From owner-freebsd-questions@FreeBSD.ORG Tue Oct 31 23:48:24 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFDC116A4D2 for ; Tue, 31 Oct 2006 23:48:24 +0000 (UTC) (envelope-from erikt@midgard.homeip.net) Received: from ch-smtp01.sth.basefarm.net (ch-smtp01.sth.basefarm.net [80.76.149.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE79043DBA for ; Tue, 31 Oct 2006 23:48:15 +0000 (GMT) (envelope-from erikt@midgard.homeip.net) Received: from c83-253-29-241.bredband.comhem.se ([83.253.29.241]:57481 helo=falcon.midgard.homeip.net) by ch-smtp01.sth.basefarm.net with smtp (Exim 4.63) (envelope-from ) id 1Gf3L4-0003qS-5D for questions@freebsd.org; Wed, 01 Nov 2006 00:48:14 +0100 Received: (qmail 13385 invoked from network); 1 Nov 2006 00:48:14 +0100 Received: from owl.midgard.homeip.net (10.1.5.7) by falcon.midgard.homeip.net with SMTP; 1 Nov 2006 00:48:14 +0100 Received: (qmail 2413 invoked by uid 1001); 1 Nov 2006 00:48:14 +0100 Date: Wed, 1 Nov 2006 00:48:14 +0100 From: Erik Trulsson To: Brett Glass Message-ID: <20061031234814.GA2366@owl.midgard.homeip.net> Mail-Followup-To: Brett Glass , Dan Nelson , questions@freebsd.org References: <200610312102.OAA22245@lariat.net> <20061031214209.GF3839@dan.emsphone.com> <200610312309.QAA24054@lariat.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200610312309.QAA24054@lariat.net> User-Agent: Mutt/1.5.13 (2006-08-11) X-Scan-Result: No virus found in message 1Gf3L4-0003qS-5D. X-Scan-Signature: ch-smtp01.sth.basefarm.net 1Gf3L4-0003qS-5D e43d7b76a31bc62fd2696fd2c98ae7d9 Cc: questions@freebsd.org, Dan Nelson Subject: Re: nfsiod X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2006 23:48:24 -0000 On Tue, Oct 31, 2006 at 04:09:14PM -0700, Brett Glass wrote: > On my system, sysctl(8) shows that vfs.nfs.iodmin is 4. And this > is out of the box on a fresh install of 6.1 in which I told > sysinstall that I wanted no NFS. Sounds like a bug. Now that you've > explained where the knobs are, I see that I can work around it > via lines in /boot/loader.conf, which can set sysctl variables > at the time when the kernel is loaded. But the bug should be > addressed in 6.2. If you're not running NFS, you don't need NFS- > related processes laying around. > > --Brett Glass The default value for vfs.nfs.iodmin was 4 in 6.1. It has since been changed to 0 in both -CURRENT and RELENG_6. If you are really sure that you don't need NFS, then I guess the best for you would be to use a custom kernel configuration with all NFS options removed. Then you can be quite certain that nothing NFS-related will be activated. > > At 02:42 PM 10/31/2006, Dan Nelson wrote: > > > >In the last episode (Oct 31), Brett Glass said: > >> I have no interest in running NFS (AKA "no file security") on my > >> FreeBSD boxes, but have noticed that FreeBSD 6.x seems to start a > >> daemon called "nfsiod" by default even when it is not configured as > >> an NFS server or client. What's the best way to instruct the system > >> not to start these processes, which take up resources and may be a > >> security risk? Why isn't this done at sysinstall time? > > > >nfsiods are kernel threads that allow for parallel client requests from > >a machine. You must still have some sort of NFS client functionality > >in the kernel for them to exist, but you can tell them to quit by > >setting the vfs.nfs.iodmax sysctl to 0. They should exit imediately. > >In fact, since iodmin defaults to zero, there shouldn't be any running > >unless you are actively using nfs. > > -- Erik Trulsson ertr1013@student.uu.se