Date: Fri, 18 Sep 2020 23:28:51 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: Shawn Webb <shawn.webb@hardenedbsd.org>, "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: Documentation regarding NFSv4 Message-ID: <YTBPR01MB3966BDEAE81A05586086E345DD3F0@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <YTBPR01MB3966AFCC1828D45D85041BF5DD3F0@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM> References: <20200918185319.7o27ciyviwdyhr7v@mutt-hbsd>, <YTBPR01MB3966AFCC1828D45D85041BF5DD3F0@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh, and I forgot to mention name<->id# mapping.
If using AUTH_SYS (not kerberos), then you have the
choice of running "nfsuserd" or setting these two sysctls to 1.
vfs.nfs.enable_uidtostring=3D1
vfs.nfsd.enable_stringtouid=3D1
--> This makes the server just handle id#s (uid, gid) as numbers in
a string. (This is the default for Linux these days although it was
' frowned upon in the early days.)
Running nfsuserd maps uid, gid numbers to/from names using the
password and group databases. This must be used for Kerberos mounts.
Without the above properly configured, you'll see lots of files owned
by "nobody" on the client mounts.
rick
________________________________________
From: Rick Macklem <rmacklem@uoguelph.ca>
Sent: Friday, September 18, 2020 7:21 PM
To: Shawn Webb; freebsd-current@freebsd.org; freebsd-stable@freebsd.org
Subject: Re: Documentation regarding NFSv4
Shawn Webb wrote:
>Hey all,
>
>It appears the Handbook and the nfsv4 manpages don't really agree,
>leading to some confusion as to how to properly set up an NFSv4 server
>on FreeBSD.
>
>Any guidance would be appreciated.
1 - I never look at the Handbook, but do try and maintain the man pages.
Since you didn't explain the specifics related to your confusion, all =
I can
say is that the man pages are probably more correct.
Assuming you already have a running NFSv3 NFS server, all you need to do
is:
- Add a V4: line to your /etc/exports files. This does not "export any file=
systems"
(that is done by other lines in /etc/exports exactly the same as NFSv3).
However, it does tell the NFSv4 server where the "root" is for NFSv4 clie=
nts.
(ie. Where in the server's file system tree a "nfs-server:/" done by an N=
FSv4 client
ends up.)
- Add nfsv4_server_enable=3D"YES" to your /etc/rc.conf.
Note that, since NFSv4 does allow a mount to cross server mount points (unl=
ike
NFSv3), a client will normally only do a single mount at or near the "root"
specified by the "V4:" line (see "man exports").
If you explain what inconsistencies are in the docs, maybe someone could
fix them.
rick
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha=
wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTBPR01MB3966BDEAE81A05586086E345DD3F0>