MOUNTD(8)MOUNTD(8)NAME
mountd - NFS mount daemon
SYNOPSIS
/usr/sbin/rpc.mountd [ -f exports-file ] [ -d facility ] [ -P port ]
[ -Dhnprv ] [ --debug facility ] [ --exports-file=file ] [ --help ]
[ --allow-non-root ] [ --re-export ] [ --no-spoof-trace ] [ --version ]
DESCRIPTION
The mountd program is an NFS mount daemon. When receiving a MOUNT
request from an NFS client, it checks the request against the list of
exported file systems listen in /etc/exports. If the client is permit‐
ted to mount the file system, mountd creates a file handle for the
requested directory, and adds an entry /etc/rmtab. Upon receipt of an
UMOUNT request, it removes the client's entry from rmtab. Note, how‐
ever, that a client may still be able to use the file handle after the
UMOUNT request (for instance, if the client mounts the same remote file
system on two different mount points). Similarly, if a client reboots
without notifying mountd, a stale entry will remain in rmtab.
Running from inetd
mountd can be started from inetd rather than at system boot time by
adding the following two lines to /etc/inetd.conf:
mount/1-2 dgram rpc/udp wait root /usr/sbin/rpc.mountd rpc.mountd
mount/1-2 stream rpc/tcp wait root /usr/sbin/rpc.mountd rpc.mountd
When run from inetd, mountd will terminate after a certain period of
inactivity.
OPTIONS-f or --exports-file
This option specifies the exports file, listing the clients that
this server is prepared to serve and parameters to apply to each
such mount (see exports(5)). By default exports are read from
/etc/exports.
-d or --debug
Log each transaction verbosely to standard error. Valid log
facilities are call for the logging of all calls, auth for
client authentication, fhcache for operations of the file handle
cache, and rmtab for manipulation of /etc/rmtab. By default,
log output is sent to syslogd unless the daemon runs in the
foreground.
-F or --foreground
Unlike normal in operation, mountd will not detach from the ter‐
minal when given this option. When debugging is requested, it
will be sent to standard error.
-h or --help
Provide a short help summary.
-n or --allow-non-root
Allow incoming mount requests to be honored even if they do not
originate from reserved IP ports. Some older NFS client imple‐
mentations require this. Some newer NFS client implementations
don't believe in reserved port checking.
-P portnum or --port portnum
Makes mountd listen on port portnum instead of some random port.
By default, mountd will listen on the mount/udp port specified
in /etc/services, or, if that is undefined, on some arbitrary
port number below 1024.
-p or --promiscuous
Put the server into promiscuous mode where it will serve any
host on the network.
-r or --re-export
Allow imported NFS or SMB file-systems to be exported. This can
be used to turn a machine into an NFS/SMB multiplier. Caution
should be used when re-exporting loopback mounts because re-
entering the mount point will result in deadlock between the
client file system code and the server.
-t or --no-spoof-trace
By default, mountd logs every access by unauthorized clients.
This option turns off logging of such spoof attempts for all
hosts listed explicitly in the exports file.
-v or --version
Report the current version number of the program.
Access Control
For enhanced security, access to mountd can be limited via the TCP
wrapper library that's part of Wietse Venema's tcp_wrappers package.
Support for this option must be selected at compile time. In order to
restrict access to all hosts on your local network (say 192.168.1.0),
you would add the following lines to your /etc/hosts.allow file:
rpc.mountd : 192.168.1. : allow
rpc.mountd : ALL : deny
This example assumes your TCP wrapper library was compiled with options
support (which I highly recommend). If it has been compiled without
options support, you need to add the following two lines to
/etc/hosts.allow and /etc/hosts.deny, respectively:
# hosts.allow:
rpc.mountd : 192.168.1
# hosts.deny
rpc.mountd : ALL
When changing this information, you must restart mountd for these
changes to take effect, either by killing and restarting, or by sending
it the HUP signal.
BUGS
The information in /etc/rmtab is inaccurate more often than not.
SIGNALS
When receiving a SIGHUP, mountd will re-read the exports file and any
access restrictions defined in the /etc/hosts.allow and /etc/hosts.deny
file. Note that to make export changes take effect, you have to send
nfsd a SIGHUP as well.
FILES
/etc/exports
/etc/rmtab
SEE ALSOexports(5), nfsd(8), ugidd(8C), showmount(8).
11 August 1997 MOUNTD(8)