xref: /freebsd/sbin/mount_nfs/mount_nfs.8 (revision 9c8bf69a53f628b62fb196182ea55fb34c1c19e1)
1.\" Copyright (c) 1992, 1993, 1994, 1995
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.Dd October 8, 2023
29.Dt MOUNT_NFS 8
30.Os
31.Sh NAME
32.Nm mount_nfs
33.Nd mount NFS file systems
34.Sh SYNOPSIS
35.Nm
36.Op Fl 23bcdiLlNPsTU
37.Op Fl a Ar maxreadahead
38.Op Fl D Ar deadthresh
39.Op Fl g Ar maxgroups
40.Op Fl I Ar readdirsize
41.Op Fl o Ar options
42.Op Fl R Ar retrycnt
43.Op Fl r Ar readsize
44.Op Fl t Ar timeout
45.Op Fl w Ar writesize
46.Op Fl x Ar retrans
47.Ar rhost : Ns Ar path node
48.Sh DESCRIPTION
49The
50.Nm
51utility calls the
52.Xr nmount 2
53system call to prepare and graft a remote NFS file system
54.Pq Ar rhost : Ns Ar path
55on to the file system tree at the point
56.Ar node .
57This command is normally executed by
58.Xr mount 8 .
59For NFSv2 and NFSv3,
60it implements the mount protocol as described in RFC 1094, Appendix A and
61RFC 1813, Appendix I.
62For NFSv4, it uses the NFSv4 protocol as described in RFC 7530, RFC 5661 and
63RFC 7862.
64.Pp
65By default,
66.Nm
67keeps retrying until the mount succeeds.
68This behaviour is intended for file systems listed in
69.Xr fstab 5
70that are critical to the boot process.
71For non-critical file systems, the
72.Cm bg
73and
74.Cm retrycnt
75options provide mechanisms to prevent the boot process from hanging
76if the server is unavailable.
77.Pp
78If the server becomes unresponsive while an NFS file system is
79mounted, any new or outstanding file operations on that file system
80will hang uninterruptibly until the server comes back.
81To modify this default behaviour, see the
82.Cm intr
83and
84.Cm soft
85options.
86.Pp
87The options are:
88.Bl -tag -width indent
89.It Fl o
90Options are specified with a
91.Fl o
92flag followed by a comma separated string of options.
93See the
94.Xr mount 8
95man page for possible options and their meanings.
96The following NFS specific options are also available:
97.Bl -tag -width indent
98.It Cm acregmin Ns = Ns Aq Ar seconds
99.It Cm acregmax Ns = Ns Aq Ar seconds
100.It Cm acdirmin Ns = Ns Aq Ar seconds
101.It Cm acdirmax Ns = Ns Aq Ar seconds
102When attributes of files are cached, a timeout calculated to determine
103whether a given cache entry has expired.
104These four values determine the upper and lower bounds of the timeouts for
105.Dq directory
106attributes and
107.Dq regular
108(ie: everything else).
109The default values are 3 -> 60 seconds
110for regular files, and 30 -> 60 seconds for directories.
111The algorithm to calculate the timeout is based on the age of the file.
112The older the file,
113the longer the cache is considered valid, subject to the limits above.
114.It Cm actimeo Ns = Ns Aq Ar seconds
115Set four cache timeouts above to specified value.
116.It Cm allgssname
117This option can be used along with
118.Fl o Cm gssname
119to specify that all operations should use the host-based initiator
120credential.
121This may be used for clients that run system daemons that need to
122access files on the NFSv4 mounted volume.
123.It Cm bg
124If an initial attempt to contact the server fails, fork off a child to keep
125trying the mount in the background.
126Useful for
127.Xr fstab 5 ,
128where the file system mount is not critical to multiuser operation.
129.It Cm bgnow
130Like
131.Cm bg ,
132fork off a child to keep trying the mount in the background,
133but do not attempt to mount in the foreground first.
134This eliminates a
13560+ second timeout when the server is not responding.
136Useful for speeding up the boot process of a client when the server is
137likely to be unavailable.
138This is often the case for interdependent servers
139such as cross-mounted servers (each of two servers is an NFS client of
140the other) and for cluster nodes that must boot before the file servers.
141.It Cm deadthresh Ns = Ns Aq Ar value
142Set the
143.Dq "dead server threshold"
144to the specified number of round trip timeout intervals before a
145.Dq "server not responding"
146message is displayed.
147.It Cm dumbtimer
148Turn off the dynamic retransmit timeout estimator.
149This may be useful for UDP mounts that exhibit high retry rates,
150since it is possible that the dynamically estimated timeout interval is too
151short.
152.It Cm fg
153Same as not specifying
154.Cm bg .
155.It Cm gssname Ns = Ns Aq Ar service-principal-name
156This option can be used with the KerberosV security flavors for NFSv4 mounts
157to specify the
158.Dq "service-principal-name"
159of a host-based entry in the default
160keytab file that is used for system operations.
161It allows the mount to be performed by
162.Dq "root"
163and avoids problems with
164cached credentials for the system operations expiring.
165The
166.Dq "service-principal-name"
167should be specified without instance or domain and is typically
168.Dq "host" ,
169.Dq "nfs"
170or
171.Dq "root" ,
172although the form
173.Sm off
174.Aq Ar service
175@
176.Aq Ar fqdn
177.Sm on
178can also be used if the local system's
179.Xr gethostname 3
180value does not match the host-based principal in the keytab.
181.It Cm hard
182Same as not specifying
183.Cm soft .
184.It Cm intr
185Make the mount interruptible, which implies that file system calls that
186are delayed due to an unresponsive server will fail with EINTR when a
187termination signal is posted for the process.
188To avoid leaving file locks in an indeterminate state on the NFS
189server, it is recommended that the
190.Cm nolockd
191option be used with this option.
192.It Cm maxgroups Ns = Ns Aq Ar value
193Set the maximum size of the group list for the credentials to the
194specified value.
195This should be used for mounts on old servers that cannot handle a
196group list size of 16, as specified in RFC 1057.
197Try 8, if users in a lot of groups cannot get response from the mount
198point.
199.It Cm mntudp
200Force the mount protocol to use UDP transport, even for TCP NFS mounts.
201(Necessary for some old
202.Bx
203servers.)
204.It Cm nametimeo Ns = Ns Aq Ar value
205Override the default of NFS_DEFAULT_NAMETIMEO for the timeout (in seconds)
206for positive name cache entries.
207If this is set to 0 it disables positive name caching for the mount point.
208.It Cm negnametimeo Ns = Ns Aq Ar value
209Override the default of NFS_DEFAULT_NEGNAMETIMEO for the timeout (in seconds)
210for negative name cache entries.
211If this is set to 0 it disables negative name caching for the mount point.
212.It Cm nconnect Ns = Ns Aq Ar value
213Specify the number of TCP connections (1-16) to be used
214for an NFS Version 4, minor version 1 or 2 mount.
215Multiple TCP connections can provide more client to server network
216bandwidth for certain network configurations such as:
217.Bd -literal
218- Multiple network interfaces that are aggregated together.
219- A fast network interface that uses multiple queues.
220.Ed
221.sp
222The first TCP connection will be used for all RPCs that consist
223entirely of small RPC messages.
224The RPCs that can have large RPC messages (Read/Readdir/Write) are
225distributed over the additional TCP connections in a round robin
226fashion.
227This option will result in more IP port#s being used.
228This option requires the
229.Cm nfsv4
230option.
231Note that for NFS servers such as AmazonEFS, where each new TCP
232connection can connect to a different cluster that maintains lock
233state separately, this option cannot be used.
234.It Cm nfsv2
235Use the NFS Version 2 protocol (the default is to try version 3 first
236then version 2).
237Note that NFS version 2 has a file size limit of 2 gigabytes.
238.It Cm nfsv3
239Use the NFS Version 3 protocol.
240.It Cm nfsv4
241Use the NFS Version 4 protocol.
242This option will force the mount to use
243TCP transport.
244By default, the highest minor version of NFS Version 4 that is
245supported by the NFS Version 4 server will be used.
246See the
247.Cm minorversion
248option.
249Make sure that all your NFS Version 4 clients have unique
250values in
251.Pa /etc/hostid .
252.It Cm minorversion Ns = Ns Aq Ar value
253Use the specified minor version for a NFS Version 4 mount,
254overriding the default.
255The minor versions supported are 0, 1, and 2.
256This option is only meaningful when used with the
257.Cm nfsv4
258option.
259.It Cm oneopenown
260Make a minor version 1 or 2 of the NFS Version 4 protocol mount use a single
261OpenOwner for all Opens.
262This may be useful for a server with a very low limit on OpenOwners, such as
263AmazonEFS.
264It may be required when an accumulation of NFS version 4 Opens occurs,
265as indicated by the
266.Dq Opens
267count displayed by
268.Xr nfsstat 1
269with the
270.Fl c
271and
272.Fl E
273command-line options.
274A common case for an accumulation of Opens is a shared library within
275the NFS mount that is used by several
276processes, where at least one of these processes is always running.
277This option cannot be used for an NFS Version 4, minor version 0 mount.
278It may not work correctly when Delegations are being issued by a server,
279but note that the AmazonEFS server does not issued delegations at this time.
280This option is only meaningful when used with the
281.Cm nfsv4
282option.
283.It Cm pnfs
284Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the
285NFS Version 4 protocol.
286This option is only meaningful when used with the
287.Cm nfsv4
288option.
289.It Cm noac
290Disable attribute caching.
291.It Cm noconn
292For UDP mount points, do not do a
293.Xr connect 2 .
294This must be used if the server does not reply to requests from the standard
295NFS port number 2049 or replies to requests using a different IP address
296(which can occur if the server is multi-homed).
297Setting the
298.Va vfs.nfs.nfs_ip_paranoia
299sysctl to 0 will make this option the default.
300.It Cm nocto
301Normally, NFS clients maintain the close-to-open cache coherency.
302This works by flushing at close time and checking at open time.
303Checking at open time is implemented by getting attributes from
304the server and purging the data cache if they do not match
305attributes cached by the client.
306.Pp
307This option disables checking at open time.
308It may improve performance for read-only mounts,
309but should only be used if the data on the server changes rarely.
310Be sure to understand the consequences before enabling this option.
311.It Cm noinet4 , noinet6
312Disables
313.Dv AF_INET
314or
315.Dv AF_INET6
316connections.
317Useful for hosts that have
318both an A record and an AAAA record for the same name.
319.It Cm nolockd
320Do
321.Em not
322forward
323.Xr fcntl 2
324locks over the wire via the NLM protocol for NFSv3 mounts
325or via the NFSv4 protocol for NFSv4 mounts.
326All locks will be local and not seen by the server
327and likewise not seen by other NFS clients for NFSv3 or NFSv4 mounts.
328This removes the need to run the
329.Xr rpcbind 8
330service and the
331.Xr rpc.statd 8
332and
333.Xr rpc.lockd 8
334servers on the client for NFSv3 mounts.
335Note that this option will only be honored when performing the
336initial mount, it will be silently ignored if used while updating
337the mount options.
338Also, note that NFSv4 mounts do not use these daemons.
339The NFSv4 protocol handles locks,
340unless this option is specified.
341.It Cm noncontigwr
342This mount option allows the NFS client to
343combine non-contiguous byte ranges being written
344such that the dirty byte range becomes a superset of the bytes
345that are dirty.
346This reduces the number of writes significantly for software
347builds.
348The merging of byte ranges is not done if the file has been file
349locked, since most applications modifying a file from multiple
350clients will use file locking.
351As such, this option could result in a corrupted file for the
352rare case of an application modifying the file from multiple
353clients concurrently without using file locking.
354.It Cm principal
355For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p,
356this option sets the name of the host based principal name expected
357by the server.
358This option overrides the default, which will be ``nfs@<server-fqdn>''
359and should normally be sufficient.
360.It Cm noresvport
361Do
362.Em not
363use a reserved socket port number (see below).
364.It Cm port Ns = Ns Aq Ar port_number
365Use specified port number for NFS requests.
366The default is to query the portmapper for the NFS port.
367.It Cm proto Ns = Ns Aq Ar protocol
368Specify transport protocol version to use.
369Currently, they are:
370.Bd -literal
371udp -   Use UDP over IPv4
372tcp -   Use TCP over IPv4
373udp6 -  Use UDP over IPv6
374tcp6 -  Use TCP over IPv6
375.Ed
376.It Cm rdirplus
377Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should
378be used.
379For NFSV4, setting this option has a similar effect, in that it will make
380the Readdir Operation get more attributes.
381This option reduces RPC traffic for cases such as
382.Dq "ls -l" ,
383but tends to flood the attribute and name caches with prefetched entries.
384Try this option and see whether performance improves or degrades.
385Probably
386most useful for client to server network interconnects with a large bandwidth
387times delay product.
388.It Cm readahead Ns = Ns Aq Ar value
389Set the read-ahead count to the specified value.
390This may be in the range of 0 - 4, and determines how many blocks
391will be read ahead when a large file is being read sequentially.
392Trying a value greater than 1 for this is suggested for
393mounts with a large bandwidth * delay product.
394.It Cm readdirsize Ns = Ns Aq Ar value
395Set the readdir read size to the specified value.
396The value should normally
397be a multiple of
398.Dv DIRBLKSIZ
399that is <= the read size for the mount.
400.It Cm resvport
401Use a reserved socket port number.
402This flag is obsolete, and only retained for compatibility reasons.
403Reserved port numbers are used by default now.
404(For the rare case where the client has a trusted root account
405but untrustworthy users and the network cables are in secure areas this does
406help, but for normal desktop clients this does not apply.)
407.It Cm retrans Ns = Ns Aq Ar value
408Set the retransmit timeout count for soft mounts to the specified value.
409.It Cm retrycnt Ns = Ns Aq Ar count
410Set the mount retry count to the specified value.
411The default is a retry count of zero, which means to keep retrying
412forever.
413There is a 60 second delay between each attempt.
414.It Cm rsize Ns = Ns Aq Ar value
415Set the read data size to the specified value.
416It should normally be a power of 2 greater than or equal to 1024.
417This should be used for UDP mounts when the
418.Dq "fragments dropped due to timeout"
419value is getting large while actively using a mount point.
420(Use
421.Xr netstat 1
422with the
423.Fl s
424option to see what the
425.Dq "fragments dropped due to timeout"
426value is.)
427.It Cm sec Ns = Ns Aq Ar flavor
428This option specifies what security flavor should be used for the mount.
429Currently, they are:
430.Bd -literal
431krb5 -  Use KerberosV authentication
432krb5i - Use KerberosV authentication and
433        apply integrity checksums to RPCs
434krb5p - Use KerberosV authentication and
435        encrypt the RPC data
436sys -   The default AUTH_SYS, which uses a
437        uid + gid list authenticator
438.Ed
439.It Cm soft
440A soft mount, which implies that file system calls will fail
441after
442.Ar retrycnt
443round trip timeout intervals.
444.It Cm syskrb5
445This option specifies that a KerberosV NFSv4 minor version 1 or 2 mount
446uses AUTH_SYS for system operations.
447Using this option avoids the need for a KerberosV mount to have a
448host-based principal entry in the default keytab file
449(no
450.Cm gssname
451option) or a requirement for the user doing the mount to have a
452valid KerberosV ticket granting ticket (TGT) when the mount is done.
453This option is intended to be used with the
454.Cm sec Ns = Ns krb5
455and
456.Cm tls
457options and can only be used for
458NFSv4 mounts with minor version 1 or 2.
459.It Cm tcp
460Use TCP transport.
461This is the default option, as it provides for increased reliability on both
462LAN and WAN configurations compared to UDP.
463Some old NFS servers do not support this method; UDP mounts may be required
464for interoperability.
465.It Cm timeout Ns = Ns Aq Ar value
466Set the initial retransmit timeout to the specified value,
467expressed in tenths of a second.
468May be useful for fine tuning UDP mounts over internetworks
469with high packet loss rates or an overloaded server.
470Try increasing the interval if
471.Xr nfsstat 1
472shows high retransmit rates while the file system is active or reducing the
473value if there is a low retransmit rate but long response delay observed.
474(Normally, the
475.Cm dumbtimer
476option should be specified when using this option to manually
477tune the timeout
478interval.)
479.It Cm timeo Ns = Ns Aq Ar value
480Alias for
481.Cm timeout .
482.It Cm tls
483This option specifies that the connection to the server must use TLS
484per RFC 9289.
485TLS is only supported for TCP connections and the
486.Xr rpc.tlsclntd 8
487daemon must be running for an NFS over TCP connection to use TLS.
488.It Cm tlscertname Ns = Ns Aq Ar name
489This option specifies the name of an alternate certificate to be
490presented to the NFS server during TLS handshake.
491The default certificate file names are
492.Dq cert.pem
493and
494.Dq certkey.pem .
495When this option is specified,
496.Ar name
497replaces
498.Dq cert
499in the above file names.
500For example, if the value of
501.Ar name
502is specified as
503.Dq other
504the certificate file names to be used will be
505.Dq other.pem
506and
507.Dq otherkey.pem .
508These files are stored in
509.Pa /etc/rpc.tlsclntd
510by default.
511This option is only meaningful when used with the
512.Cm tls
513option and the
514.Xr rpc.tlsclntd 8
515is running with the
516.Fl m
517command line flag set.
518.It Cm udp
519Use UDP transport.
520.It Cm vers Ns = Ns Aq Ar vers_number
521Use the specified version number for NFS requests.
522See the
523.Cm nfsv2 ,
524.Cm nfsv3 ,
525and
526.Cm nfsv4
527options for details.
528.It Cm wcommitsize Ns = Ns Aq Ar value
529Set the maximum pending write commit size to the specified value.
530This determines the maximum amount of pending write data that the NFS
531client is willing to cache for each file.
532.It Cm wsize Ns = Ns Aq Ar value
533Set the write data size to the specified value.
534Ditto the comments w.r.t.\& the
535.Cm rsize
536option, but using the
537.Dq "fragments dropped due to timeout"
538value on the server instead of the client.
539Note that both the
540.Cm rsize
541and
542.Cm wsize
543options should only be used as a last ditch effort at improving performance
544when mounting servers that do not support TCP mounts.
545.El
546.El
547.Sh IMPLEMENTATION NOTES
548When neither the
549.Cm rsize
550nor
551.Cm wsize
552options are specified, the I/O size will be set to the largest value
553supported by both the NFS client and server.
554The largest value supported by the NFS client is defined by
555the tunable
556.Cd vfs.maxbcachebuf
557which can be set to a power of two up to
558.Cd kern.maxphys .
559.Pp
560The
561.Xr nfsstat 1
562command with the
563.Ic -m
564command line option will show what
565.Nm
566option settings are actually in use for the mount.
567.Sh COMPATIBILITY
568The following command line flags are equivalent to
569.Fl o
570named options and are supported for compatibility with older
571installations.
572.Bl -tag -width indent
573.It Fl 2
574Same as
575.Fl o Cm nfsv2
576.It Fl 3
577Same as
578.Fl o Cm nfsv3
579.It Fl D
580Same as
581.Fl o Cm deadthresh
582.It Fl I
583Same as
584.Fl o Cm readdirsize Ns = Ns Aq Ar value
585.It Fl L
586Same as
587.Fl o Cm nolockd
588.It Fl N
589Same as
590.Fl o Cm noresvport
591.It Fl P
592Use a reserved socket port number.
593This flag is obsolete, and only retained for compatibility reasons.
594(For the rare case where the client has a trusted root account
595but untrustworthy users and the network cables are in secure areas this does
596help, but for normal desktop clients this does not apply.)
597.It Fl R
598Same as
599.Fl o Cm retrycnt Ns = Ns Aq Ar value
600.It Fl T
601Same as
602.Fl o Cm tcp
603.It Fl U
604Same as
605.Fl o Cm mntudp
606.It Fl a
607Same as
608.Fl o Cm readahead Ns = Ns Aq Ar value
609.It Fl b
610Same as
611.Fl o Cm bg
612.It Fl c
613Same as
614.Fl o Cm noconn
615.It Fl d
616Same as
617.Fl o Cm dumbtimer
618.It Fl g
619Same as
620.Fl o Cm maxgroups
621.It Fl i
622Same as
623.Fl o Cm intr
624.It Fl l
625Same as
626.Fl o Cm rdirplus
627.It Fl r
628Same as
629.Fl o Cm rsize Ns = Ns Aq Ar value
630.It Fl s
631Same as
632.Fl o Cm soft
633.It Fl t
634Same as
635.Fl o Cm retransmit Ns = Ns Aq Ar value
636(deprecated)
637.It Fl w
638Same as
639.Fl o Cm wsize Ns = Ns Aq Ar value
640.It Fl x
641Same as
642.Fl o Cm retrans Ns = Ns Aq Ar value
643.El
644.Pp
645The following
646.Fl o
647named options are equivalent to other
648.Fl o
649named options and are supported for compatibility with other
650operating systems (e.g., Linux, Solaris, and OSX) to ease usage of
651.Xr autofs 5
652support.
653.Bl -tag -width indent
654.It Fl o Cm vers Ns = Ns 2
655Same as
656.Fl o Cm nfsv2
657.It Fl o Cm vers Ns = Ns 3
658Same as
659.Fl o Cm nfsv3
660.It Fl o Cm vers Ns = Ns 4
661Same as
662.Fl o Cm nfsv4
663.El
664.Sh SEE ALSO
665.Xr nfsstat 1 ,
666.Xr nmount 2 ,
667.Xr unmount 2 ,
668.Xr lagg 4 ,
669.Xr nfsv4 4 ,
670.Xr fstab 5 ,
671.Xr gssd 8 ,
672.Xr mount 8 ,
673.Xr nfsd 8 ,
674.Xr nfsiod 8 ,
675.Xr rpc.tlsclntd 8 ,
676.Xr showmount 8
677.Sh HISTORY
678A version of the
679.Nm
680utility appeared in
681.Bx 4.4 .
682.Sh BUGS
683Since NFSv4 performs open/lock operations that have their ordering strictly
684enforced by the server, the options
685.Cm intr
686and
687.Cm soft
688cannot be safely used.
689For NFSv4 minor version 1 or 2 mounts, the ordering is done
690via session slots and the NFSv4 client now handles broken session slots
691fairly well.
692As such, if the
693.Cm nolockd
694option is used along with
695.Cm intr
696and/or
697.Cm soft ,
698an NFSv4 minor version 1 or 2 mount
699should work fairly well, although still not completely correctly.
700For NFSv4 minor version 0 mounts,
701.Cm hard
702mounts without the
703.Cm intr
704mount option is strongly recommended.
705