1.\" Copyright (c) 1992, 1993, 1994, 1995 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 29.\" $FreeBSD$ 30.\" 31.Dd July 2, 2022 32.Dt MOUNT_NFS 8 33.Os 34.Sh NAME 35.Nm mount_nfs 36.Nd mount NFS file systems 37.Sh SYNOPSIS 38.Nm 39.Op Fl 23bcdiLlNPsTU 40.Op Fl a Ar maxreadahead 41.Op Fl D Ar deadthresh 42.Op Fl g Ar maxgroups 43.Op Fl I Ar readdirsize 44.Op Fl o Ar options 45.Op Fl R Ar retrycnt 46.Op Fl r Ar readsize 47.Op Fl t Ar timeout 48.Op Fl w Ar writesize 49.Op Fl x Ar retrans 50.Ar rhost : Ns Ar path node 51.Sh DESCRIPTION 52The 53.Nm 54utility calls the 55.Xr nmount 2 56system call to prepare and graft a remote NFS file system 57.Pq Ar rhost : Ns Ar path 58on to the file system tree at the point 59.Ar node . 60This command is normally executed by 61.Xr mount 8 . 62For NFSv2 and NFSv3, 63it implements the mount protocol as described in RFC 1094, Appendix A and 64RFC 1813, Appendix I. 65For NFSv4, it uses the NFSv4 protocol as described in RFC 7530, RFC 5661 and 66RFC 7862. 67.Pp 68By default, 69.Nm 70keeps retrying until the mount succeeds. 71This behaviour is intended for file systems listed in 72.Xr fstab 5 73that are critical to the boot process. 74For non-critical file systems, the 75.Cm bg 76and 77.Cm retrycnt 78options provide mechanisms to prevent the boot process from hanging 79if the server is unavailable. 80.Pp 81If the server becomes unresponsive while an NFS file system is 82mounted, any new or outstanding file operations on that file system 83will hang uninterruptibly until the server comes back. 84To modify this default behaviour, see the 85.Cm intr 86and 87.Cm soft 88options. 89.Pp 90The options are: 91.Bl -tag -width indent 92.It Fl o 93Options are specified with a 94.Fl o 95flag followed by a comma separated string of options. 96See the 97.Xr mount 8 98man page for possible options and their meanings. 99The following NFS specific options are also available: 100.Bl -tag -width indent 101.It Cm acregmin Ns = Ns Aq Ar seconds 102.It Cm acregmax Ns = Ns Aq Ar seconds 103.It Cm acdirmin Ns = Ns Aq Ar seconds 104.It Cm acdirmax Ns = Ns Aq Ar seconds 105When attributes of files are cached, a timeout calculated to determine 106whether a given cache entry has expired. 107These four values determine the upper and lower bounds of the timeouts for 108.Dq directory 109attributes and 110.Dq regular 111(ie: everything else). 112The default values are 3 -> 60 seconds 113for regular files, and 30 -> 60 seconds for directories. 114The algorithm to calculate the timeout is based on the age of the file. 115The older the file, 116the longer the cache is considered valid, subject to the limits above. 117.It Cm actimeo Ns = Ns Aq Ar seconds 118Set four cache timeouts above to specified value. 119.It Cm allgssname 120This option can be used along with 121.Fl o Cm gssname 122to specify that all operations should use the host-based initiator 123credential. 124This may be used for clients that run system daemons that need to 125access files on the NFSv4 mounted volume. 126.It Cm bg 127If an initial attempt to contact the server fails, fork off a child to keep 128trying the mount in the background. 129Useful for 130.Xr fstab 5 , 131where the file system mount is not critical to multiuser operation. 132.It Cm bgnow 133Like 134.Cm bg , 135fork off a child to keep trying the mount in the background, 136but do not attempt to mount in the foreground first. 137This eliminates a 13860+ second timeout when the server is not responding. 139Useful for speeding up the boot process of a client when the server is 140likely to be unavailable. 141This is often the case for interdependent servers 142such as cross-mounted servers (each of two servers is an NFS client of 143the other) and for cluster nodes that must boot before the file servers. 144.It Cm deadthresh Ns = Ns Aq Ar value 145Set the 146.Dq "dead server threshold" 147to the specified number of round trip timeout intervals before a 148.Dq "server not responding" 149message is displayed. 150.It Cm dumbtimer 151Turn off the dynamic retransmit timeout estimator. 152This may be useful for UDP mounts that exhibit high retry rates, 153since it is possible that the dynamically estimated timeout interval is too 154short. 155.It Cm fg 156Same as not specifying 157.Cm bg . 158.It Cm gssname Ns = Ns Aq Ar service-principal-name 159This option can be used with the KerberosV security flavors for NFSv4 mounts 160to specify the 161.Dq "service-principal-name" 162of a host-based entry in the default 163keytab file that is used for system operations. 164It allows the mount to be performed by 165.Dq "root" 166and avoids problems with 167cached credentials for the system operations expiring. 168The 169.Dq "service-prinicpal-name" 170should be specified without instance or domain and is typically 171.Dq "host" , 172.Dq "nfs" 173or 174.Dq "root" , 175although the form 176.Sm off 177.Aq Ar service 178@ 179.Aq Ar fqdn 180.Sm on 181can also be used if the local system's 182.Xr gethostname 3 183value does not match the host-based principal in the keytab. 184.It Cm hard 185Same as not specifying 186.Cm soft . 187.It Cm intr 188Make the mount interruptible, which implies that file system calls that 189are delayed due to an unresponsive server will fail with EINTR when a 190termination signal is posted for the process. 191.It Cm maxgroups Ns = Ns Aq Ar value 192Set the maximum size of the group list for the credentials to the 193specified value. 194This should be used for mounts on old servers that cannot handle a 195group list size of 16, as specified in RFC 1057. 196Try 8, if users in a lot of groups cannot get response from the mount 197point. 198.It Cm mntudp 199Force the mount protocol to use UDP transport, even for TCP NFS mounts. 200(Necessary for some old 201.Bx 202servers.) 203.It Cm nametimeo Ns = Ns Aq Ar value 204Override the default of NFS_DEFAULT_NAMETIMEO for the timeout (in seconds) 205for positive name cache entries. 206If this is set to 0 it disables positive name caching for the mount point. 207.It Cm negnametimeo Ns = Ns Aq Ar value 208Override the default of NFS_DEFAULT_NEGNAMETIMEO for the timeout (in seconds) 209for negative name cache entries. 210If this is set to 0 it disables negative name caching for the mount point. 211.It Cm nconnect Ns = Ns Aq Ar value 212Specify the number of TCP connections (1-16) to be used 213for an NFS Version 4, minor version 1 or 2 mount. 214Multiple TCP connections can provide more client to server network 215bandwidth for certain network configurations such as: 216.Bd -literal 217- Multiple network interfaces that are aggregated together. 218- A fast network interface that uses multiple queues. 219.Ed 220.sp 221The first TCP connection will be used for all RPCs that consist 222entirely of small RPC messages. 223The RPCs that can have large RPC messages (Read/Readdir/Write) are 224distributed over the additional TCP connections in a round robin 225fashion. 226This option will result in more IP port#s being used. 227This option requires the 228.Cm nfsv4 229option. 230.It Cm nfsv2 231Use the NFS Version 2 protocol (the default is to try version 3 first 232then version 2). 233Note that NFS version 2 has a file size limit of 2 gigabytes. 234.It Cm nfsv3 235Use the NFS Version 3 protocol. 236.It Cm nfsv4 237Use the NFS Version 4 protocol. 238This option will force the mount to use 239TCP transport. 240By default, the highest minor version of NFS Version 4 that is 241supported by the NFS Version 4 server will be used. 242See the 243.Cm minorversion 244option. 245.It Cm minorversion Ns = Ns Aq Ar value 246Use the specified minor version for a NFS Version 4 mount, 247overriding the default. 248The minor versions supported are 0, 1, and 2. 249This option is only meaningful when used with the 250.Cm nfsv4 251option. 252.It Cm oneopenown 253Make a minor version 1 or 2 of the NFS Version 4 protocol mount use a single 254OpenOwner for all Opens. 255This may be useful for a server with a very low limit on OpenOwners, such as 256AmazonEFS. 257It may be required when an accumulation of NFS version 4 Opens occurs, 258as indicated by the 259.Dq Opens 260count displayed by 261.Xr nfsstat 1 262with the 263.Fl c 264and 265.Fl E 266command-line options. 267A common case for an accumulation of Opens is a shared library within 268the NFS mount that is used by several 269processes, where at least one of these processes is always running. 270This option cannot be used for an NFS Version 4, minor version 0 mount. 271It may not work correctly when Delegations are being issued by a server, 272but note that the AmazonEFS server does not issued delegations at this time. 273This option is only meaningful when used with the 274.Cm nfsv4 275option. 276.It Cm pnfs 277Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the 278NFS Version 4 protocol. 279This option is only meaningful when used with the 280.Cm nfsv4 281option. 282.It Cm noac 283Disable attribute caching. 284.It Cm noconn 285For UDP mount points, do not do a 286.Xr connect 2 . 287This must be used if the server does not reply to requests from the standard 288NFS port number 2049 or replies to requests using a different IP address 289(which can occur if the server is multi-homed). 290Setting the 291.Va vfs.nfs.nfs_ip_paranoia 292sysctl to 0 will make this option the default. 293.It Cm nocto 294Normally, NFS clients maintain the close-to-open cache coherency. 295This works by flushing at close time and checking at open time. 296Checking at open time is implemented by getting attributes from 297the server and purging the data cache if they do not match 298attributes cached by the client. 299.Pp 300This option disables checking at open time. 301It may improve performance for read-only mounts, 302but should only be used if the data on the server changes rarely. 303Be sure to understand the consequences before enabling this option. 304.It Cm noinet4 , noinet6 305Disables 306.Dv AF_INET 307or 308.Dv AF_INET6 309connections. 310Useful for hosts that have 311both an A record and an AAAA record for the same name. 312.It Cm nolockd 313Do 314.Em not 315forward 316.Xr fcntl 2 317locks over the wire via the NLM protocol for NFSv3 mounts. 318All locks will be local and not seen by the server 319and likewise not seen by other NFS clients for NFSv3 mounts. 320This removes the need to run the 321.Xr rpcbind 8 322service and the 323.Xr rpc.statd 8 324and 325.Xr rpc.lockd 8 326servers on the client. 327Note that this option will only be honored when performing the 328initial mount, it will be silently ignored if used while updating 329the mount options. 330Also, note that NFSv4 mounts do not use these daemons and handle locks over the 331wire in the NFSv4 protocol. 332As such, this option is meaningless for NFSv4 mounts. 333.It Cm noncontigwr 334This mount option allows the NFS client to 335combine non-contiguous byte ranges being written 336such that the dirty byte range becomes a superset of the bytes 337that are dirty. 338This reduces the number of writes significantly for software 339builds. 340The merging of byte ranges is not done if the file has been file 341locked, since most applications modifying a file from multiple 342clients will use file locking. 343As such, this option could result in a corrupted file for the 344rare case of an application modifying the file from multiple 345clients concurrently without using file locking. 346.It Cm principal 347For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p, 348this option sets the name of the host based principal name expected 349by the server. 350This option overrides the default, which will be ``nfs@<server-fqdn>'' 351and should normally be sufficient. 352.It Cm noresvport 353Do 354.Em not 355use a reserved socket port number (see below). 356.It Cm port Ns = Ns Aq Ar port_number 357Use specified port number for NFS requests. 358The default is to query the portmapper for the NFS port. 359.It Cm proto Ns = Ns Aq Ar protocol 360Specify transport protocol version to use. 361Currently, they are: 362.Bd -literal 363udp - Use UDP over IPv4 364tcp - Use TCP over IPv4 365udp6 - Use UDP over IPv6 366tcp6 - Use TCP over IPv6 367.Ed 368.It Cm rdirplus 369Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should 370be used. 371For NFSV4, setting this option has a similar effect, in that it will make 372the Readdir Operation get more attributes. 373This option reduces RPC traffic for cases such as 374.Dq "ls -l" , 375but tends to flood the attribute and name caches with prefetched entries. 376Try this option and see whether performance improves or degrades. 377Probably 378most useful for client to server network interconnects with a large bandwidth 379times delay product. 380.It Cm readahead Ns = Ns Aq Ar value 381Set the read-ahead count to the specified value. 382This may be in the range of 0 - 4, and determines how many blocks 383will be read ahead when a large file is being read sequentially. 384Trying a value greater than 1 for this is suggested for 385mounts with a large bandwidth * delay product. 386.It Cm readdirsize Ns = Ns Aq Ar value 387Set the readdir read size to the specified value. 388The value should normally 389be a multiple of 390.Dv DIRBLKSIZ 391that is <= the read size for the mount. 392.It Cm resvport 393Use a reserved socket port number. 394This flag is obsolete, and only retained for compatibility reasons. 395Reserved port numbers are used by default now. 396(For the rare case where the client has a trusted root account 397but untrustworthy users and the network cables are in secure areas this does 398help, but for normal desktop clients this does not apply.) 399.It Cm retrans Ns = Ns Aq Ar value 400Set the retransmit timeout count for soft mounts to the specified value. 401.It Cm retrycnt Ns = Ns Aq Ar count 402Set the mount retry count to the specified value. 403The default is a retry count of zero, which means to keep retrying 404forever. 405There is a 60 second delay between each attempt. 406.It Cm rsize Ns = Ns Aq Ar value 407Set the read data size to the specified value. 408It should normally be a power of 2 greater than or equal to 1024. 409This should be used for UDP mounts when the 410.Dq "fragments dropped due to timeout" 411value is getting large while actively using a mount point. 412(Use 413.Xr netstat 1 414with the 415.Fl s 416option to see what the 417.Dq "fragments dropped due to timeout" 418value is.) 419.It Cm sec Ns = Ns Aq Ar flavor 420This option specifies what security flavor should be used for the mount. 421Currently, they are: 422.Bd -literal 423krb5 - Use KerberosV authentication 424krb5i - Use KerberosV authentication and 425 apply integrity checksums to RPCs 426krb5p - Use KerberosV authentication and 427 encrypt the RPC data 428sys - The default AUTH_SYS, which uses a 429 uid + gid list authenticator 430.Ed 431.It Cm soft 432A soft mount, which implies that file system calls will fail 433after 434.Ar retrycnt 435round trip timeout intervals. 436.It Cm tcp 437Use TCP transport. 438This is the default option, as it provides for increased reliability on both 439LAN and WAN configurations compared to UDP. 440Some old NFS servers do not support this method; UDP mounts may be required 441for interoperability. 442.It Cm timeout Ns = Ns Aq Ar value 443Set the initial retransmit timeout to the specified value, 444expressed in tenths of a second. 445May be useful for fine tuning UDP mounts over internetworks 446with high packet loss rates or an overloaded server. 447Try increasing the interval if 448.Xr nfsstat 1 449shows high retransmit rates while the file system is active or reducing the 450value if there is a low retransmit rate but long response delay observed. 451(Normally, the 452.Cm dumbtimer 453option should be specified when using this option to manually 454tune the timeout 455interval.) 456.It Cm timeo Ns = Ns Aq Ar value 457Alias for 458.Cm timeout . 459.It Cm tls 460This option specifies that the connection to the server must use TLS 461per RFC NNNN. 462TLS is only supported for TCP connections and the 463.Xr rpc.tlsclntd 8 464daemon must be running for an NFS over TCP connection to use TLS. 465.It Cm tlscertname Ns = Ns Aq Ar name 466This option specifies the name of an alternate certificate to be 467presented to the NFS server during TLS handshake. 468The default certificate file names are 469.Dq cert.pem 470and 471.Dq certkey.pem . 472When this option is specified, 473.Ar name 474replaces 475.Dq cert 476in the above file names. 477For example, if the value of 478.Ar name 479is specified as 480.Dq other 481the certificate file names to be used will be 482.Dq other.pem 483and 484.Dq otherkey.pem . 485These files are stored in 486.Pa /etc/rpc.tlsclntd 487by default. 488This option is only meaningful when used with the 489.Cm tls 490option and the 491.Xr rpc.tlsclntd 8 492is running with the 493.Fl m 494command line flag set. 495.It Cm udp 496Use UDP transport. 497.It Cm vers Ns = Ns Aq Ar vers_number 498Use the specified version number for NFS requests. 499See the 500.Cm nfsv2 , 501.Cm nfsv3 , 502and 503.Cm nfsv4 504options for details. 505.It Cm wcommitsize Ns = Ns Aq Ar value 506Set the maximum pending write commit size to the specified value. 507This determines the maximum amount of pending write data that the NFS 508client is willing to cache for each file. 509.It Cm wsize Ns = Ns Aq Ar value 510Set the write data size to the specified value. 511Ditto the comments w.r.t.\& the 512.Cm rsize 513option, but using the 514.Dq "fragments dropped due to timeout" 515value on the server instead of the client. 516Note that both the 517.Cm rsize 518and 519.Cm wsize 520options should only be used as a last ditch effort at improving performance 521when mounting servers that do not support TCP mounts. 522.El 523.El 524.Sh COMPATIBILITY 525The following command line flags are equivalent to 526.Fl o 527named options and are supported for compatibility with older 528installations. 529.Bl -tag -width indent 530.It Fl 2 531Same as 532.Fl o Cm nfsv2 533.It Fl 3 534Same as 535.Fl o Cm nfsv3 536.It Fl D 537Same as 538.Fl o Cm deadthresh 539.It Fl I 540Same as 541.Fl o Cm readdirsize Ns = Ns Aq Ar value 542.It Fl L 543Same as 544.Fl o Cm nolockd 545.It Fl N 546Same as 547.Fl o Cm noresvport 548.It Fl P 549Use a reserved socket port number. 550This flag is obsolete, and only retained for compatibility reasons. 551(For the rare case where the client has a trusted root account 552but untrustworthy users and the network cables are in secure areas this does 553help, but for normal desktop clients this does not apply.) 554.It Fl R 555Same as 556.Fl o Cm retrycnt Ns = Ns Aq Ar value 557.It Fl T 558Same as 559.Fl o Cm tcp 560.It Fl U 561Same as 562.Fl o Cm mntudp 563.It Fl a 564Same as 565.Fl o Cm readahead Ns = Ns Aq Ar value 566.It Fl b 567Same as 568.Fl o Cm bg 569.It Fl c 570Same as 571.Fl o Cm noconn 572.It Fl d 573Same as 574.Fl o Cm dumbtimer 575.It Fl g 576Same as 577.Fl o Cm maxgroups 578.It Fl i 579Same as 580.Fl o Cm intr 581.It Fl l 582Same as 583.Fl o Cm rdirplus 584.It Fl r 585Same as 586.Fl o Cm rsize Ns = Ns Aq Ar value 587.It Fl s 588Same as 589.Fl o Cm soft 590.It Fl t 591Same as 592.Fl o Cm retransmit Ns = Ns Aq Ar value 593.It Fl w 594Same as 595.Fl o Cm wsize Ns = Ns Aq Ar value 596.It Fl x 597Same as 598.Fl o Cm retrans Ns = Ns Aq Ar value 599.El 600.Pp 601The following 602.Fl o 603named options are equivalent to other 604.Fl o 605named options and are supported for compatibility with other 606operating systems (e.g., Linux, Solaris, and OSX) to ease usage of 607.Xr autofs 5 608support. 609.Bl -tag -width indent 610.It Fl o Cm vers Ns = Ns 2 611Same as 612.Fl o Cm nfsv2 613.It Fl o Cm vers Ns = Ns 3 614Same as 615.Fl o Cm nfsv3 616.It Fl o Cm vers Ns = Ns 4 617Same as 618.Fl o Cm nfsv4 619.El 620.Sh IMPLEMENTATION NOTES 621When neither the 622.Cm rsize 623nor 624.Cm wsize 625options are specified, the I/O size will be set to the largest value 626supported by both the NFS client and server. 627The largest value supported by the NFS client is defined by 628the tunable 629.Cd vfs.maxbcachebuf 630which can be set to a power of two up to 631.Cd kern.maxphys . 632.Pp 633The 634.Xr nfsstat 1 635command with the 636.Ic -m 637command line option will show what 638.Nm 639option settings are actually in use for the mount. 640.Sh SEE ALSO 641.Xr nfsstat 1 , 642.Xr nmount 2 , 643.Xr unmount 2 , 644.Xr lagg 4 , 645.Xr nfsv4 4 , 646.Xr fstab 5 , 647.Xr gssd 8 , 648.Xr mount 8 , 649.Xr nfsd 8 , 650.Xr nfsiod 8 , 651.Xr rpc.tlsclntd 8 , 652.Xr showmount 8 653.Sh HISTORY 654A version of the 655.Nm 656utility appeared in 657.Bx 4.4 . 658.Sh BUGS 659Since nfsv4 performs open/lock operations that have their ordering strictly 660enforced by the server, the options 661.Cm intr 662and 663.Cm soft 664cannot be safely used. 665For NFSv4 minor version 1 or 2 mounts, these options may 666also result 667in hung mount points, due to corruption of session slots. 668.Cm hard 669nfsv4 mounts are strongly recommended. 670