nfs: fstab format and options for the - Linux Manuals (5) (2024)

nfs: fstab format and options for the

Command to display nfs manual in Linux: $ man 5 nfs

NAME

nfs - fstab format and options for thenfsfile systems

SYNOPSIS

/etc/fstab

DESCRIPTION

NFS is an Internet Standard protocolcreated by Sun Microsystems in 1984. NFS was developedto allow file sharing between systems residingon a local area network.The Linux NFS client supports three versionsof the NFS protocol:NFS version 2 [RFC1094],NFS version 3 [RFC1813],and NFS version 4 [RFC3530].

Themount(8)command attaches a file system to the system'sname space hierarchy at a given mount point.The/etc/fstabfile describes howmount(8)should assemble a system's file name hierarchyfrom various independent file systems(including file systems exported by NFS servers).Each line in the/etc/fstabfile describes a single file system, its mount point,and a set of default mount options for that mount point.

For NFS file system mounts, a line in the/etc/fstabfile specifies the server name,the path name of the exported server directory to mount,the local directory that is the mount point,the type of file system that is being mounted,and a list of mount options that controlthe way the filesystem is mounted andhow the NFS client behaves when accessingfiles on this mount point.The fifth and sixth fields on each line are not usedby NFS, thus conventionally each contain the digit zero. For example:

 server:path /mountpoint fstype option,option,... 0 0

The server's hostname and export pathnameare separated by a colon, whilethe mount options are separated by commas. The remaining fieldsare separated by blanks or tabs.

The server's hostname can be an unqualified hostname,a fully qualified domain name,a dotted quad IPv4 address, oran IPv6 address enclosed in square brackets.Link-local and site-local IPv6 addresses must be accompanied by aninterface identifier.Seeipv6(7)for details on specifying raw IPv6 addresses.

Thefstypefield contains "nfs". Use of the "nfs4" fstype in/etc/fstabis deprecated.

MOUNT OPTIONS

Refer tomount(8)for a description of generic mount optionsavailable for all file systems. If you do not need tospecify any mount options, use the generic optiondefaultsin/etc/fstab.

Options supported by all versions

These options are valid to use with any NFS version.

nfsvers=n

The NFS protocol version number used to contact the server's NFS service.If the server does not support the requested version, the mount request fails.If this option is not specified, the client negotiates a suitable version withthe server, trying version 4 first, version 3 second, and version 2 last.

vers=n

This option is an alternative to thenfsversoption.It is included for compatibility with other operating systems

soft / hard

Determines the recovery behavior of the NFS clientafter an NFS request times out.If neither option is specified (or if thehardoption is specified), NFS requests are retried indefinitely.If thesoftoption is specified, then the NFS client fails an NFS requestafterretransretransmissions have been sent,causing the NFS client to return an errorto the calling application.

NB:A so-called "soft" timeout can causesilent data corruption in certain cases. As such, use thesoftoption only when client responsivenessis more important than data integrity.Using NFS over TCP or increasing the value of theretransoption may mitigate some of the risks of using thesoftoption.

intr / nointr

This option is provided for backward compatibility.It is ignored after kernel 2.6.25.

timeo=n

The time in deciseconds (tenths of a second) the NFS client waits for aresponse before it retries an NFS request.

For NFS over TCP the defaulttimeovalue is 600 (60 seconds).The NFS client performs linear backoff: After each retransmission the timeout is increased bytimeoup to the maximum of 600 seconds.

However, for NFS over UDP, the client uses an adaptivealgorithm to estimate an appropriate timeout value for frequently usedrequest types (such as READ and WRITE requests), but uses thetimeosetting for infrequently used request types (such as FSINFO requests).If thetimeooption is not specified,infrequently used request types are retried after 1.1 seconds.After each retransmission, the NFS client doubles the timeout forthat request,up to a maximum timeout length of 60 seconds.

retrans=n

The number of times the NFS client retries a request beforeit attempts further recovery action. If theretransoption is not specified, the NFS client tries each requestthree times.

The NFS client generates a "server not responding" messageafterretransretries, then attempts further recovery (depending on whether thehardmount option is in effect).

rsize=n

The maximum number of bytes in each network READ requestthat the NFS client can receive when reading data from a fileon an NFS server.The actual data payload size of each NFS READ request is equal toor smaller than thersizesetting. The largest read payload supported by the Linux NFS clientis 1,048,576 bytes (one megabyte).

Thersizevalue is a positive integral multiple of 1024.Specifiedrsizevalues lower than 1024 are replaced with 4096; values larger than1048576 are replaced with 1048576. If a specified value is within the supportedrange but not a multiple of 1024, it is rounded down to the nearestmultiple of 1024.

If anrsizevalue is not specified, or if the specifiedrsizevalue is larger than the maximum that either client or server can support,the client and server negotiate the largestrsizevalue that they can both support.

Thersizemount option as specified on themount(8)command line appears in the/etc/mtabfile. However, the effectiversizevalue negotiated by the client and server is reported in the/proc/mountsfile.

wsize=n

The maximum number of bytes per network WRITE requestthat the NFS client can send when writing data to a fileon an NFS server. The actual data payload size of eachNFS WRITE request is equal toor smaller than thewsizesetting. The largest write payload supported by the Linux NFS clientis 1,048,576 bytes (one megabyte).

Similar torsize, thewsizevalue is a positive integral multiple of 1024.Specifiedwsizevalues lower than 1024 are replaced with 4096; values larger than1048576 are replaced with 1048576. If a specified value is within the supportedrange but not a multiple of 1024, it is rounded down to the nearestmultiple of 1024.

If awsizevalue is not specified, or if the specifiedwsizevalue is larger than the maximum that either client or server can support,the client and server negotiate the largestwsizevalue that they can both support.

Thewsizemount option as specified on themount(8)command line appears in the/etc/mtabfile. However, the effectivewsizevalue negotiated by the client and server is reported in the/proc/mountsfile.

ac / noac

Selects whether the client may cache file attributes. If neitheroption is specified (or ifacis specified), the client caches fileattributes.

To improve performance, NFS clients cache fileattributes. Every few seconds, an NFS client checks the server's version of eachfile's attributes for updates. Changes that occur on the server inthose small intervals remain undetected until the client checks theserver again. Thenoacoption prevents clients from caching fileattributes so that applications can more quickly detect file changeson the server.

In addition to preventing the client from caching file attributes,thenoacoption forces application writes to become synchronous sothat local changes to a file become visible on the serverimmediately. That way, other clients can quickly detect recentwrites when they check the file's attributes.

Using thenoacoption provides greater cache coherence among NFS clientsaccessing the same files,but it extracts a significant performance penalty.As such, judicious use of file locking is encouraged instead.The DATA AND METADATA COHERENCE section contains a detailed discussionof these trade-offs.

acregmin=n

The minimum time (in seconds) that the NFS client cachesattributes of a regular file before it requestsfresh attribute information from a server.If this option is not specified, the NFS client usesa 3-second minimum.See the DATA AND METADATA COHERENCE sectionfor a full discussion of attribute caching.

acregmax=n

The maximum time (in seconds) that the NFS client cachesattributes of a regular file before it requestsfresh attribute information from a server.If this option is not specified, the NFS client usesa 60-second maximum.See the DATA AND METADATA COHERENCE sectionfor a full discussion of attribute caching.

acdirmin=n

The minimum time (in seconds) that the NFS client cachesattributes of a directory before it requestsfresh attribute information from a server.If this option is not specified, the NFS client usesa 30-second minimum.See the DATA AND METADATA COHERENCE sectionfor a full discussion of attribute caching.

acdirmax=n

The maximum time (in seconds) that the NFS client cachesattributes of a directory before it requestsfresh attribute information from a server.If this option is not specified, the NFS client usesa 60-second maximum.See the DATA AND METADATA COHERENCE sectionfor a full discussion of attribute caching.

actimeo=n

Usingactimeosets all ofacregmin,acregmax,acdirmin,andacdirmaxto the same value.If this option is not specified, the NFS client usesthe defaults for each of these options listed above.

bg / fg

Determines how themount(8)command behaves if an attempt to mount an export fails.Thefgoption causesmount(8)to exit with an error status if any part of the mount requesttimes out or fails outright.This is called a "foreground" mount,and is the default behavior if neither thefgnorbgmount option is specified.

If thebgoption is specified, a timeout or failure causes themount(8)command to fork a child which continues to attemptto mount the export.The parent immediately returns with a zero exit code.This is known as a "background" mount.

If the local mount point directory is missing, themount(8)command acts as if the mount request timed out.This permits nested NFS mounts specified in/etc/fstabto proceed in any order during system initialization,even if some NFS servers are not yet available.Alternatively these issues can be addressedusing an automounter (refer toautomount(8)for details).

rdirplus / nordirplus

Selects whether to use NFS v3 or v4 READDIRPLUS requests.If this option is not specified, the NFS client uses READDIRPLUS requestson NFS v3 or v4 mounts to read small directories.Some applications perform better if the client uses only READDIR requestsfor all directories.

retry=n

The number of minutes that themount(8)command retries an NFS mount operationin the foreground or background before giving up.If this option is not specified, the default value for foreground mountsis 2 minutes, and the default value for background mounts is 10000 minutes(80 minutes shy of one week).If a value of zero is specified, themount(8)command exits immediately after the first failure.

sec=flavors

A colon-separated list of one or more security flavors to use for accessingfiles on the mounted export. If the server does not support any of theseflavors, the mount operation fails.Ifsec=is not specified, the client attempts to finda security flavor that both the client and the server supports.Validflavorsarenone,sys,krb5,krb5i,andkrb5p.Refer to the SECURITY CONSIDERATIONS section for details.

sharecache / nosharecache

Determines how the client's data cache and attribute cache are sharedwhen mounting the same export more than once concurrently. Using thesame cache reduces memory requirements on the client and presentsidentical file contents to applications when the same remote file isaccessed via different mount points.

If neither option is specified, or if thesharecacheoption isspecified, then a single cache is used for all mount points thataccess the same export. If thenosharecacheoption is specified,then that mount point gets a unique cache. Note that when data andattribute caches are shared, the mount options from the first mountpoint take effect for subsequent concurrent mounts of the same export.

As of kernel 2.6.18, the behavior specified bynosharecacheis legacy caching behavior. Thisis considered a data risk since multiple cached copiesof the same file on the same client can become out of syncfollowing a local update of one of the copies.

resvport / noresvport

Specifies whether the NFS client should use a privileged source portwhen communicating with an NFS server for this mount point.If this option is not specified, or theresvportoption is specified, the NFS client uses a privileged source port.If thenoresvportoption is specified, the NFS client uses a non-privileged source port.This option is supported in kernels 2.6.28 and later.

Using non-privileged source ports helps increase the maximum number ofNFS mount points allowed on a client, but NFS servers must be configuredto allow clients to connect via non-privileged source ports.

Refer to the SECURITY CONSIDERATIONS section for important details.

lookupcache=mode

Specifies how the kernel manages its cache of directory entriesfor a given mount point.modecan be one ofall,none,pos,orpositive.This option is supported in kernels 2.6.28 and later.

The Linux NFS client caches the result of all NFS LOOKUP requests.If the requested directory entry exists on the server,the result is referred to aspositive.If the requested directory entry does not exist on the server,the result is referred to asnegative.

If this option is not specified, or ifallis specified, the client assumes both types of directory cache entriesare valid until their parent directory's cached attributes expire.

Ifpos or positiveis specified, the client assumes positive entries are validuntil their parent directory's cached attributes expire, butalways revalidates negative entires before an applicationcan use them.

Ifnoneis specified,the client revalidates both types of directory cache entriesbefore an application can use them.This permits quick detection of files that were created or removedby other clients, but can impact application and server performance.

The DATA AND METADATA COHERENCE section contains adetailed discussion of these trade-offs.

fsc / nofsc

Enable/Disables the cache of (read-only) data pages to the local disk using the FS-Cache facility. See cachefilesd(8) and <kernel_soruce>/Documentation/filesystems/cachingfor detail on how to configure the FS-Cache facility.Default value is nofsc.

Options for NFS versions 2 and 3 only

Use these options, along with the options in the above subsection,for NFS versions 2 and 3 only.

proto=netid

Thenetiddetermines the transport that is used to communicate with the NFSserver. Available options areudp, udp6, tcp, tcp6, and rdma.Those which end in6use IPv6 addresses and are only available if support for TI-RPC isbuilt in. Others use IPv4 addresses.

Each transport protocol uses different defaultretransandtimeosettings.Refer to the description of these two mount options for details.

In addition to controlling how the NFS client transmits requests tothe server, this mount option also controls how themount(8)command communicates with the server's rpcbind and mountd services.Specifying a netid that uses TCP forces all traffic from themount(8)command and the NFS client to use TCP.Specifying a netid that uses UDP forces all traffic types to use UDP.

Before using NFS over UDP, refer to the TRANSPORT METHODS section.

If theprotomount option is not specified, themount(8)command discovers which protocols the server supportsand chooses an appropriate transport for each service.Refer to the TRANSPORT METHODS section for more details.

udp

Theudpoption is an alternative to specifyingproto=udp.It is included for compatibility with other operating systems.

Before using NFS over UDP, refer to the TRANSPORT METHODS section.

tcp

Thetcpoption is an alternative to specifyingproto=tcp.It is included for compatibility with other operating systems.

rdma

Therdmaoption is an alternative to specifyingproto=rdma.

port=n

The numeric value of the server's NFS service port.If the server's NFS service is not available on the specified port,the mount request fails.

If this option is not specified, or if the specified port value is 0,then the NFS client uses the NFS service port numberadvertised by the server's rpcbind service.The mount request fails if the server's rpcbind service is not available,the server's NFS service is not registered with its rpcbind service,or the server's NFS service is not available on the advertised port.

mountport=n

The numeric value of the server's mountd port.If the server's mountd service is not available on the specified port,the mount request fails.

If this option is not specified,or if the specified port value is 0, then themount(8)command uses the mountd service port numberadvertised by the server's rpcbind service.The mount request fails if the server's rpcbind service is not available,the server's mountd service is not registered with its rpcbind service,or the server's mountd service is not available on the advertised port.

This option can be used when mounting an NFS serverthrough a firewall that blocks the rpcbind protocol.

mountproto=netid

The transport the NFS client usesto transmit requests to the NFS server's mountd service when performingthis mount request, and when later unmounting this mount point.

netidmay be one ofudp, and tcpwhich use IPv4 address or, if TI-RPC is built into themount.nfscommand,udp6, and tcp6which use IPv6 addresses.

This option can be used when mounting an NFS serverthrough a firewall that blocks a particular transport.When used in combination with theprotooption, different transports for mountd requests and NFS requestscan be specified.If the server's mountd service is not available via the specifiedtransport, the mount request fails.

Refer to the TRANSPORT METHODS section for more on how themountprotomount option interacts with theprotomount option.

mounthost=name

The hostname of the host running mountd.If this option is not specified, themount(8)command assumes that the mountd service runson the same host as the NFS service.

mountvers=n

The RPC version number used to contact the server's mountd.If this option is not specified, the client uses a version numberappropriate to the requested NFS version.This option is useful when multiple NFS servicesare running on the same remote server host.

namlen=n

The maximum length of a pathname component on this mount.If this option is not specified, the maximum length is negotiatedwith the server. In most cases, this maximum length is 255 characters.

Some early versions of NFS did not support this negotiation.Using this option ensures thatpathconf(3)reports the proper maximum component length to applicationsin such cases.

lock / nolock

Selects whether to use the NLM sideband protocol to lock files on the server.If neither option is specified (or iflockis specified), NLM locking is used for this mount point.When using thenolockoption, applications can lock files,but such locks provide exclusion only against other applicationsrunning on the same client.Remote applications are not affected by these locks.

NLM locking must be disabled with thenolockoption when using NFS to mount/varbecause/varcontains files used by the NLM implementation on Linux.Using thenolockoption is also required when mounting exports on NFS serversthat do not support the NLM protocol.

cto / nocto

Selects whether to use close-to-open cache coherence semantics.If neither option is specified (or ifctois specified), the client uses close-to-opencache coherence semantics. If thenoctooption is specified, the client uses a non-standard heuristic to determine whenfiles on the server have changed.

Using thenoctooption may improve performance for read-only mounts,but should be used only if the data on the server changes only occasionally.The DATA AND METADATA COHERENCE section discusses the behaviorof this option in more detail.

acl / noacl

Selects whether to use the NFSACL sideband protocol on this mount point.The NFSACL sideband protocol is a proprietary protocolimplemented in Solaris that manages Access Control Lists. NFSACL was nevermade a standard part of the NFS protocol specification.

If neitheraclnornoacloption is specified,the NFS client negotiates with the serverto see if the NFSACL protocol is supported,and uses it if the server supports it.Disabling the NFSACL sideband protocol may be necessaryif the negotiation causes problems on the client or server.Refer to the SECURITY CONSIDERATIONS section for more details.

local_lock=mechanism

Specifies whether to use local locking for any or both of the flock and thePOSIX locking mechanisms.mechanismcan be one ofall,flock,posix,ornone.This option is supported in kernels 2.6.37 and later.

The Linux NFS client provides a way to make locks local. This means, theapplications can lock files, but such locks provide exclusion only againstother applications running on the same client. Remote applications are notaffected by these locks.

If this option is not specified, or ifnoneis specified, the client assumes that the locks are not local.

Ifallis specified, the client assumes that both flock and POSIX locks are local.

Ifflockis specified, the client assumes that only flock locks are local and usesNLM sideband protocol to lock files when POSIX locks are used.

Ifposixis specified, the client assumes that POSIX locks are local and uses NLMsideband protocol to lock files when flock locks are used.

To support legacy flock behavior similar to that of NFS clients < 2.6.12, use 'local_lock=flock'. This option is required when exporting NFS mounts viaSamba as Samba maps Windows share mode locks as flock. Since NFS clients >2.6.12 implement flock by emulating POSIX locks, this will result inconflicting locks.

NOTE: When used together, the 'local_lock' mount option will be overriddenby 'nolock'/'lock' mount option.

Options for NFS version 4 only

Use these options, along with the options in the first subsection above,for NFS version 4 and newer.

proto=netid

Thenetiddetermines the transport that is used to communicate with the NFSserver. Supported options aretcp, tcp6, and rdma.tcp6use IPv6 addresses and is only available if support for TI-RPC isbuilt in. Both others use IPv4 addresses.

All NFS version 4 servers are required to support TCP,so if this mount option is not specified, the NFS version 4 clientuses the TCP protocol.Refer to the TRANSPORT METHODS section for more details.

minorversion=n

Specifies the protocol minor version number.NFSv4 introduces "minor versioning," where NFS protocol enhancements canbe introduced without bumping the NFS protocol version number.Before kernel 2.6.38, the minor version is always zero, and thisoption is not recognized.After this kernel, specifying "minorversion=1" enables a number ofadvanced features, such as NFSv4 sessions.

Recent kernels allow the minor version to be specified using thevers=option.For example, specifyingvers=4.1is the same as specifyingvers=4,minorversion=1.

port=n

The numeric value of the server's NFS service port.If the server's NFS service is not available on the specified port,the mount request fails.

If this mount option is not specified,the NFS client uses the standard NFS port number of 2049without first checking the server's rpcbind service.This allows an NFS version 4 client to contact an NFS version 4server through a firewall that may block rpcbind requests.

If the specified port value is 0,then the NFS client uses the NFS service port numberadvertised by the server's rpcbind service.The mount request fails if the server's rpcbind service is not available,the server's NFS service is not registered with its rpcbind service,or the server's NFS service is not available on the advertised port.

cto / nocto

Selects whether to use close-to-open cache coherence semanticsfor NFS directories on this mount point.If neitherctonornoctois specified,the default is to use close-to-open cache coherencesemantics for directories.

File data caching behavior is not affected by this option.The DATA AND METADATA COHERENCE section discussesthe behavior of this option in more detail.

clientaddr=n.n.n.n

clientaddr=n:n:...:n

Specifies a single IPv4 address (in dotted-quad form),or a non-link-local IPv6 address,that the NFS client advertises to allow serversto perform NFS version 4 callback requests againstfiles on this mount point. If the server is unable toestablish callback connections to clients, performancemay degrade, or accesses to files may temporarily hang.

If this option is not specified, themount(8)command attempts to discover an appropriate callback address automatically.The automatic discovery process is not perfect, however.In the presence of multiple client network interfaces,special routing policies,or atypical network topologies,the exact address to use for callbacks may be nontrivial to determine.

migration / nomigration

Selects whether the client uses an identification string that is compatiblewith NFSv4 Transparent State Migration (TSM).If the mounted server supports NFSv4 migration with TSM, specify themigrationoption.

Some server features misbehave in the face of a migration-compatibleidentification string.Thenomigrationoption retains the use of a traditional client indentification stringwhich is compatible with legacy NFS servers.This is also the behavior if neither option is specified.A client's open and lock state cannot be migrated transparentlywhen it identifies itself via a traditional identification string.

This mount option has no effect with NFSv4 minor versions newer than zero,which always use TSM-compatible client identification strings.

nfs4 FILE SYSTEM TYPE

Thenfs4file system type is an old syntax for specifying NFSv4 usage. It can still be used with all NFSv4-specific and common options, excepted thenfsversmount option.

MOUNT CONFIGURATION FILE

If the mount command is configured to do so, all of the mount options described in the previous section can also be configured in the /etc/nfsmount.conf file. See nfsmount.conf(5)for details.

EXAMPLES

To mount an export using NFS version 2,use thenfsfile system type and specify thenfsvers=2mount option.To mount using NFS version 3,use thenfsfile system type and specify thenfsvers=3mount option.To mount using NFS version 4,use either thenfsfile system type, with thenfsvers=4mount option, or the nfs4file system type.

The following example from an/etc/fstabfile causes the mount command to negotiatereasonable defaults for NFS behavior.

 server:/export /mnt nfs defaults 0 0

Here is an example from an /etc/fstab file for an NFS version 2 mount over UDP.

 server:/export /mnt nfs nfsvers=2,proto=udp 0 0

This example shows how to mount using NFS version 4 over TCPwith Kerberos 5 mutual authentication.

 server:/export /mnt nfs4 sec=krb5 0 0

This example shows how to mount using NFS version 4 over TCPwith Kerberos 5 privacy or data integrity mode.

 server:/export /mnt nfs4 sec=krb5p:krb5i 0 0

This example can be used to mount /usr over NFS.

 server:/export /usr nfs ro,nolock,nocto,actimeo=3600 0 0

This example shows how to mount an NFS serverusing a raw IPv6 link-local address.

 [fe80::215:c5ff:fb3e:e2b1%eth0]:/export /mnt nfs defaults 0 0

TRANSPORT METHODS

NFS clients send requests to NFS servers viaRemote Procedure Calls, orRPCs.The RPC client discovers remote service endpoints automatically,handles per-request authentication,adjusts request parameters for different byte endianness on client and server,and retransmits requests that may have been lost by the network or server.RPC requests and replies flow over a network transport.

In most cases, themount(8)command, NFS client, and NFS servercan automatically negotiate proper transportand data transfer size settings for a mount point.In some cases, however, it pays to specifythese settings explicitly using mount options.

Traditionally, NFS clients used the UDP transport exclusively fortransmitting requests to servers. Though its implementation issimple, NFS over UDP has many limitations that prevent smoothoperation and good performance in some common deploymentenvironments. Even an insignificant packet loss rate results in theloss of whole NFS requests; as such, retransmit timeouts are usuallyin the subsecond range to allow clients to recover quickly fromdropped requests, but this can result in extraneous network trafficand server load.

However, UDP can be quite effective in specialized settings wherethe networks MTU is large relative to NFSs data transfer size (suchas network environments that enable jumbo Ethernet frames). In suchenvironments, trimming thersizeandwsizesettings so that eachNFS read or write request fits in just a few network frames (or evenin a single frame) is advised. This reduces the probability thatthe loss of a single MTU-sized network frame results in the loss ofan entire large read or write request.

TCP is the default transport protocol used for all modern NFSimplementations. It performs well in almost every conceivablenetwork environment and provides excellent guarantees against datacorruption caused by network unreliability. TCP is often arequirement for mounting a server through a network firewall.

Under normal circ*mstances, networks drop packets much morefrequently than NFS servers drop requests. As such, an aggressiveretransmit timeout setting for NFS over TCP is unnecessary. Typicaltimeout settings for NFS over TCP are between one and ten minutes.After the client exhausts its retransmits (the value of theretransmount option), it assumes a network partition has occurred,and attempts to reconnect to the server on a fresh socket. SinceTCP itself makes network data transfer reliable,rsizeandwsizecan safely be allowed to default to the largest values supported byboth client and server, independent of the network's MTU size.

Using the mountproto mount option

This section applies only to NFS version 2 and version 3 mountssince NFS version 4 does not use a separate protocol for mountrequests.

The Linux NFS client can use a different transport forcontacting an NFS server's rpcbind service, its mountd service,its Network Lock Manager (NLM) service, and its NFS service.The exact transports employed by the Linux NFS client foreach mount point depends on the settings of the transportmount options, which includeproto,mountproto,udp, and tcp.

The client sends Network Status Manager (NSM) notificationsvia UDP no matter what transport options are specified, butlistens for server NSM notifications on both UDP and TCP.The NFS Access Control List (NFSACL) protocol shares the sametransport as the main NFS service.

If no transport options are specified, the Linux NFS clientuses UDP to contact the server's mountd service, and TCP tocontact its NLM and NFS services by default.

If the server does not support these transports for these services, themount(8)command attempts to discover what the server supports, and then retriesthe mount request once using the discovered transports.If the server does not advertise any transport supported by the clientor is misconfigured, the mount request fails.If thebgoption is in effect, the mount command backgrounds itself and continuesto attempt the specified mount request.

When theprotooption, theudpoption, or thetcpoption is specified but themountprotooption is not, the specified transport is used to contactboth the server's mountd service and for the NLM and NFS services.

If themountprotooption is specified but none of theproto, udp or tcpoptions are specified, then the specified transport is used for theinitial mountd request, but the mount command attempts to discoverwhat the server supports for the NFS protocol, preferring TCP ifboth transports are supported.

If both themountproto and proto(orudp or tcp)options are specified, then the transport specified by themountprotooption is used for the initial mountd request, and the transportspecified by theprotooption (or theudp or tcp options)is used for NFS, no matter what order these options appear.No automatic service discovery is performed if these options arespecified.

If any of theproto, udp, tcp, ormountprotooptions are specified more than once on the same mount command line,then the value of the rightmost instance of each of these optionstakes effect.

Using NFS over UDP on high-speed links

Using NFS over UDP on high-speed links such as Gigabitcan cause silent data corruption.

The problem can be triggered at high loads, and is caused by problems inIP fragment reassembly. NFS read and writes typically transmit UDP packetsof 4 Kilobytes or more, which have to be broken up into several fragmentsin order to be sent over the Ethernet link, which limits packets to 1500bytes by default. This process happens at the IP network layer and iscalled fragmentation.

In order to identify fragments that belong together, IP assigns a 16bitIP IDvalue to each packet; fragments generated from the same UDP packetwill have the same IP ID. The receiving system will collect thesefragments and combine them to form the original UDP packet. This processis called reassembly. The default timeout for packet reassembly is30 seconds; if the network stack does not receive all fragments ofa given packet within this interval, it assumes the missing fragment(s)got lost and discards those it already received.

The problem this creates over high-speed links is that it is possibleto send more than 65536 packets within 30 seconds. In fact, withheavy NFS traffic one can observe that the IP IDs repeat after about5 seconds.

This has serious effects on reassembly: if one fragment gets lost,another fragmentfrom a different packetbut with thesame IP IDwill arrive within the 30 second timeout, and the network stack willcombine these fragments to form a new packet. Most of the time, networklayers above IP will detect this mismatched reassembly - in the caseof UDP, the UDP checksum, which is a 16 bit checksum over the entirepacket payload, will usually not match, and UDP will discard thebad packet.

However, the UDP checksum is 16 bit only, so there is a chance of 1 in65536 that it will match even if the packet payload is completelyrandom (which very often isn't the case). If that is the case,silent data corruption will occur.

This potential should be taken seriously, at least on GigabitEthernet.Network speeds of 100Mbit/s should be considered lessproblematic, because with most traffic patterns IP ID wrap aroundwill take much longer than 30 seconds.

It is therefore strongly recommended to useNFS over TCP where possible,since TCP does not perform fragmentation.

If you absolutely have to use NFS over UDP over Gigabit Ethernet,some steps can be taken to mitigate the problem and reduce theprobability of corruption:

Jumbo frames:

Many Gigabit network cards are capable of transmittingframes bigger than the 1500 byte limit of traditional Ethernet, typically9000 bytes. Using jumbo frames of 9000 bytes will allow you to run NFS overUDP at a page size of 8K without fragmentation. Of course, this isonly feasible if all involved stations support jumbo frames.

To enable a machine to send jumbo frames on cards that support it,it is sufficient to configure the interface for a MTU value of 9000.

Lower reassembly timeout:

By lowering this timeout below the time it takes the IP ID counterto wrap around, incorrect reassembly of fragments can be preventedas well. To do so, simply write the new timeout value (in seconds)to the file/proc/sys/net/ipv4/ipfrag_time.

A value of 2 seconds will greatly reduce the probability of IPID clashes ona single Gigabit link, while still allowing for a reasonable timeoutwhen receiving fragmented traffic from distant peers.

DATA AND METADATA COHERENCE

Some modern cluster file systems provideperfect cache coherence among their clients.Perfect cache coherence among disparate NFS clientsis expensive to achieve, especially on wide area networks.As such, NFS settles for weaker cache coherence thatsatisfies the requirements of most file sharing types.

Close-to-open cache consistency

Typically file sharing is completely sequential.First client A opens a file, writes something to it, then closes it.Then client B opens the same file, and reads the changes.

When an application opens a file stored on an NFS version 3 server,the NFS client checks that the file exists on the serverand is permitted to the opener by sending a GETATTR or ACCESS request.The NFS client sends these requestsregardless of the freshness of the file's cached attributes.

When the application closes the file,the NFS client writes back any pending changesto the file so that the next opener can view the changes.This also gives the NFS client an opportunity to reportwrite errors to the application via the return code fromclose(2).

The behavior of checking at open time and flushing at close timeis referred to asclose-to-open cache consistency,orCTO.It can be disabled for an entire mount point using thenoctomount option.

Weak cache consistency

There are still opportunities for a client's data cacheto contain stale data.The NFS version 3 protocol introduced "weak cache consistency"(also known as WCC) which provides a way of efficiently checkinga file's attributes before and after a single request.This allows a client to help identify changesthat could have been made by other clients.

When a client is using many concurrent operationsthat update the same file at the same time(for example, during asynchronous write behind),it is still difficult to tell whether it wasthat client's updates or some other client's updatesthat altered the file.

Attribute caching

Use thenoacmount option to achieve attribute cache coherenceamong multiple clients.Almost every file system operation checksfile attribute information.The client keeps this information cachedfor a period of time to reduce network and server load.Whennoacis in effect, a client's file attribute cache is disabled,so each operation that needs to check a file's attributesis forced to go back to the server.This permits a client to see changes to a file very quickly,at the cost of many extra network operations.

Be careful not to confuse thenoacoption with "no data caching."Thenoacmount option prevents the client from caching file metadata,but there are still races that may result in data cache incoherencebetween client and server.

The NFS protocol is not designed to supporttrue cluster file system cache coherencewithout some type of application serialization.If absolute cache coherence among clients is required,applications should use file locking. Alternatively, applicationscan also open their files with the O_DIRECT flagto disable data caching entirely.

File timestamp maintainence

NFS servers are responsible for managing file and directory timestamps(atime,ctime, andmtime).When a file is accessed or updated on an NFS server,the file's timestamps are updated just like they would be on a filesystemlocal to an application.

NFS clients cache file attributes, including timestamps.A file's timestamps are updated on NFS clients when its attributesare retrieved from the NFS server.Thus there may be some delay before timestamp updateson an NFS server appear to applications on NFS clients.

To comply with the POSIX filesystem standard, the Linux NFS clientrelies on NFS servers to keep a file'smtimeandctimetimestamps properly up to date.It does this by flushing local data changes to the serverbefore reportingmtimeto applications via system calls such asstat(2).

The Linux client handlesatimeupdates more loosely, however.NFS clients maintain good performance by caching data,but that means that application reads, which normally updateatime,are not reflected to the server where a file'satimeis actually maintained.

Because of this caching behavior,the Linux NFS client does not support generic atime-related mount options.Seemount(8)for details on these options.

In particular, theatime/noatime,diratime/nodiratime,relatime/norelatime,andstrictatime/nostrictatimemount options have no effect on NFS mounts.

/proc/mountsmay report that therelatimemount option is set on NFS mounts, but in fact theatimesemantics are always as described here, and are not likerelatimesemantics.

Directory entry caching

The Linux NFS client caches the result of all NFS LOOKUP requests.If the requested directory entry exists on the server,the result is referred to as apositive lookup result.If the requested directory entry does not exist on the server(that is, the server returned ENOENT),the result is referred to asnegative lookup result.

To detect when directory entries have been added or removedon the server,the Linux NFS client watches a directory's mtime.If the client detects a change in a directory's mtime,the client drops all cached LOOKUP results for that directory.Since the directory's mtime is a cached attribute, it maytake some time before a client notices it has changed.See the descriptions of theacdirmin, acdirmax, and noacmount options for more information abouthow long a directory's mtime is cached.

Caching directory entries improves the performance of applications thatdo not share files with applications on other clients.Using cached information about directories can interferewith applications that run concurrently on multiple clients andneed to detect the creation or removal of files quickly, however.Thelookupcachemount option allows some tuning of directory entry caching behavior.

Before kernel release 2.6.28,the Linux NFS client tracked only positive lookup results.This permitted applications to detect new directory entriescreated by other clients quickly while still providing some of theperformance benefits of caching.If an application depends on the previous lookup caching behaviorof the Linux NFS client, you can uselookupcache=positive.

If the client ignores its cache and validates every applicationlookup request with the server,that client can immediately detect when a new directoryentry has been either created or removed by another client.You can specify this behavior usinglookupcache=none.The extra NFS requests needed if the client does notcache directory entries can exact a performance penalty.Disabling lookup cachingshould result in less of a performance penalty than usingnoac,and has no effect on how the NFS client caches the attributes of files.

The sync mount option

The NFS client treats thesyncmount option differently than some other file systems(refer tomount(8)for a description of the genericsyncandasyncmount options).If neithersyncnorasyncis specified (or if theasyncoption is specified),the NFS client delays sending applicationwrites to the serveruntil any of these events occur:

Memory pressure forces reclamation of system memory resources.

An application flushes file data explicitly withsync(2),msync(2),orfsync(3).

An application closes a file withclose(2).

The file is locked/unlocked viafcntl(2).

In other words, under normal circ*mstances,data written by an application may not immediately appearon the server that hosts the file.

If thesyncoption is specified on a mount point,any system call that writes data to files on that mount pointcauses that data to be flushed to the serverbefore the system call returns control to user space.This provides greater data cache coherence among clients,but at a significant performance cost.

Applications can use the O_SYNC open flag to force applicationwrites to individual files to go to the server immediately withoutthe use of thesyncmount option.

Using file locks with NFS

The Network Lock Manager protocol is a separate sideband protocolused to manage file locks in NFS version 2 and version 3.To support lock recovery after a client or server reboot,a second sideband protocol --known as the Network Status Manager protocol --is also required.In NFS version 4,file locking is supported directly in the main NFS protocol,and the NLM and NSM sideband protocols are not used.

In most cases, NLM and NSM services are started automatically,and no extra configuration is required.Configure all NFS clients with fully-qualified domain namesto ensure that NFS servers can find clients to notify them of server reboots.

NLM supports advisory file locks only.To lock NFS files, usefcntl(2)with the F_GETLK and F_SETLK commands.The NFS client converts file locks obtained viaflock(2)to advisory locks.

When mounting servers that do not support the NLM protocol,or when mounting an NFS server through a firewallthat blocks the NLM service port,specify thenolockmount option. NLM locking must be disabled with thenolockoption when using NFS to mount/varbecause/varcontains files used by the NLM implementation on Linux.

Specifying thenolockoption may also be advised to improve the performanceof a proprietary application which runs on a single clientand uses file locks extensively.

NFS version 4 caching features

The data and metadata caching behavior of NFS version 4clients is similar to that of earlier versions.However, NFS version 4 adds two features that improvecache behavior:change attributesandfile delegation.

Thechange attributeis a new part of NFS file and directory metadatawhich tracks data changes.It replaces the use of a file's modificationand change time stampsas a way for clients to validate the contentof their caches.Change attributes are independent of the time stampresolution on either the server or client, however.

Afile delegationis a contract between an NFS version 4 clientand server that allows the client to treat a file temporarilyas if no other client is accessing it.The server promises to notify the client (via a callback request) if another clientattempts to access that file.Once a file has been delegated to a client, the client cancache that file's data and metadata aggressively withoutcontacting the server.

File delegations come in two flavors:readandwrite.Areaddelegation means that the server notifies the clientabout any other clients that want to write to the file.Awritedelegation means that the client gets notified abouteither read or write accessors.

Servers grant file delegations when a file is opened,and can recall delegations at any time when anotherclient wants access to the file that conflicts withany delegations already granted.Delegations on directories are not supported.

In order to support delegation callback, the serverchecks the network return path to the client duringthe client's initial contact with the server.If contact with the client cannot be established,the server simply does not grant any delegations tothat client.

SECURITY CONSIDERATIONS

NFS servers control access to file data,but they depend on their RPC implementationto provide authentication of NFS requests.Traditional NFS access control mimicsthe standard mode bit access control provided in local file systems.Traditional RPC authentication uses a numberto represent each user(usually the user's own uid),a number to represent the user's group (the user's gid),and a set of up to 16 auxiliary group numbersto represent other groups of which the user may be a member.

Typically, file data and user ID values appear unencrypted(i.e. "in the clear") on the network.Moreover, NFS versions 2 and 3 useseparate sideband protocols for mounting,locking and unlocking files,and reporting system status of clients and servers.These auxiliary protocols use no authentication.

In addition to combining these sideband protocols with the main NFS protocol,NFS version 4 introduces more advanced forms of access control,authentication, and in-transit data protection.The NFS version 4 specification mandates support forstrong authentication and security flavorsthat provide per-RPC integrity checking and encryption.Because NFS version 4 combines thefunction of the sideband protocols into the main NFS protocol,the new security features apply to all NFS version 4 operationsincluding mounting, file locking, and so on.RPCGSS authentication can also be used with NFS versions 2 and 3,but it does not protect their sideband protocols.

Thesecmount option specifies the security flavorthat is in effect on a given NFS mount point.Specifyingsec=krb5provides cryptographic proof of a user's identity in each RPC request.This provides strong verification of the identity of usersaccessing data on the server.Note that additional configuration besides adding this mount optionis required in order to enable Kerberos security.Refer to therpc.gssd(8)man page for details.

Two additional flavors of Kerberos security are supported:krb5iandkrb5p.Thekrb5isecurity flavor provides a cryptographically strong guaranteethat the data in each RPC request has not been tampered with.Thekrb5psecurity flavor encrypts every RPC requestto prevent data exposure during network transit; however,expect some performance impactwhen using integrity checking or encryption.Similar support for other forms of cryptographic securityis also available.

The NFS version 4 protocol allowsa client to renegotiate the security flavorwhen the client crosses into a new filesystem on the server.The newly negotiated flavor effects only accesses of the new filesystem.

Such negotiation typically occurs when a client crossesfrom a server's pseudo-fsinto one of the server's exported physical filesystems,which often have more restrictive security settings than the pseudo-fs.

Using non-privileged source ports

NFS clients usually communicate with NFS servers via network sockets.Each end of a socket is assigned a port value, which is simply a numberbetween 1 and 65535 that distinguishes socket endpoints at the sameIP address.A socket is uniquely defined by a tuple that includes the transportprotocol (TCP or UDP) and the port values and IP addresses of bothendpoints.

The NFS client can choose any source port value for its sockets,but usually chooses aprivilegedport.A privileged port is a port value less than 1024.Only a process with root privileges may create a socketwith a privileged source port.

The exact range of privileged source ports that can be chosen isset by a pair of sysctls to avoid choosing a well-known port, such asthe port used by ssh.This means the number of source ports available for the NFS client,and therefore the number of socket connections that can be usedat the same time,is practically limited to only a few hundred.

As described above, the traditional default NFS authentication scheme,known as AUTH_SYS, relies on sending local UID and GID numbers to identifyusers making NFS requests.An NFS server assumes that if a connection comes from a privileged port,the UID and GID numbers in the NFS requests on this connection have beenverified by the client's kernel or some other local authority.This is an easy system to spoof, but on a trusted physical network betweentrusted hosts, it is entirely adequate.

Roughly speaking, one socket is used for each NFS mount point.If a client could use non-privileged source ports as well,the number of sockets allowed,and thus the maximum number of concurrent mount points,would be much larger.

Using non-privileged source ports may compromise server security somewhat,since any user on AUTH_SYS mount points can now pretend to be any otherwhen making NFS requests.Thus NFS servers do not support this by default.They explicitly allow it usually via an export option.

To retain good security while allowing as many mount points as possible,it is best to allow non-privileged client connections only if the serverand client both require strong authentication, such as Kerberos.

Mounting through a firewall

A firewall may reside between an NFS client and server,or the client or server may block some of its own ports via IPfilter rules.It is still possible to mount an NFS server through a firewall,though some of themount(8)command's automatic service endpoint discovery mechanisms may not work; thisrequires you to provide specific endpoint details via NFS mount options.

NFS servers normally run a portmapper or rpcbind daemon to advertisetheir service endpoints to clients. Clients use the rpcbind daemon to determine:

What network port each RPC-based service is using

What transport protocols each RPC-based service supports

The rpcbind daemon uses a well-known port number (111) to help clients find a service endpoint.Although NFS often uses a standard port number (2049),auxiliary services such as the NLM service can chooseany unused port number at random.

Common firewall configurations block the well-known rpcbind port.In the absense of an rpcbind service,the server administrator fixes the port numberof NFS-related services so that the firewallcan allow access to specific NFS service ports.Client administrators then specify the port numberfor the mountd service via themount(8)command'smountportoption.It may also be necessary to enforce the use of TCP or UDPif the firewall blocks one of those transports.

NFS Access Control Lists

Solaris allows NFS version 3 clients direct accessto POSIX Access Control Lists stored in its local file systems.This proprietary sideband protocol, known as NFSACL,provides richer access control than mode bits.Linux implements this protocolfor compatibility with the Solaris NFS implementation.The NFSACL protocol never became a standard partof the NFS version 3 specification, however.

The NFS version 4 specification mandates a new versionof Access Control Lists that are semantically richer than POSIX ACLs.NFS version 4 ACLs are not fully compatible with POSIX ACLs; as such,some translation between the two is requiredin an environment that mixes POSIX ACLs and NFS version 4.

THE REMOUNT OPTION

Generic mount options such asrw and synccan be modified on NFS mount points using theremountoption.Seemount(8)for more information on generic mount options.

With few exceptions, NFS-specific optionsare not able to be modified during a remount.The underlying transport or NFS versioncannot be changed by a remount, for example.

Performing a remount on an NFS file system mounted with thenoacoption may have unintended consequences.Thenoacoption is a combination of the generic optionsync,and the NFS-specific optionactimeo=0.

Unmounting after a remount

For mount points that use NFS versions 2 or 3, the NFS umount subcommanddepends on knowing the original set of mount options used to perform theMNT operation.These options are stored on disk by the NFS mount subcommand,and can be erased by a remount.

To ensure that the saved mount options are not erased during a remount,specify either the local mount directory, or the server hostname andexport pathname, but not both, during a remount. For example,

 mount -o remount,ro /mnt

merges the mount optionrowith the mount options already saved on disk for the NFS server mounted at /mnt.

FILES

/etc/fstab

file system table

/etc/nfsmount.conf

Configuration file for NFS mounts

BUGS

Before 2.4.7, the Linux NFS client did not support NFS over TCP.

Before 2.4.20, the Linux NFS client used a heuristicto determine whether cached file data was still validrather than using the standard close-to-open cache coherency methoddescribed above.

Starting with 2.4.22, the Linux NFS client employsa Van Jacobsen-based RTT estimator to determine retransmittimeout values when using NFS over UDP.

Before 2.6.0, the Linux NFS client did not support NFS version 4.

Before 2.6.8, the Linux NFS client used only synchronous reads and writeswhen thersize and wsizesettings were smaller than the system's page size.

The Linux NFS client does not yet supportcertain optional features of the NFS version 4 protocol,such as security negotiation, server referrals, and named attributes.