- Merge from HEAD

[FreeBSD/FreeBSD.git] / sbin / mount_nfs / mount_nfs.8

.\" Copyright (c) 1992, 1993, 1994, 1995
.\"     The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)mount_nfs.8 8.3 (Berkeley) 3/29/95
.\" $FreeBSD$
.\"
.Dd February 11, 2008
.Dt MOUNT_NFS 8
.Os
.Sh NAME
.Nm mount_nfs
.Nd mount NFS file systems
.Sh SYNOPSIS
.Nm
.Op Fl 23bcdiLlNPsTU
.Op Fl a Ar maxreadahead
.Op Fl D Ar deadthresh
.Op Fl g Ar maxgroups
.Op Fl I Ar readdirsize
.Op Fl o Ar options
.Op Fl R Ar retrycnt
.Op Fl r Ar readsize
.Op Fl t Ar timeout
.Op Fl w Ar writesize
.Op Fl x Ar retrans
.Ar rhost : Ns Ar path node
.Sh DESCRIPTION
The
.Nm
utility calls the
.Xr nmount 2
system call to prepare and graft a remote NFS file system
.Pq Ar rhost : Ns Ar path
on to the file system tree at the point
.Ar node .
This command is normally executed by
.Xr mount 8 .
It implements the mount protocol as described in RFC 1094, Appendix A and
.%T "NFS: Network File System Version 3 Protocol Specification" ,
Appendix I.
.Pp
By default,
.Nm
keeps retrying until the mount succeeds.
This behaviour is intended for file systems listed in
.Xr fstab 5
that are critical to the boot process.
For non-critical file systems, the
.Cm bg
and
.Cm retrycnt
options provide mechanisms to prevent the boot process from hanging
if the server is unavailable.
.Pp
If the server becomes unresponsive while an NFS file system is
mounted, any new or outstanding file operations on that file system
will hang uninterruptibly until the server comes back.
To modify this default behaviour, see the
.Cm intr
and
.Cm soft
options.
.Pp
The options are:
.Bl -tag -width indent
.It Fl o
Options are specified with a
.Fl o
flag followed by a comma separated string of options.
See the
.Xr mount 8
man page for possible options and their meanings.
The following NFS specific options are also available:
.Bl -tag -width indent
.It Cm acregmin Ns = Ns Aq Ar seconds
.It Cm acregmax Ns = Ns Aq Ar seconds
.It Cm acdirmin Ns = Ns Aq Ar seconds
.It Cm acdirmax Ns = Ns Aq Ar seconds
When attributes of files are cached, a timeout calculated to determine
whether a given cache entry has expired.
These four values determine the upper and lower bounds of the timeouts for
.Dq directory
attributes and
.Dq regular
(ie: everything else).
The default values are 3 -> 60 seconds
for regular files, and 30 -> 60 seconds for directories.
The algorithm to calculate the timeout is based on the age of the file.
The older the file,
the longer the cache is considered valid, subject to the limits above.
.It Cm bg
If an initial attempt to contact the server fails, fork off a child to keep
trying the mount in the background.
Useful for
.Xr fstab 5 ,
where the file system mount is not critical to multiuser operation.
.It Cm deadthresh Ns = Ns Aq Ar value
Set the
.Dq "dead server threshold"
to the specified number of round trip timeout intervals before a
.Dq "server not responding"
message is displayed.
.It Cm dumbtimer
Turn off the dynamic retransmit timeout estimator.
This may be useful for UDP mounts that exhibit high retry rates,
since it is possible that the dynamically estimated timeout interval is too
short.
.It Cm fg
Same as not specifying
.Cm bg .
.It Cm gssname Ns = Ns Aq Ar name
For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p when being
used for an NFSv4 mount, this option specifies the host based principal
name to be used for the state related operations SetClientID,
SetClientIDConfirm, ReleaseLockOwner and Renew.
It is also used for other operations, such as Getattr for
.Xr statfs 2
information and during open/lock state recovery.
An entry for this principal must exist
in the client machine's default keytab file.
If possible, the keytab entry should be created using DES_CBC_CRC
encryption. If another encryption algorithm is used, the sysctl variable
.Va vfs.newnfs.keytab_enctype
must be set to the numeric value representing that encryption algorithm.
(The numeric values can be found in /usr/include/krb5_asn1.h. Look
for constants named ETYPE_xxx.)
If this option is given
as a name without an ``@<client-fqdn>'', such as ``root'' or ``nfs'',
``@<client-fqdn>'' will be appended to it.
.sp
If this option is not specified
for NFSv4 mounts using krb5[ip], the above operations will be done using the
user principal for the user that performed the mount. This
only works for mounts done by a user other than ``root'' and the user must
have a valid TGT in their credentials cache at the time the mount is done.
(Setting the
.Va vfs.usermount
to non-zero will allow users to do mounts.)
Because the user's TGT is used to acquire credentials for these operations,
it is important that that user's TGT does not expire before
.Xr umount 8
is done.
.It Cm allgssname
This option can be used along with
.Cm gssname
to indicate that all accesses to the mount point are to be done using
the host based principal specified by the
.Cm gssname
option.
This might be useful for nfsv4 mounts using sec=krb5[ip] that are being accessed
by batch utilities over long periods of time.
.It Cm hard
Same as not specifying
.Cm soft .
.It Cm intr
Make the mount interruptible, which implies that file system calls that
are delayed due to an unresponsive server will fail with EINTR when a
termination signal is posted for the process.
.It Cm maxgroups Ns = Ns Aq Ar value
Set the maximum size of the group list for the credentials to the
specified value.
This should be used for mounts on old servers that cannot handle a
group list size of 16, as specified in RFC 1057.
Try 8, if users in a lot of groups cannot get response from the mount
point.
.It Cm mntudp
Force the mount protocol to use UDP transport, even for TCP NFS mounts.
(Necessary for some old
.Bx
servers.)
.It Cm nfsv2
Use the NFS Version 2 protocol (the default is to try version 3 first
then version 2).
Note that NFS version 2 has a file size limit of 2 gigabytes.
.It Cm nfsv3
Use the NFS Version 3 protocol.
.It Cm nfsv4
Use the NFS Version 4 protocol.
This option will force the mount to use the experimental nfs subsystem and
TCP transport.
To use the experimental nfs subsystem for nfsv2 and nfsv3 mounts, you
must specify the ``newnfs'' file system type instead of ``nfs''.
.It Cm noconn
For UDP mount points, do not do a
.Xr connect 2 .
This must be used if the server does not reply to requests from the standard
NFS port number 2049 or replies to requests using a different IP address
(which can occur if the server is multi-homed).
Setting the
.Va vfs.nfs.nfs_ip_paranoia
sysctl to 0 will make this option the default.
.It Cm noinet4 , noinet6
Disables
.Dv AF_INET
or
.Dv AF_INET6
connections.
Useful for hosts that have
both an A record and an AAAA record for the same name.
.It Cm nolockd
Do
.Em not
forward
.Xr fcntl 2
locks over the wire.
All locks will be local and not seen by the server
and likewise not seen by other NFS clients.
This removes the need to run the
.Xr rpcbind 8
service and the
.Xr rpc.statd 8
and
.Xr rpc.lockd 8
servers on the client.
Note that this option will only be honored when performing the
initial mount, it will be silently ignored if used while updating
the mount options.
.It Cm principal
For the RPCSEC_GSS security flavors, such as krb5, krb5i and krb5p,
this option sets the name of the host based principal name expected
by the server. This option overrides the default, which will be
``nfs@<server-fqdn>'' and should normally be sufficient.
.It Cm noresvport
Do
.Em not
use a reserved socket port number (see below).
.It Cm port Ns = Ns Aq Ar port_number
Use specified port number for NFS requests.
The default is to query the portmapper for the NFS port.
.It Cm rdirplus
Used with NFSV3 to specify that the \fBReaddirPlus\fR RPC should
be used.
For NFSV4, setting this option has a similar effect, in that it will make
the Readdir Operation get more attributes.
This option reduces RPC traffic for cases such as
.Dq "ls -l" ,
but tends to flood the attribute and name caches with prefetched entries.
Try this option and see whether performance improves or degrades.
Probably
most useful for client to server network interconnects with a large bandwidth
times delay product.
.It Cm readahead Ns = Ns Aq Ar value
Set the read-ahead count to the specified value.
This may be in the range of 0 - 4, and determines how many blocks
will be read ahead when a large file is being read sequentially.
Trying a value greater than 1 for this is suggested for
mounts with a large bandwidth * delay product.
.It Cm readdirsize Ns = Ns Aq Ar value
Set the readdir read size to the specified value.
The value should normally
be a multiple of
.Dv DIRBLKSIZ
that is <= the read size for the mount.
.It Cm resvport
Use a reserved socket port number.
This flag is obsolete, and only retained for compatibility reasons.
Reserved port numbers are used by default now.
(For the rare case where the client has a trusted root account
but untrustworthy users and the network cables are in secure areas this does
help, but for normal desktop clients this does not apply.)
.It Cm retrans Ns = Ns Aq Ar value
Set the retransmit timeout count for soft mounts to the specified value.
.It Cm retrycnt Ns = Ns Aq Ar count
Set the mount retry count to the specified value.
The default is a retry count of zero, which means to keep retrying
forever.
There is a 60 second delay between each attempt.
.It Cm rsize Ns = Ns Aq Ar value
Set the read data size to the specified value.
It should normally be a power of 2 greater than or equal to 1024.
This should be used for UDP mounts when the
.Dq "fragments dropped due to timeout"
value is getting large while actively using a mount point.
(Use
.Xr netstat 1
with the
.Fl s
option to see what the
.Dq "fragments dropped due to timeout"
value is.)
.It Cm sec Ns = Ns Aq Ar flavor
This option specifies what security flavor should be used for the mount.
Currently, they are:
.Bd -literal
krb5 -  Use KerberosV authentication
krb5i - Use KerberosV authentication and
        apply integrity checksums to RPCs
krb5p - Use KerberosV authentication and
        encrypt the RPC data
sys -   The default AUTH_SYS, which uses a
        uid + gid list authenticator
.Ed
.It Cm soft
A soft mount, which implies that file system calls will fail
after
.Ar retrycnt
round trip timeout intervals.
.It Cm tcp
Use TCP transport.
This is the default option, as it provides for increased reliability on both
LAN and WAN configurations compared to UDP.
Some old NFS servers do not support this method; UDP mounts may be required
for interoperability.
.It Cm timeout Ns = Ns Aq Ar value
Set the initial retransmit timeout to the specified value.
May be useful for fine tuning UDP mounts over internetworks
with high packet loss rates or an overloaded server.
Try increasing the interval if
.Xr nfsstat 1
shows high retransmit rates while the file system is active or reducing the
value if there is a low retransmit rate but long response delay observed.
(Normally, the
.Cm dumbtimer
option should be specified when using this option to manually
tune the timeout
interval.)
.It Cm udp
Use UDP transport.
.It Cm wsize Ns = Ns Aq Ar value
Set the write data size to the specified value.
Ditto the comments w.r.t.\& the
.Cm rsize
option, but using the
.Dq "fragments dropped due to timeout"
value on the server instead of the client.
Note that both the
.Cm rsize
and
.Cm wsize
options should only be used as a last ditch effort at improving performance
when mounting servers that do not support TCP mounts.
.El
.El
.Sh COMPATIBILITY
The following command line flags are equivalent to
.Fl o
named options and are supported for compatibility with older
installations.
.Bl -tag -width indent
.It Fl 2
Same as
.Fl o Cm nfsv2
.It Fl 3
Same as
.Fl o Cm nfsv3
.It Fl D
Same as
.Fl o Cm deadthresh
.It Fl I
Same as
.Fl o Cm readdirsize Ns = Ns Aq Ar value
.It Fl L
Same as
.Fl o Cm nolockd
.It Fl N
Same as
.Fl o Cm noresvport
.It Fl P
Use a reserved socket port number.
This flag is obsolete, and only retained for compatibility reasons.
(For the rare case where the client has a trusted root account
but untrustworthy users and the network cables are in secure areas this does
help, but for normal desktop clients this does not apply.)
.It Fl R
Same as
.Fl o Cm retrycnt Ns = Ns Aq Ar value
.It Fl T
Same as
.Fl o Cm tcp
.It Fl U
Same as
.Fl o Cm mntudp
.It Fl a
Same as
.Fl o Cm readahead Ns = Ns Aq Ar value
.It Fl b
Same as
.Fl o Cm bg
.It Fl c
Same as
.Fl o Cm noconn
.It Fl d
Same as
.Fl o Cm dumbtimer
.It Fl g
Same as
.Fl o Cm maxgroups
.It Fl i
Same as
.Fl o Cm intr
.It Fl l
Same as
.Fl o Cm rdirplus
.It Fl r
Same as
.Fl o Cm rsize Ns = Ns Aq Ar value
.It Fl s
Same as
.Fl o Cm soft
.It Fl t
Same as
.Fl o Cm retransmit Ns = Ns Aq Ar value
.It Fl w
Same as
.Fl o Cm wsize Ns = Ns Aq Ar value
.It Fl x
Same as
.Fl o Cm retrans Ns = Ns Aq Ar value
.El
.Sh SEE ALSO
.Xr nmount 2 ,
.Xr unmount 2 ,
.Xr nfsv4 4 ,
.Xr fstab 5 ,
.Xr gssd 8 ,
.Xr mount 8 ,
.Xr nfsd 8 ,
.Xr nfsiod 8 ,
.Xr showmount 8
.Sh BUGS
Since nfsv4 performs open/lock operations that have their ordering strictly
enforced by the server, the options
.Cm intr
and
.Cm soft
cannot be safely used.
.Cm hard
nfsv4 mounts are strongly recommended.