From owner-svn-src-all@freebsd.org Mon Dec 14 22:54:04 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5793AA47E36; Mon, 14 Dec 2015 22:54:04 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0C9151F79; Mon, 14 Dec 2015 22:54:03 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBEMs3US070934; Mon, 14 Dec 2015 22:54:03 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBEMs3gm070933; Mon, 14 Dec 2015 22:54:03 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <201512142254.tBEMs3gm070933@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Mon, 14 Dec 2015 22:54:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r292232 - stable/10/usr.sbin/nfsuserd X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Dec 2015 22:54:04 -0000 Author: rmacklem Date: Mon Dec 14 22:54:02 2015 New Revision: 292232 URL: https://svnweb.freebsd.org/changeset/base/292232 Log: MFC: r291535 Document the new "-manage-gids" option for the nfsuserd daemon. This is a content change. Modified: stable/10/usr.sbin/nfsuserd/nfsuserd.8 Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/nfsuserd/nfsuserd.8 ============================================================================== --- stable/10/usr.sbin/nfsuserd/nfsuserd.8 Mon Dec 14 22:43:43 2015 (r292231) +++ stable/10/usr.sbin/nfsuserd/nfsuserd.8 Mon Dec 14 22:54:02 2015 (r292232) @@ -24,14 +24,14 @@ .\" .\" $FreeBSD$ .\" -.Dd April 25, 2009 +.Dd November 1, 2015 .Dt NFSUSERD 8 .Os .Sh NAME .Nm nfsuserd .Nd load user and group information into the kernel for .Tn NFSv4 -services +services plus support manage-gids for all NFS versions .Sh SYNOPSIS .Nm nfsuserd .Op Fl domain Ar domain_name @@ -39,11 +39,14 @@ services .Op Fl usermax Ar max_cache_size .Op Fl verbose .Op Fl force +.Op Fl manage-gids .Op Ar num_servers .Sh DESCRIPTION .Nm loads user and group information into the kernel for NFSv4. It must be running for NFSv4 to function correctly, either client or server. +It also provides support for manage-gids and must be running on the server if +this is being used for any version of NFS. .Pp Upon startup, it loads the machines DNS domain name, plus timeout and cache size limit into the kernel. It then preloads the cache with group @@ -79,6 +82,15 @@ When set, the server logs a bunch of inf This flag option must be set to restart the daemon after it has gone away abnormally and refuses to start, because it thinks nfsuserd is already running. +.It Fl manage-gids +This flag enables manage-gids for the NFS server +.Xr nfsd 8 . +When this is enabled, all NFS requests using +AUTH_SYS authentication take the uid from the RPC request +and uses the group list for that uid provided by +.Xr getgrouplist 3 +on the server instead of the list of groups provided in the RPC authenticator. +This can be used to avoid the 16 group limit for AUTH_SYS. .It Ar num_servers Specifies how many servers to create (max 20). The default of 4 may be sufficient. You should run enough servers, so that @@ -89,8 +101,9 @@ performance impact, whereas running too such as a process table entry and swap space. .El .Sh SEE ALSO -.Xr getpwent 3 , .Xr getgrent 3 , +.Xr getgrouplist 3 , +.Xr getpwent 3 , .Xr nfsv4 4 , .Xr group 5 , .Xr passwd 5 , @@ -103,7 +116,8 @@ utility was introduced with the NFSv4 ex The .Nm use -.Xr getgrent 3 +.Xr getgrent 3 , +.Xr getgrouplist 3 and .Xr getpwent 3 library calls to resolve requests and will hang if the servers handling