Provided by: nfs-user-server_2.2beta47-23_i386
nfsd - NFS service daemon
/usr/sbin/rpc.nfsd [ -f exports-file ] [ -d facility ] [ -P port ]
[ -R dirname ] [ -Fhlnprstv ] [ --debug facility ]
[ --exports-file=file ] [ --foreground ] [ --help ]
[ --allow-non-root ] [ --re-export ] [ --public-root dirname ]
[ --no-spoof-trace ] [ --port port ] [ --log-transfers ] [ --version ]
[ numservers ]
The nfsd program is an NFS service daemon that handles client
filesystem requests. Unlike on some other systems, nfsd operates as a
normal user-level process. The server also differs from other NFS
server implementations in that it mounts an entire file hierarchy not
limited by the boundaries of physical file-systems. The implementation
allows the clients read-only or read-write access to the file hierarchy
of the server machine.
The mountd program starts an ancillary user-level mount daemon.
Running from inetd
Usually, nfsd will be started at system boot time. However, you may
also invoke it from inetd by adding the following two lines to
nfs/2 dgram rpc/udp wait root /usr/sbin/rpc.nfsd rpc.nfsd
nfs/2 stream rpc/tcp wait root /usr/sbin/rpc.nfsd rpc.nfsd
When run from inetd, will terminate after a certain period of
-f or --exports-file
This option specifies the exports file, listing the clients that
this server is prepared to serve and parameters to apply to each
such mount (see exports(5)). By default exports are read from
-d facility or --debug facility
Log operations verbosely. Legal values for facility are
currently call for the logging of RPC calls and arguments,
fhcache for the file handle cache operation, auth for the
authentication routines, and ugid for the uid mapping code, if
used. Debug messages will be logged to syslog(8) unless the
daemon runs in the foreground.
-F or --foreground
Unlike in normal operation, nfsd will not detach from the
terminal when given this option. When debugging is requested, it
will be sent to standard error.
-h or --help
Provide a short help summary.
-l or --log-transfers
Tries to catch all files retrieved from and written the NFS
server. This is mainly for the benefit of anonymous NFS exports
and is intended to mimick the xferlog file supported by some FTP
daemons. For each file store or retrieve, a single line is
written to the system log daemon containing the client’s IP
address, and the file name. The log level of these transfer
records is daemon.info.
-n or --allow-non-root
Allow incoming NFS requests to be honored even if they do not
originate from reserved IP ports. Some older NFS client
implementations require this. Some newer NFS client
implementations don’t believe in reserved port checking. This
check can be turned off for individual hosts by specifying the
insecure export option in /etc/exports.
-P portnum or --port portnum
Makes nfsd listen on port portnum instead of the default port
2049. By default, nfsd will listen on the nfs/udp port specified
in /etc/services, or, if that is undefined, on port 2049.
-p or --promiscuous
Put the server into promiscuous mode where it will serve any
host on the network.
-r or --re-export
Allow remotely mounted file-systems to be exported. This can be
used to turn a machine into a multiplier for NFS or Novell
servers. Caution should be used when re-exporting loopback NFS
mounts because re-entering the mount point will result in
deadlock between the NFS client and the NFS server.
It should be noted that (on Linux) nfsd looks at the major
device number of the file system to find out whether it is a
remote volume; if the major number is not 0, it assumes the file
system is local. However, not only remote file systems use major
number 0, also procfs does. If you choose to re-export NFS file
systems, beware that this potentially includes /proc if you have
the file system root exported. This poses a security problem,
and you should avoid this situation if possible.
-t or --no-spoof-trace
By default, nfsd logs every access by unauthorized clients. This
option turns off logging of such spoof attempts for all hosts
listed explicitly in the exports file.
-R or --public-root
Specifies the directory associated with the public file handle.
See the section on WebNFS below.
-v or --version
Report the current version number of the program.
This is an experimental feature that lets you run several
instances of nfsd in parallel. When given a value of numcopies
greater than one, nfsd will fork as many times as specified by
this value. However, the servers do not share a common file
handle cache, which makes certain file operations impossible.
For this reason, nfsd will disallow all write operations when
invoked with this option. Although this is very limiting, this
feature may still prove useful for exporting public FTP areas or
Usenet News spools.
WebNFS is an extension to the normal NFS protocol developed by Sun that
is particularly well-suited for file retrieval over the Internet, and
is intended to be used (among others) from Web browsers.
Central to the concept is the so-called public file handle. This is a
special NFS file handle used by the NFS client (i.e. browser) to
retrieve a file without having to go through the mount protocol. This
file handle must be associated with a directory on the server machine,
relative to which it evaluates filenames. This is the public root
directory, which can be specified using the --public-root option. A
Web server, for instance, would probably use the root of its Web server
as the public root (e.g. /home/httpd). A Web broser requesting the URL
nfs://foo.bar.edu/zappa.html would then be given the file
/home/httpd/zappa.html. For ease of maintenance, the public root
directory can also be specified using a special entry in the exports
file (see exports(5) for details).
Naming a public root does not automatically export it; you still must
explicitly do that in /etc/exports in order to actually make the
directory accessible. A useful set of options to export data to WebNFS
clients is ro,all_squash,insecure. Please refer to exports(5) for a
detailed explanation of these flags.
Also note that a WebNFS client can also access files not located below
the public root directory as long as they are exported to him. In
particular, if you have /home/ftp exported to the world in addition to
the Web server’s home directory, a web client may be able to access FTP
files via nfs://foo.bar.edu/../ftp/README. Of course, this does not
apply to files that are not exported to the client.
nfsd recognizes the following signals:
SIGHUP causes nfsd to re-read the export file and flush the file handle
cache. If a public root was specified, this will also regenerate
the file handle associated with the public directory name
(useful when exporting a removable file system).
When nfsd was invoked with debugging options, sending this
signal toggles generation of debug information.
SIGIOT When compiled with with the -DCALL_PROFILING option, sending a
SIGIOT to nfsd will cause dump the average execution times per
NFS operation into /tmp/nfsd.profile.
nfsd does not support the retrieval of index.html files when asked to
look up a directory file name. This is not an RFC requirement, so it’s
rather a feature absent than a true bug.
The --log-transfers option is not always accurate since there is no
equivalent to the UNIX file system open() and close() calls in the NFS
protocol. Instead, nfsd writes out a transfer record whenever it
encounters a READ or WRITE request at offset zero.
exports(5), mountd(8), ugidd(8C)
Mark Shand wrote the orignal unfsd. Don Becker extended unfsd to
support authentication and allow read-write access and called it hnfs.
Rick Sladkey added host matching, showmount -e support, mountd
authentication, inetd support, and all of the portability and
configuration code. Olaf Kirch fixed one or two security holes and
other bugs, added the uid mapping and a couple of other things.
11 August 1997 NFSD(8)