1.\" Copyright (c) 2009 Rick Macklem, University of Guelph 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd August 22, 2018 28.Dt NFSUSERD 8 29.Os 30.Sh NAME 31.Nm nfsuserd 32.Nd load user and group information into the kernel for 33.Tn NFSv4 34services plus support manage-gids for all NFS versions 35.Sh SYNOPSIS 36.Nm nfsuserd 37.Op Fl domain Ar domain_name 38.Op Fl usertimeout Ar minutes 39.Op Fl usermax Ar max_cache_size 40.Op Fl verbose 41.Op Fl force 42.Op Fl manage-gids 43.Op Ar num_servers 44.Sh DESCRIPTION 45.Nm 46loads user and group information into the kernel for NFSv4. 47For Kerberized NFSv4 mounts, it must be running on both client(s) and 48server for correct operation. 49For non-Kerberized NFSv4 mounts, this daemon must be running unless all 50client(s) plus the server are configured to put uid/gid numbers in the 51owner and owner_group strings. 52.Pp 53It also provides support for manage-gids and must be running on the server if 54this is being used for any version of NFS. 55.Pp 56Upon startup, it loads the machines DNS domain name, plus timeout and 57cache size limit into the kernel. It then preloads the cache with group 58and user information, up to the cache size limit and forks off N children 59(default 4), that service requests from the kernel for cache misses. The 60master server is there for the sole purpose of killing off the slaves. 61To stop the nfsuserd, send a SIGUSR1 to the master server. 62.Pp 63The following options are available: 64.Bl -tag -width Ds 65.It Fl domain Ar domain_name 66This option allows you to override the default DNS domain name, which 67is acquired by taking either the suffix on the machine's hostname or, 68if that name is not a fully qualified host name, the canonical name as 69reported by 70.Xr getaddrinfo 3 . 71.It Fl usertimeout Ar minutes 72Overrides the default timeout for cache entries, in minutes. 73The longer the 74time out, the better the performance, but the longer it takes for replaced 75entries to be seen. If your user/group database management system almost 76never re-uses the same names or id numbers, a large timeout is recommended. 77The default is 1 minute. 78.It Fl usermax Ar max_cache_size 79Overrides the default upper bound on the cache size. The larger the cache, 80the more kernel memory is used, but the better the performance. If your 81system can afford the memory use, make this the sum of the number of 82entries in your group and password databases. 83The default is 200 entries. 84.It Fl verbose 85When set, the server logs a bunch of information to syslog. 86.It Fl force 87This flag option must be set to restart the daemon after it has gone away 88abnormally and refuses to start, because it thinks nfsuserd is already 89running. 90.It Fl manage-gids 91This flag enables manage-gids for the NFS server 92.Xr nfsd 8 . 93When this is enabled, all NFS requests using 94AUTH_SYS authentication take the uid from the RPC request 95and uses the group list for that uid provided by 96.Xr getgrouplist 3 97on the server instead of the list of groups provided in the RPC authenticator. 98This can be used to avoid the 16 group limit for AUTH_SYS. 99.It Ar num_servers 100Specifies how many servers to create (max 20). 101The default of 4 may be sufficient. You should run enough servers, so that 102.Xr ps 1 103shows almost no running time for one or two of the slaves after the system 104has been running for a long period. Running too few will have a major 105performance impact, whereas running too many will only tie up some resources, 106such as a process table entry and swap space. 107.El 108.Sh SEE ALSO 109.Xr getgrent 3 , 110.Xr getgrouplist 3 , 111.Xr getpwent 3 , 112.Xr nfsv4 4 , 113.Xr group 5 , 114.Xr passwd 5 , 115.Xr nfsd 8 116.Sh HISTORY 117The 118.Nm 119utility was introduced with the NFSv4 experimental subsystem in 2009. 120.Sh BUGS 121The 122.Nm 123use 124.Xr getgrent 3 , 125.Xr getgrouplist 3 126and 127.Xr getpwent 3 128library calls to resolve requests and will hang if the servers handling 129those requests fail and the library functions don't return. See 130.Xr group 5 131and 132.Xr passwd 5 133for more information on how the databases are accessed. 134.Pp 135Since the kernel communicates with the 136.Nm 137daemon via an upcall that uses the IP address 127.0.0.1, it does not work correctly when 138.Xr jail 8 139are used and can crash the system. 140