From owner-freebsd-stable@freebsd.org Fri Sep 18 23:28:54 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9DD953F3968; Fri, 18 Sep 2020 23:28:54 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670089.outbound.protection.outlook.com [40.107.67.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BtVQY3kfrz4JfM; Fri, 18 Sep 2020 23:28:53 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NQI7f7vJGha7HHMINZlRTWl3s6BBam0VnWn4aQMVwkvToJA6AwxEhTQp2omfjHbr4WX4HIHtb/4vESbkb6A/VQCW8Q4iyOTeV+ybgSS8jVNrQqvxVMyH++UfalRIew3QFn2xF58mi/oQnjtWXEquZ1OD61RJ9ukUFzEPAaeFseXqbc3Ses7v3Rz5dDt/OUG/Pf1z1VXXq1z5psVgU8LjWxcIbNa6BqGo54kPMgCDLXlY/ykHGtRm3IeV0fAltTRh3DjV55QkbJnGja63P7AL7uEY9NyFw3lwC0kjAmZmp5+ZQYlsWMAg5nGgUl6JTEIsxU77SM8zCYRICsdH/zzR4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QEpCI4Wo4bW9CERx4mjL9E5zj4dS8Fe7QrikiKvohhE=; b=aQJkJ4Y7/qvHhEi93tjYOTfLbSdAdS/ppdpzf2D3ErC5ZdX7T/c91KJQ5MUJBtXpcGDPnKI3vMaBzJfhZxLVtxPAARxZqv9o9QKBSBXDxBLIqtyuo+XyjLd55rH7WI0n5GfNUoD7i++1j1Yxey8Xi6HMW0BHnb/X8Oq0FLkrYNGBj2KbPobxZCDYgHH4RVnlnl8JTEKQdmokapzHOUqrynACw1UKS4a8MXElvew4yTzd7bhTiLuwrRI4GRT5J7df9VHyPUFfcC+aCLIeLvvYZwKZBv6Bx+QNrHUEk43OyPBi9wMJOJIOCzFhQgvsdDChsiybcoG/l8aFDxE/ulheKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QEpCI4Wo4bW9CERx4mjL9E5zj4dS8Fe7QrikiKvohhE=; b=NDEkd78OaSVgJzPPLYeVJ1/6Y9nZ1+A1ml9uMIeiUKwwSJs2em3G7QcTlP9BLjnSVceVvfZH7OYTXTikbWdrum17yS4FXxGYOwUSF78GZg1ay6pfp+yTOsrf7YccTXJY54he8ULGI2BHzWbsjemaBXUuJLpg6ZhvIh0ah/8Fi96Rfb9eTGf2Pjx4hvyWjyBQerKxSk1Z9+n/xhFMd6y37EWn4o3qKWDCYZKbvchHp7gQMaLIddNC1MuRzt0e38ml2KfS9V5qlBMtSXOBFnMQu0jo/u2tCbIk6frSiaX1MammcpBCUBB7+lps1fE7kqNlzQsGyOENG66EqFuqdlH5Hw== Received: from YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:24::27) by YTBPR01MB3440.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:1a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Fri, 18 Sep 2020 23:28:51 +0000 Received: from YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM ([fe80::687f:d85a:a0a3:bd20]) by YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM ([fe80::687f:d85a:a0a3:bd20%6]) with mapi id 15.20.3391.014; Fri, 18 Sep 2020 23:28:51 +0000 From: Rick Macklem To: Shawn Webb , "freebsd-current@freebsd.org" , "freebsd-stable@freebsd.org" Subject: Re: Documentation regarding NFSv4 Thread-Topic: Documentation regarding NFSv4 Thread-Index: AQHWje0ADCDVEU1HgUOgviWAKyD/+KlvBqx2gAADBWU= Date: Fri, 18 Sep 2020 23:28:51 +0000 Message-ID: References: <20200918185319.7o27ciyviwdyhr7v@mutt-hbsd>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cb2291d0-0c70-4b59-e48a-08d85c2a99f1 x-ms-traffictypediagnostic: YTBPR01MB3440: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ssibZLzmYvPJtuERcR0W2s9HdqvUZMtFPrLdeiKfTqYNuI4xL6yPsE72mYusyYF54b04hPu9lGUBdoU181xBKBWWk4An8Egp2CU1pfw52Sw3kjnPFA6soFwIpi3ljkaCJQfLj8stiXJzfEEz6MviHNITzTiWTJFlcWtM+BJJ5PBFKQBjp9O88T//EYktHMfjqi1HS+dbDqDNihalY9cYUwhzuM4A1mkM/YNPdhr/WwMUa5ONreNalZy/JjCJkisvpuBXmLzkNCNys/I/VBqa11t7/tgeFTJcuO5c5p/CXIYBNRpX1EuHnjGGuXWBgwKRrjIqSNsWxHKEFcwzrecQL57CkPcag+hGROM8Lx9L+Of3XCNSiI6o0YXXCe4RrpZdYhiAkXv6k8j3H9PyXYfpsg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(346002)(39860400002)(376002)(136003)(366004)(396003)(186003)(71200400001)(110136005)(6506007)(2906002)(8936002)(33656002)(53546011)(7116003)(966005)(91956017)(52536014)(478600001)(76116006)(7696005)(66476007)(86362001)(66946007)(5660300002)(66446008)(64756008)(2940100002)(66556008)(55016002)(316002)(8676002)(786003)(83380400001)(9686003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: zTTiTWAyTYxO2snFUW3H9o6Ny6YRsPm8VgO2ud/FeIw5bIlBxy87XifyOWazPa0T+x5q+hwPYwnLZ/2uuzLDio3p0hGG62jrNrwP5l5JqOhVZc5yfl7SAgpyhmTTDxsbQkNl+0FtAGEyHKgWV8aA1T9bPeSmIykXqJCfGxrDauAC9QOy11ghVgTPk0cLPJxl8G+TINEK48CVhhU4Ar2L73MzabKGImBStCY9ts3LpyUYsrUZ8W0QB6h17ucyKm07q6S5HnFOj5RrzPh3cXgxzOLBjNdeWHGCgDPWBW+GrWn4lilz1ciF0hOxhIKvrLADWOLQHuU/lOxfCJaVEc/UIW+F8fzcMkchGwKuMgpycZKyTi+fAz9wNQEaKJHmf6iUWodB6l44kcLyyjw1RdBhzCPV7cNMxM9EFAy7cymbEjfxuSqll9quSGsdsQ+ElVCqH5fX/4iVG/CGDJRoq2PNbGc7+b5emLfFXpqFPVwfPq1FcSC4LBSd85G/ywyzHvD9MjvmGH++WTwbVDPBdncKp1K3/5I4GjPfFGlnND0tH/y6Hgzvd/H7+iHI1i2pwh2C/hcw+99wj6OWmqcLIArnGp4ILkw9aSnMT5GmFytcdFc1VPYtoGUlVzU1Ug7mWYXMJU7+QLgCv9MRUsxur+Ikv7j+Wl4V6Cwab6auXTXdJ8NJUkZAR5STZSMo+y9CffntdbOiOWPvIBm/a1DUOrO0AQ== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: cb2291d0-0c70-4b59-e48a-08d85c2a99f1 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2020 23:28:51.2854 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: avoY2n1x/cT5kKtX+2tcT8Z0SrkCadbWXEWrRx144GY2M5A+2C41PtVKubMEDpORDOX6oukPTIoS4ma5+aLEGQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTBPR01MB3440 X-Rspamd-Queue-Id: 4BtVQY3kfrz4JfM X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector1 header.b=NDEkd78O; dmarc=pass (policy=none) header.from=uoguelph.ca; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.67.89 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-6.51 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector1]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.03)[-1.035]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[uoguelph.ca:+]; DMARC_POLICY_ALLOW(-0.50)[uoguelph.ca,none]; RCVD_IN_DNSWL_NONE(0.00)[40.107.67.89:from]; NEURAL_HAM_SHORT(-1.48)[-1.475]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; MAILMAN_DEST(0.00)[freebsd-current,freebsd-stable]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.67.89:from] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2020 23:28:54 -0000 Oh, and I forgot to mention name<->id# mapping. If using AUTH_SYS (not kerberos), then you have the choice of running "nfsuserd" or setting these two sysctls to 1. vfs.nfs.enable_uidtostring=3D1 vfs.nfsd.enable_stringtouid=3D1 --> This makes the server just handle id#s (uid, gid) as numbers in a string. (This is the default for Linux these days although it was ' frowned upon in the early days.) Running nfsuserd maps uid, gid numbers to/from names using the password and group databases. This must be used for Kerberos mounts. Without the above properly configured, you'll see lots of files owned by "nobody" on the client mounts. rick ________________________________________ From: Rick Macklem Sent: Friday, September 18, 2020 7:21 PM To: Shawn Webb; freebsd-current@freebsd.org; freebsd-stable@freebsd.org Subject: Re: Documentation regarding NFSv4 Shawn Webb wrote: >Hey all, > >It appears the Handbook and the nfsv4 manpages don't really agree, >leading to some confusion as to how to properly set up an NFSv4 server >on FreeBSD. > >Any guidance would be appreciated. 1 - I never look at the Handbook, but do try and maintain the man pages. Since you didn't explain the specifics related to your confusion, all = I can say is that the man pages are probably more correct. Assuming you already have a running NFSv3 NFS server, all you need to do is: - Add a V4: line to your /etc/exports files. This does not "export any file= systems" (that is done by other lines in /etc/exports exactly the same as NFSv3). However, it does tell the NFSv4 server where the "root" is for NFSv4 clie= nts. (ie. Where in the server's file system tree a "nfs-server:/" done by an N= FSv4 client ends up.) - Add nfsv4_server_enable=3D"YES" to your /etc/rc.conf. Note that, since NFSv4 does allow a mount to cross server mount points (unl= ike NFSv3), a client will normally only do a single mount at or near the "root" specified by the "V4:" line (see "man exports"). If you explain what inconsistencies are in the docs, maybe someone could fix them. rick Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc