|System Manager's Manual
nfsv4.exportd - NFSv4 Server Mount Daemon
The nfsv4.exportd is used to manage NFSv4 exports. The NFS server (nfsd) maintains a cache of authentication and authorization information which is used to identify the source of each request, and then what access permissions that source has to any local filesystem. When required information is not found in the cache, the server sends a request to nfsv4.exportd to fill in the missing information. nfsv4.exportd uses a table of information stored in /var/lib/nfs/etab and maintained by exportfs(8), possibly based on the contents of exports(5), to respond to each request.
- -d kind or --debug kind
- Turn on debugging. Valid kinds are: all, auth, call, general and parse.
- -l or --log-auth
- Enable logging of responses to authentication and access requests from nfsd. Each response is then cached by the kernel for 30 minutes (or as set by --ttl below), and will be refreshed after 15 minutes (half the ttl time) if the relevant client remains active. Note that -l is equivalent to -d auth and so can be enabled in /etc/nfs.conf with "debug = auth" in the [exportd] section.
- -i or --cache-use-ipaddr
- Normally each client IP address is matched against each host identifier (name, wildcard, netgroup etc) found in /etc/exports and a combined identity is formed from all matching identifiers. Often many clients will map to the same combined identity so performing this mapping reduces the number of distinct access details that the kernel needs to store. Specifying the -i option suppresses this mapping so that access to each filesystem is requested and cached separately for each client IP address. Doing this can increase the burden of updating the cache slightly, but can make the log messages produced by the -l option easier to read.
- -T or --ttl
- Provide a time-to-live (TTL) for cached information given to the kernel. The kernel will normally request an update if the information is needed after half of this time has expired. Increasing the provided number, which is in seconds, reduces the rate of cache update requests, and this is particularly noticeable when these requests are logged with -l. However increasing also means that changes to hostname to address mappings can take longer to be noticed. The default TTL is 1800 (30 minutes).
- -F or --foreground
- Run in foreground (do not daemonize)
- -h or --help
- Display usage message.
- -t N or --num-threads=N or --num-threads N
- This option specifies the number of worker threads that nfsv4.exports spawns. The default is 1 thread, which is probably enough. More threads are usually only needed for NFS servers which need to handle mount storms of hundreds of NFS mounts in a few seconds, or when your DNS server is slow or unreliable.
- -g or --manage-gids
- Accept requests from the kernel to map user id numbers into lists of group id numbers for use in access control. An NFS request will normally (except when using Kerberos or other cryptographic authentication) contain a user-id and a list of group-ids. Due to a limitation in the NFS protocol, at most 16 groups ids can be listed. If you use the -g flag, then the list of group ids received from the client will be replaced by a list of group ids determined by an appropriate lookup on the server. Note that the 'primary' group id is not affected so a newgroup command on the client will still be effective. This function requires a Linux Kernel with version at least 2.6.21.
Many of the options that can be set on the command line can also be controlled through values set in the [exportd] or, in some cases, the [nfsd] sections of the /etc/nfs.conf configuration file. Values recognized in the [exportd] section include cache-use-ipaddr , ttl, manage-gids, and debug which each have the same effect as the option with the same name.
- input file for exportfs, listing exports, export options, and access control lists
RFC 7530 - "Network File System (NFS) Version 4
RFC 8881 - "Network File System (NFS) Version 4 Minor Version 1 Protocol"
|02 Feb 2021