1.\" Copyright (c) 2009 Rick Macklem, University of Guelph 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd April 22, 2023 28.Dt NFSUSERD 8 29.Os 30.Sh NAME 31.Nm nfsuserd 32.Nd load user and group information into the kernel for 33.Tn NFSv4 34services plus support manage-gids for all NFS versions 35.Sh SYNOPSIS 36.Nm nfsuserd 37.Op Fl domain Ar domain_name 38.Op Fl usertimeout Ar minutes 39.Op Fl usermax Ar max_cache_size 40.Op Fl verbose 41.Op Fl force 42.Op Fl manage-gids 43.Op Ar num_servers 44.Sh DESCRIPTION 45.Nm 46loads user and group information into the kernel for NFSv4. 47For Kerberized NFSv4 mounts, it must be running on both client(s) and 48server for correct operation. 49For non-Kerberized NFSv4 mounts, this daemon must be running unless all 50client(s) plus the server are configured to put uid/gid numbers in the 51owner and owner_group strings. 52.Pp 53It also provides support for manage-gids and must be running on the server if 54this is being used for any version of NFS. 55.Pp 56Upon startup, it loads the machine's DNS domain name, plus timeout and cache size 57limit into the kernel. 58It then preloads the cache with group and user information, up to the cache size 59limit and forks off 60.Ar num_servers 61(default 4) children which are the servers 62that service requests from the kernel 63for cache misses. 64The master is there for the sole purpose of terminating the 65servers. 66To stop the nfsuserd, send a SIGUSR1 to the master. 67.Pp 68The following options are available: 69.Bl -tag -width Ds 70.It Fl domain Ar domain_name 71This option allows you to override the default DNS domain name, which 72is acquired by taking either the suffix on the machine's hostname or, 73if that name is not a fully qualified host name, the canonical name as 74reported by 75.Xr getaddrinfo 3 . 76.It Fl usertimeout Ar minutes 77Overrides the default timeout for cache entries, in minutes. 78The longer the 79time out, the better the performance, but the longer it takes for replaced 80entries to be seen. 81If your user/group database management system almost never re-uses the same names 82or id numbers, a large timeout is recommended. 83The default is 1 minute. 84.It Fl usermax Ar max_cache_size 85Overrides the default upper bound on the cache size. 86The larger the cache, the more kernel memory is used, but the better the performance. 87If your system can afford the memory use, make this the sum of the number of 88entries in your group and password databases. 89The default is 200 entries. 90.It Fl verbose 91When set, the server logs a bunch of information to syslog. 92.It Fl force 93This flag option must be set to restart the daemon after it has gone away 94abnormally and refuses to start, because it thinks nfsuserd is already 95running. 96.It Fl manage-gids 97This flag enables manage-gids for the NFS server 98.Xr nfsd 8 . 99When this is enabled, all NFS requests using 100AUTH_SYS authentication take the uid from the RPC request 101and uses the group list for that uid provided by 102.Xr getgrouplist 3 103on the server instead of the list of groups provided in the RPC authenticator. 104This can be used to avoid the 16 group limit for AUTH_SYS. 105.It Ar num_servers 106Specifies how many servers to create (max 20). 107The default of 4 may be sufficient. 108You should run enough servers, so that 109.Xr ps 1 110shows almost no running time for one or two of the servers after the system 111has been running for a long period. 112Running too few will have a major performance impact, whereas running too many 113will only tie up some resources, such as a process table entry and swap space. 114.El 115.Sh SEE ALSO 116.Xr getgrent 3 , 117.Xr getgrouplist 3 , 118.Xr getpwent 3 , 119.Xr nfsv4 4 , 120.Xr group 5 , 121.Xr passwd 5 , 122.Xr nfsd 8 123.Sh HISTORY 124The 125.Nm 126utility was introduced with the NFSv4 experimental subsystem in 2009. 127.Sh BUGS 128The 129.Nm 130use 131.Xr getgrent 3 , 132.Xr getgrouplist 3 133and 134.Xr getpwent 3 135library calls to resolve requests and will hang if the servers handling 136those requests fail and the library functions don't return. 137See 138.Xr group 5 139and 140.Xr passwd 5 141for more information on how the databases are accessed. 142