From owner-freebsd-questions@FreeBSD.ORG Tue Oct 31 23:10:14 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAECC16A49E for ; Tue, 31 Oct 2006 23:10:14 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A49E443D9F for ; Tue, 31 Oct 2006 23:09:54 +0000 (GMT) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.org (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id QAA24054; Tue, 31 Oct 2006 16:09:45 -0700 (MST) Message-Id: <200610312309.QAA24054@lariat.net> X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Tue, 31 Oct 2006 16:09:14 -0700 To: Dan Nelson From: Brett Glass In-Reply-To: <20061031214209.GF3839@dan.emsphone.com> References: <200610312102.OAA22245@lariat.net> <20061031214209.GF3839@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-avg-checked=avg-ok-1B9A6A6 Cc: questions@freebsd.org Subject: Re: nfsiod X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2006 23:10:14 -0000 On my system, sysctl(8) shows that vfs.nfs.iodmin is 4. And this is out of the box on a fresh install of 6.1 in which I told sysinstall that I wanted no NFS. Sounds like a bug. Now that you've explained where the knobs are, I see that I can work around it via lines in /boot/loader.conf, which can set sysctl variables at the time when the kernel is loaded. But the bug should be addressed in 6.2. If you're not running NFS, you don't need NFS- related processes laying around. --Brett Glass At 02:42 PM 10/31/2006, Dan Nelson wrote: >In the last episode (Oct 31), Brett Glass said: >> I have no interest in running NFS (AKA "no file security") on my >> FreeBSD boxes, but have noticed that FreeBSD 6.x seems to start a >> daemon called "nfsiod" by default even when it is not configured as >> an NFS server or client. What's the best way to instruct the system >> not to start these processes, which take up resources and may be a >> security risk? Why isn't this done at sysinstall time? > >nfsiods are kernel threads that allow for parallel client requests from >a machine. You must still have some sort of NFS client functionality >in the kernel for them to exist, but you can tell them to quit by >setting the vfs.nfs.iodmax sysctl to 0. They should exit imediately. >In fact, since iodmin defaults to zero, there shouldn't be any running >unless you are actively using nfs. > >-- > Dan Nelson > dnelson@allantgroup.com