- A host may act as both NFS client and server.
- A server makes one or more filesystems available for remote mounting.
- A client mounts one or more remote filesystems.
When an NFS client mounts an NFS filesystem, it contacts the following server daemons, most of which must run standalone (as opposed to being started from 'inetd' or 'xinetd').
|portmap||RPC service directory, sometimes named portmapper or rpc.bind|
|rpc.mountd||Checks mount requests and hands out access handles, sometimes called mounted|
|rpc.nfsd||Handles file serving, sometimes called nfsd|
Three optional helper programs are also available:
|rpc.lockd||Provide global locking|
|rpc.statd||Accelerate the lstat family of syscalls (used by ls -l, etc.)|
|rpc.quotad||Provide support for quotas|
- TCP, UDP server port usage
Ports 1-1023 are reserved for use by processes running as root. This ensures that root is the user that has initiated/enabled/configured a remote NFS mount.
The NFS server normally requires remote clients to use secure ports when mounting NFS. This is not honoured by some OSes, e.g. windows.
The insecure mount option allows the NFS client to use any TCP/UDP port - usually required when serving Windows clients.
NFS can be configured to use specific ports. Which files are used to achieve this are distribution specific:
/etc/sysconfig/nfsServer - Fedora/Red Hat /etc/default/nfs-common - Debian/Ubuntu Client /etc/default/nfs-server - Debian/Ubuntu Server
Three main NFS server configuration files:
|/etc/exports||What to export/share and who is allowed and how to access|
|/etc/hosts.allow||nfs uses tcp wrappers - who can access the service|
|/etc/hosts.deny||nfs uses tcp wrappers - who cannot access the service|
Neither 'nfsd' nor 'portmap' normally require any configuration beyond '/etc/hosts.allow'.