Date: Fri, 18 Sep 2020 23:28:51 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: Shawn Webb <shawn.webb@hardenedbsd.org>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: Documentation regarding NFSv4 Message-ID: <YTBPR01MB3966BDEAE81A05586086E345DD3F0@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <YTBPR01MB3966AFCC1828D45D85041BF5DD3F0@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM> References: <20200918185319.7o27ciyviwdyhr7v@mutt-hbsd>, <YTBPR01MB3966AFCC1828D45D85041BF5DD3F0@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh, and I forgot to mention name<->id# mapping. If using AUTH_SYS (not kerberos), then you have the choice of running "nfsuserd" or setting these two sysctls to 1. vfs.nfs.enable_uidtostring=3D1 vfs.nfsd.enable_stringtouid=3D1 --> This makes the server just handle id#s (uid, gid) as numbers in a string. (This is the default for Linux these days although it was ' frowned upon in the early days.) Running nfsuserd maps uid, gid numbers to/from names using the password and group databases. This must be used for Kerberos mounts. Without the above properly configured, you'll see lots of files owned by "nobody" on the client mounts. rick ________________________________________ From: Rick Macklem <rmacklem@uoguelph.ca> Sent: Friday, September 18, 2020 7:21 PM To: Shawn Webb; freebsd-current@freebsd.org; freebsd-stable@freebsd.org Subject: Re: Documentation regarding NFSv4 Shawn Webb wrote: >Hey all, > >It appears the Handbook and the nfsv4 manpages don't really agree, >leading to some confusion as to how to properly set up an NFSv4 server >on FreeBSD. > >Any guidance would be appreciated. 1 - I never look at the Handbook, but do try and maintain the man pages. Since you didn't explain the specifics related to your confusion, all = I can say is that the man pages are probably more correct. Assuming you already have a running NFSv3 NFS server, all you need to do is: - Add a V4: line to your /etc/exports files. This does not "export any file= systems" (that is done by other lines in /etc/exports exactly the same as NFSv3). However, it does tell the NFSv4 server where the "root" is for NFSv4 clie= nts. (ie. Where in the server's file system tree a "nfs-server:/" done by an N= FSv4 client ends up.) - Add nfsv4_server_enable=3D"YES" to your /etc/rc.conf. Note that, since NFSv4 does allow a mount to cross server mount points (unl= ike NFSv3), a client will normally only do a single mount at or near the "root" specified by the "V4:" line (see "man exports"). If you explain what inconsistencies are in the docs, maybe someone could fix them. rick Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTBPR01MB3966BDEAE81A05586086E345DD3F0>