unfsd - NFS server process
The unfsd program implements the MOUNT and NFS version 3 protocols. It
listens for client requests, performs them on the local filesystem of
the server, and then returns the results of the operations to the
At startup, unfsd reads the exports file, /etc/exports by default, to
find out which directories are available to clients and what options
are in effect (see EXPORTS FILE section below for syntax and possible
Normally, unfsd should be run as the root user. It will then switch its
effective user and group id to the numbers listed in incoming NFS
requests. This means filesystem operations will be performed as if done
by a local user with the same ids. If the incoming request is for user
or group id 0 (meaning root), unfsd will switch to the user and group
id of the nobody user before performing filesystem operations (this is
known as root squashing). If the user nobody does not exist on the
system, a user and group id of 65534 will be used. This behavior can
be modified by use of the no_root_squash and all_squash options in the
exports file as well as the anonuid and anongid options on a per-share
If unfsd is running as a normal unprivileged user, no switching of the
effective user and group id will take place. Instead, all filesystem
operations will be performed with the id of the user running unfsd.
Some NFS clients may attempt to perform operations that unfsd cannot
When creating filesystem objects, it is only possible to specify
the initial mode for the object. The initial user and group
ownership, object size, and timestamps cannot be specified and
will be set to default values.
The network lock manager (NLM) protocol is not supported. This
means that clients may have to mount with special mount options,
disabling locking on the mounted NFS volume (nolock for Linux
-h Display a short option summary.
Use the given file as the exports file, instead of using
/etc/exports. Note that the file needs to be specified using an
Use the given file as pid file. When the daemon starts up, it
will write its pid (process id) to the given file. Upon exit,
the daemon will remove the file. Failure to create or remove the
pid file is not considered fatal and only reported to syslog.
-u Use an unprivileged port for NFS and MOUNT service. Normally,
unfsd will use port number 2049, which is the standard port for
NFS. When this option is in effect, arbitrary ports chosen by
the RPC library will be used. You may need to use this option
when running unfsd from a normal user account.
Use the specified port for the NFS service.
Use the specified port for the MOUNT service. The default is to
use port number 2049, the same as for the NFS service. You can
use the same port for both services if you want.
-t TCP only operation. By default, unfsd provides its services to
clients using either UDP or TCP as communications protocol. When
this option is present, only TCP connections are serviced.
-p Do not register with the portmapper. This will prevent other
hosts from finding out the port numbers used for the MOUNT and
NFS services by querying the portmap daemon. Clients will need
to manually specify the port numbers to use (on Linux clients,
use the mountport and port mount options).
-c Enable cluster extensions. This feature is only available when
unfsd was compiled with cluster support. When this option is
enabled, so-called tagged files are handled differently from
normal files, making it possible to serve different file
contents to different clients for the same filename. See
tags(7) for a description of tagged files. This option causes a
Limit the use of cluster extensions to a list of colon-seperated
directories. When this option is present, the performance hit
caused by clustering extensions only applies to the listed
directories and their subdirectories.
-s Single user mode; activate basic uid translation. This option is
useful when the server and client are using different user and
group ids. All requests from the client will be served from the
user id that started unfsd, no user id switching will take place
(even if unfsd was started by root). Ownership is reported as
follows: files belonging to the user id running unfsd will look
as if they are owned by the client’s user. Other files will look
as if they are owned by root. The same principle applies to
-b Enable brute force file searching. Normally, when you rename a
file across several directories on an NFS volume, the filehandle
for that file becomes stale. When this option is enabled, unfsd
will attempt a recursive search on the relevant server
filesystem to find the file referenced by the filehandle. This
can have a huge performance impact as this will also happen for
files that were really deleted (by another NFS client) instead
of moved, and cannot be found.
Bind to interface with specified address. The default is to bind
to all local interfaces.
-d Debug mode. When this option is present, unfsd will not fork
into the background at startup, and all messages that would
normally go to the system log go to stdout instead.
-r Report unreadable executables as readable. This applies both to
returned attributes and ACCESS requests. Please note that READ
requests for unreadable executables are always allowed, if unfsd
is running as root, regardless of this option.
-T Test exports file and exit. When this option is given, unfsd
will try to parse the exports file and exit with status 0 if
this is successful. If there is a syntax error in the exports
file, a message is printed on standard error and unfsd exits
with status 1.
SIGTERM and SIGINT
will cause unfsd to unregister itself from the portmapper and
SIGHUP will cause unfsd to re-read its configuration data. Currently,
this means the program will query the passwd database to find
out the user and group id of user nobody. unfsd will also
attempt to reload the exports file. If the exports file contains
errors, unfsd sends a warning message to the system log and
nothing is exported until the situation is corrected and another
SIGHUP is sent.
will cause unfsd to output statistics about its filehandle and
file descriptor cache to the system log. For the filehandle
cache, it will output the number of filehandles in the cache,
the total number of cache accesses, and the number of hits and
misses. For the file descriptor cache, it will output the number
of currently held open READ and WRITE file descriptors.
The exports file, /etc/exports by default, determines which directories
on the server can be accessed from NFS clients. An example:
# sample NFS exports file
/home trusted(rw,no_root_squash) (ro)
"/with spaces" weirdo
/usr 220.127.116.11(rw) 192.168.2.0/24(ro,all_squash)
/home/foo bar(rw) 10.0.0.0/255.0.0.0(root_squash)
Comments start with a # character and cause the rest of the line to be
ignored. Extremely long exports can be split across multiple lines by
escaping the intermediate newlines with a backslash character.
Each line starts with a directory that is to be exported. If the
directory name contains whitespace, it must be enclosed in double
quotes. To the right of the directory name, a list of client
specifications can be given. If this list is missing, the directory is
exported to everyone, using default options (ro and root_squash).
If the directory name contains symbolic links, they are expanded. This
means that you have to force unfsd to reload the exports file if the
symlinks happen to change.
Clients can be specified using either a hostname, an IP address, or an
IP network. Networks can be given by specifying the number of leading 1
bits in the netmask or by giving the full netmask. If the hostname is
empty, the directory is exported to everyone.
Options can follow a client specification and have to be enclosed in
parenthesis, with the opening paren directly following the client name
or address. If no options are given, ro and root_squash are enabled by
default. The following options are supported by unfsd:
Enable root squashing, mapping all NFS request done with a user
id of 0 to the user id of the nobody user. This option is
enabled by default.
Disable root squashing. When this option is present, NFS
requests done with a user id of 0 will be done as the root user
of the server, effectively disabling all permissions checks.
Squash all users. When this option is present, all NFS requests
will be done as the nobody user of the server.
Don’t squash all users. This option is enabled by default.
rw Allow read and write access on the exported directory. When this
option is present, clients are allowed to modify files and
directories on the server.
ro Allow only read access on the exported directory. When this
option is present, clients are not allowed to modify files and
directories on the server. This option is enabled by default.
Sets the uid and gid for anonymous mounts for this share - by
default the uid for nobody will be used, but using these options
you can change this on a per-share basis.
secure Allow only mount requests coming from a source port below 1024.
Using these ports requires super-user privileges on many
operating systems. This option is enabled by default.
Allow mount requests coming from any source port.
Consider this directory to be on a removable medium. When this
option is present, unfsd will not keep files open across
multiple read or write requests. This allows unmounting of the
underlying filesystem on the server at any time. Also, unfsd
will not require that the exported path exists at startup or
mount time. If the path does not exist, an empty directory will
be presented to the client. This is useful for exporting mount
points handled by autofs.
fixed Consider this directory to be on a fixed medium. This options is
enabled by default and allows unfsd to keep files open between
multiple read or write requests.
To be able to mount this export, the specified password is
required. The password needs be given in the mount request, as
in "mount yourhost:@password:gazonk/tmp /mnt". One time
passwords are also supported. When using passwords, the file
handles will include a hash of the password. This means that if
you change the password, all clients will need to remount this
export. See the file "doc/passwords.txt" in the source for more
If options not present on this list are encountered by unfsd, they are
There are a few possible race conditions with other processes on the
server. They can happen if unfsd is performing an operation on a
filesystem object while another process is simultaneously first (a)
removing the object and then (b) creating a new object of the same
name. If this happens, unfsd will attempt to perform the operation on
the wrong, new object. The time window in which this can happen is
When a client does a CREATE EXCLUSIVE procedure call, unfsd stores the
verifier data in the mtime and atime attributes of the created file.
Malicious processes on the server could manipulate those attributes,
breaking the semantics of the exclusive create operation. A process
attempting to do so would need to be able to see the NFS network
unfsd always uses the "nohide" semantics, which means that clients will
see all file systems mounted below the exported path. However, some NFS
clients do not cope well with this situation as, for instance, it is
then possible for two files in the one apparent filesystem to have the
same inode number. To avoid this, make sure that the client mounts each
exported file system.
Due to the way unfsd operates, it needs execute (lookup) and read
permission on all directories from the root directory all the way up to
exported directories. For example, if /usr/share is exported, unfsd is
going to need permission for /, /usr, and /usr/share. Since root
squashing can be in effect, unfsd may run as the nobody user, which
normally means having to grant execute (lookup) and read permission for
everybody on the server. In the above example, unfsd also needs
permission to access /usr/share/.., which can be different from /usr
for some special setups (for example when using bind mounts under
/etc/exports Default exports file.
05 Jan 2008 unfsd(8)