Chapter 9. Network File System (NFS)
9.1. How It Works
rpc.statd, since they have been rolled into the kernel. NFSv4 listens on the well known TCP port 2049.
/etc/hosts.denyfiles to determine if a particular client or network is permitted or denied access to the NFS service. For more information on configuring access controls with TCP wrappers, refer to Chapter 17, TCP Wrappers and
/etc/exports, to determine whether the client is allowed to access any of the exported file systems. Once access is granted, all file and directory operations are available to the user.
rpc.nfsdprocess now allow binding to any specified port during system start up. However, this can be error prone if the port is unavailable or conflicts with another daemon.
9.1.1. Required Services
portmapservice. To share or mount NFS file systems, the following services work together, depending on which version of NFS is implemented:
nfs— Starts the appropriate RPC processes to service requests for shared NFS file systems.
nfslock— An optional service that starts the appropriate RPC processes to allow NFS clients to lock files on the server.
portmap— The RPC service for Linux; it responds to requests for RPC services and sets up connections to the requested RPC service. This is not used with NFSv4.
rpc.mountd— This process receives mount requests from NFS clients and verifies the requested file system is currently exported. This process is started automatically by the
nfsservice and does not require user configuration. This is not used with NFSv4.
rpc.nfsd— This process is the NFS server. It works with the Linux kernel to meet the dynamic demands of NFS clients, such as providing server threads each time an NFS client connects. This process corresponds to the
rpc.lockd— An optional process that allows NFS clients to lock files on the server. This process corresponds to the
nfslockservice. This is not used with NFSv4.
rpc.statd— This process implements the Network Status Monitor (NSM) RPC protocol which notifies NFS clients when an NFS server is restarted without being gracefully brought down. This process is started automatically by the
nfslockservice and does not require user configuration. This is not used with NFSv4.
rpc.rquotad— This process provides user quota information for remote users. This process is started automatically by the
nfsservice and does not require user configuration.
rpc.idmapd— This process provides NFSv4 client and server upcalls which map between on-the-wire NFSv4 names (which are strings in the form of user@domain) and local UIDs and GIDs. For
idmapdto function with NFSv4, the
/etc/idmapd.confmust be configured. This service is required for use with NFSv4.
rpc.svcgssd— This process is used by the NFS server to perform user authentication and is started only when
SECURE_NFS=yesis set in the
rpc.gssd— This process is used by the NFS server to perform user authentication and is started only when
SECURE_NFS=yesis set in the
9.1.2. NFS and
portmapservice for backward compatibility.
portmapservice under Linux maps RPC requests to the correct services. RPC processes notify
portmapwhen they start, revealing the port number they are monitoring and the RPC program numbers they expect to serve. The client system then contacts
portmapon the server with a particular RPC program number. The
portmapservice redirects the client to the proper port number so it can communicate with the requested service.
portmapto make all connections with incoming client requests,
portmapmust be available before any of these services start.
portmapservice uses TCP wrappers for access control, and access control rules for
portmapaffect all RPC-based services. Alternatively, it is possible to specify access control rules for each of the NFS RPC daemons. The man pages for
rpc.statdcontain information regarding the precise syntax for these rules.
188.8.131.52. Troubleshooting NFS and
portmapprovides coordination between RPC services and the port numbers used to communicate with them, it is useful to view the status of current RPC services using
portmapwhen troubleshooting. The
rpcinfocommand shows each RPC-based service with port numbers, an RPC program number, a version number, and an IP protocol type (TCP or UDP).
portmap, issue the following command as root:
program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 32774 nlockmgr 100021 3 udp 32774 nlockmgr 100021 4 udp 32774 nlockmgr 100021 1 tcp 34437 nlockmgr 100021 3 tcp 34437 nlockmgr 100021 4 tcp 34437 nlockmgr 100011 1 udp 819 rquotad 100011 2 udp 819 rquotad 100011 1 tcp 822 rquotad 100011 2 tcp 822 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100005 1 udp 836 mountd 100005 1 tcp 839 mountd 100005 2 udp 836 mountd 100005 2 tcp 839 mountd 100005 3 udp 836 mountd 100005 3 tcp 839 mountd
portmapis unable to map RPC requests from clients for that service to the correct port. In many cases, if NFS is not present in
rpcinfooutput, restarting NFS causes the service to correctly register with
portmapand begin working. For instructions on starting NFS, refer to Section 9.2, “Starting and Stopping NFS”.
rpcinfocommand. Refer to the
rpcinfoman page for more information.