Network Working Group B. Callaghan Request for Comments: 1813 B. Pawlowski Category: Informational P. Staubach Sun Microsystems, Inc. June 1995 NFS Version 3 Protocol Specification Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. IESG Note Internet Engineering Steering Group comment: please note that the IETF is not involved in creating or maintaining this specification. This is the significance of the specification not being on the standards track. Abstract This paper describes the NFS version 3 protocol. This paper is provided so that people can write compatible implementations. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Scope of the NFS version 3 protocol . . . . . . . . . . 4 1.2 Useful terms . . . . . . . . . . . . . . . . . . . . . . 5 1.3 Remote Procedure Call . . . . . . . . . . . . . . . . . 5 1.4 External Data Representation . . . . . . . . . . . . . . 5 1.5 Authentication and Permission Checking . . . . . . . . . 7 1.6 Philosophy . . . . . . . . . . . . . . . . . . . . . . . 8 1.7 Changes from the NFS version 2 protocol . . . . . . . . 11 2. RPC Information . . . . . . . . . . . . . . . . . . . . . 14 2.1 Authentication . . . . . . . . . . . . . . . . . . . . . 14 2.2 Constants . . . . . . . . . . . . . . . . . . . . . . . 14 2.3 Transport address . . . . . . . . . . . . . . . . . . . 14 2.4 Sizes . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.5 Basic Data Types . . . . . . . . . . . . . . . . . . . . 15 2.6 Defined Error Numbers . . . . . . . . . . . . . . . . . 17 3. Server Procedures . . . . . . . . . . . . . . . . . . . . 27 3.1 General comments on attributes . . . . . . . . . . . . . 29 3.2 General comments on filenames . . . . . . . . . . . . . 30 3.3.0 NULL: Do nothing . . . . . . . . . . . . . . . . . . . . 31 Callaghan, el al Informational [Page 1] RFC 1813 NFS Version 3 Protocol June 1995 3.3.1 GETATTR: Get file attributes . . . . . . . . . . . . . . 32 3.3.2 SETATTR: Set file attributes . . . . . . . . . . . . . . 33 3.3.3 LOOKUP: Lookup filename . . . . . . . . . . . . . . . . 37 3.3.4 ACCESS: Check access permission . . . . . . . . . . . . 40 3.3.5 READLINK: Read from symbolic link . . . . . . . . . . . 44 3.3.6 READ: Read from file . . . . . . . . . . . . . . . . . . 46 3.3.7 WRITE: Write to file . . . . . . . . . . . . . . . . . . 49 3.3.8 CREATE: Create a file . . . . . . . . . . . . . . . . . 54 3.3.9 MKDIR: Create a directory . . . . . . . . . . . . . . . 58 3.3.10 SYMLINK: Create a symbolic link . . . . . . . . . . . . 61 3.3.11 MKNOD: Create a special device . . . . . . . . . . . . . 63 3.3.12 REMOVE: Remove a file . . . . . . . . . . . . . . . . . 67 3.3.13 RMDIR: Remove a directory . . . . . . . . . . . . . . . 69 3.3.14 RENAME: Rename a file or directory . . . . . . . . . . . 71 3.3.15 LINK: Create link to an object . . . . . . . . . . . . . 74 3.3.16 READDIR: Read From directory . . . . . . . . . . . . . . 76 3.3.17 READDIRPLUS: Extended read from directory . . . . . . . 80 3.3.18 FSSTAT: Get dynamic file system information . . . . . . 84 3.3.19 FSINFO: Get static file system information . . . . . . . 86 3.3.20 PATHCONF: Retrieve POSIX information . . . . . . . . . . 90 3.3.21 COMMIT: Commit cached data on a server to stable storage 92 4. Implementation issues . . . . . . . . . . . . . . . . . . 96 4.1 Multiple version support . . . . . . . . . . . . . . . . 96 4.2 Server/client relationship . . . . . . . . . . . . . . . 96 4.3 Path name interpretation . . . . . . . . . . . . . . . . 97 4.4 Permission issues . . . . . . . . . . . . . . . . . . . 98 4.5 Duplicate request cache . . . . . . . . . . . . . . . . 99 4.6 File name component handling . . . . . . . . . . . . . . 101 4.7 Synchronous modifying operations . . . . . . . . . . . . 101 4.8 Stable storage . . . . . . . . . . . . . . . . . . . . . 101 4.9 Lookups and name resolution . . . . . . . . . . . . . . 102 4.10 Adaptive retransmission . . . . . . . . . . . . . . . . 102 4.11 Caching policies . . . . . . . . . . . . . . . . . . . . 102 4.12 Stable versus unstable writes. . . . . . . . . . . . . . 103 4.13 32 bit clients/servers and 64 bit clients/servers. . . . 104 5. Appendix I: Mount protocol . . . . . . . . . . . . . . . . 106 5.1 RPC Information . . . . . . . . . . . . . . . . . . . . 106 5.1.1 Authentication . . . . . . . . . . . . . . . . . . . . 106 5.1.2 Constants . . . . . . . . . . . . . . . . . . . . . . 106 5.1.3 Transport address . . . . . . . . . . . . . . . . . . 106 5.1.4 Sizes . . . . . . . . . . . . . . . . . . . . . . . . 106 5.1.5 Basic Data Types . . . . . . . . . . . . . . . . . . . 106 5.2 Server Procedures . . . . . . . . . . . . . . . . . . . 107 5.2.0 NULL: Do nothing . . . . . . . . . . . . . . . . . . . 108 5.2.1 MNT: Add mount entry . . . . . . . . . . . . . . . . . 109 5.2.2 DUMP: Return mount entries . . . . . . . . . . . . . . 110 5.2.3 UMNT: Remove mount entry . . . . . . . . . . . . . . . 111 5.2.4 UMNTALL: Remove all mount entries . . . . . . . . . . 112 Callaghan, el al Informational [Page 2] RFC 1813 NFS Version 3 Protocol June 1995 5.2.5 EXPORT: Return export list . . . . . . . . . . . . . . 113 6. Appendix II: Lock manager protocol . . . . . . . . . . . . 114 6.1 RPC Information . . . . . . . . . . . . . . . . . . . . 114 6.1.1 Authentication . . . . . . . . . . . . . . . . . . . . 114 6.1.2 Constants . . . . . . . . . . . . . . . . . . . . . . 114 6.1.3 Transport Address . . . . . . . . . . . . . . . . . . 115 6.1.4 Basic Data Types . . . . . . . . . . . . . . . . . . . 115 6.2 NLM Procedures . . . . . . . . . . . . . . . . . . . . . 118 6.2.0 NULL: Do nothing . . . . . . . . . . . . . . . . . . . 120 6.3 Implementation issues . . . . . . . . . . . . . . . . . 120 6.3.1 64-bit offsets and lengths . . . . . . . . . . . . . . 120 6.3.2 File handles . . . . . . . . . . . . . . . . . . . . . 120 7. Appendix III: Bibliography . . . . . . . . . . . . . . . . 122 8. Security Considerations . . . . . . . . . . . . . . . . . 125 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 125 10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . 126 1. Introduction Sun's NFS protocol provides transparent remote access to shared file systems across networks. The NFS protocol is designed to be machine, operating system, network architecture, and transport protocol independent. This independence is achieved through the use of Remote Procedure Call (RPC) primitives built on top of an eXternal Data Representation (XDR). Implementations of the NFS version 2 protocol exist for a variety of machines, from personal computers to supercomputers. The initial version of the NFS protocol is specified in the Network File System Protocol Specification [RFC1094]. A description of the initial implementation can be found in [Sandberg]. The supporting MOUNT protocol performs the operating system-specific functions that allow clients to attach remote directory trees to a point within the local file system. The mount process also allows the server to grant remote access privileges to a restricted set of clients via export control. The Lock Manager provides support for file locking when used in the NFS environment. The Network Lock Manager (NLM) protocol isolates the inherently stateful aspects of file locking into a separate protocol. A complete description of the above protocols and their implementation is to be found in [X/OpenNFS]. The purpose of this document is to: Callaghan, el al Informational [Page 3] RFC 1813 NFS Version 3 Protocol June 1995 o Specify the NFS version 3 protocol. o Describe semantics of the protocol through annotation and description of intended implementation. o Specify the MOUNT version 3 protocol. o Briefly describe the changes between the NLM version 3 protocol and the NLM version 4 protocol. The normative text is the description of the RPC procedures and arguments and results, which defines the over-the-wire protocol, and the semantics of those procedures. The material describing implementation practice aids the understanding of the protocol specification and describes some possible implementation issues and solutions. It is not possible to describe all implementations and the UNIX operating system implementation of the NFS version 3 protocol is most often used to provide examples. Given that, the implementation discussion does not bear the authority of the description of the over-the-wire protocol itself. 1.1 Scope of the NFS version 3 protocol This revision of the NFS protocol addresses new requirements. The need to support larger files and file systems has prompted extensions to allow 64 bit file sizes and offsets. The revision enhances security by adding support for an access check to be done on the server. Performance modifications are of three types: 1. The number of over-the-wire packets for a given set of file operations is reduced by returning file attributes on every operation, thus decreasing the number of calls to get modified attributes. 2. The write throughput bottleneck caused by the synchronous definition of write in the NFS version 2 protocol has been addressed by adding support so that the NFS server can do unsafe writes. Unsafe writes are writes which have not been committed to stable storage before the operation returns. This specification defines a method for committing these unsafe writes to stable storage in a reliable way. 3. Limitations on transfer sizes have been relaxed. The ability to support multiple versions of a protocol in RPC will allow implementors of the NFS version 3 protocol to define Callaghan, el al Informational [Page 4] RFC 1813 NFS Version 3 Protocol June 1995 clients and servers that provide backwards compatibility with the existing installed base of NFS version 2 protocol implementations. The extensions described here represent an evolution of the existing NFS protocol and most of the design features of the NFS protocol described in [Sandberg] persist. See Changes from the NFS version 2 protocol on page 11 for a more detailed summary of the changes introduced by this revision. 1.2 Useful terms In this specification, a "server" is a machine that provides resources to the network; a "client" is a machine that accesses resources over the network; a "user" is a person logged in on a client; an "application" is a program that executes on a client. 1.3 Remote Procedure Call The Sun Remote Procedure Call specification provides a procedure-oriented interface to remote services. Each server supplies a program, which is a set of procedures. The NFS service is one such program. The combination of host address, program number, version number, and procedure number specify one remote service procedure. Servers can support multiple versions of a program by using different protocol version numbers. The NFS protocol was designed to not require any specific level of reliability from its lower levels so it could potentially be used on many underlying transport protocols. The NFS service is based on RPC which provides the abstraction above lower level network and transport protocols. The rest of this document assumes the NFS environment is implemented on top of Sun RPC, which is specified in [RFC1057]. A complete discussion is found in [Corbin]. 1.4 External Data Representation The eXternal Data Representation (XDR) specification provides a standard way of representing a set of data types on a network. This solves the problem of different byte orders, structure alignment, and data type representation on different, communicating machines. In this document, the RPC Data Description Language is used to specify the XDR format parameters and results to each of the RPC service procedures that an NFS server provides. The RPC Data Callaghan, el al Informational [Page 5] RFC 1813 NFS Version 3 Protocol June 1995 Description Language is similar to declarations in the C programming language. A few new constructs have been added. The notation: string name[SIZE]; string data; defines name, which is a fixed size block of SIZE bytes, and data, which is a variable sized block of up to DSIZE bytes. This notation indicates fixed-length arrays and arrays with a variable number of elements up to a fixed maximum. A variable-length definition with no size specified means there is no maximum size for the field. The discriminated union definition: union example switch (enum status) { case OK: struct { filename file1; filename file2; integer count; } case ERROR: struct { errstat error; integer errno; } default: void; } defines a structure where the first thing over the network is an enumeration type called status. If the value of status is OK, the next thing on the network will be the structure containing file1, file2, and count. Else, if the value of status is ERROR, the next thing on the network will be a structure containing error and errno. If the value of status is neither OK nor ERROR, then there is no more data in the structure. The XDR type, hyper, is an 8 byte (64 bit) quantity. It is used in the same way as the integer type. For example: hyper foo; unsigned hyper bar; foo is an 8 byte signed value, while bar is an 8 byte unsigned value. Callaghan, el al Informational [Page 6] RFC 1813 NFS Version 3 Protocol June 1995 Although RPC/XDR compilers exist to generate client and server stubs from RPC Data Description Language input, NFS implementations do not require their use. Any software that provides equivalent encoding and decoding to the canonical network order of data defined by XDR can be used to interoperate with other NFS implementations. XDR is described in [RFC1014]. 1.5 Authentication and Permission Checking The RPC protocol includes a slot for authentication parameters on every call. The contents of the authentication parameters are determined by the type of authentication used by the server and client. A server may support several different flavors of authentication at once. The AUTH_NONE flavor provides null authentication, that is, no authentication information is passed. The AUTH_UNIX flavor provides UNIX-style user ID, group ID, and groups with each call. The AUTH_DES flavor provides DES-encrypted authentication parameters based on a network-wide name, with session keys exchanged via a public key scheme. The AUTH_KERB flavor provides DES encrypted authentication parameters based on a network-wide name with session keys exchanged via Kerberos secret keys. The NFS server checks permissions by taking the credentials from the RPC authentication information in each remote request. For example, using the AUTH_UNIX flavor of authentication, the server gets the user's effective user ID, effective group ID and groups on each call, and uses them to check access. Using user ids and group ids implies that the client and server either share the same ID list or do local user and group ID mapping. Servers and clients must agree on the mapping from user to uid and from group to gid, for those sites that do not implement a consistent user ID and group ID space. In practice, such mapping is typically performed on the server, following a static mapping scheme or a mapping established by the user from a client at mount time. The AUTH_DES and AUTH_KERB style of authentication is based on a network-wide name. It provides greater security through the use of DES encryption and public keys in the case of AUTH_DES, and DES encryption and Kerberos secret keys (and tickets) in the AUTH_KERB case. Again, the server and client must agree on the identity of a particular name on the network, but the name to identity mapping is more operating system independent than the uid and gid mapping in AUTH_UNIX. Also, because the authentication parameters are encrypted, a malicious user must Callaghan, el al Informational [Page 7] RFC 1813 NFS Version 3 Protocol June 1995 know another users network password or private key to masquerade as that user. Similarly, the server returns a verifier that is also encrypted so that masquerading as a server requires knowing a network password. The NULL procedure typically requires no authentication. 1.6 Philosophy This specification defines the NFS version 3 protocol, that is the over-the-wire protocol by which a client accesses a server. The protocol provides a well-defined interface to a server's file resources. A client or server implements the protocol and provides a mapping of the local file system semantics and actions into those defined in the NFS version 3 protocol. Implementations may differ to varying degrees, depending on the extent to which a given environment can support all the operations and semantics defined in the NFS version 3 protocol. Although implementations exist and are used to illustrate various aspects of the NFS version 3 protocol, the protocol specification itself is the final description of how clients access server resources. Because the NFS version 3 protocol is designed to be operating-system independent, it does not necessarily match the semantics of any existing system. Server implementations are expected to make a best effort at supporting the protocol. If a server cannot support a particular protocol procedure, it may return the error, NFS3ERR_NOTSUP, that indicates that the operation is not supported. For example, many operating systems do not support the notion of a hard link. A server that cannot support hard links should return NFS3ERR_NOTSUP in response to a LINK request. FSINFO describes the most commonly unsupported procedures in the properties bit map. Alternatively, a server may not natively support a given operation, but can emulate it in the NFS version 3 protocol implementation to provide greater functionality. In some cases, a server can support most of the semantics described by the protocol but not all. For example, the ctime field in the fattr structure gives the time that a file's attributes were last modified. Many systems do not keep this information. In this case, rather than not support the GETATTR operation, a server could simulate it by returning the last modified time in place of ctime. Servers must be careful when simulating attribute information because of possible side effects on clients. For example, many clients use file modification times as a basis for their cache consistency Callaghan, el al Informational [Page 8] RFC 1813 NFS Version 3 Protocol June 1995 scheme. NFS servers are dumb and NFS clients are smart. It is the clients that do the work required to convert the generalized file access that servers provide into a file access method that is useful to applications and users. In the LINK example given above, a UNIX client that received an NFS3ERR_NOTSUP error from a server would do the recovery necessary to either make it look to the application like the link request had succeeded or return a reasonable error. In general, it is the burden of the client to recover. The NFS version 3 protocol assumes a stateless server implementation. Statelessness means that the server does not need to maintain state about any of its clients in order to function correctly. Stateless servers have a distinct advantage over stateful servers in the event of a crash. With stateless servers, a client need only retry a request until the server responds; the client does not even need to know that the server has crashed. See additional comments in Duplicate request cache on page 99. For a server to be useful, it holds nonvolatile state: data stored in the file system. Design assumptions in the NFS version 3 protocol regarding flushing of modified data to stable storage reduce the number of failure modes in which data loss can occur. In this way, NFS version 3 protocol implementations can tolerate transient failures, including transient failures of the network. In general, server implementations of the NFS version 3 protocol cannot tolerate a non-transient failure of the stable storage itself. However, there exist fault tolerant implementations which attempt to address such problems. That is not to say that an NFS version 3 protocol server can't maintain noncritical state. In many cases, servers will maintain state (cache) about previous operations to increase performance. For example, a client READ request might trigger a read-ahead of the next block of the file into the server's data cache in the anticipation that the client is doing a sequential read and the next client READ request will be satisfied from the server's data cache instead of from the disk. Read-ahead on the server increases performance by overlapping server disk I/O with client requests. The important point here is that the read-ahead block is not necessary for correct server behavior. If the server crashes and loses its memory cache of read buffers, recovery is simple on reboot - clients will continue read operations retrieving data from the server disk. Callaghan, el al Informational [Page 9] RFC 1813 NFS Version 3 Protocol June 1995 Most data-modifying operations in the NFS protocol are synchronous. That is, when a data modifying procedure returns to the client, the client can assume that the operation has completed and any modified data associated with the request is now on stable storage. For example, a synchronous client WRITE request may cause the server to update data blocks, file system information blocks, and file attribute information - the latter information is usually referred to as metadata. When the WRITE operation completes, the client can assume that the write data is safe and discard it. This is a very important part of the stateless nature of the server. If the server did not flush dirty data to stable storage before returning to the client, the client would have no way of knowing when it was safe to discard modified data. The following data modifying procedures are synchronous: WRITE (with stable flag set to FILE_SYNC), CREATE, MKDIR, SYMLINK, MKNOD, REMOVE, RMDIR, RENAME, LINK, and COMMIT. The NFS version 3 protocol introduces safe asynchronous writes on the server, when the WRITE procedure is used in conjunction with the COMMIT procedure. The COMMIT procedure provides a way for the client to flush data from previous asynchronous WRITE requests on the server to stable storage and to detect whether it is necessary to retransmit the data. See the procedure descriptions of WRITE on page 49 and COMMIT on page 92. The LOOKUP procedure is used by the client to traverse multicomponent file names (pathnames). Each call to LOOKUP is used to resolve one segment of a pathname. There are two reasons for restricting LOOKUP to a single segment: it is hard to standardize a common format for hierarchical file names and the client and server may have different mappings of pathnames to file systems. This would imply that either the client must break the path name at file system attachment points, or the server must know about the client's file system attachment points. In NFS version 3 protocol implementations, it is the client that constructs the hierarchical file name space using mounts to build a hierarchy. Support utilities, such as the Automounter, provide a way to manage a shared, consistent image of the file name space while still being driven by the client mount process. Clients can perform caching in varied manner. The general practice with the NFS version 2 protocol was to implement a time-based client-server cache consistency mechanism. It is expected NFS version 3 protocol implementations will use a similar mechanism. The NFS version 3 protocol has some explicit support, in the form of additional attribute information to eliminate explicit attribute checks. However, caching is not Callaghan, el al Informational [Page 10] RFC 1813 NFS Version 3 Protocol June 1995 required, nor is any caching policy defined by the protocol. Neither the NFS version 2 protocol nor the NFS version 3 protocol provide a means of maintaining strict client-server consistency (and, by implication, consistency across client caches). 1.7 Changes from the NFS Version 2 Protocol The ROOT and WRITECACHE procedures have been removed. A MKNOD procedure has been defined to allow the creation of special files, eliminating the overloading of CREATE. Caching on the client is not defined nor dictated by the NFS version 3 protocol, but additional information and hints have been added to the protocol to allow clients that implement caching to manage their caches more effectively. Procedures that affect the attributes of a file or directory may now return the new attributes after the operation has completed to optimize out a subsequent GETATTR used in validating attribute caches. In addition, operations that modify the directory in which the target object resides return the old and new attributes of the directory to allow clients to implement more intelligent cache invalidation procedures. The ACCESS procedure provides access permission checking on the server, the FSSTAT procedure returns dynamic information about a file system, the FSINFO procedure returns static information about a file system and server, the READDIRPLUS procedure returns file handles and attributes in addition to directory entries, and the PATHCONF procedure returns POSIX pathconf information about a file. Below is a list of the important changes between the NFS version 2 protocol and the NFS version 3 protocol. File handle size The file handle has been increased to a variable-length array of 64 bytes maximum from a fixed array of 32 bytes. This addresses some known requirements for a slightly larger file handle size. The file handle was converted from fixed length to variable length to reduce local storage and network bandwidth requirements for systems which do not utilize the full 64 bytes of length. Maximum data sizes The maximum size of a data transfer used in the READ and WRITE procedures is now set by values in the FSINFO return structure. In addition, preferred transfer sizes are returned by FSINFO. The protocol does not place any artificial limits on the maximum transfer sizes. Callaghan, el al Informational [Page 11] RFC 1813 NFS Version 3 Protocol June 1995 Filenames and pathnames are now specified as strings of variable length. The actual length restrictions are determined by the client and server implementations as appropriate. The protocol does not place any artificial limits on the length. The error, NFS3ERR_NAMETOOLONG, is provided to allow the server to return an indication to the client that it received a pathname that was too long for it to handle. Error return Error returns in some instances now return data (for example, attributes). nfsstat3 now defines the full set of errors that can be returned by a server. No other values are allowed. File type The file type now includes NF3CHR and NF3BLK for special files. Attributes for these types include subfields for UNIX major and minor devices numbers. NF3SOCK and NF3FIFO are now defined for sockets and fifos in the file system. File attributes The blocksize (the size in bytes of a block in the file) field has been removed. The mode field no longer contains file type information. The size and fileid fields have been widened to eight-byte unsigned integers from four-byte integers. Major and minor device information is now presented in a distinct structure. The blocks field name has been changed to used and now contains the total number of bytes used by the file. It is also an eight-byte unsigned integer. Set file attributes In the NFS version 2 protocol, the settable attributes were represented by a subset of the file attributes structure; the client indicated those attributes which were not to be modified by setting the corresponding field to -1, overloading some unsigned fields. The set file attributes structure now uses a discriminated union for each field to tell whether or how to set that field. The atime and mtime fields can be set to either the server's current time or a time supplied by the client. LOOKUP The LOOKUP return structure now includes the attributes for the directory searched. Callaghan, el al Informational [Page 12] RFC 1813 NFS Version 3 Protocol June 1995 ACCESS An ACCESS procedure has been added to allow an explicit over-the-wire permissions check. This addresses known problems with the superuser ID mapping feature in many server implementations (where, due to mapping of root user, unexpected permission denied errors could occur while reading from or writing to a file). This also removes the assumption which was made in the NFS version 2 protocol that access to files was based solely on UNIX style mode bits. READ The reply structure includes a Boolean that is TRUE if the end-of-file was encountered during the READ. This allows the client to correctly detect end-of-file. WRITE The beginoffset and totalcount fields were removed from the WRITE arguments. The reply now includes a count so that the server can write less than the requested amount of data, if required. An indicator was added to the arguments to instruct the server as to the level of cache synchronization that is required by the client. CREATE An exclusive flag and a create verifier was added for the exclusive creation of regular files. MKNOD This procedure was added to support the creation of special files. This avoids overloading fields of CREATE as was done in some NFS version 2 protocol implementations. READDIR The READDIR arguments now include a verifier to allow the server to validate the cookie. The cookie is now a 64 bit unsigned integer instead of the 4 byte array which was used in the NFS version 2 protocol. This will help to reduce interoperability problems. READDIRPLUS This procedure was added to return file handles and attributes in an extended directory list. FSINFO FSINFO was added to provide nonvolatile information about a file system. The reply includes preferred and Callaghan, el al Informational [Page 13] RFC 1813 NFS Version 3 Protocol June 1995 maximum read transfer size, preferred and maximum write transfer size, and flags stating whether links or symbolic links are supported. Also returned are preferred transfer size for READDIR procedure replies, server time granularity, and whether times can be set in a SETATTR request. FSSTAT FSSTAT was added to provide volatile information about a file system, for use by utilities such as the Unix system df command. The reply includes the total size and free space in the file system specified in bytes, the total number of files and number of free file slots in the file system, and an estimate of time between file system modifications (for use in cache consistency checking algorithms). COMMIT The COMMIT procedure provides the synchronization mechanism to be used with asynchronous WRITE operations. 2. RPC Information 2.1 Authentication The NFS service uses AUTH_NONE in the NULL procedure. AUTH_UNIX, AUTH_DES, or AUTH_KERB are used for all other procedures. Other authentication types may be supported in the future. 2.2 Constants These are the RPC constants needed to call the NFS Version 3 service. They are given in decimal. PROGRAM 100003 VERSION 3 2.3 Transport address The NFS protocol is normally supported over the TCP and UDP protocols. It uses port 2049, the same as the NFS version 2 protocol. 2.4 Sizes These are the sizes, given in decimal bytes, of various XDR structures used in the NFS version 3 protocol: Callaghan, el al Informational [Page 14] RFC 1813 NFS Version 3 Protocol June 1995 NFS3_FHSIZE 64 The maximum size in bytes of the opaque file handle. NFS3_COOKIEVERFSIZE 8 The size in bytes of the opaque cookie verifier passed by READDIR and READDIRPLUS. NFS3_CREATEVERFSIZE 8 The size in bytes of the opaque verifier used for exclusive CREATE. NFS3_WRITEVERFSIZE 8 The size in bytes of the opaque verifier used for asynchronous WRITE. 2.5 Basic Data Types The following XDR definitions are basic definitions that are used in other structures. uint64 typedef unsigned hyper uint64; int64 typedef hyper int64; uint32 typedef unsigned long uint32; int32 typedef long int32; filename3 typedef string filename3<>; nfspath3 typedef string nfspath3<>; fileid3 typedef uint64 fileid3; cookie3 typedef uint64 cookie3; cookieverf3 typedef opaque cookieverf3[NFS3_COOKIEVERFSIZE]; Callaghan, el al Informational [Page 15] RFC 1813 NFS Version 3 Protocol June 1995 createverf3 typedef opaque createverf3[NFS3_CREATEVERFSIZE]; writeverf3 typedef opaque writeverf3[NFS3_WRITEVERFSIZE]; uid3 typedef uint32 uid3; gid3 typedef uint32 gid3; size3 typedef uint64 size3; offset3 typedef uint64 offset3; mode3 typedef uint32 mode3; count3 typedef uint32 count3; nfsstat3 enum nfsstat3 { NFS3_OK = 0, NFS3ERR_PERM = 1, NFS3ERR_NOENT = 2, NFS3ERR_IO = 5, NFS3ERR_NXIO = 6, NFS3ERR_ACCES = 13, NFS3ERR_EXIST = 17, NFS3ERR_XDEV = 18, NFS3ERR_NODEV = 19, NFS3ERR_NOTDIR = 20, NFS3ERR_ISDIR = 21, NFS3ERR_INVAL = 22, NFS3ERR_FBIG = 27, NFS3ERR_NOSPC = 28, NFS3ERR_ROFS = 30, NFS3ERR_MLINK = 31, NFS3ERR_NAMETOOLONG = 63, NFS3ERR_NOTEMPTY = 66, NFS3ERR_DQUOT = 69, NFS3ERR_STALE = 70, NFS3ERR_REMOTE = 71, NFS3ERR_BADHANDLE = 10001, Callaghan, el al Informational [Page 16] RFC 1813 NFS Version 3 Protocol June 1995 NFS3ERR_NOT_SYNC = 10002, NFS3ERR_BAD_COOKIE = 10003, NFS3ERR_NOTSUPP = 10004, NFS3ERR_TOOSMALL = 10005, NFS3ERR_SERVERFAULT = 10006, NFS3ERR_BADTYPE = 10007, NFS3ERR_JUKEBOX = 10008 }; The nfsstat3 type is returned with every procedure's results except for the NULL procedure. A value of NFS3_OK indicates that the call completed successfully. Any other value indicates that some error occurred on the call, as identified by the error code. Note that the precise numeric encoding must be followed. No other values may be returned by a server. Servers are expected to make a best effort mapping of error conditions to the set of error codes defined. In addition, no error precedences are specified by this specification. Error precedences determine the error value that should be returned when more than one error applies in a given situation. The error precedence will be determined by the individual server implementation. If the client requires specific error precedences, it should check for the specific errors for itself. 2.6 Defined Error Numbers A description of each defined error follows: NFS3_OK Indicates the call completed successfully. NFS3ERR_PERM Not owner. The operation was not allowed because the caller is either not a privileged user (root) or not the owner of the target of the operation. NFS3ERR_NOENT No such file or directory. The file or directory name specified does not exist. NFS3ERR_IO I/O error. A hard error (for example, a disk error) occurred while processing the requested operation. NFS3ERR_NXIO I/O error. No such device or address. Callaghan, el al Informational [Page 17] RFC 1813 NFS Version 3 Protocol June 1995 NFS3ERR_ACCES Permission denied. The caller does not have the correct permission to perform the requested operation. Contrast this with NFS3ERR_PERM, which restricts itself to owner or privileged user permission failures. NFS3ERR_EXIST File exists. The file specified already exists. NFS3ERR_XDEV Attempt to do a cross-device hard link. NFS3ERR_NODEV No such device. NFS3ERR_NOTDIR Not a directory. The caller specified a non-directory in a directory operation. NFS3ERR_ISDIR Is a directory. The caller specified a directory in a non-directory operation. NFS3ERR_INVAL Invalid argument or unsupported argument for an operation. Two examples are attempting a READLINK on an object other than a symbolic link or attempting to SETATTR a time field on a server that does not support this operation. NFS3ERR_FBIG File too large. The operation would have caused a file to grow beyond the server's limit. NFS3ERR_NOSPC No space left on device. The operation would have caused the server's file system to exceed its limit. NFS3ERR_ROFS Read-only file system. A modifying operation was attempted on a read-only file system. NFS3ERR_MLINK Too many hard links. NFS3ERR_NAMETOOLONG The filename in an operation was too long. Callaghan, el al Informational [Page 18] RFC 1813 NFS Version 3 Protocol June 1995 NFS3ERR_NOTEMPTY An attempt was made to remove a directory that was not empty. NFS3ERR_DQUOT Resource (quota) hard limit exceeded. The user's resource limit on the server has been exceeded. NFS3ERR_STALE Invalid file handle. The file handle given in the arguments was invalid. The file referred to by that file handle no longer exists or access to it has been revoked. NFS3ERR_REMOTE Too many levels of remote in path. The file handle given in the arguments referred to a file on a non-local file system on the server. NFS3ERR_BADHANDLE Illegal NFS file handle. The file handle failed internal consistency checks. NFS3ERR_NOT_SYNC Update synchronization mismatch was detected during a SETATTR operation. NFS3ERR_BAD_COOKIE READDIR or READDIRPLUS cookie is stale. NFS3ERR_NOTSUPP Operation is not supported. NFS3ERR_TOOSMALL Buffer or request is too small. NFS3ERR_SERVERFAULT An error occurred on the server which does not map to any of the legal NFS version 3 protocol error values. The client should translate this into an appropriate error. UNIX clients may choose to translate this to EIO. NFS3ERR_BADTYPE An attempt was made to create an object of a type not supported by the server. Callaghan, el al Informational [Page 19] RFC 1813 NFS Version 3 Protocol June 1995 NFS3ERR_JUKEBOX The server initiated the request, but was not able to complete it in a timely fashion. The client should wait and then try the request with a new RPC transaction ID. For example, this error should be returned from a server that supports hierarchical storage and receives a request to process a file that has been migrated. In this case, the server should start the immigration process and respond to client with this error. ftype3 enum ftype3 { NF3REG = 1, NF3DIR = 2, NF3BLK = 3, NF3CHR = 4, NF3LNK = 5, NF3SOCK = 6, NF3FIFO = 7 }; The enumeration, ftype3, gives the type of a file. The type, NF3REG, is a regular file, NF3DIR is a directory, NF3BLK is a block special device file, NF3CHR is a character special device file, NF3LNK is a symbolic link, NF3SOCK is a socket, and NF3FIFO is a named pipe. Note that the precise enum encoding must be followed. specdata3 struct specdata3 { uint32 specdata1; uint32 specdata2; }; The interpretation of the two words depends on the type of file system object. For a block special (NF3BLK) or character special (NF3CHR) file, specdata1 and specdata2 are the major and minor device numbers, respectively. (This is obviously a UNIX-specific interpretation.) For all other file types, these two elements should either be set to 0 or the values should be agreed upon by the client and server. If the client and server do not agree upon the values, the client should treat these fields as if they are set to 0. This data field is returned as part of the fattr3 structure and so is available from all replies returning attributes. Since these fields are otherwise unused for objects which are not devices, out of band Callaghan, el al Informational [Page 20] RFC 1813 NFS Version 3 Protocol June 1995 information can be passed from the server to the client. However, once again, both the server and the client must agree on the values passed. nfs_fh3 struct nfs_fh3 { opaque data; }; The nfs_fh3 is the variable-length opaque object returned by the server on LOOKUP, CREATE, SYMLINK, MKNOD, LINK, or READDIRPLUS operations, which is used by the client on subsequent operations to reference the file. The file handle contains all the information the server needs to distinguish an individual file. To the client, the file handle is opaque. The client stores file handles for use in a later request and can compare two file handles from the same server for equality by doing a byte-by-byte comparison, but cannot otherwise interpret the contents of file handles. If two file handles from the same server are equal, they must refer to the same file, but if they are not equal, no conclusions can be drawn. Servers should try to maintain a one-to-one correspondence between file handles and files, but this is not required. Clients should use file handle comparisons only to improve performance, not for correct behavior. Servers can revoke the access provided by a file handle at any time. If the file handle passed in a call refers to a file system object that no longer exists on the server or access for that file handle has been revoked, the error, NFS3ERR_STALE, should be returned. nfstime3 struct nfstime3 { uint32 seconds; uint32 nseconds; }; The nfstime3 structure gives the number of seconds and nanoseconds since midnight January 1, 1970 Greenwich Mean Time. It is used to pass time and date information. The times associated with files are all server times except in the case of a SETATTR operation where the client can explicitly set the file time. A server converts to and from local time when processing time values, preserving as much accuracy as possible. If the precision of timestamps stored for a file is less than that Callaghan, el al Informational [Page 21] RFC 1813 NFS Version 3 Protocol June 1995 defined by NFS version 3 protocol, loss of precision can occur. An adjunct time maintenance protocol is recommended to reduce client and server time skew. fattr3 struct fattr3 { ftype3 type; mode3 mode; uint32 nlink; uid3 uid; gid3 gid; size3 size; size3 used; specdata3 rdev; uint64 fsid; fileid3 fileid; nfstime3 atime; nfstime3 mtime; nfstime3 ctime; }; This structure defines the attributes of a file system object. It is returned by most operations on an object; in the case of operations that affect two objects (for example, a MKDIR that modifies the target directory attributes and defines new attributes for the newly created directory), the attributes for both may be returned. In some cases, the attributes are returned in the structure, wcc_data, which is defined below; in other cases the attributes are returned alone. The main changes from the NFS version 2 protocol are that many of the fields have been widened and the major/minor device information is now presented in a distinct structure rather than being packed into a word. The fattr3 structure contains the basic attributes of a file. All servers should support this set of attributes even if they have to simulate some of the fields. Type is the type of the file. Mode is the protection mode bits. Nlink is the number of hard links to the file - that is, the number of different names for the same file. Uid is the user ID of the owner of the file. Gid is the group ID of the group of the file. Size is the size of the file in bytes. Used is the number of bytes of disk space that the file actually uses (which can be smaller than the size because the file may have holes or it may be larger due to fragmentation). Rdev describes the device file if the file type is NF3CHR or NF3BLK - see specdata3 on page 20. Fsid is the file system identifier for the file system. Fileid is a number which uniquely identifies the file within its file system (on UNIX Callaghan, el al Informational [Page 22] RFC 1813 NFS Version 3 Protocol June 1995 this would be the inumber). Atime is the time when the file data was last accessed. Mtime is the time when the file data was last modified. Ctime is the time when the attributes of the file were last changed. Writing to the file changes the ctime in addition to the mtime. The mode bits are defined as follows: 0x00800 Set user ID on execution. 0x00400 Set group ID on execution. 0x00200 Save swapped text (not defined in POSIX). 0x00100 Read permission for owner. 0x00080 Write permission for owner. 0x00040 Execute permission for owner on a file. Or lookup (search) permission for owner in directory. 0x00020 Read permission for group. 0x00010 Write permission for group. 0x00008 Execute permission for group on a file. Or lookup (search) permission for group in directory. 0x00004 Read permission for others. 0x00002 Write permission for others. 0x00001 Execute permission for others on a file. Or lookup (search) permission for others in directory. post_op_attr union post_op_attr switch (bool attributes_follow) { case TRUE: fattr3 attributes; case FALSE: void; }; This structure is used for returning attributes in those operations that are not directly involved with manipulating attributes. One of the principles of this revision of the NFS protocol is to return the real value from the indicated operation and not an error from an incidental operation. The post_op_attr structure was designed to allow the server to recover from errors encountered while getting attributes. This appears to make returning attributes optional. However, server implementors are strongly encouraged to make best effort to return attributes whenever possible, even when returning an error. Callaghan, el al Informational [Page 23] RFC 1813 NFS Version 3 Protocol June 1995 wcc_attr struct wcc_attr { size3 size; nfstime3 mtime; nfstime3 ctime; }; This is the subset of pre-operation attributes needed to better support the weak cache consistency semantics. Size is the file size in bytes of the object before the operation. Mtime is the time of last modification of the object before the operation. Ctime is the time of last change to the attributes of the object before the operation. See discussion in wcc_attr on page 24. The use of mtime by clients to detect changes to file system objects residing on a server is dependent on the granularity of the time base on the server. pre_op_attr union pre_op_attr switch (bool attributes_follow) { case TRUE: wcc_attr attributes; case FALSE: void; }; wcc_data struct wcc_data { pre_op_attr before; post_op_attr after; }; When a client performs an operation that modifies the state of a file or directory on the server, it cannot immediately determine from the post-operation attributes whether the operation just performed was the only operation on the object since the last time the client received the attributes for the object. This is important, since if an intervening operation has changed the object, the client will need to invalidate any cached data for the object (except for the data that it just wrote). To deal with this, the notion of weak cache consistency data or wcc_data is introduced. A wcc_data structure consists of certain key fields from the object attributes before the operation, together with the object attributes after the operation. This Callaghan, el al Informational [Page 24] RFC 1813 NFS Version 3 Protocol June 1995 information allows the client to manage its cache more accurately than in NFS version 2 protocol implementations. The term, weak cache consistency, emphasizes the fact that this mechanism does not provide the strict server-client consistency that a cache consistency protocol would provide. In order to support the weak cache consistency model, the server will need to be able to get the pre-operation attributes of the object, perform the intended modify operation, and then get the post-operation attributes atomically. If there is a window for the object to get modified between the operation and either of the get attributes operations, then the client will not be able to determine whether it was the only entity to modify the object. Some information will have been lost, thus weakening the weak cache consistency guarantees. post_op_fh3 union post_op_fh3 switch (bool handle_follows) { case TRUE: nfs_fh3 handle; case FALSE: void; }; One of the principles of this revision of the NFS protocol is to return the real value from the indicated operation and not an error from an incidental operation. The post_op_fh3 structure was designed to allow the server to recover from errors encountered while constructing a file handle. This is the structure used to return a file handle from the CREATE, MKDIR, SYMLINK, MKNOD, and READDIRPLUS requests. In each case, the client can get the file handle by issuing a LOOKUP request after a successful return from one of the listed operations. Returning the file handle is an optimization so that the client is not forced to immediately issue a LOOKUP request to get the file handle. sattr3 enum time_how { DONT_CHANGE = 0, SET_TO_SERVER_TIME = 1, SET_TO_CLIENT_TIME = 2 }; union set_mode3 switch (bool set_it) { Callaghan, el al Informational [Page 25] RFC 1813 NFS Version 3 Protocol June 1995 case TRUE: mode3 mode; default: void; }; union set_uid3 switch (bool set_it) { case TRUE: uid3 uid; default: void; }; union set_gid3 switch (bool set_it) { case TRUE: gid3 gid; default: void; }; union set_size3 switch (bool set_it) { case TRUE: size3 size; default: void; }; union set_atime switch (time_how set_it) { case SET_TO_CLIENT_TIME: nfstime3 atime; default: void; }; union set_mtime switch (time_how set_it) { case SET_TO_CLIENT_TIME: nfstime3 mtime; default: void; }; struct sattr3 { set_mode3 mode; set_uid3 uid; set_gid3 gid; set_size3 size; set_atime atime; set_mtime mtime; Callaghan, el al Informational [Page 26] RFC 1813 NFS Version 3 Protocol June 1995 }; The sattr3 structure contains the file attributes that can be set from the client. The fields are the same as the similarly named fields in the fattr3 structure. In the NFS version 3 protocol, the settable attributes are described by a structure containing a set of discriminated unions. Each union indicates whether the corresponding attribute is to be updated, and if so, how. There are two forms of discriminated unions used. In setting the mode, uid, gid, or size, the discriminated union is switched on a boolean, set_it; if it is TRUE, a value of the appropriate type is then encoded. In setting the atime or mtime, the union is switched on an enumeration type, set_it. If set_it has the value DONT_CHANGE, the corresponding attribute is unchanged. If it has the value, SET_TO_SERVER_TIME, the corresponding attribute is set by the server to its local time; no data is provided by the client. Finally, if set_it has the value, SET_TO_CLIENT_TIME, the attribute is set to the time passed by the client in an nfstime3 structure. (See FSINFO on page 86, which addresses the issue of time granularity). diropargs3 struct diropargs3 { nfs_fh3 dir; filename3 name; }; The diropargs3 structure is used in directory operations. The file handle, dir, identifies the directory in which to manipulate or access the file, name. See additional comments in File name component handling on page 101. 3. Server Procedures The following sections define the RPC procedures that are supplied by an NFS version 3 protocol server. The RPC procedure number is given at the top of the page with the name. The SYNOPSIS provides the name of the procedure, the list of the names of the arguments, the list of the names of the results, followed by the XDR argument declarations and results declarations. The information in the SYNOPSIS is specified in RPC Data Description Language as defined in [RFC1014]. The DESCRIPTION section tells what the procedure Callaghan, el al Informational [Page 27] RFC 1813 NFS Version 3 Protocol June 1995 is expected to do and how its arguments and results are used. The ERRORS section lists the errors returned for specific types of failures. These lists are not intended to be the definitive statement of all of the errors which can be returned by any specific procedure, but as a guide for the more common errors which may be returned. Client implementations should be prepared to deal with unexpected errors coming from a server. The IMPLEMENTATION field gives information about how the procedure is expected to work and how it should be used by clients. program NFS_PROGRAM { version NFS_V3 { void NFSPROC3_NULL(void) = 0; GETATTR3res NFSPROC3_GETATTR(GETATTR3args) = 1; SETATTR3res NFSPROC3_SETATTR(SETATTR3args) = 2; LOOKUP3res NFSPROC3_LOOKUP(LOOKUP3args) = 3; ACCESS3res NFSPROC3_ACCESS(ACCESS3args) = 4; READLINK3res NFSPROC3_READLINK(READLINK3args) = 5; READ3res NFSPROC3_READ(READ3args) = 6; WRITE3res NFSPROC3_WRITE(WRITE3args) = 7; CREATE3res NFSPROC3_CREATE(CREATE3args) = 8; MKDIR3res NFSPROC3_MKDIR(MKDIR3args) = 9; SYMLINK3res NFSPROC3_SYMLINK(SYMLINK3args) = 10; Callaghan, el al Informational [Page 28] RFC 1813 NFS Version 3 Protocol June 1995 MKNOD3res NFSPROC3_MKNOD(MKNOD3args) = 11; REMOVE3res NFSPROC3_REMOVE(REMOVE3args) = 12; RMDIR3res NFSPROC3_RMDIR(RMDIR3args) = 13; RENAME3res NFSPROC3_RENAME(RENAME3args) = 14; LINK3res NFSPROC3_LINK(LINK3args) = 15; READDIR3res NFSPROC3_READDIR(READDIR3args) = 16; READDIRPLUS3res NFSPROC3_READDIRPLUS(READDIRPLUS3args) = 17; FSSTAT3res NFSPROC3_FSSTAT(FSSTAT3args) = 18; FSINFO3res NFSPROC3_FSINFO(FSINFO3args) = 19; PATHCONF3res NFSPROC3_PATHCONF(PATHCONF3args) = 20; COMMIT3res NFSPROC3_COMMIT(COMMIT3args) = 21; } = 3; } = 100003; Out of range (undefined) procedure numbers result in RPC errors. Refer to [RFC1057] for more detail. 3.1 General comments on attributes and consistency data on failure For those procedures that return either post_op_attr or wcc_data structures on failure, the discriminated union may contain the pre-operation attributes of the object or object parent directory. This depends on the error encountered and may also depend on the particular server implementation. Implementors are strongly encouraged to return as much attribute data as possible upon failure, but client implementors need to be aware that Callaghan, el al Informational [Page 29] RFC 1813 NFS Version 3 Protocol June 1995 their implementation must correctly handle the variant return instance where no attributes or consistency data is returned. 3.2 General comments on filenames The following comments apply to all NFS version 3 protocol procedures in which the client provides one or more filenames in the arguments: LOOKUP, CREATE, MKDIR, SYMLINK, MKNOD, REMOVE, RMDIR, RENAME, and LINK. 1. The filename must not be null nor may it be the null string. The server should return the error, NFS3ERR_ACCES, if it receives such a filename. On some clients, the filename, ``'' or a null string, is assumed to be an alias for the current directory. Clients which require this functionality should implement it for themselves and not depend upon the server to support such semantics. 2. A filename having the value of "." is assumed to be an alias for the current directory. Clients which require this functionality should implement it for themselves and not depend upon the server to support such semantics. However, the server should be able to handle such a filename correctly. 3. A filename having the value of ".." is assumed to be an alias for the parent of the current directory, i.e. the directory which contains the current directory. The server should be prepared to handle this semantic, if it supports directories, even if those directories do not contain UNIX-style "." or ".." entries. 4. If the filename is longer than the maximum for the file system (see PATHCONF on page 90, specifically name_max), the result depends on the value of the PATHCONF flag, no_trunc. If no_trunc is FALSE, the filename will be silently truncated to name_max bytes. If no_trunc is TRUE and the filename exceeds the server's file system maximum filename length, the operation will fail with the error, NFS3ERR_NAMETOOLONG. 5. In general, there will be characters that a server will not be able to handle as part of a filename. This set of characters will vary from server to server and from implementation to implementation. In most cases, it is the server which will control the client's view of the file system. If the server receives a filename containing characters that it can not handle, the error, NFS3ERR_EACCES, should be returned. Client implementations should be prepared to handle this side affect of heterogeneity. Callaghan, el al Informational [Page 30] RFC 1813 NFS Version 3 Protocol June 1995 See also comments in File name component handling on page 101. 3.3.0 Procedure 0: NULL - Do nothing SYNOPSIS void NFSPROC3_NULL(void) = 0; DESCRIPTION Procedure NULL does not do any work. It is made available to allow server response testing and timing. IMPLEMENTATION It is important that this procedure do no work at all so that it can be used to measure the overhead of processing a service request. By convention, the NULL procedure should never require any authentication. A server may choose to ignore this convention, in a more secure implementation, where responding to the NULL procedure call acknowledges the existence of a resource to an unauthenticated client. ERRORS Since the NULL procedure takes no NFS version 3 protocol arguments and returns no NFS version 3 protocol response, it can not return an NFS version 3 protocol error. However, it is possible that some server implementations may return RPC errors based on security and authentication requirements. Callaghan, el al Informational [Page 31] RFC 1813 NFS Version 3 Protocol June 1995 3.3.1 Procedure 1: GETATTR - Get file attributes SYNOPSIS GETATTR3res NFSPROC3_GETATTR(GETATTR3args) = 1; struct GETATTR3args { nfs_fh3 object; }; struct GETATTR3resok { fattr3 obj_attributes; }; union GETATTR3res switch (nfsstat3 status) { case NFS3_OK: GETATTR3resok resok; default: void; }; DESCRIPTION Procedure GETATTR retrieves the attributes for a specified file system object. The object is identified by the file handle that the server returned as part of the response from a LOOKUP, CREATE, MKDIR, SYMLINK, MKNOD, or READDIRPLUS procedure (or from the MOUNT service, described elsewhere). On entry, the arguments in GETATTR3args are: object The file handle of an object whose attributes are to be retrieved. On successful return, GETATTR3res.status is NFS3_OK and GETATTR3res.resok contains: obj_attributes The attributes for the object. Otherwise, GETATTR3res.status contains the error on failure and no other results are returned. IMPLEMENTATION The attributes of file system objects is a point of major disagreement between different operating systems. Servers Callaghan, el al Informational [Page 32] RFC 1813 NFS Version 3 Protocol June 1995 should make a best attempt to support all of the attributes in the fattr3 structure so that clients can count on this as a common ground. Some mapping may be required to map local attributes to those in the fattr3 structure. Today, most client NFS version 3 protocol implementations implement a time-bounded attribute caching scheme to reduce over-the-wire attribute checks. ERRORS NFS3ERR_IO NFS3ERR_STALE NFS3ERR_BADHANDLE NFS3ERR_SERVERFAULT SEE ALSO ACCESS. 3.3.2 Procedure 2: SETATTR - Set file attributes SYNOPSIS SETATTR3res NFSPROC3_SETATTR(SETATTR3args) = 2; union sattrguard3 switch (bool check) { case TRUE: nfstime3 obj_ctime; case FALSE: void; }; struct SETATTR3args { nfs_fh3 object; sattr3 new_attributes; sattrguard3 guard; }; struct SETATTR3resok { wcc_data obj_wcc; }; struct SETATTR3resfail { wcc_data obj_wcc; }; Callaghan, el al Informational [Page 33] RFC 1813 NFS Version 3 Protocol June 1995 union SETATTR3res switch (nfsstat3 status) { case NFS3_OK: SETATTR3resok resok; default: SETATTR3resfail resfail; }; DESCRIPTION Procedure SETATTR changes one or more of the attributes of a file system object on the server. The new attributes are specified by a sattr3 structure. On entry, the arguments in SETATTR3args are: object The file handle for the object. new_attributes A sattr3 structure containing booleans and enumerations describing the attributes to be set and the new values for those attributes. guard A sattrguard3 union: check TRUE if the server is to verify that guard.obj_ctime matches the ctime for the object; FALSE otherwise. A client may request that the server check that the object is in an expected state before performing the SETATTR operation. To do this, it sets the argument guard.check to TRUE and the client passes a time value in guard.obj_ctime. If guard.check is TRUE, the server must compare the value of guard.obj_ctime to the current ctime of the object. If the values are different, the server must preserve the object attributes and must return a status of NFS3ERR_NOT_SYNC. If guard.check is FALSE, the server will not perform this check. On successful return, SETATTR3res.status is NFS3_OK and SETATTR3res.resok contains: obj_wcc A wcc_data structure containing the old and new attributes for the object. Callaghan, el al Informational [Page 34] RFC 1813 NFS Version 3 Protocol June 1995 Otherwise, SETATTR3res.status contains the error on failure and SETATTR3res.resfail contains the following: obj_wcc A wcc_data structure containing the old and new attributes for the object. IMPLEMENTATION The guard.check mechanism allows the client to avoid changing the attributes of an object on the basis of stale attributes. It does not guarantee exactly-once semantics. In particular, if a reply is lost and the server does not detect the retransmission of the request, the procedure can fail with the error, NFS3ERR_NOT_SYNC, even though the attribute setting was previously performed successfully. The client can attempt to recover from this error by getting fresh attributes from the server and sending a new SETATTR request using the new ctime. The client can optionally check the attributes to avoid the second SETATTR request if the new attributes show that the attributes have already been set as desired (though it may not have been the issuing client that set the attributes). The new_attributes.size field is used to request changes to the size of a file. A value of 0 causes the file to be truncated, a value less than the current size of the file causes data from new size to the end of the file to be discarded, and a size greater than the current size of the file causes logically zeroed data bytes to be added to the end of the file. Servers are free to implement this using holes or actual zero data bytes. Clients should not make any assumptions regarding a server's implementation of this feature, beyond that the bytes returned will be zeroed. Servers must support extending the file size via SETATTR. SETATTR is not guaranteed atomic. A failed SETATTR may partially change a file's attributes. Changing the size of a file with SETATTR indirectly changes the mtime. A client must account for this as size changes can result in data deletion. If server and client times differ, programs that compare client time to file times can break. A time maintenance protocol should be used to limit client/server time skew. Callaghan, el al Informational [Page 35] RFC 1813 NFS Version 3 Protocol June 1995 In a heterogeneous environment, it is quite possible that the server will not be able to support the full range of SETATTR requests. The error, NFS3ERR_INVAL, may be returned if the server can not store a uid or gid in its own representation of uids or gids, respectively. If the server can only support 32 bit offsets and sizes, a SETATTR request to set the size of a file to larger than can be represented in 32 bits will be rejected with this same error. ERRORS NFS3ERR_PERM NFS3ERR_IO NFS3ERR_ACCES NFS3ERR_INVAL NFS3ERR_NOSPC NFS3ERR_ROFS NFS3ERR_DQUOT NFS3ERR_NOT_SYNC NFS3ERR_STALE NFS3ERR_BADHANDLE NFS3ERR_SERVERFAULT SEE ALSO CREATE, MKDIR, SYMLINK, and MKNOD. Callaghan, el al Informational [Page 36] RFC 1813 NFS Version 3 Protocol June 1995 3.3.3 Procedure 3: LOOKUP - Lookup filename SYNOPSIS LOOKUP3res NFSPROC3_LOOKUP(LOOKUP3args) = 3; struct LOOKUP3args { diropargs3 what; }; struct LOOKUP3resok { nfs_fh3 object; post_op_attr obj_attributes; post_op_attr dir_attributes; }; struct LOOKUP3resfail { post_op_attr dir_attributes; }; union LOOKUP3res switch (nfsstat3 status) { case NFS3_OK: LOOKUP3resok resok; default: LOOKUP3resfail resfail; }; DESCRIPTION Procedure LOOKUP searches a directory for a specific name and returns the file handle for the corresponding file system object. On entry, the arguments in LOOKUP3args are: what Object to look up: dir The file handle for the directory to search. name The filename to be searched for. Refer to General comments on filenames on page 30. On successful return, LOOKUP3res.status is NFS3_OK and LOOKUP3res.resok contains: Callaghan, el al Informational [Page 37] RFC 1813 NFS Version 3 Protocol June 1995 object The file handle of the object corresponding to what.name. obj_attributes The attributes of the object corresponding to what.name. dir_attributes The post-operation attributes of the directory, what.dir. Otherwise, LOOKUP3res.status contains the error on failure and LOOKUP3res.resfail contains the following: dir_attributes The post-operation attributes for the directory, what.dir. IMPLEMENTATION At first glance, in the case where what.name refers to a mount point on the server, two different replies seem possible. The server can return either the file handle for the underlying directory that is mounted on or the file handle of the root of the mounted directory. This ambiguity is simply resolved. A server will not allow a LOOKUP operation to cross a mountpoint to the root of a different filesystem, even if the filesystem is exported. This does not prevent a client from accessing a hierarchy of filesystems exported by a server, but the client must mount each of the filesystems individually so that the mountpoint crossing takes place on the client. A given server implementation may refine these rules given capabilities or limitations particular to that implementation. Refer to [X/OpenNFS] for a discussion on exporting file systems. Two filenames are distinguished, as in the NFS version 2 protocol. The name, ".", is an alias for the current directory and the name, "..", is an alias for the parent directory; that is, the directory that includes the specified directory as a member. There is no facility for dealing with a multiparented directory and the NFS protocol assumes a hierarchical organization, organized as a single-rooted tree. Callaghan, el al Informational [Page 38] RFC 1813 NFS Version 3 Protocol June 1995 Note that this procedure does not follow symbolic links. The client is responsible for all parsing of filenames including filenames that are modified by symbolic links encountered during the lookup process. ERRORS NFS3ERR_IO NFS3ERR_NOENT NFS3ERR_ACCES NFS3ERR_NOTDIR NFS3ERR_NAMETOOLONG NFS3ERR_STALE NFS3ERR_BADHANDLE NFS3ERR_SERVERFAULT SEE ALSO CREATE, MKDIR, SYMLINK, MKNOD, READDIRPLUS, and PATHCONF. Callaghan, el al Informational [Page 39] RFC 1813 NFS Version 3 Protocol June 1995 3.3.4 Procedure 4: ACCESS - Check Access Permission SYNOPSIS ACCESS3res NFSPROC3_ACCESS(ACCESS3args) = 4; const ACCESS3_READ = 0x0001; const ACCESS3_LOOKUP = 0x0002; const ACCESS3_MODIFY = 0x0004; const ACCESS3_EXTEND = 0x0008; const ACCESS3_DELETE = 0x0010; const ACCESS3_EXECUTE = 0x0020; struct ACCESS3args { nfs_fh3 object; uint32 access; }; struct ACCESS3resok { post_op_attr obj_attributes; uint32 access; }; struct ACCESS3resfail { post_op_attr obj_attributes; }; union ACCESS3res switch (nfsstat3 status) { case NFS3_OK: ACCESS3resok resok; default: ACCESS3resfail resfail; }; DESCRIPTION Procedure ACCESS determines the access rights that a user, as identified by the credentials in the request, has with respect to a file system object. The client encodes the set of permissions that are to be checked in a bit mask. The server checks the permissions encoded in the bit mask. A status of NFS3_OK is returned along with a bit mask encoded with the permissions that the client is allowed. The results of this procedure are necessarily advisory in nature. That is, a return status of NFS3_OK and the appropriate bit set in the bit mask does not imply that such access will be allowed to the file system object in Callaghan, el al Informational [Page 40] RFC 1813 NFS Version 3 Protocol June 1995 the future, as access rights can be revoked by the server at any time. On entry, the arguments in ACCESS3args are: object The file handle for the file system object to which access is to be checked. access A bit mask of access permissions to check. The following access permissions may be requested: ACCESS3_READ Read data from file or read a directory. ACCESS3_LOOKUP Look up a name in a directory (no meaning for non-directory objects). ACCESS3_MODIFY Rewrite existing file data or modify existing directory entries. ACCESS3_EXTEND Write new data or add directory entries. ACCESS3_DELETE Delete an existing directory entry. ACCESS3_EXECUTE Execute file (no meaning for a directory). On successful return, ACCESS3res.status is NFS3_OK. The server should return a status of NFS3_OK if no errors occurred that prevented the server from making the required access checks. The results in ACCESS3res.resok are: obj_attributes The post-operation attributes of object. access A bit mask of access permissions indicating access rights for the authentication credentials provided with the request. Callaghan, el al Informational [Page 41] RFC 1813 NFS Version 3 Protocol June 1995 Otherwise, ACCESS3res.status contains the error on failure and ACCESS3res.resfail contains the following: obj_attributes The attributes of object - if access to attributes is permitted. IMPLEMENTATION In general, it is not sufficient for the client to attempt to deduce access permissions by inspecting the uid, gid, and mode fields in the file attributes, since the server may perform uid or gid mapping or enforce additional access control restrictions. It is also possible that the NFS version 3 protocol server may not be in the same ID space as the NFS version 3 protocol client. In these cases (and perhaps others), the NFS version 3 protocol client can not reliably perform an access check with only current file attributes. In the NFS version 2 protocol, the only reliable way to determine whether an operation was allowed was to try it and see if it succeeded or failed. Using the ACCESS procedure in the NFS version 3 protocol, the client can ask the server to indicate whether or not one or more classes of operations are permitted. The ACCESS operation is provided to allow clients to check before doing a series of operations. This is useful in operating systems (such as UNIX) where permission checking is done only when a file or directory is opened. This procedure is also invoked by NFS client access procedure (called possibly through access(2)). The intent is to make the behavior of opening a remote file more consistent with the behavior of opening a local file. The information returned by the server in response to an ACCESS call is not permanent. It was correct at the exact time that the server performed the checks, but not necessarily afterwards. The server can revoke access permission at any time. The NFS version 3 protocol client should use the effective credentials of the user to build the authentication information in the ACCESS request used to determine access rights. It is the effective user and group credentials that are used in subsequent read and write operations. See the comments in Permission issues on page 98 for more information on this topic. Callaghan, el al Informational [Page 42] RFC 1813 NFS Version 3 Protocol June 1995 Many implementations do not directly support the ACCESS3_DELETE permission. Operating systems like UNIX will ignore the ACCESS3_DELETE bit if set on an access request on a non-directory object. In these systems, delete permission on a file is determined by the access permissions on the directory in which the file resides, instead of being determined by the permissions of the file itself. Thus, the bit mask returned for such a request will have the ACCESS3_DELETE bit set to 0, indicating that the client does not have this permission. ERRORS NFS3ERR_IO NFS3ERR_STALE NFS3ERR_BADHANDLE NFS3ERR_SERVERFAULT SEE ALSO GETATTR. Callaghan, el al Informational [Page 43] RFC 1813 NFS Version 3 Protocol June 1995 3.3.5 Procedure 5: READLINK - Read from symbolic link SYNOPSIS READLINK3res NFSPROC3_READLINK(READLINK3args) = 5; struct READLINK3args { nfs_fh3 symlink; }; struct READLINK3resok { post_op_attr symlink_attributes; nfspath3 data; }; struct READLINK3resfail { post_op_attr symlink_attributes; }; union READLINK3res switch (nfsstat3 status) { case NFS3_OK: READLINK3resok resok; default: READLINK3resfail resfail; }; DESCRIPTION Procedure READLINK reads the data associated with a symbolic link. The data is an ASCII string that is opaque to the server. That is, whether created by the NFS version 3 protocol software from a client or created locally on the server, the data in a symbolic link is not interpreted when created, but is simply stored. On entry, the arguments in READLINK3args are: symlink The file handle for a symbolic link (file system object of type NF3LNK). On successful return, READLINK3res.status is NFS3_OK and READLINK3res.resok contains: data The data associated with the symbolic link. symlink_attributes The post-operation attributes for the symbolic link. Callaghan, el al Informational [Page 44] RFC 1813 NFS Version 3 Protocol June 1995 Otherwise, READLINK3res.status contains the error on failure and READLINK3res.resfail contains the following: symlink_attributes The post-operation attributes for the symbolic link. IMPLEMENTATION A symbolic link is nominally a pointer to another file. The data is not necessarily interpreted by the server, just stored in the file. It is possible for a client implementation to store a path name that is not meaningful to the server operating system in a symbolic link. A READLINK operation returns the data to the client for interpretation. If different implementations want to share access to symbolic links, then they must agree on the interpretation of the data in the symbolic link. The READLINK operation is only allowed on objects of type, NF3LNK. The server should return the error, NFS3ERR_INVAL, if the object is not of type, NF3LNK. (Note: The X/Open XNFS Specification for the NFS version 2 protocol defined the error status in this case as NFSERR_NXIO. This is inconsistent with existing server practice.) ERRORS NFS3ERR_IO NFS3ERR_INVAL NFS3ERR_ACCES NFS3ERR_STALE NFS3ERR_BADHANDLE NFS3ERR_NOTSUPP NFS3ERR_SERVERFAULT SEE ALSO READLINK, SYMLINK. Callaghan, el al Informational [Page 45] RFC 1813 NFS Version 3 Protocol June 1995 3.3.6 Procedure 6: READ - Read From file SYNOPSIS READ3res NFSPROC3_READ(READ3args) = 6; struct READ3args { nfs_fh3 file; offset3 offset; count3 count; }; struct READ3resok { post_op_attr file_attributes; count3 count; bool eof; opaque data<>; }; struct READ3resfail { post_op_attr file_attributes; }; union READ3res switch (nfsstat3 status) { case NFS3_OK: READ3resok resok; default: READ3resfail resfail; }; DESCRIPTION Procedure READ reads data from a file. On entry, the arguments in READ3args are: file The file handle of the file from which data is to be read. This must identify a file system object of type, NF3REG. offset The position within the file at which the read is to begin. An offset of 0 means to read data starting at the beginning of the file. If offset is greater than or equal to the size of the file, the status, NFS3_OK, is returned with count set to 0 and eof set to TRUE, subject to access permissions checking. Callaghan, el al Informational [Page 46] RFC 1813 NFS Version 3 Protocol June 1995 count The number of bytes of data that are to be read. If count is 0, the READ will succeed and return 0 bytes of data, subject to access permissions checking. count must be less than or equal to the value of the rtmax field in the FSINFO reply structure for the file system that contains file. If greater, the server may return only rtmax bytes, resulting in a short read. On successful return, READ3res.status is NFS3_OK and READ3res.resok contains: file_attributes The attributes of the file on completion of the read. count The number of bytes of data returned by the read. eof If the read ended at the end-of-file (formally, in a correctly formed READ request, if READ3args.offset plus READ3resok.count is equal to the size of the file), eof is returned as TRUE; otherwise it is FALSE. A successful READ of an empty file will always return eof as TRUE. data The counted data read from the file. Otherwise, READ3res.status contains the error on failure and READ3res.resfail contains the following: file_attributes The post-operation attributes of the file. IMPLEMENTATION The nfsdata type used for the READ and WRITE operations in the NFS version 2 protocol defining the data portion of a request or reply has been changed to a variable-length opaque byte array. The maximum size allowed by the protocol is now limited by what XDR and underlying transports will allow. There are no artificial limits imposed by the NFS version 3 protocol. Consult the FSINFO procedure description for details. Callaghan, el al Informational [Page 47] RFC 1813 NFS Version 3 Protocol June 1995 It is possible for the server to return fewer than count bytes of data. If the server returns less than the count requested and eof set to FALSE, the client should issue another READ to get the remaining data. A server may return less data than requested under several circumstances. The file may have been truncated by another client or perhaps on the server itself, changing the file size from what the requesting client believes to be the case. This would reduce the actual amount of data available to the client. It is possible that the server may back off the transfer size and reduce the read request return. Server resource exhaustion may also occur necessitating a smaller read return. Some NFS version 2 protocol client implementations chose to interpret a short read response as indicating EOF. The addition of the eof flag in the NFS version 3 protocol provides a correct way of handling EOF. Some NFS version 2 protocol server implementations incorrectly returned NFSERR_ISDIR if the file system object type was not a regular file. The correct return value for the NFS version 3 protocol is NFS3ERR_INVAL. ERRORS NFS3ERR_IO NFS3ERR_NXIO NFS3ERR_ACCES NFS3ERR_INVAL NFS3ERR_STALE NFS3ERR_BADHANDLE NFS3ERR_SERVERFAULT SEE ALSO READLINK. Callaghan, el al Informational [Page 48] RFC 1813 NFS Version 3 Protocol June 1995 3.3.7 Procedure 7: WRITE - Write to file SYNOPSIS WRITE3res NFSPROC3_WRITE(WRITE3args) = 7; enum stable_how { UNSTABLE = 0, DATA_SYNC = 1, FILE_SYNC = 2 }; struct WRITE3args { nfs_fh3 file; offset3 offset; count3 count; stable_how stable; opaque data<>; }; struct WRITE3resok { wcc_data file_wcc; count3 count; stable_how committed; writeverf3 verf; }; struct WRITE3resfail { wcc_data file_wcc; }; union WRITE3res switch (nfsstat3 status) { case NFS3_OK: WRITE3resok resok; default: WRITE3resfail resfail; }; DESCRIPTION Procedure WRITE writes data to a file. On entry, the arguments in WRITE3args are: file The file handle for the file to which data is to be written. This must identify a file system object of type, NF3REG. Callaghan, el al Informational [Page 49] RFC 1813 NFS Version 3 Protocol June 1995 offset The position within the file at which the write is to begin. An offset of 0 means to write data starting at the beginning of the file. count The number of bytes of data to be written. If count is 0, the WRITE will succeed and return a count of 0, barring errors due to permissions checking. The size of data must be less than or equal to the value of the wtmax field in the FSINFO reply structure for the file system that contains file. If greater, the server may write only wtmax bytes, resulting in a short write. stable If stable is FILE_SYNC, the server must commit the data written plus all file system metadata to stable storage before returning results. This corresponds to the NFS version 2 protocol semantics. Any other behavior constitutes a protocol violation. If stable is DATA_SYNC, then the server must commit all of the data to stable storage and enough of the metadata to retrieve the data before returning. The server implementor is free to implement DATA_SYNC in the same fashion as FILE_SYNC, but with a possible performance drop. If stable is UNSTABLE, the server is free to commit any part of the data and the metadata to stable storage, including all or none, before returning a reply to the client. There is no guarantee whether or when any uncommitted data will subsequently be committed to stable storage. The only guarantees made by the server are that it will not destroy any data without changing the value of verf and that it will not commit the data and metadata at a level less than that requested by the client. See the discussion on COMMIT on page 92 for more information on if and when data is committed to stable storage. data The data to be written to the file. On successful return, WRITE3res.status is NFS3_OK and WRITE3res.resok contains: file_wcc Weak cache consistency data for the file. For a client that requires only the post-write file attributes, these can be found in file_wcc.after. Callaghan, el al Informational [Page 50] RFC 1813 NFS Version 3 Protocol June 1995 count The number of bytes of data written to the file. The server may write fewer bytes than requested. If so, the actual number of bytes written starting at location, offset, is returned. committed The server should return an indication of the level of commitment of the data and metadata via committed. If the server committed all data and metadata to stable storage, committed should be set to FILE_SYNC. If the level of commitment was at least as strong as DATA_SYNC, then committed should be set to DATA_SYNC. Otherwise, committed must be returned as UNSTABLE. If stable was FILE_SYNC, then committed must also be FILE_SYNC: anything else constitutes a protocol violation. If stable was DATA_SYNC, then committed may be FILE_SYNC or DATA_SYNC: anything else constitutes a protocol violation. If stable was UNSTABLE, then committed may be either FILE_SYNC, DATA_SYNC, or UNSTABLE. verf This is a cookie that the client can use to determine whether the server has changed state between a call to WRITE and a sub