NFSv4 server configs may need nfsuserd_enable="YES"

From: Rick Macklem <rmacklem_at_uoguelph.ca>
Date: Fri, 28 Jul 2017 21:21:22 +0000
As of r321665, an NFSv4 server configuration that supports NFSv4 Kerberos mounts
or NFSv4 clients that do not support the uid/gid in the owner/owner_group string
will need to have:
nfsuserd_enable="YES"
in the machine's /etc/rc.conf file.

The background to this is that the capability to put uid/gid #s in the owner/owner_group
strings is allowed for AUTH_SYS by RFC7530 (which replaced RFC3530, that didn't allow this).
Since Linux uses this capability by default, many NFSv4 server configurations no longer
need to run the nfsuserd daemon and, as such, forcing it to run did not make much sense.

For sites using the uid/gid in owner/owner_group string capability, the sysctls:
vfs.nfs.enable_uidtostring
vfs.nfsd.enable_stringtouid
should both be set to 1 in /etc/sysctl.conf.

Hopefully this small POLA violation will not cause you grief, rick
Received on Fri Jul 28 2017 - 19:21:25 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:12 UTC