Date: Fri, 28 Jul 2017 21:21:22 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org> Subject: NFSv4 server configs may need nfsuserd_enable="YES" Message-ID: <YTXPR01MB0189489589C7905051C07DCCDDBF0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
As of r321665, an NFSv4 server configuration that supports NFSv4 Kerberos m= ounts or NFSv4 clients that do not support the uid/gid in the owner/owner_group s= tring will need to have: nfsuserd_enable=3D"YES" in the machine's /etc/rc.conf file. The background to this is that the capability to put uid/gid #s in the owne= r/owner_group strings is allowed for AUTH_SYS by RFC7530 (which replaced RFC3530, that di= dn't allow this). Since Linux uses this capability by default, many NFSv4 server configuratio= ns no longer need to run the nfsuserd daemon and, as such, forcing it to run did not mak= e much sense. For sites using the uid/gid in owner/owner_group string capability, the sys= ctls: vfs.nfs.enable_uidtostring vfs.nfsd.enable_stringtouid should both be set to 1 in /etc/sysctl.conf. Hopefully this small POLA violation will not cause you grief, rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTXPR01MB0189489589C7905051C07DCCDDBF0>