rpc.mountd(8)                System Manager's Manual               rpc.mountd(8)

       rpc.mountd - NFS mount daemon

       /usr/sbin/rpc.mountd [options]

       The rpc.mountd daemon implements the server side of the NFS MOUNT
       protocol, an NFS side protocol used by NFS version 2 [RFC1094] and NFS
       version 3 [RFC1813].  It also responds to requests from the Linux kernel
       to authenticate clients and provides details of access permissions.

       The NFS server (nfsd) maintains a cache of authentication and
       authorization information which is used to identify the source of each
       request, and then what access permissions that source has to any local
       filesystem.  When required information is not found in the cache, the
       server sends a request to mountd to fill in the missing information.
       Mountd uses a table of information stored in /var/lib/nfs/etab and
       maintained by exportfs(8), possibly based on the contents of exports(5),
       to respond to each request.

   Mounting exported NFS File Systems
       The NFS MOUNT protocol has several procedures.  The most important of
       these are MNT (mount an export) and UMNT (unmount an export).

       A MNT request has two arguments: an explicit argument that contains the
       pathname of the root directory of the export to be mounted, and an
       implicit argument that is the sender's IP address.

       When receiving a MNT request from an NFS client, rpc.mountd checks both
       the pathname and the sender's IP address against its export table.  If
       the sender is permitted to access the requested export, rpc.mountd
       returns an NFS file handle for the export's root directory to the client.
       The client can then use the root file handle and NFS LOOKUP requests to
       navigate the directory structure of the export.

   The rmtab File
       The rpc.mountd daemon registers every successful MNT request by adding an
       entry to the /var/lib/nfs/rmtab file.  When receivng a UMNT request from
       an NFS client, rpc.mountd simply removes the matching entry from
       /var/lib/nfs/rmtab, as long as the access control list for that export
       allows that sender to access the export.

       Clients can discover the list of file systems an NFS server is currently
       exporting, or the list of other clients that have mounted its exports, by
       using the showmount(8) command.  showmount(8) uses other procedures in
       the NFS MOUNT protocol to report information about the server's exported
       file systems.

       Note, however, that there is little to guarantee that the contents of
       /var/lib/nfs/rmtab are accurate.  A client may continue accessing an
       export even after invoking UMNT.  If the client reboots without sending a
       UMNT request, stale entries remain for that client in /var/lib/nfs/rmtab.

   Mounting File Systems with NFSv4
       Version 4 (and later) of NFS does not use a separate NFS MOUNT protocol.
       Instead mounting is performed using regular NFS requests handled by the
       NFS server in the Linux kernel (nfsd).  Consequently /var/lib/nfs/rmtab
       is not updated to reflect any NFSv4 activity.

       -d kind  or  --debug kind
              Turn on debugging. Valid kinds are: all, auth, call, general and

       -l or --log-auth
              Enable logging of responses to authentication and access requests
              from nfsd.  Each response is then cached by the kernel for 30
              minutes (or as set by --ttl below), and will be refreshed after 15
              minutes (half the ttl time) if the relevant client remains active.
              Note that -l is equivalent to -d auth and so can be enabled in
              /etc/nfs.conf with "debug = auth" in the [mountd] section.

              rpc.mountd will always log authentication responses to MOUNT
              requests when NFSv3 is used, but to get similar logs for NFSv4,
              this option is required.

       -i or --cache-use-ipaddr
              Normally each client IP address is matched against each host
              identifier (name, wildcard, netgroup etc) found in /etc/exports
              and a combined identity is formed from all matching identifiers.
              Often many clients will map to the same combined identity so
              performing this mapping reduces the number of distinct access
              details that the kernel needs to store.  Specifying the -i option
              suppresses this mapping so that access to each filesystem is
              requested and cached separately for each client IP address.  Doing
              this can increase the burden of updating the cache slightly, but
              can make the log messages produced by the -l option easier to

       -T  or  --ttl
              Provide a time-to-live (TTL) for cached information given to the
              kernel.  The kernel will normally request an update if the
              information is needed after half of this time has expired.
              Increasing the provided number, which is in seconds, reduces the
              rate of cache update requests, and this is particularly noticeable
              when these requests are logged with -l.  However increasing also
              means that changes to hostname to address mappings can take longer
              to be noticed.  The default TTL is 1800 (30 minutes).

       -F  or  --foreground
              Run in foreground (do not daemonize)

       -h  or  --help
              Display usage message.

       -o num  or  --descriptors num
              Set the limit of the number of open file descriptors to num. The
              default is to leave the limit unchanged.

       -N mountd-version  or  --no-nfs-version mountd-version
              This option can be used to request that rpc.mountd do not offer
              certain versions of NFS. The current version of rpc.mountd can
              support both NFS version 2, 3 and 4. If the either one of these
              version should not be offered, rpc.mountd must be invoked with the
              option --no-nfs-version <vers> .

       -n  or  --no-tcp
              Don't advertise TCP for mount.

       -p num  or  -P num  or  --port num
              Specifies the port number used for RPC listener sockets.  If this
              option is not specified, rpc.mountd will try to consult
              /etc/services, if gets port succeed, set the same port for all
              listener socket, otherwise chooses a random ephemeral port for
              each listener socket.

              This option can be used to fix the port value of rpc.mountd's
              listeners when NFS MOUNT requests must traverse a firewall between
              clients and servers.

       -H  prog or  --ha-callout prog
              Specify a high availability callout program.  This program
              receives callouts for all MOUNT and UNMOUNT requests.  This allows
              rpc.mountd to be used in a High Availability NFS (HA-NFS)

              The callout program is run with 4 arguments.  The first is mount
              or unmount depending on the reason for the callout.  The second
              will be the name of the client performing the mount.  The third
              will be the path that the client is mounting.  The last is the
              number of concurrent mounts that we believe the client has of that

              This callout is not needed with 2.6 and later kernels.  Instead,
              mount the nfsd filesystem on /proc/fs/nfsd.

       -s, --state-directory-path directory
              Specify a directory in which to place state information (etab and
              rmtab).  If this option is not specified the default of
              /var/lib/nfs is used.

       -r, --reverse-lookup
              rpc.mountd tracks IP addresses in the rmtab file.  When a DUMP
              request is made (by someone running showmount -a, for instance),
              it returns IP addresses instead of hostnames by default. This
              option causes rpc.mountd to perform a reverse lookup on each IP
              address and return that hostname instead.  Enabling this can have
              a substantial negative effect on performance in some situations.

       -t N or --num-threads=N or --num-threads N
              This option specifies the number of worker threads that rpc.mountd
              spawns.  The default is 1 thread, which is probably enough.  More
              threads are usually only needed for NFS servers which need to
              handle mount storms of hundreds of NFS mounts in a few seconds, or
              when your DNS server is slow or unreliable.

       -u  or  --no-udp
              Don't advertise UDP for mounting

       -V version  or  --nfs-version version
              This option can be used to request that rpc.mountd offer certain
              versions of NFS. The current version of rpc.mountd can support
              both NFS version 2 and the newer version 3.

       -v  or  --version
              Print the version of rpc.mountd and exit.

       -g  or  --manage-gids
              Accept requests from the kernel to map user id numbers into  lists
              of group id numbers for use in access control.  An NFS request
              will normally (except when using Kerberos or other cryptographic
              authentication) contains a user-id and a list of group-ids.  Due
              to a limitation in the NFS protocol, at most 16 groups ids can be
              listed.  If you use the -g flag, then the list of group ids
              received from the client will be replaced by a list of group ids
              determined by an appropriate lookup on the server. Note that the
              'primary' group id is not affected so a newgroup command on the
              client will still be effective.  This function requires a Linux
              Kernel with version at least 2.6.21.

       Many of the options that can be set on the command line can also be
       controlled through values set in the [mountd] or, in some cases, the
       [nfsd] sections of the /etc/nfs.conf configuration file.  Values
       recognized in the [mountd] section include manage-gids, cache-use-ipaddr,
       descriptors, port, threads, ttl, reverse-lookup, and state-directory-
       path, ha-callout which each have the same effect as the option with the
       same name.

       The values recognized in the [nfsd] section include TCP, UDP, vers2,
       vers3, and vers4 which each have same same meaning as given by

       You can protect your rpc.mountd listeners using the tcp_wrapper library
       or iptables(8).

       Note that the tcp_wrapper library supports only IPv4 networking.

       Add the hostnames of NFS peers that are allowed to access rpc.mountd to
       /etc/hosts.allow.  Use the daemon name mountd even if the rpc.mountd
       binary has a different name.

       Hostnames used in either access file will be ignored when they can not be
       resolved into IP addresses.  For further information see the tcpd(8) and
       hosts_access(5) man pages.

   IPv6 and TI-RPC support
       TI-RPC is a pre-requisite for supporting NFS on IPv6.  If TI-RPC support
       is built into rpc.mountd, it attempts to start listeners on network
       transports marked 'visible' in /etc/netconfig.  As long as at least one
       network transport listener starts successfully, rpc.mountd will operate.

       /etc/exports             input file for exportfs, listing exports, export
                                options, and access control lists

       /var/lib/nfs/rmtab       table of clients accessing server's exports

       exportfs(8), exports(5), showmount(8), rpc.nfsd(8), rpc.rquotad(8),
       nfs(5), nfs.conf(5), tcpd(8), hosts_access(5), iptables(8), netconfig(5)

       RFC 1094 - "NFS: Network File System Protocol Specification"
       RFC 1813 - "NFS Version 3 Protocol Specification"
       RFC 7530 - "Network File System (NFS) Version 4 Protocol"
       RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1 Protocol"

       Olaf Kirch, H. J. Lu, G. Allan Morris III, and a host of others.

                                   31 Dec 2009                     rpc.mountd(8)