The
nfsd
program is an NFS service daemon that handles client filesystem requests.
Unlike on some other systems,
nfsd
operates as a normal user-level process.
The server also differs from other NFS server implementations
in that it mounts an entire file hierarchy
not limited by the boundaries of physical file-systems.
The implementation allows the clients read-only or
read-write access to the file hierarchy of the server machine.
The
mountd
program starts an ancillary user-level mount daemon.
Running from inetd
Usually,
nfsd
will be started at system boot time. However, you may also invoke it from
inetd
by adding the following two lines to
/etc/inetd.conf:
When run from
inetd,
will terminate after a certain period of inactivity.
OPTIONS
-f or --exports-file
This option specifies the exports file, listing the clients that this server
is prepared to serve and parameters to apply to each such mount (see
exports(5)).
By default exports are read from
/etc/exports.
-d facility or --debug facility
Log operations verbosely. Legal values for
facility
are currently
call
for the logging of RPC calls and arguments,
fhcache
for the file handle cache operation,
auth
for the authentication routines, and
ugid
for the uid mapping code, if used. Debug messages will be logged to
syslog(8)
unless the daemon runs in the foreground.
-F or --foreground
Unlike in normal operation,
nfsd
will not detach from the terminal when given this option. When debugging
is requested, it will be sent to standard error.
-h or --help
Provide a short help summary.
-l or --log-transfers
Tries to catch all files retrieved from and written the NFS server. This
is mainly for the benefit of anonymous NFS exports and is intended to
mimick the
xferlog
file supported by some FTP daemons. For each file store or retrieve,
a single line is written to the system log daemon containing the
client's IP address, and the file name. The log level of these
transfer records is
daemon.info.
-n or --allow-non-root
Allow incoming NFS requests to be honored even if they do not
originate from reserved IP ports. Some older NFS client implementations
require this. Some newer NFS client implementations don't believe
in reserved port checking. This check can be turned off for individual hosts
by specifying the
insecure
export option in
/etc/exports.
-P portnum or --port portnum
Makes
nfsd
listen on port
portnum
instead of the default port 2049. By default,
nfsd
will listen on the nfs/udp port specified in
/etc/services,
or, if that is undefined, on port 2049.
-p or --promiscuous
Put the server into promiscuous mode where it will serve any host
on the network.
-r or --re-export
Allow remotely mounted file-systems to be exported. This can be used to
turn a machine into a multiplier for NFS or Novell servers. Caution
should be used when re-exporting loopback NFS mounts because re-entering
the mount point will result in deadlock between the NFS client and the
NFS server.
It should be noted that (on Linux)
nfsd
looks at the major device number of the file system to find out whether
it is a remote volume; if the major number is not 0, it assumes the file
system is local. However, not only remote file systems use major number 0,
also procfs does. If you choose to re-export NFS file systems, beware
that this potentially includes
/proc
if you have the file system root exported. This poses a security problem,
and you should avoid this situation if possible.
-t or --no-spoof-trace
By default,
nfsd
logs every access by unauthorized clients. This option turns off logging
of such spoof attempts for all hosts listed explicitly in the
exports
file.
-R or --public-root
Specifies the directory associated with the public file handle. See
the section on WebNFS below.
-v or --version
Report the current version number of the program.
numcopies
This is an experimental feature that lets you run several instances of
nfsd
in parallel. When given a value of
numcopies
greater than one,
nfsd
will fork as many times as specified by this value.
However, the servers do not share a common file handle
cache, which makes certain file operations impossible.
For this reason,
nfsd
will disallow all write operations when invoked with this option. Although
this is very limiting, this feature may still prove useful for exporting
public FTP areas or Usenet News spools.
WebNFS Support
WebNFS is an extension to the normal NFS protocol developed by Sun
that is particularly well-suited for file retrieval over the
Internet, and is intended to be used (among others) from Web browsers.
Central to the concept is the so-called public file handle. This is
a special NFS file handle used by the NFS client (i.e. browser) to
retrieve a file without having to go through the mount protocol.
This file handle must be associated with a directory on the server
machine, relative to which it evaluates filenames. This is the
public root directory,
which can be specified using the
--public-root
option. A Web server, for instance, would probably use the root of its
Web server as the public root
(e.g. /home/httpd).
A Web broser requesting the URL
nfs://foo.bar.edu/zappa.html
would then be given the file
/home/httpd/zappa.html.
For ease of maintenance, the public root directory can also be specified
using a special entry in the
exports
file (see
exports(5)
for details).
Naming a public root does
not
automatically export it; you still must explicitly do that in
/etc/exports
in order to actually make the directory accessible.
A useful set of options to export data to WebNFS clients is
ro,all_squash,insecure.
Please refer to
exports(5)
for a detailed explanation of these flags.
Also note that a WebNFS client can also access files not located below the
public root directory as long as they are exported to him. In particular,
if you have
/home/ftp
exported to the world in addition to the Web server's home directory,
a web client may be able to access FTP files via
nfs://foo.bar.edu/../ftp/README.
Of course, this does not apply to files that are not exported to the client.
SIGNALS
nfsd
recognizes the following signals:
SIGHUP
causes
nfsd
to re-read the export file and flush the file handle cache. If a public
root was specified, this will also regenerate the file handle associated
with the public directory name (useful when exporting a removable
file system).
SIGUSR1
When
nfsd
was invoked with debugging options, sending this signal toggles
generation of debug information.
SIGIOT
When compiled with with the -DCALL_PROFILING option, sending a SIGIOT to
nfsd
will cause dump the average execution times per NFS operation into
/tmp/nfsd.profile.
BUGS
nfsd
does not support the retrieval of
index.html
files when asked to look up a directory file name. This is not an RFC
requirement, so it's rather a feature absent than a true bug.
The
--log-transfers
option is not always accurate since there is no equivalent to the UNIX
file system
open() and close()
calls in the NFS protocol. Instead,
nfsd
writes out a transfer record whenever it encounters a READ or WRITE
request at offset zero.
Mark Shand wrote the orignal unfsd.
Don Becker extended unfsd to support authentication
and allow read-write access and called it hnfs.
Rick Sladkey added host matching, showmount -e support,
mountd authentication, inetd support, and all of the
portability and configuration code.
Olaf Kirch fixed one or two security holes and other bugs, added
the uid mapping and a couple of other things.
