









	     The LINUX User-Space NFS Server(1)

			Version 2.2



		     November 15, 1996









































____________________

1. This	 is a rewrite of the original README file (which you
   can now find in README.HISTORIC).







			    - 1 -



1.  Overview

This package contains all necessary programs  to  make	your
Linux  machine	act  as	 an  NFS server, being an NFS daemon
(rpc.nfsd), a mount daemon (rpc.mountd), optionally, the uid
mapping	 daemon	 (rpc.ugidd), and the showmount utility.  It
was originally developed by Mark Shand, and further enhanced
by  Donald  Becker,  Rick Sladkey, Orest Zborowski, Fred van
Kempen, and Olaf Kirch.

Unlike other NFS daemons, the Linux nfsd  runs	entirely  in
user  space.   This  makes  it	a  tad slower than other NFS
implementations, and also makes it hard to support a  couple
of  UNIX file system features supported by other nfsd imple-
mentations, especially several concurrent server  processes.


2.  Building and installing unfsd

To  compile  and  install  the programs in this package, you
first have to run the BUILD script. It will ask you a couple
of questions about your preferred configuration. It tries to
be helpful by informing you about why it  asking  you  which
question, but a brief overview may be useful nevertheless:

uid/gid mapping: Occasionally,	you  will  want to serve NFS
     clients whose assignment of uids and gids to user names
     differs  from  that  on  the  client. The unfsd package
     offers you a mechanism to dynamically map the  client's
     uid  space	 to that of the server, and vice versa. This
     is achieved by running  the  rpc.ugidd  daemon  on	 the
     client  machine,  and instructing the server machine to
     use it to map the client's credentials presented to the
     server in an NFS call, and remap file owner information
     in all NFS replies.

     While this is convenient, it also presents	 a  security
     problem because rpc.ugidd can be abused by attackers to
     obtain a list  of	valid  user  names  for	 the  client
     machine.  This  can  be helped somewhat by making ugidd
     check  the	  requester's	IP   address   against	 the
     hosts.allow  and hosts.deny files also used by the tcpd
     wrapper program.

     Therefore, the BUILD script asks you about whether	 you
     want  to  use  ugidd at all, and if you do, whether you
     wish to protect it using the host access control files.
     Note that you still have to configure access control as
     described below.

     If you do enable host access  checking  for  rpc.ugidd,
     the  BUILD script will try to locate libwrap.a which is
     needed for this. This library is part  of	Wietse	Ven-
     ema's  TCP	 wrapper  package.  BUILD  looks  in several








			    - 2 -



     standard locations such as /usr/lib.  If  it  does	 not
     find  the	library	 (e.g.	because you keep it in weird
     places like /usr/i486-linux/lib), it will ask  you	 for
     its full path name.

     If	 you  disable  ugidd support, the daemon will not be
     compiled, and the manpage will not be installed.

file access control: For security reasons, mountd  and	nfsd
     make  sure	 that  vital  files such as /etc/exports are
     owned by the  correct  user  and  have  an	 appropriate
     access  mode.  BUILD  will ask you which user and group
     should  own  exports.   By	 default,   this   will	  be
     root/root.

mount request logging: If you enable this option, rpc.mountd
     will log all attempts to mount a directory via NFS from
     your server machine. This is very helpful in monitoring
     NFS server usage, and for catching attempts at attcking
     your machine via NFS.

     When  enabled,  mountd  will  log	all successful mount
     attempts to syslog's daemon facility at  level  notice.
     Failed mount attempts are logged at level warning.

After completing these questions, BUILD will run a configure
script to detect certain system capabilities. This will take
a  while on your first attempt. Repeated invocations of con-
figure will run a lot faster  because  the  results  of	 the
tests  are  cached.  If	 you  want to start out with a fresh
build on a different release of Linux, you should make	sure
to  get	 rid  of  these cached values by running `make dist-
clean' first.

You can then compile  and  install  nfsd  by  typing  `make'
and/or	(as root) `make install.' This will also install the
manual pages.


3.  Configuring nfsd

To turn your Linux box into an NFS server, you have to start
the  following programs from /etc/rc.d/rc.inet2 (or wherever
your favorite  Linux  distribution  starts  network  daemons
from):

   * rpc.portmap

   * rpc.mountd

   * rpc.nfsd

   * rpc.ugidd (optional)









			    - 3 -



   * rpc.pcnfsd (optional, not contained in this package)

To  make  directories  available to NFS clients, you have to
enter them in your exports file along with the hosts allowed
to  mount  them.   The list of options and a sample file are
given in the exports(5) manual page (and the whole topic  is
covered	 quite	extensively in the Linux Network Administra-
tor's Guide anyway), so I will not  discuss  this  here.  If
somebody  feels	 like  filling	in  the	 missing parts here,
please send me the diffs.


4.  Configuring rpc.ugidd access control

To protect rpc.ugidd from unauthorized access, you just have
to  add	 lines	to  /etc/hosts.allow  and/or /etc/hosts.deny
detailing which NFS servers that are allowed to	 access	 it.
If  your  NFS  server  has the IP address 193.175.30.33, you
would add the following to hosts.allow:

     # Allow ugidd access only to NFS server
     ugidd: 193.175.30.33


5.  Common Problems (a.k.a. Dependencies)

   * Root squashing is enabled by default, which means	that
     requests  from  the  root	user  are treated as if they
     originated from the nobody user. If you  want  root  on
     the  NFS  client  to  be able to access files with full
     prvilege, you have to add no_root_squash to the  option
     list in /etc/exports.

   * The  most	specific  entry	 applies.  This means if you
     export both /usr and /usr/local to a  client,  and	 the
     client  mounts  /usr  from	 the server, the options for
     /usr/local will still apply when the client accesses

   * Wildcards in client names only do not match dots.	This
     means that the entry *.foo.com only matches hosts named
     joe.foo.com etc, but  not	joe.sales.foo.com.  You	 may
     call  this a bug (and I may replace the current pattern
     matching code with wildmat if there is enough  demand).

   * Changes  to  the  exports file do not take effect until
     both nfsd and mountd have re-read the file. You  either
     have  to  kill  both  daemons and restart them, or send
     them a HUP signal:

     # killall -HUP rpc.mountd rpc.nfsd

   * NFS operation between two	Linux  boxes  can  be  quite
     slow.  There are a number of reasons for this, only one
     of which is that unfsd runs  in  user  space.   Another








			    - 4 -



     (and  much	 worse) problem is that the Linux NFS client
     code currently does no proper caching,  read-ahead	 and
     write-behind  of  NFS data.  This problem can be helped
     by increasing the RPC transfer size on  the  client  by
     adding  the `rsize=8192,wsize=8192' mount options. This
     will at least improve throughput when reading or  writ-
     ing large files. You are still in a lose-lose situation
     when applications write data line by line	or  with  no
     output buffering at all.


6.  Copyright

Much  of  the code in this package was originally written by
Mark Shand, and is placed under the following copyright:

   This software may be used for any purpose  provided
   the	above copyright notice is retained. It is sup-
   plied  as  is,  with	 no  warranties	 expressed  or
   implied.

Other code, especially that written by Rick Sladkey and some
replacement routines included from the GNU libc, are covered
by  the	 GNU  General Public License, version 2, or (at your
option) any later version.


7.  Bug Reports

If you think you have encountered a bug in nfsd	 or  any  of
the  other  programs  in  this	package,  please  follow the
instructions in the file BUGS.



























