1.\" Copyright (c) 1992, 1993, 1994, 1995 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 29.\" $FreeBSD$ 30.\" 31.Dd June 26, 2021 32.Dt MOUNT_NFS 8 33.Os 34.Sh NAME 35.Nm mount_nfs 36.Nd mount NFS file systems 37.Sh SYNOPSIS 38.Nm 39.Op Fl 23bcdiLlNPsTU 40.Op Fl a Ar maxreadahead 41.Op Fl D Ar deadthresh 42.Op Fl g Ar maxgroups 43.Op Fl I Ar readdirsize 44.Op Fl o Ar options 45.Op Fl R Ar retrycnt 46.Op Fl r Ar readsize 47.Op Fl t Ar timeout 48.Op Fl w Ar writesize 49.Op Fl x Ar retrans 50.Ar rhost : Ns Ar path node 51.Sh DESCRIPTION 52The 53.Nm 54utility calls the 55.Xr nmount 2 56system call to prepare and graft a remote NFS file system 57.Pq Ar rhost : Ns Ar path 58on to the file system tree at the point 59.Ar node . 60This command is normally executed by 61.Xr mount 8 . 62For NFSv2 and NFSv3, 63it implements the mount protocol as described in RFC 1094, Appendix A and 64RFC 1813, Appendix I. 65For NFSv4, it uses the NFSv4 protocol as described in RFC 7530, RFC 5661 and 66RFC 7862. 67.Pp 68By default, 69.Nm 70keeps retrying until the mount succeeds. 71This behaviour is intended for file systems listed in 72.Xr fstab 5 73that are critical to the boot process. 74For non-critical file systems, the 75.Cm bg 76and 77.Cm retrycnt 78options provide mechanisms to prevent the boot process from hanging 79if the server is unavailable. 80.Pp 81If the server becomes unresponsive while an NFS file system is 82mounted, any new or outstanding file operations on that file system 83will hang uninterruptibly until the server comes back. 84To modify this default behaviour, see the 85.Cm intr 86and 87.Cm soft 88options. 89.Pp 90The options are: 91.Bl -tag -width indent 92.It Fl o 93Options are specified with a 94.Fl o 95flag followed by a comma separated string of options. 96See the 97.Xr mount 8 98man page for possible options and their meanings. 99The following NFS specific options are also available: 100.Bl -tag -width indent 101.It Cm acregmin Ns = Ns Aq Ar seconds 102.It Cm acregmax Ns = Ns Aq Ar seconds 103.It Cm acdirmin Ns = Ns Aq Ar seconds 104.It Cm acdirmax Ns = Ns Aq Ar seconds 105When attributes of files are cached, a timeout calculated to determine 106whether a given cache entry has expired. 107These four values determine the upper and lower bounds of the timeouts for 108.Dq directory 109attributes and 110.Dq regular 111(ie: everything else). 112The default values are 3 -> 60 seconds 113for regular files, and 30 -> 60 seconds for directories. 114The algorithm to calculate the timeout is based on the age of the file. 115The older the file, 116the longer the cache is considered valid, subject to the limits above. 117.It Cm actimeo Ns = Ns Aq Ar seconds 118Set four cache timeouts above to specified value. 119.It Cm allgssname 120This option can be used along with 121.Fl o Cm gssname 122to specify that all operations should use the host-based initiator 123credential. 124This may be used for clients that run system daemons that need to 125access files on the NFSv4 mounted volume. 126.It Cm bg 127If an initial attempt to contact the server fails, fork off a child to keep 128trying the mount in the background. 129Useful for 130.Xr fstab 5 , 131where the file system mount is not critical to multiuser operation. 132.It Cm deadthresh Ns = Ns Aq Ar value 133Set the 134.Dq "dead server threshold" 135to the specified number of round trip timeout intervals before a 136.Dq "server not responding" 137message is displayed. 138.It Cm dumbtimer 139Turn off the dynamic retransmit timeout estimator. 140This may be useful for UDP mounts that exhibit high retry rates, 141since it is possible that the dynamically estimated timeout interval is too 142short. 143.It Cm fg 144Same as not specifying 145.Cm bg . 146.It Cm gssname Ns = Ns Aq Ar service-principal-name 147This option can be used with the KerberosV security flavors for NFSv4 mounts 148to specify the 149.Dq "service-principal-name" 150of a host-based entry in the default 151keytab file that is used for system operations. 152It allows the mount to be performed by 153.Dq "root" 154and avoids problems with 155cached credentials for the system operations expiring. 156The 157.Dq "service-prinicpal-name" 158should be specified without instance or domain and is typically 159.Dq "host" , 160.Dq "nfs" 161or 162.Dq "root" , 163although the form 164.Sm off 165.Aq Ar service 166@ 167.Aq Ar fqdn 168.Sm on 169can also be used if the local system's 170.Xr gethostname 3 171value does not match the host-based principal in the keytab. 172.It Cm hard 173Same as not specifying 174.Cm soft . 175.It Cm intr 176Make the mount interruptible, which implies that file system calls that 177are delayed due to an unresponsive server will fail with EINTR when a 178termination signal is posted for the process. 179.It Cm maxgroups Ns = Ns Aq Ar value 180Set the maximum size of the group list for the credentials to the 181specified value. 182This should be used for mounts on old servers that cannot handle a 183group list size of 16, as specified in RFC 1057. 184Try 8, if users in a lot of groups cannot get response from the mount 185point. 186.It Cm mntudp 187Force the mount protocol to use UDP transport, even for TCP NFS mounts. 188(Necessary for some old 189.Bx 190servers.) 191.It Cm nametimeo Ns = Ns Aq Ar value 192Override the default of NFS_DEFAULT_NAMETIMEO for the timeout (in seconds) 193for positive name cache entries. 194If this is set to 0 it disables positive name caching for the mount point. 195.It Cm negnametimeo Ns = Ns Aq Ar value 196Override the default of NFS_DEFAULT_NEGNAMETIMEO for the timeout (in seconds) 197for negative name cache entries. 198If this is set to 0 it disables negative name caching for the mount point. 199.It Cm nfsv2 200Use the NFS Version 2 protocol (the default is to try version 3 first 201then version 2). 202Note that NFS version 2 has a file size limit of 2 gigabytes. 203.It Cm nfsv3 204Use the NFS Version 3 protocol. 205.It Cm nfsv4 206Use the NFS Version 4 protocol. 207This option will force the mount to use 208TCP transport. 209By default, the highest minor version of NFS Version 4 that is 210supported by the NFS Version 4 server will be used. 211See the 212.Cm minorversion 213option. 214.It Cm minorversion Ns = Ns Aq Ar value 215Use the specified minor version for a NFS Version 4 mount, 216overriding the default. 217The minor versions supported are 0, 1, and 2. 218This option is only meaningful when used with the 219.Cm nfsv4 220option. 221.It Cm oneopenown 222Make a minor version 1 or 2 of the NFS Version 4 protocol mount use a single 223OpenOwner for all Opens. 224This may be useful for a server with a very low limit on OpenOwners, such as 225AmazonEFS. 226It may be required when an accumulation of NFS version 4 Opens occurs, 227as indicated by the 228.Dq Opens 229count displayed by 230.Xr nfsstat 1 231with the 232.Fl c 233and 234.Fl E 235command-line options. 236A common case for an accumulation of Opens is a shared library within 237the NFS mount that is used by several 238processes, where at least one of these processes is always running. 239This option cannot be used for an NFS Version 4, minor version 0 mount. 240It may not work correctly when Delegations are being issued by a server, 241but note that the AmazonEFS server does not issued delegations at this time. 242This option is only meaningful when used with the 243.Cm nfsv4 244option. 245.It Cm pnfs 246Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the 247NFS Version 4 protocol. 248This option is only meaningful when used with the 249.Cm nfsv4 250option. 251.It Cm noac 252Disable attribute caching. 253.It Cm noconn 254For UDP mount points, do not do a 255.Xr connect 2 . 256This must be used if the server does not reply to requests from the standard 257NFS port number 2049 or replies to requests using a different IP address 258(which can occur if the server is multi-homed). 259Setting the 260.Va vfs.nfs.nfs_ip_paranoia 261sysctl to 0 will make this option the default. 262.It Cm nocto 263Normally, NFS clients maintain the close-to-open cache coherency. 264This works by flushing at close time and checking at open time. 265Checking at open time is implemented by getting attributes from 266the server and purging the data cache if they do not match 267attributes cached by the client. 268.Pp 269This option disables checking at open time. 270It may improve performance for read-only mounts, 271but should only be used if the data on the server changes rarely. 272Be sure to understand the consequences before enabling this option. 273.It Cm noinet4 , noinet6 274Disables 275.Dv AF_INET 276or 277.Dv AF_INET6 278connections. 279Useful for hosts that have 280both an A record and an AAAA record for the same name. 281.It Cm nolockd 282Do 283.Em not 284forward 285.Xr fcntl 2 286locks over the wire via the NLM protocol for NFSv3 mounts. 287All locks will be local and not seen by the server 288and likewise not seen by other NFS clients for NFSv3 mounts. 289This removes the need to run the 290.Xr rpcbind 8 291service and the 292.Xr rpc.statd 8 293and 294.Xr rpc.lockd 8 295servers on the client. 296Note that this option will only be honored when performing the 297initial mount, it will be silently ignored if used while updating 298the mount options. 299Also, note that NFSv4 mounts do not use these daemons and handle locks over the 300wire in the NFSv4 protocol. 301As such, this option is meaningless for NFSv4 mounts. 302.It Cm noncontigwr 303This mount option allows the NFS client to 304combine non-contiguous byte ranges being written 305such that the dirty byte range becomes a superset of the bytes 306that are dirty. 307This reduces the number of writes significantly for software 308builds. 309The merging of byte ranges is not done if the file has been file 310locked, since most applications modifying a file from multiple 311clients will use file locking. 312As such, this option could result in a corrupted file for the 313rare case of an application modifying the file from multiple 314clients concurrently without using file locking. 315.It Cm principal 316For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p, 317this option sets the name of the host based principal name expected 318by the server. 319This option overrides the default, which will be ``nfs@<server-fqdn>'' 320and should normally be sufficient. 321.It Cm noresvport 322Do 323.Em not 324use a reserved socket port number (see below). 325.It Cm port Ns = Ns Aq Ar port_number 326Use specified port number for NFS requests. 327The default is to query the portmapper for the NFS port. 328.It Cm proto Ns = Ns Aq Ar protocol 329Specify transport protocol version to use. 330Currently, they are: 331.Bd -literal 332udp - Use UDP over IPv4 333tcp - Use TCP over IPv4 334udp6 - Use UDP over IPv6 335tcp6 - Use TCP over IPv6 336.Ed 337.It Cm rdirplus 338Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should 339be used. 340For NFSV4, setting this option has a similar effect, in that it will make 341the Readdir Operation get more attributes. 342This option reduces RPC traffic for cases such as 343.Dq "ls -l" , 344but tends to flood the attribute and name caches with prefetched entries. 345Try this option and see whether performance improves or degrades. 346Probably 347most useful for client to server network interconnects with a large bandwidth 348times delay product. 349.It Cm readahead Ns = Ns Aq Ar value 350Set the read-ahead count to the specified value. 351This may be in the range of 0 - 4, and determines how many blocks 352will be read ahead when a large file is being read sequentially. 353Trying a value greater than 1 for this is suggested for 354mounts with a large bandwidth * delay product. 355.It Cm readdirsize Ns = Ns Aq Ar value 356Set the readdir read size to the specified value. 357The value should normally 358be a multiple of 359.Dv DIRBLKSIZ 360that is <= the read size for the mount. 361.It Cm resvport 362Use a reserved socket port number. 363This flag is obsolete, and only retained for compatibility reasons. 364Reserved port numbers are used by default now. 365(For the rare case where the client has a trusted root account 366but untrustworthy users and the network cables are in secure areas this does 367help, but for normal desktop clients this does not apply.) 368.It Cm retrans Ns = Ns Aq Ar value 369Set the retransmit timeout count for soft mounts to the specified value. 370.It Cm retrycnt Ns = Ns Aq Ar count 371Set the mount retry count to the specified value. 372The default is a retry count of zero, which means to keep retrying 373forever. 374There is a 60 second delay between each attempt. 375.It Cm rsize Ns = Ns Aq Ar value 376Set the read data size to the specified value. 377It should normally be a power of 2 greater than or equal to 1024. 378This should be used for UDP mounts when the 379.Dq "fragments dropped due to timeout" 380value is getting large while actively using a mount point. 381(Use 382.Xr netstat 1 383with the 384.Fl s 385option to see what the 386.Dq "fragments dropped due to timeout" 387value is.) 388.It Cm sec Ns = Ns Aq Ar flavor 389This option specifies what security flavor should be used for the mount. 390Currently, they are: 391.Bd -literal 392krb5 - Use KerberosV authentication 393krb5i - Use KerberosV authentication and 394 apply integrity checksums to RPCs 395krb5p - Use KerberosV authentication and 396 encrypt the RPC data 397sys - The default AUTH_SYS, which uses a 398 uid + gid list authenticator 399.Ed 400.It Cm soft 401A soft mount, which implies that file system calls will fail 402after 403.Ar retrycnt 404round trip timeout intervals. 405.It Cm tcp 406Use TCP transport. 407This is the default option, as it provides for increased reliability on both 408LAN and WAN configurations compared to UDP. 409Some old NFS servers do not support this method; UDP mounts may be required 410for interoperability. 411.It Cm timeout Ns = Ns Aq Ar value 412Set the initial retransmit timeout to the specified value, 413expressed in tenths of a second. 414May be useful for fine tuning UDP mounts over internetworks 415with high packet loss rates or an overloaded server. 416Try increasing the interval if 417.Xr nfsstat 1 418shows high retransmit rates while the file system is active or reducing the 419value if there is a low retransmit rate but long response delay observed. 420(Normally, the 421.Cm dumbtimer 422option should be specified when using this option to manually 423tune the timeout 424interval.) 425.It Cm timeo Ns = Ns Aq Ar value 426Alias for 427.Cm timeout . 428.It Cm tls 429This option specifies that the connection to the server must use TLS 430per RFC NNNN. 431TLS is only supported for TCP connections and the 432.Xr rpc.tlsclntd 8 433daemon must be running for an NFS over TCP connection to use TLS. 434.It Cm tlscertname Ns = Ns Aq Ar name 435This option specifies the name of an alternate certificate to be 436presented to the NFS server during TLS handshake. 437The default certificate file names are 438.Dq cert.pem 439and 440.Dq certkey.pem . 441When this option is specified, 442.Ar name 443replaces 444.Dq cert 445in the above file names. 446For example, if the value of 447.Ar name 448is specified as 449.Dq other 450the certificate file names to be used will be 451.Dq other.pem 452and 453.Dq otherkey.pem . 454These files are stored in 455.Pa /etc/rpc.tlsclntd 456by default. 457This option is only meaningful when used with the 458.Cm tls 459option and the 460.Xr rpc.tlsclntd 8 461is running with the 462.Fl m 463command line flag set. 464.It Cm udp 465Use UDP transport. 466.It Cm vers Ns = Ns Aq Ar vers_number 467Use the specified version number for NFS requests. 468See the 469.Cm nfsv2 , 470.Cm nfsv3 , 471and 472.Cm nfsv4 473options for details. 474.It Cm wcommitsize Ns = Ns Aq Ar value 475Set the maximum pending write commit size to the specified value. 476This determines the maximum amount of pending write data that the NFS 477client is willing to cache for each file. 478.It Cm wsize Ns = Ns Aq Ar value 479Set the write data size to the specified value. 480Ditto the comments w.r.t.\& the 481.Cm rsize 482option, but using the 483.Dq "fragments dropped due to timeout" 484value on the server instead of the client. 485Note that both the 486.Cm rsize 487and 488.Cm wsize 489options should only be used as a last ditch effort at improving performance 490when mounting servers that do not support TCP mounts. 491.El 492.El 493.Sh COMPATIBILITY 494The following command line flags are equivalent to 495.Fl o 496named options and are supported for compatibility with older 497installations. 498.Bl -tag -width indent 499.It Fl 2 500Same as 501.Fl o Cm nfsv2 502.It Fl 3 503Same as 504.Fl o Cm nfsv3 505.It Fl D 506Same as 507.Fl o Cm deadthresh 508.It Fl I 509Same as 510.Fl o Cm readdirsize Ns = Ns Aq Ar value 511.It Fl L 512Same as 513.Fl o Cm nolockd 514.It Fl N 515Same as 516.Fl o Cm noresvport 517.It Fl P 518Use a reserved socket port number. 519This flag is obsolete, and only retained for compatibility reasons. 520(For the rare case where the client has a trusted root account 521but untrustworthy users and the network cables are in secure areas this does 522help, but for normal desktop clients this does not apply.) 523.It Fl R 524Same as 525.Fl o Cm retrycnt Ns = Ns Aq Ar value 526.It Fl T 527Same as 528.Fl o Cm tcp 529.It Fl U 530Same as 531.Fl o Cm mntudp 532.It Fl a 533Same as 534.Fl o Cm readahead Ns = Ns Aq Ar value 535.It Fl b 536Same as 537.Fl o Cm bg 538.It Fl c 539Same as 540.Fl o Cm noconn 541.It Fl d 542Same as 543.Fl o Cm dumbtimer 544.It Fl g 545Same as 546.Fl o Cm maxgroups 547.It Fl i 548Same as 549.Fl o Cm intr 550.It Fl l 551Same as 552.Fl o Cm rdirplus 553.It Fl r 554Same as 555.Fl o Cm rsize Ns = Ns Aq Ar value 556.It Fl s 557Same as 558.Fl o Cm soft 559.It Fl t 560Same as 561.Fl o Cm retransmit Ns = Ns Aq Ar value 562.It Fl w 563Same as 564.Fl o Cm wsize Ns = Ns Aq Ar value 565.It Fl x 566Same as 567.Fl o Cm retrans Ns = Ns Aq Ar value 568.El 569.Pp 570The following 571.Fl o 572named options are equivalent to other 573.Fl o 574named options and are supported for compatibility with other 575operating systems (e.g., Linux, Solaris, and OSX) to ease usage of 576.Xr autofs 5 577support. 578.Bl -tag -width indent 579.It Fl o Cm vers Ns = Ns 2 580Same as 581.Fl o Cm nfsv2 582.It Fl o Cm vers Ns = Ns 3 583Same as 584.Fl o Cm nfsv3 585.It Fl o Cm vers Ns = Ns 4 586Same as 587.Fl o Cm nfsv4 588.El 589.Sh SEE ALSO 590.Xr nmount 2 , 591.Xr unmount 2 , 592.Xr nfsv4 4 , 593.Xr fstab 5 , 594.Xr gssd 8 , 595.Xr mount 8 , 596.Xr nfsd 8 , 597.Xr nfsiod 8 , 598.Xr rpc.tlsclntd 8 , 599.Xr showmount 8 600.Sh HISTORY 601A version of the 602.Nm 603utility appeared in 604.Bx 4.4 . 605.Sh BUGS 606Since nfsv4 performs open/lock operations that have their ordering strictly 607enforced by the server, the options 608.Cm intr 609and 610.Cm soft 611cannot be safely used. 612.Cm hard 613nfsv4 mounts are strongly recommended. 614