xref: /freebsd/sbin/mount_nfs/mount_nfs.8 (revision 5956d97f4b3204318ceb6aa9c77bd0bc6ea87a41)
1.\" Copyright (c) 1992, 1993, 1994, 1995
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)mount_nfs.8	8.3 (Berkeley) 3/29/95
29.\" $FreeBSD$
30.\"
31.Dd July 2, 2022
32.Dt MOUNT_NFS 8
33.Os
34.Sh NAME
35.Nm mount_nfs
36.Nd mount NFS file systems
37.Sh SYNOPSIS
38.Nm
39.Op Fl 23bcdiLlNPsTU
40.Op Fl a Ar maxreadahead
41.Op Fl D Ar deadthresh
42.Op Fl g Ar maxgroups
43.Op Fl I Ar readdirsize
44.Op Fl o Ar options
45.Op Fl R Ar retrycnt
46.Op Fl r Ar readsize
47.Op Fl t Ar timeout
48.Op Fl w Ar writesize
49.Op Fl x Ar retrans
50.Ar rhost : Ns Ar path node
51.Sh DESCRIPTION
52The
53.Nm
54utility calls the
55.Xr nmount 2
56system call to prepare and graft a remote NFS file system
57.Pq Ar rhost : Ns Ar path
58on to the file system tree at the point
59.Ar node .
60This command is normally executed by
61.Xr mount 8 .
62For NFSv2 and NFSv3,
63it implements the mount protocol as described in RFC 1094, Appendix A and
64RFC 1813, Appendix I.
65For NFSv4, it uses the NFSv4 protocol as described in RFC 7530, RFC 5661 and
66RFC 7862.
67.Pp
68By default,
69.Nm
70keeps retrying until the mount succeeds.
71This behaviour is intended for file systems listed in
72.Xr fstab 5
73that are critical to the boot process.
74For non-critical file systems, the
75.Cm bg
76and
77.Cm retrycnt
78options provide mechanisms to prevent the boot process from hanging
79if the server is unavailable.
80.Pp
81If the server becomes unresponsive while an NFS file system is
82mounted, any new or outstanding file operations on that file system
83will hang uninterruptibly until the server comes back.
84To modify this default behaviour, see the
85.Cm intr
86and
87.Cm soft
88options.
89.Pp
90The options are:
91.Bl -tag -width indent
92.It Fl o
93Options are specified with a
94.Fl o
95flag followed by a comma separated string of options.
96See the
97.Xr mount 8
98man page for possible options and their meanings.
99The following NFS specific options are also available:
100.Bl -tag -width indent
101.It Cm acregmin Ns = Ns Aq Ar seconds
102.It Cm acregmax Ns = Ns Aq Ar seconds
103.It Cm acdirmin Ns = Ns Aq Ar seconds
104.It Cm acdirmax Ns = Ns Aq Ar seconds
105When attributes of files are cached, a timeout calculated to determine
106whether a given cache entry has expired.
107These four values determine the upper and lower bounds of the timeouts for
108.Dq directory
109attributes and
110.Dq regular
111(ie: everything else).
112The default values are 3 -> 60 seconds
113for regular files, and 30 -> 60 seconds for directories.
114The algorithm to calculate the timeout is based on the age of the file.
115The older the file,
116the longer the cache is considered valid, subject to the limits above.
117.It Cm actimeo Ns = Ns Aq Ar seconds
118Set four cache timeouts above to specified value.
119.It Cm allgssname
120This option can be used along with
121.Fl o Cm gssname
122to specify that all operations should use the host-based initiator
123credential.
124This may be used for clients that run system daemons that need to
125access files on the NFSv4 mounted volume.
126.It Cm bg
127If an initial attempt to contact the server fails, fork off a child to keep
128trying the mount in the background.
129Useful for
130.Xr fstab 5 ,
131where the file system mount is not critical to multiuser operation.
132.It Cm bgnow
133Like
134.Cm bg ,
135fork off a child to keep trying the mount in the background,
136but do not attempt to mount in the foreground first.
137This eliminates a
13860+ second timeout when the server is not responding.
139Useful for speeding up the boot process of a client when the server is
140likely to be unavailable.
141This is often the case for interdependent servers
142such as cross-mounted servers (each of two servers is an NFS client of
143the other) and for cluster nodes that must boot before the file servers.
144.It Cm deadthresh Ns = Ns Aq Ar value
145Set the
146.Dq "dead server threshold"
147to the specified number of round trip timeout intervals before a
148.Dq "server not responding"
149message is displayed.
150.It Cm dumbtimer
151Turn off the dynamic retransmit timeout estimator.
152This may be useful for UDP mounts that exhibit high retry rates,
153since it is possible that the dynamically estimated timeout interval is too
154short.
155.It Cm fg
156Same as not specifying
157.Cm bg .
158.It Cm gssname Ns = Ns Aq Ar service-principal-name
159This option can be used with the KerberosV security flavors for NFSv4 mounts
160to specify the
161.Dq "service-principal-name"
162of a host-based entry in the default
163keytab file that is used for system operations.
164It allows the mount to be performed by
165.Dq "root"
166and avoids problems with
167cached credentials for the system operations expiring.
168The
169.Dq "service-prinicpal-name"
170should be specified without instance or domain and is typically
171.Dq "host" ,
172.Dq "nfs"
173or
174.Dq "root" ,
175although the form
176.Sm off
177.Aq Ar service
178@
179.Aq Ar fqdn
180.Sm on
181can also be used if the local system's
182.Xr gethostname 3
183value does not match the host-based principal in the keytab.
184.It Cm hard
185Same as not specifying
186.Cm soft .
187.It Cm intr
188Make the mount interruptible, which implies that file system calls that
189are delayed due to an unresponsive server will fail with EINTR when a
190termination signal is posted for the process.
191.It Cm maxgroups Ns = Ns Aq Ar value
192Set the maximum size of the group list for the credentials to the
193specified value.
194This should be used for mounts on old servers that cannot handle a
195group list size of 16, as specified in RFC 1057.
196Try 8, if users in a lot of groups cannot get response from the mount
197point.
198.It Cm mntudp
199Force the mount protocol to use UDP transport, even for TCP NFS mounts.
200(Necessary for some old
201.Bx
202servers.)
203.It Cm nametimeo Ns = Ns Aq Ar value
204Override the default of NFS_DEFAULT_NAMETIMEO for the timeout (in seconds)
205for positive name cache entries.
206If this is set to 0 it disables positive name caching for the mount point.
207.It Cm negnametimeo Ns = Ns Aq Ar value
208Override the default of NFS_DEFAULT_NEGNAMETIMEO for the timeout (in seconds)
209for negative name cache entries.
210If this is set to 0 it disables negative name caching for the mount point.
211.It Cm nconnect Ns = Ns Aq Ar value
212Specify the number of TCP connections (1-16) to be used
213for an NFS Version 4, minor version 1 or 2 mount.
214Multiple TCP connections can provide more client to server network
215bandwidth for certain network configurations such as:
216.Bd -literal
217- Multiple network interfaces that are aggregated together.
218- A fast network interface that uses multiple queues.
219.Ed
220.sp
221The first TCP connection will be used for all RPCs that consist
222entirely of small RPC messages.
223The RPCs that can have large RPC messages (Read/Readdir/Write) are
224distributed over the additional TCP connections in a round robin
225fashion.
226This option will result in more IP port#s being used.
227This option requires the
228.Cm nfsv4
229option.
230.It Cm nfsv2
231Use the NFS Version 2 protocol (the default is to try version 3 first
232then version 2).
233Note that NFS version 2 has a file size limit of 2 gigabytes.
234.It Cm nfsv3
235Use the NFS Version 3 protocol.
236.It Cm nfsv4
237Use the NFS Version 4 protocol.
238This option will force the mount to use
239TCP transport.
240By default, the highest minor version of NFS Version 4 that is
241supported by the NFS Version 4 server will be used.
242See the
243.Cm minorversion
244option.
245.It Cm minorversion Ns = Ns Aq Ar value
246Use the specified minor version for a NFS Version 4 mount,
247overriding the default.
248The minor versions supported are 0, 1, and 2.
249This option is only meaningful when used with the
250.Cm nfsv4
251option.
252.It Cm oneopenown
253Make a minor version 1 or 2 of the NFS Version 4 protocol mount use a single
254OpenOwner for all Opens.
255This may be useful for a server with a very low limit on OpenOwners, such as
256AmazonEFS.
257It may be required when an accumulation of NFS version 4 Opens occurs,
258as indicated by the
259.Dq Opens
260count displayed by
261.Xr nfsstat 1
262with the
263.Fl c
264and
265.Fl E
266command-line options.
267A common case for an accumulation of Opens is a shared library within
268the NFS mount that is used by several
269processes, where at least one of these processes is always running.
270This option cannot be used for an NFS Version 4, minor version 0 mount.
271It may not work correctly when Delegations are being issued by a server,
272but note that the AmazonEFS server does not issued delegations at this time.
273This option is only meaningful when used with the
274.Cm nfsv4
275option.
276.It Cm pnfs
277Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the
278NFS Version 4 protocol.
279This option is only meaningful when used with the
280.Cm nfsv4
281option.
282.It Cm noac
283Disable attribute caching.
284.It Cm noconn
285For UDP mount points, do not do a
286.Xr connect 2 .
287This must be used if the server does not reply to requests from the standard
288NFS port number 2049 or replies to requests using a different IP address
289(which can occur if the server is multi-homed).
290Setting the
291.Va vfs.nfs.nfs_ip_paranoia
292sysctl to 0 will make this option the default.
293.It Cm nocto
294Normally, NFS clients maintain the close-to-open cache coherency.
295This works by flushing at close time and checking at open time.
296Checking at open time is implemented by getting attributes from
297the server and purging the data cache if they do not match
298attributes cached by the client.
299.Pp
300This option disables checking at open time.
301It may improve performance for read-only mounts,
302but should only be used if the data on the server changes rarely.
303Be sure to understand the consequences before enabling this option.
304.It Cm noinet4 , noinet6
305Disables
306.Dv AF_INET
307or
308.Dv AF_INET6
309connections.
310Useful for hosts that have
311both an A record and an AAAA record for the same name.
312.It Cm nolockd
313Do
314.Em not
315forward
316.Xr fcntl 2
317locks over the wire via the NLM protocol for NFSv3 mounts.
318All locks will be local and not seen by the server
319and likewise not seen by other NFS clients for NFSv3 mounts.
320This removes the need to run the
321.Xr rpcbind 8
322service and the
323.Xr rpc.statd 8
324and
325.Xr rpc.lockd 8
326servers on the client.
327Note that this option will only be honored when performing the
328initial mount, it will be silently ignored if used while updating
329the mount options.
330Also, note that NFSv4 mounts do not use these daemons and handle locks over the
331wire in the NFSv4 protocol.
332As such, this option is meaningless for NFSv4 mounts.
333.It Cm noncontigwr
334This mount option allows the NFS client to
335combine non-contiguous byte ranges being written
336such that the dirty byte range becomes a superset of the bytes
337that are dirty.
338This reduces the number of writes significantly for software
339builds.
340The merging of byte ranges is not done if the file has been file
341locked, since most applications modifying a file from multiple
342clients will use file locking.
343As such, this option could result in a corrupted file for the
344rare case of an application modifying the file from multiple
345clients concurrently without using file locking.
346.It Cm principal
347For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p,
348this option sets the name of the host based principal name expected
349by the server.
350This option overrides the default, which will be ``nfs@<server-fqdn>''
351and should normally be sufficient.
352.It Cm noresvport
353Do
354.Em not
355use a reserved socket port number (see below).
356.It Cm port Ns = Ns Aq Ar port_number
357Use specified port number for NFS requests.
358The default is to query the portmapper for the NFS port.
359.It Cm proto Ns = Ns Aq Ar protocol
360Specify transport protocol version to use.
361Currently, they are:
362.Bd -literal
363udp -   Use UDP over IPv4
364tcp -   Use TCP over IPv4
365udp6 -  Use UDP over IPv6
366tcp6 -  Use TCP over IPv6
367.Ed
368.It Cm rdirplus
369Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should
370be used.
371For NFSV4, setting this option has a similar effect, in that it will make
372the Readdir Operation get more attributes.
373This option reduces RPC traffic for cases such as
374.Dq "ls -l" ,
375but tends to flood the attribute and name caches with prefetched entries.
376Try this option and see whether performance improves or degrades.
377Probably
378most useful for client to server network interconnects with a large bandwidth
379times delay product.
380.It Cm readahead Ns = Ns Aq Ar value
381Set the read-ahead count to the specified value.
382This may be in the range of 0 - 4, and determines how many blocks
383will be read ahead when a large file is being read sequentially.
384Trying a value greater than 1 for this is suggested for
385mounts with a large bandwidth * delay product.
386.It Cm readdirsize Ns = Ns Aq Ar value
387Set the readdir read size to the specified value.
388The value should normally
389be a multiple of
390.Dv DIRBLKSIZ
391that is <= the read size for the mount.
392.It Cm resvport
393Use a reserved socket port number.
394This flag is obsolete, and only retained for compatibility reasons.
395Reserved port numbers are used by default now.
396(For the rare case where the client has a trusted root account
397but untrustworthy users and the network cables are in secure areas this does
398help, but for normal desktop clients this does not apply.)
399.It Cm retrans Ns = Ns Aq Ar value
400Set the retransmit timeout count for soft mounts to the specified value.
401.It Cm retrycnt Ns = Ns Aq Ar count
402Set the mount retry count to the specified value.
403The default is a retry count of zero, which means to keep retrying
404forever.
405There is a 60 second delay between each attempt.
406.It Cm rsize Ns = Ns Aq Ar value
407Set the read data size to the specified value.
408It should normally be a power of 2 greater than or equal to 1024.
409This should be used for UDP mounts when the
410.Dq "fragments dropped due to timeout"
411value is getting large while actively using a mount point.
412(Use
413.Xr netstat 1
414with the
415.Fl s
416option to see what the
417.Dq "fragments dropped due to timeout"
418value is.)
419.It Cm sec Ns = Ns Aq Ar flavor
420This option specifies what security flavor should be used for the mount.
421Currently, they are:
422.Bd -literal
423krb5 -  Use KerberosV authentication
424krb5i - Use KerberosV authentication and
425        apply integrity checksums to RPCs
426krb5p - Use KerberosV authentication and
427        encrypt the RPC data
428sys -   The default AUTH_SYS, which uses a
429        uid + gid list authenticator
430.Ed
431.It Cm soft
432A soft mount, which implies that file system calls will fail
433after
434.Ar retrycnt
435round trip timeout intervals.
436.It Cm tcp
437Use TCP transport.
438This is the default option, as it provides for increased reliability on both
439LAN and WAN configurations compared to UDP.
440Some old NFS servers do not support this method; UDP mounts may be required
441for interoperability.
442.It Cm timeout Ns = Ns Aq Ar value
443Set the initial retransmit timeout to the specified value,
444expressed in tenths of a second.
445May be useful for fine tuning UDP mounts over internetworks
446with high packet loss rates or an overloaded server.
447Try increasing the interval if
448.Xr nfsstat 1
449shows high retransmit rates while the file system is active or reducing the
450value if there is a low retransmit rate but long response delay observed.
451(Normally, the
452.Cm dumbtimer
453option should be specified when using this option to manually
454tune the timeout
455interval.)
456.It Cm timeo Ns = Ns Aq Ar value
457Alias for
458.Cm timeout .
459.It Cm tls
460This option specifies that the connection to the server must use TLS
461per RFC NNNN.
462TLS is only supported for TCP connections and the
463.Xr rpc.tlsclntd 8
464daemon must be running for an NFS over TCP connection to use TLS.
465.It Cm tlscertname Ns = Ns Aq Ar name
466This option specifies the name of an alternate certificate to be
467presented to the NFS server during TLS handshake.
468The default certificate file names are
469.Dq cert.pem
470and
471.Dq certkey.pem .
472When this option is specified,
473.Ar name
474replaces
475.Dq cert
476in the above file names.
477For example, if the value of
478.Ar name
479is specified as
480.Dq other
481the certificate file names to be used will be
482.Dq other.pem
483and
484.Dq otherkey.pem .
485These files are stored in
486.Pa /etc/rpc.tlsclntd
487by default.
488This option is only meaningful when used with the
489.Cm tls
490option and the
491.Xr rpc.tlsclntd 8
492is running with the
493.Fl m
494command line flag set.
495.It Cm udp
496Use UDP transport.
497.It Cm vers Ns = Ns Aq Ar vers_number
498Use the specified version number for NFS requests.
499See the
500.Cm nfsv2 ,
501.Cm nfsv3 ,
502and
503.Cm nfsv4
504options for details.
505.It Cm wcommitsize Ns = Ns Aq Ar value
506Set the maximum pending write commit size to the specified value.
507This determines the maximum amount of pending write data that the NFS
508client is willing to cache for each file.
509.It Cm wsize Ns = Ns Aq Ar value
510Set the write data size to the specified value.
511Ditto the comments w.r.t.\& the
512.Cm rsize
513option, but using the
514.Dq "fragments dropped due to timeout"
515value on the server instead of the client.
516Note that both the
517.Cm rsize
518and
519.Cm wsize
520options should only be used as a last ditch effort at improving performance
521when mounting servers that do not support TCP mounts.
522.El
523.El
524.Sh COMPATIBILITY
525The following command line flags are equivalent to
526.Fl o
527named options and are supported for compatibility with older
528installations.
529.Bl -tag -width indent
530.It Fl 2
531Same as
532.Fl o Cm nfsv2
533.It Fl 3
534Same as
535.Fl o Cm nfsv3
536.It Fl D
537Same as
538.Fl o Cm deadthresh
539.It Fl I
540Same as
541.Fl o Cm readdirsize Ns = Ns Aq Ar value
542.It Fl L
543Same as
544.Fl o Cm nolockd
545.It Fl N
546Same as
547.Fl o Cm noresvport
548.It Fl P
549Use a reserved socket port number.
550This flag is obsolete, and only retained for compatibility reasons.
551(For the rare case where the client has a trusted root account
552but untrustworthy users and the network cables are in secure areas this does
553help, but for normal desktop clients this does not apply.)
554.It Fl R
555Same as
556.Fl o Cm retrycnt Ns = Ns Aq Ar value
557.It Fl T
558Same as
559.Fl o Cm tcp
560.It Fl U
561Same as
562.Fl o Cm mntudp
563.It Fl a
564Same as
565.Fl o Cm readahead Ns = Ns Aq Ar value
566.It Fl b
567Same as
568.Fl o Cm bg
569.It Fl c
570Same as
571.Fl o Cm noconn
572.It Fl d
573Same as
574.Fl o Cm dumbtimer
575.It Fl g
576Same as
577.Fl o Cm maxgroups
578.It Fl i
579Same as
580.Fl o Cm intr
581.It Fl l
582Same as
583.Fl o Cm rdirplus
584.It Fl r
585Same as
586.Fl o Cm rsize Ns = Ns Aq Ar value
587.It Fl s
588Same as
589.Fl o Cm soft
590.It Fl t
591Same as
592.Fl o Cm retransmit Ns = Ns Aq Ar value
593.It Fl w
594Same as
595.Fl o Cm wsize Ns = Ns Aq Ar value
596.It Fl x
597Same as
598.Fl o Cm retrans Ns = Ns Aq Ar value
599.El
600.Pp
601The following
602.Fl o
603named options are equivalent to other
604.Fl o
605named options and are supported for compatibility with other
606operating systems (e.g., Linux, Solaris, and OSX) to ease usage of
607.Xr autofs 5
608support.
609.Bl -tag -width indent
610.It Fl o Cm vers Ns = Ns 2
611Same as
612.Fl o Cm nfsv2
613.It Fl o Cm vers Ns = Ns 3
614Same as
615.Fl o Cm nfsv3
616.It Fl o Cm vers Ns = Ns 4
617Same as
618.Fl o Cm nfsv4
619.El
620.Sh IMPLEMENTATION NOTES
621When neither the
622.Cm rsize
623nor
624.Cm wsize
625options are specified, the I/O size will be set to the largest value
626supported by both the NFS client and server.
627The largest value supported by the NFS client is defined by
628the tunable
629.Cd vfs.maxbcachebuf
630which can be set to a power of two up to
631.Cd kern.maxphys .
632.Pp
633The
634.Xr nfsstat 1
635command with the
636.Ic -m
637command line option will show what
638.Nm
639option settings are actually in use for the mount.
640.Sh SEE ALSO
641.Xr nfsstat 1 ,
642.Xr nmount 2 ,
643.Xr unmount 2 ,
644.Xr lagg 4 ,
645.Xr nfsv4 4 ,
646.Xr fstab 5 ,
647.Xr gssd 8 ,
648.Xr mount 8 ,
649.Xr nfsd 8 ,
650.Xr nfsiod 8 ,
651.Xr rpc.tlsclntd 8 ,
652.Xr showmount 8
653.Sh HISTORY
654A version of the
655.Nm
656utility appeared in
657.Bx 4.4 .
658.Sh BUGS
659Since nfsv4 performs open/lock operations that have their ordering strictly
660enforced by the server, the options
661.Cm intr
662and
663.Cm soft
664cannot be safely used.
665For NFSv4 minor version 1 or 2 mounts, these options may
666also result
667in hung mount points, due to corruption of session slots.
668.Cm hard
669nfsv4 mounts are strongly recommended.
670