NFS Security 101 for NFSv2 and v3 (NOT NFSv4 a long time ago I was part of the discussion group for NFSv4 spec the short comings of v2 and v3 have been fixed)
SRV: Server Exports File System /abc/123 access only to host=xyz.domain.com XYZ: Client Mount mount's SRV:/abc/123 SRV: "mountd" gets a request from SRV check access list, and if the client is allowed access, returns File Handle for the top of the mount point (I will call this the FileSystemHandle, this changes after every reboot) XYZ: Client talks to the SRV NFS Server "nfsd" using FileSystemHandle (which represents /abc/123), To find a FileHandle for a file the client sends the NFS server the FileSystemHandle, then finds the next File Handle (/mydir) and the next FileHandle (myfile) and the client has found the FileHandle for /abc/123/mydir/myfile
NFSD (v2/v3) is stateless other than the information provided by mountd
(mount requests) and lockd (file locking). When you share/export a file
system, as part of this a FileSystemHandle is generated and stored
somewhere for /abc/123 most likely store in the kernel.
SRV: Reboots, a new FileSystemHandle is allocated XYZ: Reports Stale File Handle for everything (if not most things) which was mounted from SRV or the mount point on the client does not respond.
A long time ago FileSystemHandle would stay the same between reboots and you wouldn't get this problem other than on an individual file.
To handle deleted files which are in use by NFS clients some servers rename them to .nfs* because if one client deleted and other clients where accessing the file then they would get Stale NFS handle. Once in a while a NFS server will do find $dir -type f -name .nfs\* -mtime +7 -mount -exec rm -f {} \; to clean up.
NFSv4 does not use mountd or lockd. My advice to anyone on old versions of NFS upgrade to NFSv4 as soon as possible and implement KerbV5 for improved authentication and disallow NFSv2/3 access.
If you do not get the Stale File Handle error when the server reboots, it most likely means the FileSystemHandle is not changing between reboots, but then you may have more security issues. Software which Clusters NFS Servers ensures that the node which takes over, uses the same FileSystemHandle (which may only change if the whole Cluster is shutdown)
Cheers Damon.