i or --cache-use-ipaddr
- Normally each client IP address is matched against each
host identifier (name, wildcard, netgroup etc) found in
/etc/exports and a combined identity is formed from all matching
identifiers. Often many clients will map to the same combined identity so
performing this mapping reduces the number of distinct access details that
the kernel needs to store. Specifying the -i option suppresses this
mapping so that access to each filesystem is requested and cached
separately for each client IP address. Doing this can increase the burden
of updating the cache slightly, but can make the log messages produced by
the -l option easier to read.
- -T or --ttl
- Provide a time-to-live (TTL) for cached information given
to the kernel. The kernel will normally request an update if the
information is needed after half of this time has expired. Increasing the
provided number, which is in seconds, reduces the rate of cache update
requests, and this is particularly noticeable when these requests are
logged with -l. However increasing also means that changes to
hostname to address mappings can take longer to be noticed. The default
TTL is 1800 (30 minutes).
- -F or --foreground
- Run in foreground (do not daemonize)
- -h or --help
- Display usage message.
- -o num or --descriptors num
- Set the limit of the number of open file descriptors to
num. The default is to leave the limit unchanged.
- -N mountd-version or --no-nfs-version
mountd-version
- This option can be used to request that rpc.mountd
do not offer certain versions of NFS. The current version of
rpc.mountd can support both NFS version 2, 3 and 4. If the either
one of these version should not be offered, rpc.mountd must be
invoked with the option --no-nfs-version <vers> .
- -n or --no-tcp
- Don't advertise TCP for mount.
- -p num or -P num or --port num
- Specifies the port number used for RPC listener sockets. If
this option is not specified, rpc.mountd will try to consult
/etc/services, if gets port succeed, set the same port for all
listener socket, otherwise chooses a random ephemeral port for each
listener socket.
- This option can be used to fix the port value of
rpc.mountd's listeners when NFS MOUNT requests must traverse a
firewall between clients and servers.
- -H prog or --ha-callout prog
- Specify a high availability callout program. This program
receives callouts for all MOUNT and UNMOUNT requests. This allows
rpc.mountd to be used in a High Availability NFS (HA-NFS)
environment.
- The callout program is run with 4 arguments. The first is
mount or unmount depending on the reason for the callout.
The second will be the name of the client performing the mount. The third
will be the path that the client is mounting. The last is the number of
concurrent mounts that we believe the client has of that path.
- This callout is not needed with 2.6 and later kernels.
Instead, mount the nfsd filesystem on /proc/fs/nfsd.
-
-s, --state-directory-path
directory
- Specify a directory in which to place state information
(etab and rmtab). If this option is not specified the default of
/var/lib/nfs is used.
-
-r, --reverse-lookup
-
rpc.mountd tracks IP addresses in the rmtab
file. When a DUMP request is made (by someone running showmount -a,
for instance), it returns IP addresses instead of hostnames by default.
This option causes rpc.mountd to perform a reverse lookup on each
IP address and return that hostname instead. Enabling this can have a
substantial negative effect on performance in some situations.
-
-t N or --num-threads=N or --num-threads N
- This option specifies the number of worker threads that
rpc.mountd spawns. The default is 1 thread, which is probably enough. More
threads are usually only needed for NFS servers which need to handle mount
storms of hundreds of NFS mounts in a few seconds, or when your DNS server
is slow or unreliable.
- -u or --no-udp
- Don't advertise UDP for mounting
- -V version or --nfs-version version
- This option can be used to request that rpc.mountd
offer certain versions of NFS. The current version of rpc.mountd
can support both NFS version 2 and the newer version 3.
- -v or --version
- Print the version of rpc.mountd and exit.
- -g or --manage-gids
- Accept requests from the kernel to map user id numbers into
lists of group id numbers for use in access control. An NFS request will
normally (except when using Kerberos or other cryptographic
authentication) contains a user-id and a list of group-ids. Due to a
limitation in the NFS protocol, at most 16 groups ids can be listed. If
you use the -g flag, then the list of group ids received from the
client will be replaced by a list of group ids determined by an
appropriate lookup on the server. Note that the 'primary' group id is not
affected so a newgroup command on the client will still be
effective. This function requires a Linux Kernel with version at least
2.6.21.
Many of the options that can be set on the command line can also be controlled
through values set in the
[mountd] or, in some cases, the
[nfsd]
sections of the
/etc/nfs.conf configuration file. Values recognized in
the
[mountd] section include
manage-gids,
cache-use-ipaddr,
descriptors,
port,
threads,
ttl,
reverse-lookup, and
state-directory-path,
ha-callout which each have the same effect as the option with the same
name.
The values recognized in the
[nfsd] section include
TCP,
UDP,
vers3, and
vers4 which each have the same meaning as
given by
rpc.nfsd(8).
You can protect your
rpc.mountd listeners using the
tcp_wrapper
library or
iptables(8).
Note that the
tcp_wrapper library supports only IPv4 networking.
Add the hostnames of NFS peers that are allowed to access
rpc.mountd to
/etc/hosts.allow. Use the daemon name
mountd even if the
rpc.mountd binary has a different name.
Hostnames used in either access file will be ignored when they can not be
resolved into IP addresses. For further information see the
tcpd(8) and
hosts_access(5) man pages.
TI-RPC is a pre-requisite for supporting NFS on IPv6. If TI-RPC support is built
into
rpc.mountd, it attempts to start listeners on network transports
marked 'visible' in
/etc/netconfig. As long as at least one network
transport listener starts successfully,
rpc.mountd will operate.
- /etc/exports
- input file for exportfs, listing exports, export
options, and access control lists
- /var/lib/nfs/rmtab
- table of clients accessing server's exports
exportfs(8),
exports(5),
showmount(8),
rpc.nfsd(8),
rpc.rquotad(8),
nfs(5),
nfs.conf(5),
tcpd(8),
hosts_access(5),
iptables(8),
netconfig(5)
RFC 1094 - "NFS: Network File System Protocol Specification"
RFC 1813 - "NFS Version 3 Protocol Specification"
RFC 7530 - "Network File System (NFS) Version 4 Protocol"
RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1
Protocol"
Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.