1.\" Copyright (c) 2009 Rick Macklem, University of Guelph 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd April 22, 2023 26.Dt NFSUSERD 8 27.Os 28.Sh NAME 29.Nm nfsuserd 30.Nd load user and group information into the kernel for 31.Tn NFSv4 32services plus support manage-gids for all NFS versions 33.Sh SYNOPSIS 34.Nm nfsuserd 35.Op Fl domain Ar domain_name 36.Op Fl usertimeout Ar minutes 37.Op Fl usermax Ar max_cache_size 38.Op Fl verbose 39.Op Fl force 40.Op Fl manage-gids 41.Op Ar num_servers 42.Sh DESCRIPTION 43.Nm 44loads user and group information into the kernel for NFSv4. 45For Kerberized NFSv4 mounts, it must be running on both client(s) and 46server for correct operation. 47For non-Kerberized NFSv4 mounts, this daemon must be running unless all 48client(s) plus the server are configured to put uid/gid numbers in the 49owner and owner_group strings. 50.Pp 51It also provides support for manage-gids and must be running on the server if 52this is being used for any version of NFS. 53.Pp 54Upon startup, it loads the machine's DNS domain name, plus timeout and cache size 55limit into the kernel. 56It then preloads the cache with group and user information, up to the cache size 57limit and forks off 58.Ar num_servers 59(default 4) children which are the servers 60that service requests from the kernel 61for cache misses. 62The master is there for the sole purpose of terminating the 63servers. 64To stop the nfsuserd, send a SIGUSR1 to the master. 65.Pp 66The following options are available: 67.Bl -tag -width Ds 68.It Fl domain Ar domain_name 69This option allows you to override the default DNS domain name, which 70is acquired by taking either the suffix on the machine's hostname or, 71if that name is not a fully qualified host name, the canonical name as 72reported by 73.Xr getaddrinfo 3 . 74.It Fl usertimeout Ar minutes 75Overrides the default timeout for cache entries, in minutes. 76The longer the 77time out, the better the performance, but the longer it takes for replaced 78entries to be seen. 79If your user/group database management system almost never re-uses the same names 80or id numbers, a large timeout is recommended. 81The default is 1 minute. 82.It Fl usermax Ar max_cache_size 83Overrides the default upper bound on the cache size. 84The larger the cache, the more kernel memory is used, but the better the performance. 85If your system can afford the memory use, make this the sum of the number of 86entries in your group and password databases. 87The default is 200 entries. 88.It Fl verbose 89When set, the server logs a bunch of information to syslog. 90.It Fl force 91This flag option must be set to restart the daemon after it has gone away 92abnormally and refuses to start, because it thinks nfsuserd is already 93running. 94.It Fl manage-gids 95This flag enables manage-gids for the NFS server 96.Xr nfsd 8 . 97When this is enabled, all NFS requests using 98AUTH_SYS authentication take the uid from the RPC request 99and uses the group list for that uid provided by 100.Xr getgrouplist 3 101on the server instead of the list of groups provided in the RPC authenticator. 102This can be used to avoid the 16 group limit for AUTH_SYS. 103.It Ar num_servers 104Specifies how many servers to create (max 20). 105The default of 4 may be sufficient. 106You should run enough servers, so that 107.Xr ps 1 108shows almost no running time for one or two of the servers after the system 109has been running for a long period. 110Running too few will have a major performance impact, whereas running too many 111will only tie up some resources, such as a process table entry and swap space. 112.El 113.Sh SEE ALSO 114.Xr getgrent 3 , 115.Xr getgrouplist 3 , 116.Xr getpwent 3 , 117.Xr nfsv4 4 , 118.Xr group 5 , 119.Xr passwd 5 , 120.Xr nfsd 8 121.Sh HISTORY 122The 123.Nm 124utility was introduced with the NFSv4 experimental subsystem in 2009. 125.Sh BUGS 126The 127.Nm 128use 129.Xr getgrent 3 , 130.Xr getgrouplist 3 131and 132.Xr getpwent 3 133library calls to resolve requests and will hang if the servers handling 134those requests fail and the library functions don't return. 135See 136.Xr group 5 137and 138.Xr passwd 5 139for more information on how the databases are accessed. 140