xref: /freebsd/sbin/mount_nfs/mount_nfs.8 (revision b197d4b893974c9eb4d7b38704c6d5c486235d6f)
1.\" Copyright (c) 1992, 1993, 1994, 1995
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)mount_nfs.8	8.3 (Berkeley) 3/29/95
29.\" $FreeBSD$
30.\"
31.Dd August 31, 2022
32.Dt MOUNT_NFS 8
33.Os
34.Sh NAME
35.Nm mount_nfs
36.Nd mount NFS file systems
37.Sh SYNOPSIS
38.Nm
39.Op Fl 23bcdiLlNPsTU
40.Op Fl a Ar maxreadahead
41.Op Fl D Ar deadthresh
42.Op Fl g Ar maxgroups
43.Op Fl I Ar readdirsize
44.Op Fl o Ar options
45.Op Fl R Ar retrycnt
46.Op Fl r Ar readsize
47.Op Fl t Ar timeout
48.Op Fl w Ar writesize
49.Op Fl x Ar retrans
50.Ar rhost : Ns Ar path node
51.Sh DESCRIPTION
52The
53.Nm
54utility calls the
55.Xr nmount 2
56system call to prepare and graft a remote NFS file system
57.Pq Ar rhost : Ns Ar path
58on to the file system tree at the point
59.Ar node .
60This command is normally executed by
61.Xr mount 8 .
62For NFSv2 and NFSv3,
63it implements the mount protocol as described in RFC 1094, Appendix A and
64RFC 1813, Appendix I.
65For NFSv4, it uses the NFSv4 protocol as described in RFC 7530, RFC 5661 and
66RFC 7862.
67.Pp
68By default,
69.Nm
70keeps retrying until the mount succeeds.
71This behaviour is intended for file systems listed in
72.Xr fstab 5
73that are critical to the boot process.
74For non-critical file systems, the
75.Cm bg
76and
77.Cm retrycnt
78options provide mechanisms to prevent the boot process from hanging
79if the server is unavailable.
80.Pp
81If the server becomes unresponsive while an NFS file system is
82mounted, any new or outstanding file operations on that file system
83will hang uninterruptibly until the server comes back.
84To modify this default behaviour, see the
85.Cm intr
86and
87.Cm soft
88options.
89.Pp
90The options are:
91.Bl -tag -width indent
92.It Fl o
93Options are specified with a
94.Fl o
95flag followed by a comma separated string of options.
96See the
97.Xr mount 8
98man page for possible options and their meanings.
99The following NFS specific options are also available:
100.Bl -tag -width indent
101.It Cm acregmin Ns = Ns Aq Ar seconds
102.It Cm acregmax Ns = Ns Aq Ar seconds
103.It Cm acdirmin Ns = Ns Aq Ar seconds
104.It Cm acdirmax Ns = Ns Aq Ar seconds
105When attributes of files are cached, a timeout calculated to determine
106whether a given cache entry has expired.
107These four values determine the upper and lower bounds of the timeouts for
108.Dq directory
109attributes and
110.Dq regular
111(ie: everything else).
112The default values are 3 -> 60 seconds
113for regular files, and 30 -> 60 seconds for directories.
114The algorithm to calculate the timeout is based on the age of the file.
115The older the file,
116the longer the cache is considered valid, subject to the limits above.
117.It Cm actimeo Ns = Ns Aq Ar seconds
118Set four cache timeouts above to specified value.
119.It Cm allgssname
120This option can be used along with
121.Fl o Cm gssname
122to specify that all operations should use the host-based initiator
123credential.
124This may be used for clients that run system daemons that need to
125access files on the NFSv4 mounted volume.
126.It Cm bg
127If an initial attempt to contact the server fails, fork off a child to keep
128trying the mount in the background.
129Useful for
130.Xr fstab 5 ,
131where the file system mount is not critical to multiuser operation.
132.It Cm bgnow
133Like
134.Cm bg ,
135fork off a child to keep trying the mount in the background,
136but do not attempt to mount in the foreground first.
137This eliminates a
13860+ second timeout when the server is not responding.
139Useful for speeding up the boot process of a client when the server is
140likely to be unavailable.
141This is often the case for interdependent servers
142such as cross-mounted servers (each of two servers is an NFS client of
143the other) and for cluster nodes that must boot before the file servers.
144.It Cm deadthresh Ns = Ns Aq Ar value
145Set the
146.Dq "dead server threshold"
147to the specified number of round trip timeout intervals before a
148.Dq "server not responding"
149message is displayed.
150.It Cm dumbtimer
151Turn off the dynamic retransmit timeout estimator.
152This may be useful for UDP mounts that exhibit high retry rates,
153since it is possible that the dynamically estimated timeout interval is too
154short.
155.It Cm fg
156Same as not specifying
157.Cm bg .
158.It Cm gssname Ns = Ns Aq Ar service-principal-name
159This option can be used with the KerberosV security flavors for NFSv4 mounts
160to specify the
161.Dq "service-principal-name"
162of a host-based entry in the default
163keytab file that is used for system operations.
164It allows the mount to be performed by
165.Dq "root"
166and avoids problems with
167cached credentials for the system operations expiring.
168The
169.Dq "service-prinicpal-name"
170should be specified without instance or domain and is typically
171.Dq "host" ,
172.Dq "nfs"
173or
174.Dq "root" ,
175although the form
176.Sm off
177.Aq Ar service
178@
179.Aq Ar fqdn
180.Sm on
181can also be used if the local system's
182.Xr gethostname 3
183value does not match the host-based principal in the keytab.
184.It Cm hard
185Same as not specifying
186.Cm soft .
187.It Cm intr
188Make the mount interruptible, which implies that file system calls that
189are delayed due to an unresponsive server will fail with EINTR when a
190termination signal is posted for the process.
191.It Cm maxgroups Ns = Ns Aq Ar value
192Set the maximum size of the group list for the credentials to the
193specified value.
194This should be used for mounts on old servers that cannot handle a
195group list size of 16, as specified in RFC 1057.
196Try 8, if users in a lot of groups cannot get response from the mount
197point.
198.It Cm mntudp
199Force the mount protocol to use UDP transport, even for TCP NFS mounts.
200(Necessary for some old
201.Bx
202servers.)
203.It Cm nametimeo Ns = Ns Aq Ar value
204Override the default of NFS_DEFAULT_NAMETIMEO for the timeout (in seconds)
205for positive name cache entries.
206If this is set to 0 it disables positive name caching for the mount point.
207.It Cm negnametimeo Ns = Ns Aq Ar value
208Override the default of NFS_DEFAULT_NEGNAMETIMEO for the timeout (in seconds)
209for negative name cache entries.
210If this is set to 0 it disables negative name caching for the mount point.
211.It Cm nconnect Ns = Ns Aq Ar value
212Specify the number of TCP connections (1-16) to be used
213for an NFS Version 4, minor version 1 or 2 mount.
214Multiple TCP connections can provide more client to server network
215bandwidth for certain network configurations such as:
216.Bd -literal
217- Multiple network interfaces that are aggregated together.
218- A fast network interface that uses multiple queues.
219.Ed
220.sp
221The first TCP connection will be used for all RPCs that consist
222entirely of small RPC messages.
223The RPCs that can have large RPC messages (Read/Readdir/Write) are
224distributed over the additional TCP connections in a round robin
225fashion.
226This option will result in more IP port#s being used.
227This option requires the
228.Cm nfsv4
229option.
230.It Cm nfsv2
231Use the NFS Version 2 protocol (the default is to try version 3 first
232then version 2).
233Note that NFS version 2 has a file size limit of 2 gigabytes.
234.It Cm nfsv3
235Use the NFS Version 3 protocol.
236.It Cm nfsv4
237Use the NFS Version 4 protocol.
238This option will force the mount to use
239TCP transport.
240By default, the highest minor version of NFS Version 4 that is
241supported by the NFS Version 4 server will be used.
242See the
243.Cm minorversion
244option.
245Make sure that all your NFS Version 4 clients have unique
246values in
247.Pa /etc/hostid .
248.It Cm minorversion Ns = Ns Aq Ar value
249Use the specified minor version for a NFS Version 4 mount,
250overriding the default.
251The minor versions supported are 0, 1, and 2.
252This option is only meaningful when used with the
253.Cm nfsv4
254option.
255.It Cm oneopenown
256Make a minor version 1 or 2 of the NFS Version 4 protocol mount use a single
257OpenOwner for all Opens.
258This may be useful for a server with a very low limit on OpenOwners, such as
259AmazonEFS.
260It may be required when an accumulation of NFS version 4 Opens occurs,
261as indicated by the
262.Dq Opens
263count displayed by
264.Xr nfsstat 1
265with the
266.Fl c
267and
268.Fl E
269command-line options.
270A common case for an accumulation of Opens is a shared library within
271the NFS mount that is used by several
272processes, where at least one of these processes is always running.
273This option cannot be used for an NFS Version 4, minor version 0 mount.
274It may not work correctly when Delegations are being issued by a server,
275but note that the AmazonEFS server does not issued delegations at this time.
276This option is only meaningful when used with the
277.Cm nfsv4
278option.
279.It Cm pnfs
280Enable support for parallel NFS (pNFS) for minor version 1 or 2 of the
281NFS Version 4 protocol.
282This option is only meaningful when used with the
283.Cm nfsv4
284option.
285.It Cm noac
286Disable attribute caching.
287.It Cm noconn
288For UDP mount points, do not do a
289.Xr connect 2 .
290This must be used if the server does not reply to requests from the standard
291NFS port number 2049 or replies to requests using a different IP address
292(which can occur if the server is multi-homed).
293Setting the
294.Va vfs.nfs.nfs_ip_paranoia
295sysctl to 0 will make this option the default.
296.It Cm nocto
297Normally, NFS clients maintain the close-to-open cache coherency.
298This works by flushing at close time and checking at open time.
299Checking at open time is implemented by getting attributes from
300the server and purging the data cache if they do not match
301attributes cached by the client.
302.Pp
303This option disables checking at open time.
304It may improve performance for read-only mounts,
305but should only be used if the data on the server changes rarely.
306Be sure to understand the consequences before enabling this option.
307.It Cm noinet4 , noinet6
308Disables
309.Dv AF_INET
310or
311.Dv AF_INET6
312connections.
313Useful for hosts that have
314both an A record and an AAAA record for the same name.
315.It Cm nolockd
316Do
317.Em not
318forward
319.Xr fcntl 2
320locks over the wire via the NLM protocol for NFSv3 mounts.
321All locks will be local and not seen by the server
322and likewise not seen by other NFS clients for NFSv3 mounts.
323This removes the need to run the
324.Xr rpcbind 8
325service and the
326.Xr rpc.statd 8
327and
328.Xr rpc.lockd 8
329servers on the client.
330Note that this option will only be honored when performing the
331initial mount, it will be silently ignored if used while updating
332the mount options.
333Also, note that NFSv4 mounts do not use these daemons and handle locks over the
334wire in the NFSv4 protocol.
335As such, this option is meaningless for NFSv4 mounts.
336.It Cm noncontigwr
337This mount option allows the NFS client to
338combine non-contiguous byte ranges being written
339such that the dirty byte range becomes a superset of the bytes
340that are dirty.
341This reduces the number of writes significantly for software
342builds.
343The merging of byte ranges is not done if the file has been file
344locked, since most applications modifying a file from multiple
345clients will use file locking.
346As such, this option could result in a corrupted file for the
347rare case of an application modifying the file from multiple
348clients concurrently without using file locking.
349.It Cm principal
350For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p,
351this option sets the name of the host based principal name expected
352by the server.
353This option overrides the default, which will be ``nfs@<server-fqdn>''
354and should normally be sufficient.
355.It Cm noresvport
356Do
357.Em not
358use a reserved socket port number (see below).
359.It Cm port Ns = Ns Aq Ar port_number
360Use specified port number for NFS requests.
361The default is to query the portmapper for the NFS port.
362.It Cm proto Ns = Ns Aq Ar protocol
363Specify transport protocol version to use.
364Currently, they are:
365.Bd -literal
366udp -   Use UDP over IPv4
367tcp -   Use TCP over IPv4
368udp6 -  Use UDP over IPv6
369tcp6 -  Use TCP over IPv6
370.Ed
371.It Cm rdirplus
372Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should
373be used.
374For NFSV4, setting this option has a similar effect, in that it will make
375the Readdir Operation get more attributes.
376This option reduces RPC traffic for cases such as
377.Dq "ls -l" ,
378but tends to flood the attribute and name caches with prefetched entries.
379Try this option and see whether performance improves or degrades.
380Probably
381most useful for client to server network interconnects with a large bandwidth
382times delay product.
383.It Cm readahead Ns = Ns Aq Ar value
384Set the read-ahead count to the specified value.
385This may be in the range of 0 - 4, and determines how many blocks
386will be read ahead when a large file is being read sequentially.
387Trying a value greater than 1 for this is suggested for
388mounts with a large bandwidth * delay product.
389.It Cm readdirsize Ns = Ns Aq Ar value
390Set the readdir read size to the specified value.
391The value should normally
392be a multiple of
393.Dv DIRBLKSIZ
394that is <= the read size for the mount.
395.It Cm resvport
396Use a reserved socket port number.
397This flag is obsolete, and only retained for compatibility reasons.
398Reserved port numbers are used by default now.
399(For the rare case where the client has a trusted root account
400but untrustworthy users and the network cables are in secure areas this does
401help, but for normal desktop clients this does not apply.)
402.It Cm retrans Ns = Ns Aq Ar value
403Set the retransmit timeout count for soft mounts to the specified value.
404.It Cm retrycnt Ns = Ns Aq Ar count
405Set the mount retry count to the specified value.
406The default is a retry count of zero, which means to keep retrying
407forever.
408There is a 60 second delay between each attempt.
409.It Cm rsize Ns = Ns Aq Ar value
410Set the read data size to the specified value.
411It should normally be a power of 2 greater than or equal to 1024.
412This should be used for UDP mounts when the
413.Dq "fragments dropped due to timeout"
414value is getting large while actively using a mount point.
415(Use
416.Xr netstat 1
417with the
418.Fl s
419option to see what the
420.Dq "fragments dropped due to timeout"
421value is.)
422.It Cm sec Ns = Ns Aq Ar flavor
423This option specifies what security flavor should be used for the mount.
424Currently, they are:
425.Bd -literal
426krb5 -  Use KerberosV authentication
427krb5i - Use KerberosV authentication and
428        apply integrity checksums to RPCs
429krb5p - Use KerberosV authentication and
430        encrypt the RPC data
431sys -   The default AUTH_SYS, which uses a
432        uid + gid list authenticator
433.Ed
434.It Cm soft
435A soft mount, which implies that file system calls will fail
436after
437.Ar retrycnt
438round trip timeout intervals.
439.It Cm tcp
440Use TCP transport.
441This is the default option, as it provides for increased reliability on both
442LAN and WAN configurations compared to UDP.
443Some old NFS servers do not support this method; UDP mounts may be required
444for interoperability.
445.It Cm timeout Ns = Ns Aq Ar value
446Set the initial retransmit timeout to the specified value,
447expressed in tenths of a second.
448May be useful for fine tuning UDP mounts over internetworks
449with high packet loss rates or an overloaded server.
450Try increasing the interval if
451.Xr nfsstat 1
452shows high retransmit rates while the file system is active or reducing the
453value if there is a low retransmit rate but long response delay observed.
454(Normally, the
455.Cm dumbtimer
456option should be specified when using this option to manually
457tune the timeout
458interval.)
459.It Cm timeo Ns = Ns Aq Ar value
460Alias for
461.Cm timeout .
462.It Cm tls
463This option specifies that the connection to the server must use TLS
464per RFC NNNN.
465TLS is only supported for TCP connections and the
466.Xr rpc.tlsclntd 8
467daemon must be running for an NFS over TCP connection to use TLS.
468.It Cm tlscertname Ns = Ns Aq Ar name
469This option specifies the name of an alternate certificate to be
470presented to the NFS server during TLS handshake.
471The default certificate file names are
472.Dq cert.pem
473and
474.Dq certkey.pem .
475When this option is specified,
476.Ar name
477replaces
478.Dq cert
479in the above file names.
480For example, if the value of
481.Ar name
482is specified as
483.Dq other
484the certificate file names to be used will be
485.Dq other.pem
486and
487.Dq otherkey.pem .
488These files are stored in
489.Pa /etc/rpc.tlsclntd
490by default.
491This option is only meaningful when used with the
492.Cm tls
493option and the
494.Xr rpc.tlsclntd 8
495is running with the
496.Fl m
497command line flag set.
498.It Cm udp
499Use UDP transport.
500.It Cm vers Ns = Ns Aq Ar vers_number
501Use the specified version number for NFS requests.
502See the
503.Cm nfsv2 ,
504.Cm nfsv3 ,
505and
506.Cm nfsv4
507options for details.
508.It Cm wcommitsize Ns = Ns Aq Ar value
509Set the maximum pending write commit size to the specified value.
510This determines the maximum amount of pending write data that the NFS
511client is willing to cache for each file.
512.It Cm wsize Ns = Ns Aq Ar value
513Set the write data size to the specified value.
514Ditto the comments w.r.t.\& the
515.Cm rsize
516option, but using the
517.Dq "fragments dropped due to timeout"
518value on the server instead of the client.
519Note that both the
520.Cm rsize
521and
522.Cm wsize
523options should only be used as a last ditch effort at improving performance
524when mounting servers that do not support TCP mounts.
525.El
526.El
527.Sh COMPATIBILITY
528The following command line flags are equivalent to
529.Fl o
530named options and are supported for compatibility with older
531installations.
532.Bl -tag -width indent
533.It Fl 2
534Same as
535.Fl o Cm nfsv2
536.It Fl 3
537Same as
538.Fl o Cm nfsv3
539.It Fl D
540Same as
541.Fl o Cm deadthresh
542.It Fl I
543Same as
544.Fl o Cm readdirsize Ns = Ns Aq Ar value
545.It Fl L
546Same as
547.Fl o Cm nolockd
548.It Fl N
549Same as
550.Fl o Cm noresvport
551.It Fl P
552Use a reserved socket port number.
553This flag is obsolete, and only retained for compatibility reasons.
554(For the rare case where the client has a trusted root account
555but untrustworthy users and the network cables are in secure areas this does
556help, but for normal desktop clients this does not apply.)
557.It Fl R
558Same as
559.Fl o Cm retrycnt Ns = Ns Aq Ar value
560.It Fl T
561Same as
562.Fl o Cm tcp
563.It Fl U
564Same as
565.Fl o Cm mntudp
566.It Fl a
567Same as
568.Fl o Cm readahead Ns = Ns Aq Ar value
569.It Fl b
570Same as
571.Fl o Cm bg
572.It Fl c
573Same as
574.Fl o Cm noconn
575.It Fl d
576Same as
577.Fl o Cm dumbtimer
578.It Fl g
579Same as
580.Fl o Cm maxgroups
581.It Fl i
582Same as
583.Fl o Cm intr
584.It Fl l
585Same as
586.Fl o Cm rdirplus
587.It Fl r
588Same as
589.Fl o Cm rsize Ns = Ns Aq Ar value
590.It Fl s
591Same as
592.Fl o Cm soft
593.It Fl t
594Same as
595.Fl o Cm retransmit Ns = Ns Aq Ar value
596.It Fl w
597Same as
598.Fl o Cm wsize Ns = Ns Aq Ar value
599.It Fl x
600Same as
601.Fl o Cm retrans Ns = Ns Aq Ar value
602.El
603.Pp
604The following
605.Fl o
606named options are equivalent to other
607.Fl o
608named options and are supported for compatibility with other
609operating systems (e.g., Linux, Solaris, and OSX) to ease usage of
610.Xr autofs 5
611support.
612.Bl -tag -width indent
613.It Fl o Cm vers Ns = Ns 2
614Same as
615.Fl o Cm nfsv2
616.It Fl o Cm vers Ns = Ns 3
617Same as
618.Fl o Cm nfsv3
619.It Fl o Cm vers Ns = Ns 4
620Same as
621.Fl o Cm nfsv4
622.El
623.Sh IMPLEMENTATION NOTES
624When neither the
625.Cm rsize
626nor
627.Cm wsize
628options are specified, the I/O size will be set to the largest value
629supported by both the NFS client and server.
630The largest value supported by the NFS client is defined by
631the tunable
632.Cd vfs.maxbcachebuf
633which can be set to a power of two up to
634.Cd kern.maxphys .
635.Pp
636The
637.Xr nfsstat 1
638command with the
639.Ic -m
640command line option will show what
641.Nm
642option settings are actually in use for the mount.
643.Sh SEE ALSO
644.Xr nfsstat 1 ,
645.Xr nmount 2 ,
646.Xr unmount 2 ,
647.Xr lagg 4 ,
648.Xr nfsv4 4 ,
649.Xr fstab 5 ,
650.Xr gssd 8 ,
651.Xr mount 8 ,
652.Xr nfsd 8 ,
653.Xr nfsiod 8 ,
654.Xr rpc.tlsclntd 8 ,
655.Xr showmount 8
656.Sh HISTORY
657A version of the
658.Nm
659utility appeared in
660.Bx 4.4 .
661.Sh BUGS
662Since nfsv4 performs open/lock operations that have their ordering strictly
663enforced by the server, the options
664.Cm intr
665and
666.Cm soft
667cannot be safely used.
668For NFSv4 minor version 1 or 2 mounts, these options may
669also result
670in hung mount points, due to corruption of session slots.
671.Cm hard
672nfsv4 mounts are strongly recommended.
673