Re: Documentation regarding NFSv4

From: Rick Macklem <rmacklem_at_uoguelph.ca> Date: Fri, 18 Sep 2020 23:28:51 +0000 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC

Oh, and I forgot to mention name<->id# mapping.
If using AUTH_SYS (not kerberos), then you have the
choice of running "nfsuserd" or setting these two sysctls to 1.
vfs.nfs.enable_uidtostring=1
vfs.nfsd.enable_stringtouid=1
--> This makes the server just handle id#s (uid, gid) as numbers in
       a string. (This is the default for Linux these days although it was
'       frowned upon in the early days.)

Running nfsuserd maps uid, gid numbers to/from names using the
password and group databases. This must be used for Kerberos mounts.

Without the above properly configured, you'll see lots of files owned
by "nobody" on the client mounts.

rick

________________________________________
From: Rick Macklem <rmacklem_at_uoguelph.ca>
Sent: Friday, September 18, 2020 7:21 PM
To: Shawn Webb; freebsd-current_at_freebsd.org; freebsd-stable_at_freebsd.org
Subject: Re: Documentation regarding NFSv4

Shawn Webb wrote:
>Hey all,
>
>It appears the Handbook and the nfsv4 manpages don't really agree,
>leading to some confusion as to how to properly set up an NFSv4 server
>on FreeBSD.
>
>Any guidance would be appreciated.
1 - I never look at the Handbook, but do try and maintain the man pages.
     Since you didn't explain the specifics related to your confusion, all I can
     say is that the man pages are probably more correct.

Assuming you already have a running NFSv3 NFS server, all you need to do
is:
- Add a V4: line to your /etc/exports files. This does not "export any file systems"
  (that is done by other lines in /etc/exports exactly the same as NFSv3).
  However, it does tell the NFSv4 server where the "root" is for NFSv4 clients.
  (ie. Where in the server's file system tree a "nfs-server:/" done by an NFSv4 client
   ends up.)
- Add nfsv4_server_enable="YES" to your /etc/rc.conf.

Note that, since NFSv4 does allow a mount to cross server mount points (unlike
NFSv3), a client will normally only do a single mount at or near the "root"
specified by the "V4:" line (see "man exports").

If you explain what inconsistencies are in the docs, maybe someone could
fix them.

rick

Thanks,

--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

GPG Key ID:          0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2
https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc