1.\" Copyright (c) 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)nfsd.8 8.4 (Berkeley) 3/29/95 29.\" $FreeBSD$ 30.\" 31.Dd March 22, 2023 32.Dt NFSD 8 33.Os 34.Sh NAME 35.Nm nfsd 36.Nd remote 37NFS server 38.Sh SYNOPSIS 39.Nm 40.Op Fl ardute 41.Op Fl n Ar num_servers 42.Op Fl h Ar bindip 43.Op Fl p Ar pnfs_setup 44.Op Fl m Ar mirror_level 45.Op Fl V Ar virtual_hostname 46.Op Fl Fl maxthreads Ar max_threads 47.Op Fl Fl minthreads Ar min_threads 48.Sh DESCRIPTION 49The 50.Nm 51utility runs on a server machine to service NFS requests from client machines. 52At least one 53.Nm 54must be running for a machine to operate as a server. 55.Pp 56Unless otherwise specified, eight servers per CPU for UDP transport are 57started. 58.Pp 59When 60.Nm 61is run in an appropriately configured vnet jail, the server is restricted 62to TCP transport and no pNFS service. 63Therefore, the 64.Fl t 65option must be specified and none of the 66.Fl u , 67.Fl p 68and 69.Fl m 70options can be specified when run in a vnet jail. 71See 72.Xr jail 8 73for more information. 74.Pp 75The following options are available: 76.Bl -tag -width Ds 77.It Fl r 78Register the NFS service with 79.Xr rpcbind 8 80without creating any servers. 81This option can be used along with the 82.Fl u 83or 84.Fl t 85options to re-register NFS if the rpcbind server is restarted. 86.It Fl d 87Unregister the NFS service with 88.Xr rpcbind 8 89without creating any servers. 90.It Fl V Ar virtual_hostname 91Specifies a hostname to be used as a principal name, instead of 92the default hostname. 93.It Fl n Ar threads 94Specifies how many servers to create. 95This option is equivalent to specifying 96.Fl Fl maxthreads 97and 98.Fl Fl minthreads 99with their respective arguments to 100.Ar threads . 101.It Fl Fl maxthreads Ar threads 102Specifies the maximum servers that will be kept around to service requests. 103.It Fl Fl minthreads Ar threads 104Specifies the minimum servers that will be kept around to service requests. 105.It Fl h Ar bindip 106Specifies which IP address or hostname to bind to on the local host. 107This option is recommended when a host has multiple interfaces. 108Multiple 109.Fl h 110options may be specified. 111.It Fl a 112Specifies that nfsd should bind to the wildcard IP address. 113This is the default if no 114.Fl h 115options are given. 116It may also be specified in addition to any 117.Fl h 118options given. 119Note that NFS/UDP does not operate properly when 120bound to the wildcard IP address whether you use -a or do not use -h. 121.It Fl p Ar pnfs_setup 122Enables pNFS support in the server and specifies the information that the 123daemon needs to start it. 124This option can only be used on one server and specifies that this server 125will be the MetaData Server (MDS) for the pNFS service. 126This can only be done if there is at least one 127.Fx 128system configured 129as a Data Server (DS) for it to use. 130.Pp 131The 132.Ar pnfs_setup 133string is a set of fields separated by ',' characters: 134Each of these fields specifies one DS. 135It consists of a server hostname, followed by a ':' 136and the directory path where the DS's data storage file system is mounted on 137this MDS server. 138This can optionally be followed by a '#' and the mds_path, which is the 139directory path for an exported file system on this MDS. 140If this is specified, it means that this DS is to be used to store data 141files for this mds_path file system only. 142If this optional component does not exist, the DS will be used to store data 143files for all exported MDS file systems. 144The DS storage file systems must be mounted on this system before the 145.Nm 146is started with this option specified. 147.br 148For example: 149.sp 150nfsv4-data0:/data0,nfsv4-data1:/data1 151.sp 152would specify two DS servers called nfsv4-data0 and nfsv4-data1 that comprise 153the data storage component of the pNFS service. 154These two DSs would be used to store data files for all exported file systems 155on this MDS. 156The directories 157.Dq /data0 158and 159.Dq /data1 160are where the data storage servers exported 161storage directories are mounted on this system (which will act as the MDS). 162.br 163Whereas, for the example: 164.sp 165nfsv4-data0:/data0#/export1,nfsv4-data1:/data1#/export2 166.sp 167would specify two DSs as above, however nfsv4-data0 will be used to store 168data files for 169.Dq /export1 170and nfsv4-data1 will be used to store data files for 171.Dq /export2 . 172.sp 173When using IPv6 addresses for DSs 174be wary of using link local addresses. 175The IPv6 address for the DS is sent to the client and there is no scope 176zone in it. 177As such, a link local address may not work for a pNFS client to DS 178TCP connection. 179When parsed, 180.Nm 181will only use a link local address if it is the only address returned by 182.Xr getaddrinfo 3 183for the DS hostname. 184.It Fl m Ar mirror_level 185This option is only meaningful when used with the 186.Fl p 187option. 188It specifies the 189.Dq mirror_level , 190which defines how many of the DSs will 191have a copy of a file's data storage file. 192The default of one implies no mirroring of data storage files on the DSs. 193The 194.Dq mirror_level 195would normally be set to 2 to enable mirroring, but 196can be as high as NFSDEV_MAXMIRRORS. 197There must be at least 198.Dq mirror_level 199DSs for each exported file system on the MDS, as specified in the 200.Fl p 201option. 202This implies that, for the above example using "#/export1" and "#/export2", 203mirroring cannot be done. 204There would need to be two DS entries for each of "#/export1" and "#/export2" 205in order to support a 206.Dq mirror_level 207of two. 208.Pp 209If mirroring is enabled, the server must use the Flexible File 210layout. 211If mirroring is not enabled, the server will use the File layout 212by default, but this default can be changed to the Flexible File layout if the 213.Xr sysctl 8 214vfs.nfsd.default_flexfile 215is set non-zero. 216.It Fl t 217Serve TCP NFS clients. 218.It Fl u 219Serve UDP NFS clients. 220.It Fl e 221Ignored; included for backward compatibility. 222.El 223.Pp 224For example, 225.Dq Li "nfsd -u -t -n 6" 226serves UDP and TCP transports using six daemons. 227.Pp 228A server should run enough daemons to handle 229the maximum level of concurrency from its clients, 230typically four to six. 231.Pp 232The 233.Nm 234utility listens for service requests at the port indicated in the 235NFS server specification; see 236.%T "Network File System Protocol Specification" , 237RFC1094, 238.%T "NFS: Network File System Version 3 Protocol Specification" , 239RFC1813, 240.%T "Network File System (NFS) Version 4 Protocol" , 241RFC7530, 242.%T "Network File System (NFS) Version 4 Minor Version 1 Protocol" , 243RFC5661, 244.%T "Network File System (NFS) Version 4 Minor Version 2 Protocol" , 245RFC7862, 246.%T "File System Extended Attributes in NFSv4" , 247RFC8276 and 248.%T "Parallel NFS (pNFS) Flexible File Layout" , 249RFC8435. 250.Pp 251If 252.Nm 253detects that 254NFS is not loaded in the running kernel, it will attempt 255to load a loadable kernel module containing NFS support using 256.Xr kldload 2 . 257If this fails, or no NFS KLD is available, 258.Nm 259will exit with an error. 260.Pp 261If 262.Nm 263is to be run on a host with multiple interfaces or interface aliases, use 264of the 265.Fl h 266option is recommended. 267If you do not use the option NFS may not respond to 268UDP packets from the same IP address they were sent to. 269Use of this option 270is also recommended when securing NFS exports on a firewalling machine such 271that the NFS sockets can only be accessed by the inside interface. 272The 273.Nm ipfw 274utility 275would then be used to block NFS-related packets that come in on the outside 276interface. 277.Pp 278If the server has stopped servicing clients and has generated a console message 279like 280.Dq Li "nfsd server cache flooded..." , 281the value for vfs.nfsd.tcphighwater needs to be increased. 282This should allow the server to again handle requests without a reboot. 283Also, you may want to consider decreasing the value for 284vfs.nfsd.tcpcachetimeo to several minutes (in seconds) instead of 12 hours 285when this occurs. 286.Pp 287Unfortunately making vfs.nfsd.tcphighwater too large can result in the mbuf 288limit being reached, as indicated by a console message 289like 290.Dq Li "kern.ipc.nmbufs limit reached" . 291If you cannot find values of the above 292.Nm sysctl 293values that work, you can disable the DRC cache for TCP by setting 294vfs.nfsd.cachetcp to 0. 295.Pp 296The 297.Nm 298utility has to be terminated with 299.Dv SIGUSR1 300and cannot be killed with 301.Dv SIGTERM 302or 303.Dv SIGQUIT . 304The 305.Nm 306utility needs to ignore these signals in order to stay alive as long 307as possible during a shutdown, otherwise loopback mounts will 308not be able to unmount. 309If you have to kill 310.Nm 311just do a 312.Dq Li "kill -USR1 <PID of master nfsd>" 313.Sh EXIT STATUS 314.Ex -std 315.Sh SEE ALSO 316.Xr nfsstat 1 , 317.Xr kldload 2 , 318.Xr nfssvc 2 , 319.Xr nfsv4 4 , 320.Xr pnfs 4 , 321.Xr pnfsserver 4 , 322.Xr exports 5 , 323.Xr stablerestart 5 , 324.Xr gssd 8 , 325.Xr ipfw 8 , 326.Xr jail 8 , 327.Xr mountd 8 , 328.Xr nfsiod 8 , 329.Xr nfsrevoke 8 , 330.Xr nfsuserd 8 , 331.Xr rpcbind 8 332.Sh HISTORY 333The 334.Nm 335utility first appeared in 336.Bx 4.4 . 337.Sh BUGS 338If 339.Nm 340is started when 341.Xr gssd 8 342is not running, it will service AUTH_SYS requests only. 343To fix the problem you must kill 344.Nm 345and then restart it, after the 346.Xr gssd 8 347is running. 348.Pp 349For a Flexible File Layout pNFS server, 350if there are Linux clients doing NFSv4.1 or NFSv4.2 mounts, those 351clients might need the 352.Xr sysctl 8 353vfs.nfsd.flexlinuxhack 354to be set to one on the MDS as a workaround. 355.Pp 356Linux 5.n kernels appear to have been patched such that this 357.Xr sysctl 8 358does not need to be set. 359