X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fmountd%2Fmountd.man;h=b60dc90fa07e2d9638ae62a9f801e5ba35318961;hp=77f4e266563508952126b36cae500aecf2a8d328;hb=985f89a8a87f2626583b240f7abad86d97a77596;hpb=0f41eb8945d8116d69297dbd0aa748c02d580d36 diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man index 77f4e26..b60dc90 100644 --- a/utils/mountd/mountd.man +++ b/utils/mountd/mountd.man @@ -1,8 +1,9 @@ -.\" -.\" mountd(8) +.\"@(#)rpc.mountd.8" .\" .\" Copyright (C) 1999 Olaf Kirch -.TH rpc.mountd 8 "25 Aug 2000" +.\" Modified by Paul Clements, 2004. +.\" +.TH rpc.mountd 8 "31 Dec 2009" .SH NAME rpc.mountd \- NFS mount daemon .SH SYNOPSIS @@ -10,49 +11,73 @@ rpc.mountd \- NFS mount daemon .SH DESCRIPTION The .B rpc.mountd -program implements the NFS mount protocol. When receiving a MOUNT -request from an NFS client, it checks the request against the list of -currently exported file systems. If the client is permitted to mount -the file system, -.B rpc.mountd -obtains a file handle for requested directory and returns it to -the client. -.SS Exporting NFS File Systems -Making file systems available to NFS clients is called -.IR exporting . -.P -Usually, a file system and the hosts it should be made available to -are listed in the -.B /etc/exports -file, and invoking -.B exportfs -a -whenever the system is booted. The +daemon implements the server side of the NFS MOUNT protocol, +an NFS side protocol used by NFS version 2 [RFC1094] and NFS version 3 [RFC1813]. +.PP +An NFS server maintains a table of local physical file systems +that are accessible to NFS clients. +Each file system in this table is referred to as an +.IR "exported file system" , +or +.IR export , +for short. +.PP +Each file system in the export table has an access control list. +.B rpc.mountd +uses these access control lists to determine +whether an NFS client is permitted to access a given file system. +For details on how to manage your NFS server's export table, see the +.BR exports (5) +and .BR exportfs (8) -command makes export information available to both the kernel NFS -server module and the -.B rpc.mountd -daemon. -.P -Alternatively, you can export individual directories temporarily -using -.BR exportfs 's -.IB host : /directory -syntax. +man pages. +.SS Mounting exported NFS File Systems +The NFS MOUNT protocol has several procedures. +The most important of these are +MNT (mount an export) and +UMNT (unmount an export). +.PP +A MNT request has two arguments: an explicit argument that +contains the pathname of the root directory of the export to be mounted, +and an implicit argument that is the sender's IP address. +.PP +When receiving a MNT request from an NFS client, +.B rpc.mountd +checks both the pathname and the sender's IP address against its export table. +If the sender is permitted to access the requested export, +.B rpc.mountd +returns an NFS file handle for the export's root directory to the client. +The client can then use the root file handle and NFS LOOKUP requests +to navigate the directory structure of the export. .SS The rmtab File -For every mount request received from an NFS client, -.B rpc.mountd -adds an entry to the -.B /var/lib/nfs/rmtab -file. When receiving an unmount request, that entry is removed. -user level part of the NFS service. -.P -However, this file is mostly ornamental. One, the client can continue -to use the file handle even after calling -.B rpc.mountd 's -UMOUNT procedure. And two, if a client reboots without notifying -.B rpc.mountd , -a stale entry will remain in -.BR rmtab . +The +.B rpc.mountd +daemon registers every successful MNT request by adding an entry to the +.I /var/lib/nfs/rmtab +file. +When receivng a UMNT request from an NFS client, +.B rpc.mountd +simply removes the matching entry from +.IR /var/lib/nfs/rmtab , +as long as the access control list for that export allows that sender +to access the export. +.PP +Clients can discover the list of file systems an NFS server is +currently exporting, or the list of other clients that have mounted +its exports, by using the +.BR showmount (8) +command. +.BR showmount (8) +uses other procedures in the NFS MOUNT protocol to report information +about the server's exported file systems. +.PP +Note, however, that there is little to guarantee that the contents of +.I /var/lib/nfs/rmtab +are accurate. +A client may continue accessing an export even after invoking UMNT. +If the client reboots without sending a UMNT request, stale entries +remain for that client in +.IR /var/lib/nfs/rmtab . .SH OPTIONS .TP .B \-d kind " or " \-\-debug kind @@ -74,18 +99,18 @@ Display usage message. .TP .B \-o num " or " \-\-descriptors num Set the limit of the number of open file descriptors to num. The -default is 256. +default is to leave the limit unchanged. .TP .B \-N " or " \-\-no-nfs-version This option can be used to request that .B rpc.mountd do not offer certain versions of NFS. The current version of .B rpc.mountd -can support both NFS version 2 and the newer version 3. If the -NFS kernel module was compiled without support for NFSv3, +can support both NFS version 2, 3 and 4. If the +either one of these version should not be offered, .B rpc.mountd must be invoked with the option -.B "\-\-no-nfs-version 3" . +.B "\-\-no-nfs-version " . .TP .B \-n " or " \-\-no-tcp Don't advertise TCP for mount. @@ -94,10 +119,67 @@ Don't advertise TCP for mount. Ignored (compatibility with unfsd??). .TP .B \-p " or " \-\-port num -Force +Specifies the port number used for RPC listener sockets. +If this option is not specified, +.B rpc.mountd +will try to consult +.IR /etc/services , +if gets port succeed, set the same port for all listener socket, +otherwise chooses a random ephemeral port for each listener socket. +.IP +This option can be used to fix the port value of +.BR rpc.mountd 's +listeners when NFS MOUNT requests must traverse a firewall +between clients and servers. +.TP +.B \-H " or " \-\-ha-callout prog +Specify a high availability callout program. +This program receives callouts for all MOUNT and UNMOUNT requests. +This allows .B rpc.mountd -to bind to the specified port num, instead of using the random port -number assigned by the portmapper. +to be used in a High Availability NFS (HA-NFS) environment. +.IP +The callout program is run with 4 arguments. +The first is +.B mount +or +.B unmount +depending on the reason for the callout. +The second will be the name of the client performing the mount. +The third will be the path that the client is mounting. +The last is the number of concurrent mounts that we believe the client +has of that path. +.IP +This callout is not needed with 2.6 and later kernels. +Instead, mount the nfsd filesystem on +.IR /proc/fs/nfsd . +.TP +.BI "\-s," "" " \-\-state\-directory\-path " directory +Specify a directory in which to place statd state information. +If this option is not specified the default of +.I /var/lib/nfs +is used. +.TP +.BI "\-r," "" " \-\-reverse\-lookup" +.B rpc.mountd +tracks IP addresses in the +.I rmtab +file. When a DUMP request is made (by +someone running +.BR "showmount -a" , +for instance), it returns IP addresses instead +of hostnames by default. This option causes +.B rpc.mountd +to perform a reverse lookup on each IP address and return that hostname instead. +Enabling this can have a substantial negative effect on performance +in some situations. +.TP +.BR "\-t N" " or " "\-\-num\-threads=N" +This option specifies the number of worker threads that rpc.mountd +spawns. The default is 1 thread, which is probably enough. More +threads are usually only needed for NFS servers which need to handle +mount storms of hundreds of NFS mounts in a few seconds, or when +your DNS server is slow or unreliable. .TP .B \-V " or " \-\-nfs-version This option can be used to request that @@ -110,36 +192,82 @@ can support both NFS version 2 and the newer version 3. Print the version of .B rpc.mountd and exit. - +.TP +.B \-g " or " \-\-manage-gids +Accept requests from the kernel to map user id numbers into lists of +group id numbers for use in access control. An NFS request will +normally (except when using Kerberos or other cryptographic +authentication) contains a user-id and a list of group-ids. Due to a +limitation in the NFS protocol, at most 16 groups ids can be listed. +If you use the +.B \-g +flag, then the list of group ids received from the client will be +replaced by a list of group ids determined by an appropriate lookup on +the server. Note that the 'primary' group id is not affected so a +.B newgroup +command on the client will still be effective. This function requires +a Linux Kernel with version at least 2.6.21. .SH TCP_WRAPPERS SUPPORT -This +You can protect your .B rpc.mountd -version is protected by the +listeners using the +.B tcp_wrapper +library or +.BR iptables (8). +.PP +Note that the .B tcp_wrapper -library. You have to give the clients access to -.B rpc.mountd -if they should be allowed to use it. To allow connects from clients of -the .bar.com domain you could use the following line in /etc/hosts.allow: - -mountd: .bar.com - -You have to use the daemon name +library supports only IPv4 networking. +.PP +Add the hostnames of NFS peers that are allowed to access +.B rpc.mountd +to +.IR /etc/hosts.allow . +Use the daemon name .B mountd -for the daemon name (even if the binary has a different name). - -For further information please have a look at the +even if the +.B rpc.mountd +binary has a different name. +.PP +Hostnames used in either access file will be ignored when +they can not be resolved into IP addresses. +For further information see the .BR tcpd (8) and .BR hosts_access (5) -manual pages. - +man pages. +.SS IPv6 and TI-RPC support +TI-RPC is a pre-requisite for supporting NFS on IPv6. +If TI-RPC support is built into +.BR rpc.mountd , +it attempts to start listeners on network transports marked 'visible' in +.IR /etc/netconfig . +As long as at least one network transport listener starts successfully, +.B rpc.mountd +will operate. +.SH FILES +.TP 2.5i +.I /etc/exports +input file for +.BR exportfs , +listing exports, export options, and access control lists +.TP 2.5i +.I /var/lib/nfs/rmtab +table of clients accessing server's exports .SH SEE ALSO -.BR rpc.nfsd (8), .BR exportfs (8), .BR exports (5), -.BR rpc.rquotad (8). -.SH FILES -.BR /etc/exports , -.BR /var/lib/nfs/xtab . +.BR showmount (8), +.BR rpc.nfsd (8), +.BR rpc.rquotad (8), +.BR nfs (5), +.BR tcpd (8), +.BR hosts_access (5), +.BR iptables (8), +.BR netconfig (5) +.sp +RFC 1094 - "NFS: Network File System Protocol Specification" +.br +RFC 1813 - "NFS Version 3 Protocol Specification" .SH AUTHOR Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.