1 .TH NFSD 8 "11 August 1997"
3 nfsd \- NFS service daemon
7 .B "[\ \-f\ exports-file\ ]"
8 .B "[\ \-d\ facility\ ]"
10 .B "[\ \-R\ dirname\ ]"
11 .B "[\ \-Fhlnprstv\ ]"
12 .B "[\ \-\-debug\ facility\ ]"
13 .B "[\ \-\-exports\-file=file\ ]"
14 .B "[\ \-\-foreground\ ]"
16 .B "[\ \-\-allow\-non\-root\ ]"
17 .B "[\ \-\-re\-export\ ]"
18 .B "[\ \-\-public\-root\ dirname\ ]"
19 .\".B "[\ \-\-synchronous\-writes\ ]"
20 .B "[\ \-\-no\-spoof\-trace\ ]"
21 .B "[\ \-\-port\ port\ ]"
22 .B "[\ \-\-log-transfers\ ]"
23 .B "[\ \-\-version\ ]"
29 program is an NFS service daemon that handles client filesystem requests.
30 Unlike on some other systems,
32 operates as a normal user-level process.
33 The server also differs from other NFS server implementations
34 in that it mounts an entire file hierarchy
35 not limited by the boundaries of physical file-systems.
36 The implementation allows the clients read-only or
37 read-write access to the file hierarchy of the server machine.
41 program starts an ancillary user-level mount daemon.
43 .SS Running from inetd
46 will be started at system boot time. However, you may also invoke it from
48 by adding the following two lines to
53 nfs/2 dgram rpc/udp wait root /usr/sbin/rpc.nfsd rpc.nfsd
54 nfs/2 stream rpc/tcp wait root /usr/sbin/rpc.nfsd rpc.nfsd
60 will terminate after a certain period of inactivity.
63 .BR \-f " or " \-\-exports\-file
64 This option specifies the exports file, listing the clients that this server
65 is prepared to serve and parameters to apply to each such mount (see
67 By default exports are read from
70 .BR "\-d facility" " or " "\-\-debug facility"
71 Log operations verbosely. Legal values for
75 for the logging of RPC calls and arguments,
77 for the file handle cache operation,
79 for the authentication routines, and
81 for the uid mapping code, if used. Debug messages will be logged to
83 unless the daemon runs in the foreground.
85 .BR \-F " or " \-\-foreground
86 Unlike in normal operation,
88 will not detach from the terminal when given this option. When debugging
89 is requested, it will be sent to standard error.
91 .BR \-h " or " \-\-help
92 Provide a short help summary.
94 .BR \-l " or " \-\-log-transfers
95 Tries to catch all files retrieved from and written the NFS server. This
96 is mainly for the benefit of anonymous NFS exports and is intended to
99 file supported by some FTP daemons. For each file store or retrieve,
100 a single line is written to the system log daemon containing the
101 client's IP address, and the file name. The log level of these
105 .BR \-n " or " \-\-allow\-non\-root
106 Allow incoming NFS requests to be honored even if they do not
107 originate from reserved IP ports. Some older NFS client implementations
108 require this. Some newer NFS client implementations don't believe
109 in reserved port checking. This check can be turned off for individual hosts
115 .BR "\-P portnum" " or " "\-\-port portnum"
120 instead of the default port 2049. By default,
122 will listen on the nfs/udp port specified in
124 or, if that is undefined, on port 2049.
126 .BR \-p " or " \-\-promiscuous
127 Put the server into promiscuous mode where it will serve any host
130 .BR \-r " or " \-\-re\-export
131 Allow remotely mounted file-systems to be exported. This can be used to
132 turn a machine into a multiplier for NFS or Novell servers. Caution
133 should be used when re-exporting loopback NFS mounts because re-entering
134 the mount point will result in deadlock between the NFS client and the
137 It should be noted that (on Linux)
139 looks at the major device number of the file system to find out whether
140 it is a remote volume; if the major number is not 0, it assumes the file
141 system is local. However, not only remote file systems use major number 0,
142 also procfs does. If you choose to re-export NFS file systems, beware
143 that this potentially includes
145 if you have the file system root exported. This poses a security problem,
146 and you should avoid this situation if possible.
148 .\".BR \-s " or " \-\-synchronous\-writes
149 .\"The NFS protocol specification requires all write operations to the server
150 .\".\"to be complete before the call returns. By default,
152 .\"does not do this. This option turns on synchronous writes.
153 .\"--- why would anyone want to turn this off?
155 .BR \-t " or " \-\-no\-spoof\-trace
158 logs every access by unauthorized clients. This option turns off logging
159 of such spoof attempts for all hosts listed explicitly in the
163 .BR \-R " or " \-\-public\-root
164 Specifies the directory associated with the public file handle. See
165 the section on WebNFS below.
167 .BR \-v " or " \-\-version
168 Report the current version number of the program.
171 This is an experimental feature that lets you run several instances of
173 in parallel. When given a value of
177 will fork as many times as specified by this value.
178 However, the servers do not share a common file handle
179 cache, which makes certain file operations impossible.
183 will disallow all write operations when invoked with this option. Although
184 this is very limiting, this feature may still prove useful for exporting
185 public FTP areas or Usenet News spools.
187 WebNFS is an extension to the normal NFS protocol developed by Sun
188 that is particularly well-suited for file retrieval over the
189 Internet, and is intended to be used (among others) from Web browsers.
191 Central to the concept is the so-called public file handle. This is
192 a special NFS file handle used by the NFS client (i.e. browser) to
193 retrieve a file without having to go through the mount protocol.
194 This file handle must be associated with a directory on the server
195 machine, relative to which it evaluates filenames. This is the
196 .IR "public root directory" ,
197 which can be specified using the
199 option. A Web server, for instance, would probably use the root of its
200 Web server as the public root
201 .BR "" "(e.g. " /home/httpd ).
202 A Web broser requesting the URL
203 .B nfs://foo.bar.edu/zappa.html
204 would then be given the file
205 .BR /home/httpd/zappa.html .
206 For ease of maintenance, the public root directory can also be specified
207 using a special entry in the
213 Naming a public root does
215 automatically export it; you still must explicitly do that in
217 in order to actually make the directory accessible.
218 A useful set of options to export data to WebNFS clients is
219 .BR ro,all_squash,insecure .
222 for a detailed explanation of these flags.
224 Also note that a WebNFS client can also access files not located below the
225 public root directory as long as they are exported to him. In particular,
228 exported to the world in addition to the Web server's home directory,
229 a web client may be able to access FTP files via
230 .BR nfs://foo.bar.edu/../ftp/README .
231 Of course, this does not apply to files that are not exported to the client.
234 recognizes the following signals:
239 to re-read the export file and flush the file handle cache. If a public
240 root was specified, this will also regenerate the file handle associated
241 with the public directory name (useful when exporting a removable
247 was invoked with debugging options, sending this signal toggles
248 generation of debug information.
251 When compiled with with the -DCALL_PROFILING option, sending a SIGIOT to
253 will cause dump the average execution times per NFS operation into
254 .IR /tmp/nfsd.profile .
257 does not support the retrieval of
259 files when asked to look up a directory file name. This is not an RFC
260 requirement, so it's rather a feature absent than a true bug.
264 option is not always accurate since there is no equivalent to the UNIX
266 .BR open() " and " close()
267 calls in the NFS protocol. Instead,
269 writes out a transfer record whenever it encounters a READ or WRITE
270 request at offset zero.
272 exports(5), mountd(8), ugidd(8C)
274 Mark Shand wrote the orignal unfsd.
275 Don Becker extended unfsd to support authentication
276 and allow read-write access and called it hnfs.
277 Rick Sladkey added host matching, showmount -e support,
278 mountd authentication, inetd support, and all of the
279 portability and configuration code.
280 Olaf Kirch fixed one or two security holes and other bugs, added
281 the uid mapping and a couple of other things.