MFV r331695, 331700: 9166 zfs storage pool checkpoint

[FreeBSD/FreeBSD.git] / usr.sbin / nfsuserd / nfsuserd.8

.\" Copyright (c) 2009 Rick Macklem, University of Guelph
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd July 6, 2017
.Dt NFSUSERD 8
.Os
.Sh NAME
.Nm nfsuserd
.Nd load user and group information into the kernel for
.Tn NFSv4
services plus support manage-gids for all NFS versions
.Sh SYNOPSIS
.Nm nfsuserd
.Op Fl domain Ar domain_name
.Op Fl usertimeout Ar minutes
.Op Fl usermax Ar max_cache_size
.Op Fl verbose
.Op Fl force
.Op Fl manage-gids
.Op Fl use-udpsock
.Op Ar num_servers
.Sh DESCRIPTION
.Nm
loads user and group information into the kernel for NFSv4.
It also provides support for manage-gids and must be running on the server if
this is being used for any version of NFS.
.Pp
Upon startup, it loads the machines DNS domain name, plus timeout and
cache size limit into the kernel. It then preloads the cache with group
and user information, up to the cache size limit and forks off N children
(only 1 child for AF_LOCAL sockets), that service requests from the kernel for cache misses.
The master server is there for the sole purpose of killing off the slave(s).
To stop the nfsuserd, send a SIGUSR1 to the master server.
.Pp
By default, upcalls from the kernel use an AF_LOCAL socket.
For this case, only one server daemon will be running.
The
.Fl use-udpsock
option may be used to make the
.Nm
daemon use a UDP socket, with upcalls done via 127.0.0.1, which was the
old behaviour for
.Nm .
Use of the UDP socket can only be done if
.Xr jail 8
are not being used.
.Pp
The following options are available:
.Bl -tag -width Ds
.It Fl domain Ar domain_name
This option allows you to override the default DNS domain name, which
is acquired by taking either the suffix on the machine's hostname or,
if that name is not a fully qualified host name, the canonical name as
reported by
.Xr getaddrinfo 3 .
.It Fl usertimeout Ar minutes
Overrides the default timeout for cache entries, in minutes.
The longer the
time out, the better the performance, but the longer it takes for replaced
entries to be seen. If your user/group database management system almost
never re-uses the same names or id numbers, a large timeout is recommended.
The default is 1 minute.
.It Fl usermax Ar max_cache_size
Overrides the default upper bound on the cache size. The larger the cache,
the more kernel memory is used, but the better the performance. If your
system can afford the memory use, make this the sum of the number of
entries in your group and password databases.
The default is 200 entries.
.It Fl verbose
When set, the server logs a bunch of information to syslog.
.It Fl force
This flag option must be set to restart the daemon after it has gone away
abnormally and refuses to start, because it thinks nfsuserd is already
running.
.It Fl manage-gids
This flag enables manage-gids for the NFS server
.Xr nfsd 8 .
When this is enabled, all NFS requests using
AUTH_SYS authentication take the uid from the RPC request
and uses the group list for that uid provided by
.Xr getgrouplist 3
on the server instead of the list of groups provided in the RPC authenticator.
This can be used to avoid the 16 group limit for AUTH_SYS.
.It Fl use-udpsock
This flag forces use of the old behaviour of a UDP socket with upcalls done via 127.0.0.1.
.It Ar num_servers
Specifies how many servers to create (max 20).
This option has been deprecated and is ignored for AF_LOCAL upcall sockets,
which always use a single server.
.El
.Sh SEE ALSO
.Xr getgrent 3 ,
.Xr getgrouplist 3 ,
.Xr getpwent 3 ,
.Xr nfsv4 4 ,
.Xr group 5 ,
.Xr passwd 5 ,
.Xr nfsd 8
.Sh HISTORY
The
.Nm
utility was introduced with the NFSv4 experimental subsystem in 2009.
.Sh BUGS
The
.Nm
use
.Xr getgrent 3 ,
.Xr getgrouplist 3
and
.Xr getpwent 3
library calls to resolve requests and will hang if the servers handling
those requests fail and the library functions don't return. See
.Xr group 5
and
.Xr passwd 5
for more information on how the databases are accessed.
.Pp
For the
.Fl use-udpsock
option, since the kernel communicates with the
.Nm
daemon via an upcall that uses the IP address 127.0.0.1, it does not work correctly when
.Xr jail 8
are used and can crash the system.
This is not a problem when a AF_LOCAL socket is used.