man rpc.nfsd (Administration système) - NFS service daemon

NAME

nfsd - NFS service daemon

SYNOPSIS

/usr/sbin/rpc.nfsd [ -f exports-file ] [ -d facility ] [ -P port ] [ -R dirname ] [ -Fhlnprstv ] [ --debug facility ] [ --exports-file=file ] [ --foreground ] [ --help ] [ --allow-non-root ] [ --re-export ] [ --public-root dirname ] [ --no-spoof-trace ] [ --port port ] [ --log-transfers ] [ --version ] [ numservers ]

DESCRIPTION

The nfsd program is an NFS service daemon that handles client filesystem requests. Unlike on some other systems, nfsd operates as a normal user-level process. The server also differs from other NFS server implementations in that it mounts an entire file hierarchy not limited by the boundaries of physical file-systems. The implementation allows the clients read-only or read-write access to the file hierarchy of the server machine.

The mountd program starts an ancillary user-level mount daemon.

Running from inetd

Usually, nfsd will be started at system boot time. However, you may also invoke it from inetd by adding the following two lines to /etc/inetd.conf: 

nfs/2 dgram  rpc/udp wait root /usr/sbin/rpc.nfsd rpc.nfsd
nfs/2 stream rpc/tcp wait root /usr/sbin/rpc.nfsd rpc.nfsd

When run from inetd, will terminate after a certain period of inactivity.

OPTIONS

-f or --exports-file
This option specifies the exports file, listing the clients that this server is prepared to serve and parameters to apply to each such mount (see exports(5)). By default exports are read from /etc/exports.
-d facility or --debug facility
Log operations verbosely. Legal values for facility are currently call for the logging of RPC calls and arguments, fhcache for the file handle cache operation, auth for the authentication routines, and ugid for the uid mapping code, if used. Debug messages will be logged to syslog(8) unless the daemon runs in the foreground.
-F or --foreground
Unlike in normal operation, nfsd will not detach from the terminal when given this option. When debugging is requested, it will be sent to standard error.
-h or --help
Provide a short help summary.
-l or --log-transfers
Tries to catch all files retrieved from and written the NFS server. This is mainly for the benefit of anonymous NFS exports and is intended to mimick the xferlog file supported by some FTP daemons. For each file store or retrieve, a single line is written to the system log daemon containing the client's IP address, and the file name. The log level of these transfer records is daemon.info.
-n or --allow-non-root
Allow incoming NFS requests to be honored even if they do not originate from reserved IP ports. Some older NFS client implementations require this. Some newer NFS client implementations don't believe in reserved port checking. This check can be turned off for individual hosts by specifying the insecure export option in /etc/exports.
-P portnum or --port portnum
Makes nfsd listen on port portnum instead of the default port 2049. By default, nfsd will listen on the nfs/udp port specified in /etc/services, or, if that is undefined, on port 2049.
-p or --promiscuous
Put the server into promiscuous mode where it will serve any host on the network.
-r or --re-export
Allow remotely mounted file-systems to be exported. This can be used to turn a machine into a multiplier for NFS or Novell servers. Caution should be used when re-exporting loopback NFS mounts because re-entering the mount point will result in deadlock between the NFS client and the NFS server.
It should be noted that (on Linux) nfsd looks at the major device number of the file system to find out whether it is a remote volume; if the major number is not 0, it assumes the file system is local. However, not only remote file systems use major number 0, also procfs does. If you choose to re-export NFS file systems, beware that this potentially includes /proc if you have the file system root exported. This poses a security problem, and you should avoid this situation if possible.
-t or --no-spoof-trace
By default, nfsd logs every access by unauthorized clients. This option turns off logging of such spoof attempts for all hosts listed explicitly in the exports file.
-R or --public-root
Specifies the directory associated with the public file handle. See the section on WebNFS below.
-v or --version
Report the current version number of the program.
numcopies
This is an experimental feature that lets you run several instances of nfsd in parallel. When given a value of numcopies greater than one, nfsd will fork as many times as specified by this value. However, the servers do not share a common file handle cache, which makes certain file operations impossible.
For this reason, nfsd will disallow all write operations when invoked with this option. Although this is very limiting, this feature may still prove useful for exporting public FTP areas or Usenet News spools.

WebNFS Support

WebNFS is an extension to the normal NFS protocol developed by Sun that is particularly well-suited for file retrieval over the Internet, and is intended to be used (among others) from Web browsers.

Central to the concept is the so-called public file handle. This is a special NFS file handle used by the NFS client (i.e. browser) to retrieve a file without having to go through the mount protocol. This file handle must be associated with a directory on the server machine, relative to which it evaluates filenames. This is the public root directory, which can be specified using the --public-root option. A Web server, for instance, would probably use the root of its Web server as the public root (e.g. /home/httpd). A Web broser requesting the URL nfs://foo.bar.edu/zappa.html would then be given the file /home/httpd/zappa.html. For ease of maintenance, the public root directory can also be specified using a special entry in the exports file (see exports(5) for details).

Naming a public root does not automatically export it; you still must explicitly do that in /etc/exports in order to actually make the directory accessible. A useful set of options to export data to WebNFS clients is ro,all_squash,insecure. Please refer to exports(5) for a detailed explanation of these flags.

Also note that a WebNFS client can also access files not located below the public root directory as long as they are exported to him. In particular, if you have /home/ftp exported to the world in addition to the Web server's home directory, a web client may be able to access FTP files via nfs://foo.bar.edu/../ftp/README. Of course, this does not apply to files that are not exported to the client.

SIGNALS

nfsd recognizes the following signals:

SIGHUP
causes nfsd to re-read the export file and flush the file handle cache. If a public root was specified, this will also regenerate the file handle associated with the public directory name (useful when exporting a removable file system).
SIGUSR1
When nfsd was invoked with debugging options, sending this signal toggles generation of debug information.
SIGIOT
When compiled with with the -DCALL_PROFILING option, sending a SIGIOT to nfsd will cause dump the average execution times per NFS operation into /tmp/nfsd.profile.

BUGS

nfsd does not support the retrieval of index.html files when asked to look up a directory file name. This is not an RFC requirement, so it's rather a feature absent than a true bug.

The --log-transfers option is not always accurate since there is no equivalent to the UNIX file system open() and close() calls in the NFS protocol. Instead, nfsd writes out a transfer record whenever it encounters a READ or WRITE request at offset zero.

SEE ALSO

exports(5), mountd(8), ugidd(8)

AUTHORS

Mark Shand wrote the orignal unfsd. Don Becker extended unfsd to support authentication and allow read-write access and called it hnfs. Rick Sladkey added host matching, showmount -e support, mountd authentication, inetd support, and all of the portability and configuration code. Olaf Kirch fixed one or two security holes and other bugs, added the uid mapping and a couple of other things.