Date: Tue, 11 Jul 2017 11:48:55 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: Cy Schubert <Cy.Schubert@komquats.com> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "rc@freebsd.org" <rc@freebsd.org> Subject: Re: small patch for /etc/rc.d/nfsd, bugfix or POLA violation? Message-ID: <YTXPR01MB0189CD7133238B0E1E9861E4DDAE0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <201707092031.v69KVBSn045623@slippy.cwsent.com> References: Message from Rick Macklem <rmacklem@uoguelph.ca> of "Sun, 09 Jul 2017 19:57:22 -0000." <YTXPR01MB0189F5614497D4FA96A7579ADDA80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>, <201707092031.v69KVBSn045623@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert wrote: >Rick Macklem wrote: >> Hi, >> >> The attached one line patch to /etc/rc.d/nfsd modifies the script so tha= t i=3D >> t >> does not force the nfsuserd to be run when nfsv4_server_enable is set. >> (nfsuserd can still be enabled via nfsuserd_enable=3D3D"YES" is /etc/rc.= conf.=3D >> ) >> >> Here's why I think this patch might be appropriate... >> (a) - The original RFC for NFSv4 (RFC3530) essentially required Owners a= nd >> Owner_groups to be specified as <user>@<domain> and this required >> the nfsuserd daemon to be running. >> (b) - RFC7530, which replace RFC3530, allows a Owner/Owner_group string = to =3D >> be >> the uid/gid number in a string when using AUTH_SYS. This simplifies co= nfi=3D >> guration >> for an all AUTH_SYS/POSIX environment (most NFS uses, I suspect?). >> >> To make the server do (b), two things need to be done: >> 1 - set vfs.nfsd.enable_stringtouid=3D3D1 >> 2 - set vfs.nfsd.enable_uidtostring=3D3D1 (for head, I don't know if it = will =3D >> be MFC'd?) >> OR >> - never run nfsuserd after booting (killing it off after it has been r= unn=3D >> ing is not >> sufficient) >> =3D20 >> Given the above, it would seem that /etc/rc.d/nfsd should not force runn= ing=3D >> of >> the nfsuserd daemon, due to changes in the protocol. >> >> However, this will result in a POLA violation, in that after the patch, = nfs=3D >> userd won't >> start when booting, unless nfsuserd_enable=3D3D"YES" is added to /etc/rc= .conf=3D >> . >> >> So, what do people think about this patch? rick=3D > >How about a warning message + an UPDATING entry + no MFC? And, relnotes = =3D >yes to say we now support RFC7530 in 12.0? Sounds fine to me. I'll wait to see if there are more comments. Thanks, rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTXPR01MB0189CD7133238B0E1E9861E4DDAE0>