xref: /freebsd/sbin/mount_nfs/mount_nfs.8 (revision 5eb61f6c6549f134a4f3bed4c164345d4f616bad)
1.\" Copyright (c) 1992, 1993, 1994, 1995
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)mount_nfs.8	8.3 (Berkeley) 3/29/95
29.\" $FreeBSD$
30.\"
31.Dd July 10, 2021
32.Dt MOUNT_NFS 8
33.Os
34.Sh NAME
35.Nm mount_nfs
36.Nd mount NFS file systems
37.Sh SYNOPSIS
38.Nm
39.Op Fl 23bcdiLlNPsTU
40.Op Fl a Ar maxreadahead
41.Op Fl D Ar deadthresh
42.Op Fl g Ar maxgroups
43.Op Fl I Ar readdirsize
44.Op Fl o Ar options
45.Op Fl R Ar retrycnt
46.Op Fl r Ar readsize
47.Op Fl t Ar timeout
48.Op Fl w Ar writesize
49.Op Fl x Ar retrans
50.Ar rhost : Ns Ar path node
51.Sh DESCRIPTION
52The
53.Nm
54utility calls the
55.Xr nmount 2
56system call to prepare and graft a remote NFS file system
57.Pq Ar rhost : Ns Ar path
58on to the file system tree at the point
59.Ar node .
60This command is normally executed by
61.Xr mount 8 .
62For NFSv2 and NFSv3,
63it implements the mount protocol as described in RFC 1094, Appendix A and
64RFC 1813, Appendix I.
65For NFSv4, it uses the NFSv4 protocol as described in RFC 7530, RFC 5661 and
66RFC 7862.
67.Pp
68By default,
69.Nm
70keeps retrying until the mount succeeds.
71This behaviour is intended for file systems listed in
72.Xr fstab 5
73that are critical to the boot process.
74For non-critical file systems, the
75.Cm bg
76and
77.Cm retrycnt
78options provide mechanisms to prevent the boot process from hanging
79if the server is unavailable.
80.Pp
81If the server becomes unresponsive while an NFS file system is
82mounted, any new or outstanding file operations on that file system
83will hang uninterruptibly until the server comes back.
84To modify this default behaviour, see the
85.Cm intr
86and
87.Cm soft
88options.
89.Pp
90The options are:
91.Bl -tag -width indent
92.It Fl o
93Options are specified with a
94.Fl o
95flag followed by a comma separated string of options.
96See the
97.Xr mount 8
98man page for possible options and their meanings.
99The following NFS specific options are also available:
100.Bl -tag -width indent
101.It Cm acregmin Ns = Ns Aq Ar seconds
102.It Cm acregmax Ns = Ns Aq Ar seconds
103.It Cm acdirmin Ns = Ns Aq Ar seconds
104.It Cm acdirmax Ns = Ns Aq Ar seconds
105When attributes of files are cached, a timeout calculated to determine
106whether a given cache entry has expired.
107These four values determine the upper and lower bounds of the timeouts for
108.Dq directory
109attributes and
110.Dq regular
111(ie: everything else).
112The default values are 3 -> 60 seconds
113for regular files, and 30 -> 60 seconds for directories.
114The algorithm to calculate the timeout is based on the age of the file.
115The older the file,
116the longer the cache is considered valid, subject to the limits above.
117.It Cm actimeo Ns = Ns Aq Ar seconds
118Set four cache timeouts above to specified value.
119.It Cm allgssname
120This option can be used along with
121.Fl o Cm gssname
122to specify that all operations should use the host-based initiator
123credential.
124This may be used for clients that run system daemons that need to
125access files on the NFSv4 mounted volume.
126.It Cm bg
127If an initial attempt to contact the server fails, fork off a child to keep
128trying the mount in the background.
129Useful for
130.Xr fstab 5 ,
131where the file system mount is not critical to multiuser operation.
132.It Cm deadthresh Ns = Ns Aq Ar value
133Set the
134.Dq "dead server threshold"
135to the specified number of round trip timeout intervals before a
136.Dq "server not responding"
137message is displayed.
138.It Cm dumbtimer
139Turn off the dynamic retransmit timeout estimator.
140This may be useful for UDP mounts that exhibit high retry rates,
141since it is possible that the dynamically estimated timeout interval is too
142short.
143.It Cm fg
144Same as not specifying
145.Cm bg .
146.It Cm gssname Ns = Ns Aq Ar service-principal-name
147This option can be used with the KerberosV security flavors for NFSv4 mounts
148to specify the
149.Dq "service-principal-name"
150of a host-based entry in the default
151keytab file that is used for system operations.
152It allows the mount to be performed by
153.Dq "root"
154and avoids problems with
155cached credentials for the system operations expiring.
156The
157.Dq "service-prinicpal-name"
158should be specified without instance or domain and is typically
159.Dq "host" ,
160.Dq "nfs"
161or
162.Dq "root" ,
163although the form
164.Sm off
165.Aq Ar service
166@
167.Aq Ar fqdn
168.Sm on
169can also be used if the local system's
170.Xr gethostname 3
171value does not match the host-based principal in the keytab.
172.It Cm hard
173Same as not specifying
174.Cm soft .
175.It Cm intr
176Make the mount interruptible, which implies that file system calls that
177are delayed due to an unresponsive server will fail with EINTR when a
178termination signal is posted for the process.
179.It Cm maxgroups Ns = Ns Aq Ar value
180Set the maximum size of the group list for the credentials to the
181specified value.
182This should be used for mounts on old servers that cannot handle a
183group list size of 16, as specified in RFC 1057.
184Try 8, if users in a lot of groups cannot get response from the mount
185point.
186.It Cm mntudp
187Force the mount protocol to use UDP transport, even for TCP NFS mounts.
188(Necessary for some old
189.Bx
190servers.)
191.It Cm nametimeo Ns = Ns Aq Ar value
192Override the default of NFS_DEFAULT_NAMETIMEO for the timeout (in seconds)
193for positive name cache entries.
194If this is set to 0 it disables positive name caching for the mount point.
195.It Cm negnametimeo Ns = Ns Aq Ar value
196Override the default of NFS_DEFAULT_NEGNAMETIMEO for the timeout (in seconds)
197for negative name cache entries.
198If this is set to 0 it disables negative name caching for the mount point.
199.It Cm nconnect Ns = Ns Aq Ar value
200Specify the number of TCP connections (1-16) to be used
201for an NFS Version 4, minor version 1 or 2 mount.
202Multiple TCP connections can provide more client to server network
203bandwidth for certain network configurations such as:
204.Bd -literal
205- Multiple network interfaces that are aggregated together.
206- A fast network interface that uses multiple queues.
207.Ed
208.sp
209The first TCP connection will be used for all RPCs that consist
210entirely of small RPC messages.
211The RPCs that can have large RPC messages (Read/Readdir/Write) are
212distributed over the additional TCP connections in a round robin
213fashion.
214This option will result in more IP port#s being used.
215This option requires the
216.Cm nfsv4
217option.
218.It Cm nfsv2
219Use the NFS Version 2 protocol (the default is to try version 3 first
220then version 2).
221Note that NFS version 2 has a file size limit of 2 gigabytes.
222.It Cm nfsv3
223Use the NFS Version 3 protocol.
224.It Cm nfsv4
225Use the NFS Version 4 protocol.
226This option will force the mount to use
227TCP transport.
228By default, the highest minor version of NFS Version 4 that is
229supported by the NFS Version 4 server will be used.
230See the
231.Cm minorversion
232option.
233.It Cm minorversion Ns = Ns Aq Ar value
234Use the specified minor version for a NFS Version 4 mount,
235overriding the default.
236The minor versions supported are 0, 1, and 2.
237This option is only meaningful when used with the
238.Cm nfsv4
239option.
240.It Cm oneopenown
241Make a minor version 1 or 2 of the NFS Version 4 protocol mount use a single
242OpenOwner for all Opens.
243This may be useful for a server with a very low limit on OpenOwners, such as
244AmazonEFS.
245It may be required when an accumulation of NFS version 4 Opens occurs,
246as indicated by the
247.Dq Opens
248count displayed by
249.Xr nfsstat 1
250with the
251.Fl c
252and
253.Fl E
254command-line options.
255A common case for an accumulation of Opens is a shared library within
256the NFS mount that is used by several
257processes, where at least one of these processes is always running.
258This option cannot be used for an NFS Version 4, minor version 0 mount.
259It may not work correctly when Delegations are being issued by a server,
260but note that the AmazonEFS server does not issued delegations at this time.
261This option is only meaningful when used with the
262.Cm nfsv4
263option.
264.It Cm pnfs
265Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the
266NFS Version 4 protocol.
267This option is only meaningful when used with the
268.Cm nfsv4
269option.
270.It Cm noac
271Disable attribute caching.
272.It Cm noconn
273For UDP mount points, do not do a
274.Xr connect 2 .
275This must be used if the server does not reply to requests from the standard
276NFS port number 2049 or replies to requests using a different IP address
277(which can occur if the server is multi-homed).
278Setting the
279.Va vfs.nfs.nfs_ip_paranoia
280sysctl to 0 will make this option the default.
281.It Cm nocto
282Normally, NFS clients maintain the close-to-open cache coherency.
283This works by flushing at close time and checking at open time.
284Checking at open time is implemented by getting attributes from
285the server and purging the data cache if they do not match
286attributes cached by the client.
287.Pp
288This option disables checking at open time.
289It may improve performance for read-only mounts,
290but should only be used if the data on the server changes rarely.
291Be sure to understand the consequences before enabling this option.
292.It Cm noinet4 , noinet6
293Disables
294.Dv AF_INET
295or
296.Dv AF_INET6
297connections.
298Useful for hosts that have
299both an A record and an AAAA record for the same name.
300.It Cm nolockd
301Do
302.Em not
303forward
304.Xr fcntl 2
305locks over the wire via the NLM protocol for NFSv3 mounts.
306All locks will be local and not seen by the server
307and likewise not seen by other NFS clients for NFSv3 mounts.
308This removes the need to run the
309.Xr rpcbind 8
310service and the
311.Xr rpc.statd 8
312and
313.Xr rpc.lockd 8
314servers on the client.
315Note that this option will only be honored when performing the
316initial mount, it will be silently ignored if used while updating
317the mount options.
318Also, note that NFSv4 mounts do not use these daemons and handle locks over the
319wire in the NFSv4 protocol.
320As such, this option is meaningless for NFSv4 mounts.
321.It Cm noncontigwr
322This mount option allows the NFS client to
323combine non-contiguous byte ranges being written
324such that the dirty byte range becomes a superset of the bytes
325that are dirty.
326This reduces the number of writes significantly for software
327builds.
328The merging of byte ranges is not done if the file has been file
329locked, since most applications modifying a file from multiple
330clients will use file locking.
331As such, this option could result in a corrupted file for the
332rare case of an application modifying the file from multiple
333clients concurrently without using file locking.
334.It Cm principal
335For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p,
336this option sets the name of the host based principal name expected
337by the server.
338This option overrides the default, which will be ``nfs@<server-fqdn>''
339and should normally be sufficient.
340.It Cm noresvport
341Do
342.Em not
343use a reserved socket port number (see below).
344.It Cm port Ns = Ns Aq Ar port_number
345Use specified port number for NFS requests.
346The default is to query the portmapper for the NFS port.
347.It Cm proto Ns = Ns Aq Ar protocol
348Specify transport protocol version to use.
349Currently, they are:
350.Bd -literal
351udp -   Use UDP over IPv4
352tcp -   Use TCP over IPv4
353udp6 -  Use UDP over IPv6
354tcp6 -  Use TCP over IPv6
355.Ed
356.It Cm rdirplus
357Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should
358be used.
359For NFSV4, setting this option has a similar effect, in that it will make
360the Readdir Operation get more attributes.
361This option reduces RPC traffic for cases such as
362.Dq "ls -l" ,
363but tends to flood the attribute and name caches with prefetched entries.
364Try this option and see whether performance improves or degrades.
365Probably
366most useful for client to server network interconnects with a large bandwidth
367times delay product.
368.It Cm readahead Ns = Ns Aq Ar value
369Set the read-ahead count to the specified value.
370This may be in the range of 0 - 4, and determines how many blocks
371will be read ahead when a large file is being read sequentially.
372Trying a value greater than 1 for this is suggested for
373mounts with a large bandwidth * delay product.
374.It Cm readdirsize Ns = Ns Aq Ar value
375Set the readdir read size to the specified value.
376The value should normally
377be a multiple of
378.Dv DIRBLKSIZ
379that is <= the read size for the mount.
380.It Cm resvport
381Use a reserved socket port number.
382This flag is obsolete, and only retained for compatibility reasons.
383Reserved port numbers are used by default now.
384(For the rare case where the client has a trusted root account
385but untrustworthy users and the network cables are in secure areas this does
386help, but for normal desktop clients this does not apply.)
387.It Cm retrans Ns = Ns Aq Ar value
388Set the retransmit timeout count for soft mounts to the specified value.
389.It Cm retrycnt Ns = Ns Aq Ar count
390Set the mount retry count to the specified value.
391The default is a retry count of zero, which means to keep retrying
392forever.
393There is a 60 second delay between each attempt.
394.It Cm rsize Ns = Ns Aq Ar value
395Set the read data size to the specified value.
396It should normally be a power of 2 greater than or equal to 1024.
397This should be used for UDP mounts when the
398.Dq "fragments dropped due to timeout"
399value is getting large while actively using a mount point.
400(Use
401.Xr netstat 1
402with the
403.Fl s
404option to see what the
405.Dq "fragments dropped due to timeout"
406value is.)
407.It Cm sec Ns = Ns Aq Ar flavor
408This option specifies what security flavor should be used for the mount.
409Currently, they are:
410.Bd -literal
411krb5 -  Use KerberosV authentication
412krb5i - Use KerberosV authentication and
413        apply integrity checksums to RPCs
414krb5p - Use KerberosV authentication and
415        encrypt the RPC data
416sys -   The default AUTH_SYS, which uses a
417        uid + gid list authenticator
418.Ed
419.It Cm soft
420A soft mount, which implies that file system calls will fail
421after
422.Ar retrycnt
423round trip timeout intervals.
424.It Cm tcp
425Use TCP transport.
426This is the default option, as it provides for increased reliability on both
427LAN and WAN configurations compared to UDP.
428Some old NFS servers do not support this method; UDP mounts may be required
429for interoperability.
430.It Cm timeout Ns = Ns Aq Ar value
431Set the initial retransmit timeout to the specified value,
432expressed in tenths of a second.
433May be useful for fine tuning UDP mounts over internetworks
434with high packet loss rates or an overloaded server.
435Try increasing the interval if
436.Xr nfsstat 1
437shows high retransmit rates while the file system is active or reducing the
438value if there is a low retransmit rate but long response delay observed.
439(Normally, the
440.Cm dumbtimer
441option should be specified when using this option to manually
442tune the timeout
443interval.)
444.It Cm timeo Ns = Ns Aq Ar value
445Alias for
446.Cm timeout .
447.It Cm tls
448This option specifies that the connection to the server must use TLS
449per RFC NNNN.
450TLS is only supported for TCP connections and the
451.Xr rpc.tlsclntd 8
452daemon must be running for an NFS over TCP connection to use TLS.
453.It Cm tlscertname Ns = Ns Aq Ar name
454This option specifies the name of an alternate certificate to be
455presented to the NFS server during TLS handshake.
456The default certificate file names are
457.Dq cert.pem
458and
459.Dq certkey.pem .
460When this option is specified,
461.Ar name
462replaces
463.Dq cert
464in the above file names.
465For example, if the value of
466.Ar name
467is specified as
468.Dq other
469the certificate file names to be used will be
470.Dq other.pem
471and
472.Dq otherkey.pem .
473These files are stored in
474.Pa /etc/rpc.tlsclntd
475by default.
476This option is only meaningful when used with the
477.Cm tls
478option and the
479.Xr rpc.tlsclntd 8
480is running with the
481.Fl m
482command line flag set.
483.It Cm udp
484Use UDP transport.
485.It Cm vers Ns = Ns Aq Ar vers_number
486Use the specified version number for NFS requests.
487See the
488.Cm nfsv2 ,
489.Cm nfsv3 ,
490and
491.Cm nfsv4
492options for details.
493.It Cm wcommitsize Ns = Ns Aq Ar value
494Set the maximum pending write commit size to the specified value.
495This determines the maximum amount of pending write data that the NFS
496client is willing to cache for each file.
497.It Cm wsize Ns = Ns Aq Ar value
498Set the write data size to the specified value.
499Ditto the comments w.r.t.\& the
500.Cm rsize
501option, but using the
502.Dq "fragments dropped due to timeout"
503value on the server instead of the client.
504Note that both the
505.Cm rsize
506and
507.Cm wsize
508options should only be used as a last ditch effort at improving performance
509when mounting servers that do not support TCP mounts.
510.El
511.El
512.Sh COMPATIBILITY
513The following command line flags are equivalent to
514.Fl o
515named options and are supported for compatibility with older
516installations.
517.Bl -tag -width indent
518.It Fl 2
519Same as
520.Fl o Cm nfsv2
521.It Fl 3
522Same as
523.Fl o Cm nfsv3
524.It Fl D
525Same as
526.Fl o Cm deadthresh
527.It Fl I
528Same as
529.Fl o Cm readdirsize Ns = Ns Aq Ar value
530.It Fl L
531Same as
532.Fl o Cm nolockd
533.It Fl N
534Same as
535.Fl o Cm noresvport
536.It Fl P
537Use a reserved socket port number.
538This flag is obsolete, and only retained for compatibility reasons.
539(For the rare case where the client has a trusted root account
540but untrustworthy users and the network cables are in secure areas this does
541help, but for normal desktop clients this does not apply.)
542.It Fl R
543Same as
544.Fl o Cm retrycnt Ns = Ns Aq Ar value
545.It Fl T
546Same as
547.Fl o Cm tcp
548.It Fl U
549Same as
550.Fl o Cm mntudp
551.It Fl a
552Same as
553.Fl o Cm readahead Ns = Ns Aq Ar value
554.It Fl b
555Same as
556.Fl o Cm bg
557.It Fl c
558Same as
559.Fl o Cm noconn
560.It Fl d
561Same as
562.Fl o Cm dumbtimer
563.It Fl g
564Same as
565.Fl o Cm maxgroups
566.It Fl i
567Same as
568.Fl o Cm intr
569.It Fl l
570Same as
571.Fl o Cm rdirplus
572.It Fl r
573Same as
574.Fl o Cm rsize Ns = Ns Aq Ar value
575.It Fl s
576Same as
577.Fl o Cm soft
578.It Fl t
579Same as
580.Fl o Cm retransmit Ns = Ns Aq Ar value
581.It Fl w
582Same as
583.Fl o Cm wsize Ns = Ns Aq Ar value
584.It Fl x
585Same as
586.Fl o Cm retrans Ns = Ns Aq Ar value
587.El
588.Pp
589The following
590.Fl o
591named options are equivalent to other
592.Fl o
593named options and are supported for compatibility with other
594operating systems (e.g., Linux, Solaris, and OSX) to ease usage of
595.Xr autofs 5
596support.
597.Bl -tag -width indent
598.It Fl o Cm vers Ns = Ns 2
599Same as
600.Fl o Cm nfsv2
601.It Fl o Cm vers Ns = Ns 3
602Same as
603.Fl o Cm nfsv3
604.It Fl o Cm vers Ns = Ns 4
605Same as
606.Fl o Cm nfsv4
607.El
608.Sh IMPLEMENTATION NOTES
609When neither the
610.Cm rsize
611nor
612.Cm wsize
613options are specified, the I/O size will be set to the largest value
614supported by both the NFS client and server.
615The largest value supported by the NFS client is defined by
616the tunable
617.Cd vfs.maxbcachebuf
618which can be set to a power of two up to
619.Cd kern.maxphys .
620.Pp
621The
622.Xr nfsstat 1
623command with the
624.Ic -m
625command line option will show what
626.Nm
627option settings are actually in use for the mount.
628.Sh SEE ALSO
629.Xr nfsstat 1 ,
630.Xr nmount 2 ,
631.Xr unmount 2 ,
632.Xr lagg 4 ,
633.Xr nfsv4 4 ,
634.Xr fstab 5 ,
635.Xr gssd 8 ,
636.Xr mount 8 ,
637.Xr nfsd 8 ,
638.Xr nfsiod 8 ,
639.Xr rpc.tlsclntd 8 ,
640.Xr showmount 8
641.Sh HISTORY
642A version of the
643.Nm
644utility appeared in
645.Bx 4.4 .
646.Sh BUGS
647Since nfsv4 performs open/lock operations that have their ordering strictly
648enforced by the server, the options
649.Cm intr
650and
651.Cm soft
652cannot be safely used.
653.Cm hard
654nfsv4 mounts are strongly recommended.
655