1.\" Copyright (c) 2009 Rick Macklem, University of Guelph 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd July 6, 2017 28.Dt NFSUSERD 8 29.Os 30.Sh NAME 31.Nm nfsuserd 32.Nd load user and group information into the kernel for 33.Tn NFSv4 34services plus support manage-gids for all NFS versions 35.Sh SYNOPSIS 36.Nm nfsuserd 37.Op Fl domain Ar domain_name 38.Op Fl usertimeout Ar minutes 39.Op Fl usermax Ar max_cache_size 40.Op Fl verbose 41.Op Fl force 42.Op Fl manage-gids 43.Op Fl use-udpsock 44.Op Ar num_servers 45.Sh DESCRIPTION 46.Nm 47loads user and group information into the kernel for NFSv4. 48It also provides support for manage-gids and must be running on the server if 49this is being used for any version of NFS. 50.Pp 51Upon startup, it loads the machines DNS domain name, plus timeout and 52cache size limit into the kernel. It then preloads the cache with group 53and user information, up to the cache size limit and forks off N children 54(only 1 child for AF_LOCAL sockets), that service requests from the kernel for cache misses. 55The master server is there for the sole purpose of killing off the slave(s). 56To stop the nfsuserd, send a SIGUSR1 to the master server. 57.Pp 58By default, upcalls from the kernel use an AF_LOCAL socket. 59For this case, only one server daemon will be running. 60The 61.Fl use-udpsock 62option may be used to make the 63.Nm 64daemon use a UDP socket, with upcalls done via 127.0.0.1, which was the 65old behaviour for 66.Nm . 67Use of the UDP socket can only be done if 68.Xr jail 8 69are not being used. 70.Pp 71The following options are available: 72.Bl -tag -width Ds 73.It Fl domain Ar domain_name 74This option allows you to override the default DNS domain name, which 75is acquired by taking either the suffix on the machine's hostname or, 76if that name is not a fully qualified host name, the canonical name as 77reported by 78.Xr getaddrinfo 3 . 79.It Fl usertimeout Ar minutes 80Overrides the default timeout for cache entries, in minutes. 81The longer the 82time out, the better the performance, but the longer it takes for replaced 83entries to be seen. If your user/group database management system almost 84never re-uses the same names or id numbers, a large timeout is recommended. 85The default is 1 minute. 86.It Fl usermax Ar max_cache_size 87Overrides the default upper bound on the cache size. The larger the cache, 88the more kernel memory is used, but the better the performance. If your 89system can afford the memory use, make this the sum of the number of 90entries in your group and password databases. 91The default is 200 entries. 92.It Fl verbose 93When set, the server logs a bunch of information to syslog. 94.It Fl force 95This flag option must be set to restart the daemon after it has gone away 96abnormally and refuses to start, because it thinks nfsuserd is already 97running. 98.It Fl manage-gids 99This flag enables manage-gids for the NFS server 100.Xr nfsd 8 . 101When this is enabled, all NFS requests using 102AUTH_SYS authentication take the uid from the RPC request 103and uses the group list for that uid provided by 104.Xr getgrouplist 3 105on the server instead of the list of groups provided in the RPC authenticator. 106This can be used to avoid the 16 group limit for AUTH_SYS. 107.It Fl use-udpsock 108This flag forces use of the old behaviour of a UDP socket with upcalls done via 127.0.0.1. 109.It Ar num_servers 110Specifies how many servers to create (max 20). 111This option has been deprecated and is ignored for AF_LOCAL upcall sockets, 112which always use a single server. 113.El 114.Sh SEE ALSO 115.Xr getgrent 3 , 116.Xr getgrouplist 3 , 117.Xr getpwent 3 , 118.Xr nfsv4 4 , 119.Xr group 5 , 120.Xr passwd 5 , 121.Xr nfsd 8 122.Sh HISTORY 123The 124.Nm 125utility was introduced with the NFSv4 experimental subsystem in 2009. 126.Sh BUGS 127The 128.Nm 129use 130.Xr getgrent 3 , 131.Xr getgrouplist 3 132and 133.Xr getpwent 3 134library calls to resolve requests and will hang if the servers handling 135those requests fail and the library functions don't return. See 136.Xr group 5 137and 138.Xr passwd 5 139for more information on how the databases are accessed. 140.Pp 141For the 142.Fl use-udpsock 143option, since the kernel communicates with the 144.Nm 145daemon via an upcall that uses the IP address 127.0.0.1, it does not work correctly when 146.Xr jail 8 147are used and can crash the system. 148This is not a problem when a AF_LOCAL socket is used. 149