From owner-freebsd-current@freebsd.org  Fri Jul 28 21:21:25 2017
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F00A0DCF967
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Fri, 28 Jul 2017 21:21:25 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from CAN01-QB1-obe.outbound.protection.outlook.com
 (mail-eopbgr660072.outbound.protection.outlook.com [40.107.66.72])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "Microsoft IT SSL SHA2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9601B71D65
 for <freebsd-current@freebsd.org>; Fri, 28 Jul 2017 21:21:24 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by
 YTXPR01MB0192.CANPRD01.PROD.OUTLOOK.COM (10.165.218.136) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1282.10; Fri, 28 Jul 2017 21:21:22 +0000
Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by
 YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id
 15.01.1282.023; Fri, 28 Jul 2017 21:21:22 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>
Subject: NFSv4 server configs may need nfsuserd_enable="YES"
Thread-Topic: NFSv4 server configs may need nfsuserd_enable="YES"
Thread-Index: AQHTB+arYrGL6FWShUGav6MI6p5hEQ==
Date: Fri, 28 Jul 2017 21:21:22 +0000
Message-ID: <YTXPR01MB0189489589C7905051C07DCCDDBF0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=rmacklem@uoguelph.ca; 
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; YTXPR01MB0192;
 7:dJPWWhAHzuRzkcV+s8Ire3YALsjNDuQFZDt4z9IGvmXGfrXZxfT3Jo7EsJVGJctHWXyp3fF7YQ15W59wpowZOnBJV9M7RCRfeBBuvEMVdoRbLESLZ5scO+Ve0j8PYPqqM6mDRmwPt09E2N1sE5N5vKeRK8TF9uXXMOwmJvzGfRvGfjVse7XMDlgArLcKGlmEmvMeLIYjSCHUISIXBT3+OZ1rY0DN8fN42ex5hnjLgmsOYozN9vIGN806yIunkH/8L3M9kXm3u74dXk3MbpMmbHw64qUiGcJoVreY2o+ld45x26tRhyrjv2M1D1PkLmCGxfvj4oVZf/wmzICeTgRLrNNRbcSBr6tF+zJfqTqZjE74IvMPflXRc/C30vK98y41MR22NZjFR7gKDSPZjPN2ge8stplARLwrAfO6mjBL4GSMhP+J/ArKrjGxdmjNjWgRPxd/ZidPixlTYuglnHszPFLa7OKFGaIKb7p8lleEfAMTrl9R164exzoFnK2k6m4afhkupq3MSAE8ySuSRNncqkKMAYyPGG381l0p678rZCVxx5qOMXHba1Nm4RIMQUEFlrTs8QV0lyzMMGQz+M3MMiMiXt33YG+npYFZpfxFqQsWbjPJTZhmmUXks1hMQkpYBNCJQ7529OI3tjOZ4H2vBR+LdyJ8jZNKs/P8BR0FlWsiwKFko7xIQJFzWXHRJOEs26ApDsCPly7kjeHfIMSu1bIUMKOmM+jmHyaILPHbydxsBTRaH/WnxRQEY6pJKA40lozjQwvMIrFVw3iLvafqafG+TZgIV3xlnk5irOiD3ZQ=
x-ms-office365-filtering-correlation-id: 035643c3-ebd5-40ee-d078-08d4d5fe98c2
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);
 SRVR:YTXPR01MB0192; 
x-ms-traffictypediagnostic: YTXPR01MB0192:
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-microsoft-antispam-prvs: <YTXPR01MB01929B31AD9F5E97EE1E19BADDBF0@YTXPR01MB0192.CANPRD01.PROD.OUTLOOK.COM>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6041248)(20161123558100)(20161123560025)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);
 SRVR:YTXPR01MB0192; BCL:0; PCL:0;
 RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
 SRVR:YTXPR01MB0192; 
x-forefront-prvs: 03827AF76E
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(6009001)(39840400002)(39400400002)(39850400002)(39410400002)(39450400003)(199003)(189002)(2906002)(3660700001)(68736007)(6916009)(74316002)(86362001)(3280700002)(2351001)(106356001)(5660300001)(105586002)(102836003)(2900100001)(7696004)(110136004)(38730400002)(55016002)(5640700003)(8676002)(81156014)(81166006)(101416001)(478600001)(6436002)(305945005)(54356999)(53936002)(50986999)(14454004)(9686003)(33656002)(74482002)(2501003)(189998001)(8936002)(77096006)(97736004)(25786009)(6506006);
 DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0192;
 H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords;
 A:1; MX:1; LANG:en; 
received-spf: None (protection.outlook.com: uoguelph.ca does not designate
 permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jul 2017 21:21:22.6927 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0192
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 21:21:26 -0000

As of r321665, an NFSv4 server configuration that supports NFSv4 Kerberos m=
ounts
or NFSv4 clients that do not support the uid/gid in the owner/owner_group s=
tring
will need to have:
nfsuserd_enable=3D"YES"
in the machine's /etc/rc.conf file.

The background to this is that the capability to put uid/gid #s in the owne=
r/owner_group
strings is allowed for AUTH_SYS by RFC7530 (which replaced RFC3530, that di=
dn't allow this).
Since Linux uses this capability by default, many NFSv4 server configuratio=
ns no longer
need to run the nfsuserd daemon and, as such, forcing it to run did not mak=
e much sense.

For sites using the uid/gid in owner/owner_group string capability, the sys=
ctls:
vfs.nfs.enable_uidtostring
vfs.nfsd.enable_stringtouid
should both be set to 1 in /etc/sysctl.conf.

Hopefully this small POLA violation will not cause you grief, rick