xref: /freebsd/usr.sbin/nfsuserd/nfsuserd.8 (revision db70ff37a051dfa19f6f3f0f0c5e3571aba91982)
1.\" Copyright (c) 2009 Rick Macklem, University of Guelph
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd August 22, 2018
28.Dt NFSUSERD 8
29.Os
30.Sh NAME
31.Nm nfsuserd
32.Nd load user and group information into the kernel for
33.Tn NFSv4
34services plus support manage-gids for all NFS versions
35.Sh SYNOPSIS
36.Nm nfsuserd
37.Op Fl domain Ar domain_name
38.Op Fl usertimeout Ar minutes
39.Op Fl usermax Ar max_cache_size
40.Op Fl verbose
41.Op Fl force
42.Op Fl manage-gids
43.Op Ar num_servers
44.Sh DESCRIPTION
45.Nm
46loads user and group information into the kernel for NFSv4.
47For Kerberized NFSv4 mounts, it must be running on both client(s) and
48server for correct operation.
49For non-Kerberized NFSv4 mounts, this daemon must be running unless all
50client(s) plus the server are configured to put uid/gid numbers in the
51owner and owner_group strings.
52.Pp
53It also provides support for manage-gids and must be running on the server if
54this is being used for any version of NFS.
55.Pp
56Upon startup, it loads the machines DNS domain name, plus timeout and
57cache size limit into the kernel. It then preloads the cache with group
58and user information, up to the cache size limit and forks off N children
59(default 4), that service requests from the kernel for cache misses. The
60master server is there for the sole purpose of killing off the slaves.
61To stop the nfsuserd, send a SIGUSR1 to the master server.
62.Pp
63The following options are available:
64.Bl -tag -width Ds
65.It Fl domain Ar domain_name
66This option allows you to override the default DNS domain name, which
67is acquired by taking either the suffix on the machine's hostname or,
68if that name is not a fully qualified host name, the canonical name as
69reported by
70.Xr getaddrinfo 3 .
71.It Fl usertimeout Ar minutes
72Overrides the default timeout for cache entries, in minutes.
73The longer the
74time out, the better the performance, but the longer it takes for replaced
75entries to be seen. If your user/group database management system almost
76never re-uses the same names or id numbers, a large timeout is recommended.
77The default is 1 minute.
78.It Fl usermax Ar max_cache_size
79Overrides the default upper bound on the cache size. The larger the cache,
80the more kernel memory is used, but the better the performance. If your
81system can afford the memory use, make this the sum of the number of
82entries in your group and password databases.
83The default is 200 entries.
84.It Fl verbose
85When set, the server logs a bunch of information to syslog.
86.It Fl force
87This flag option must be set to restart the daemon after it has gone away
88abnormally and refuses to start, because it thinks nfsuserd is already
89running.
90.It Fl manage-gids
91This flag enables manage-gids for the NFS server
92.Xr nfsd 8 .
93When this is enabled, all NFS requests using
94AUTH_SYS authentication take the uid from the RPC request
95and uses the group list for that uid provided by
96.Xr getgrouplist 3
97on the server instead of the list of groups provided in the RPC authenticator.
98This can be used to avoid the 16 group limit for AUTH_SYS.
99.It Ar num_servers
100Specifies how many servers to create (max 20).
101The default of 4 may be sufficient. You should run enough servers, so that
102.Xr ps 1
103shows almost no running time for one or two of the slaves after the system
104has been running for a long period. Running too few will have a major
105performance impact, whereas running too many will only tie up some resources,
106such as a process table entry and swap space.
107.El
108.Sh SEE ALSO
109.Xr getgrent 3 ,
110.Xr getgrouplist 3 ,
111.Xr getpwent 3 ,
112.Xr nfsv4 4 ,
113.Xr group 5 ,
114.Xr passwd 5 ,
115.Xr nfsd 8
116.Sh HISTORY
117The
118.Nm
119utility was introduced with the NFSv4 experimental subsystem in 2009.
120.Sh BUGS
121The
122.Nm
123use
124.Xr getgrent 3 ,
125.Xr getgrouplist 3
126and
127.Xr getpwent 3
128library calls to resolve requests and will hang if the servers handling
129those requests fail and the library functions don't return. See
130.Xr group 5
131and
132.Xr passwd 5
133for more information on how the databases are accessed.
134.Pp
135Since the kernel communicates with the
136.Nm
137daemon via an upcall that uses the IP address 127.0.0.1, it does not work correctly when
138.Xr jail 8
139are used and can crash the system.
140