NFSD(8)NFSD(8)NAME
nfsd - NFS service daemon
SYNOPSIS
/usr/sbin/rpc.nfsd [ -f exports-file ] [ -d facility ] [ -P port ]
[ -R dirname ] [ -Fhlnprstv ] [ --debug facility ]
[ --exports-file=file ] [ --foreground ] [ --help ]
[ --allow-non-root ] [ --re-export ] [ --public-root dirname ]
[ --no-spoof-trace ] [ --port port ] [ --log-transfers ] [ --version ]
[ numservers ]
DESCRIPTION
The nfsd program is an NFS service daemon that handles client filesys‐
tem requests. Unlike on some other systems, nfsd operates as a normal
user-level process. The server also differs from other NFS server
implementations in that it mounts an entire file hierarchy not limited
by the boundaries of physical file-systems. The implementation allows
the clients read-only or read-write access to the file hierarchy of the
server machine.
The mountd program starts an ancillary user-level mount daemon.
Running from inetd
Usually, nfsd will be started at system boot time. However, you may
also invoke it from inetd by adding the following two lines to
/etc/inetd.conf:
nfs/2 dgram rpc/udp wait root /usr/sbin/rpc.nfsd rpc.nfsd
nfs/2 stream rpc/tcp wait root /usr/sbin/rpc.nfsd rpc.nfsd
When run from inetd, will terminate after a certain period of inactiv‐
ity.
OPTIONS-f or --exports-file
This option specifies the exports file, listing the clients that
this server is prepared to serve and parameters to apply to each
such mount (see exports(5)). By default exports are read from
/etc/exports.
-d facility or --debug facility
Log operations verbosely. Legal values for facility are cur‐
rently call for the logging of RPC calls and arguments, fhcache
for the file handle cache operation, auth for the authentication
routines, and ugid for the uid mapping code, if used. Debug mes‐
sages will be logged to syslog(8) unless the daemon runs in the
foreground.
-F or --foreground
Unlike in normal operation, nfsd will not detach from the termi‐
nal when given this option. When debugging is requested, it will
be sent to standard error.
-h or --help
Provide a short help summary.
-l or --log-transfers
Tries to catch all files retrieved from and written the NFS
server. This is mainly for the benefit of anonymous NFS exports
and is intended to mimick the xferlog file supported by some FTP
daemons. For each file store or retrieve, a single line is writ‐
ten to the system log daemon containing the client's IP address,
and the file name. The log level of these transfer records is
daemon.info.
-n or --allow-non-root
Allow incoming NFS requests to be honored even if they do not
originate from reserved IP ports. Some older NFS client imple‐
mentations require this. Some newer NFS client implementations
don't believe in reserved port checking. This check can be
turned off for individual hosts by specifying the insecure
export option in /etc/exports.
-P portnum or --port portnum
Makes nfsd listen on port portnum instead of the default port
2049. By default, nfsd will listen on the nfs/udp port specified
in /etc/services, or, if that is undefined, on port 2049.
-p or --promiscuous
Put the server into promiscuous mode where it will serve any
host on the network.
-r or --re-export
Allow remotely mounted file-systems to be exported. This can be
used to turn a machine into a multiplier for NFS or Novell
servers. Caution should be used when re-exporting loopback NFS
mounts because re-entering the mount point will result in dead‐
lock between the NFS client and the NFS server.
It should be noted that (on Linux) nfsd looks at the major
device number of the file system to find out whether it is a
remote volume; if the major number is not 0, it assumes the file
system is local. However, not only remote file systems use major
number 0, also procfs does. If you choose to re-export NFS file
systems, beware that this potentially includes /proc if you have
the file system root exported. This poses a security problem,
and you should avoid this situation if possible.
-t or --no-spoof-trace
By default, nfsd logs every access by unauthorized clients. This
option turns off logging of such spoof attempts for all hosts
listed explicitly in the exports file.
-R or --public-root
Specifies the directory associated with the public file handle.
See the section on WebNFS below.
-u or --root-uid
Set the uid that the server will use for the root user id.
Defaults to 0 if not explicitly set. Primarily useful under
Cygwin, since "root user" is not a well-defined concept under
Windows.
-v or --version
Report the current version number of the program.
numcopies
This is an experimental feature that lets you run several
instances of nfsd in parallel. When given a value of numcopies
greater than one, nfsd will fork as many times as specified by
this value. However, the servers do not share a common file
handle cache, which makes certain file operations impossible.
For this reason, nfsd will disallow all write operations when
invoked with this option. Although this is very limiting, this
feature may still prove useful for exporting public FTP areas or
Usenet News spools.
WebNFS Support
WebNFS is an extension to the normal NFS protocol developed by Sun that
is particularly well-suited for file retrieval over the Internet, and
is intended to be used (among others) from Web browsers.
Central to the concept is the so-called public file handle. This is a
special NFS file handle used by the NFS client (i.e. browser) to
retrieve a file without having to go through the mount protocol. This
file handle must be associated with a directory on the server machine,
relative to which it evaluates filenames. This is the public root
directory, which can be specified using the --public-root option. A
Web server, for instance, would probably use the root of its Web server
as the public root (e.g. /home/httpd). A Web broser requesting the URL
nfs://foo.bar.edu/zappa.html would then be given the file
/home/httpd/zappa.html. For ease of maintenance, the public root
directory can also be specified using a special entry in the exports
file (see exports(5) for details).
Naming a public root does not automatically export it; you still must
explicitly do that in /etc/exports in order to actually make the direc‐
tory accessible. A useful set of options to export data to WebNFS
clients is ro,all_squash,insecure. Please refer to exports(5) for a
detailed explanation of these flags.
Also note that a WebNFS client can also access files not located below
the public root directory as long as they are exported to him. In par‐
ticular, if you have /home/ftp exported to the world in addition to the
Web server's home directory, a web client may be able to access FTP
files via nfs://foo.bar.edu/../ftp/README. Of course, this does not
apply to files that are not exported to the client.
SIGNALS
nfsd recognizes the following signals:
SIGHUP causes nfsd to re-read the export file and flush the file handle
cache. If a public root was specified, this will also regenerate
the file handle associated with the public directory name (use‐
ful when exporting a removable file system).
SIGUSR1
When nfsd was invoked with debugging options, sending this sig‐
nal toggles generation of debug information.
SIGUSR2
When compiled with with the -DCALL_PROFILING option, sending a
SIGUSR2 to nfsd will cause dump the average execution times per
NFS operation into /tmp/nfsd.profile.
BUGS
nfsd does not support the retrieval of index.html files when asked to
look up a directory file name. This is not an RFC requirement, so it's
rather a feature absent than a true bug.
The --log-transfers option is not always accurate since there is no
equivalent to the UNIX file system open() and close() calls in the NFS
protocol. Instead, nfsd writes out a transfer record whenever it
encounters a READ or WRITE request at offset zero.
SEE ALSOexports(5), mountd(8), ugidd(8C)AUTHORS
Mark Shand wrote the orignal unfsd. Don Becker extended unfsd to sup‐
port authentication and allow read-write access and called it hnfs.
Rick Sladkey added host matching, showmount -e support, mountd authen‐
tication, inetd support, and all of the portability and configuration
code. Olaf Kirch fixed one or two security holes and other bugs, added
the uid mapping and a couple of other things.
11 August 1997 NFSD(8)