NFS(5) File Formats and Configurations NFS(5)

NAME


nfs - NFS configuration properties

DESCRIPTION


The behavior of the nfsd(8), nfsmapid(8), lockd(8), and mountd(8)
daemons and mount_nfs(8) command is controlled by property values that
are stored in the Service Management Facility, smf(7). The sharectl(8)
command should be used to query or change values for these properties.

Changes made to nfs property values on the nfsd, lockd, mountd, or
mount_nfs command line override the values set using sharectl(8).

The following list describes the properties:

client_versmin=num
client_versmax=num
The NFS client only uses NFS versions in the range specified by
these properties. Valid values of versions are: 2, 3, and 4.
Default minimum version is 2, while default maximum is 4.

You can override this range on a per-mount basis by using the
-o vers= option to mount_nfs(8).

server_versmin=num
server_versmax=num
The NFS server only uses NFS versions in the range specified by
these properties. Valid values of versions are: 2, 3, 4, 4.0,
4.1 and 4.2. Version 4 is an alias for 4.0. Default minimum
version is 2, while the default maximum version is 4.

server_delegation=on|off
By default the NFS server provides delegations to clients. The
user can turn off delegations for all exported filesystems by
setting this variable to off. This variable only applies to
NFS Version 4.

nfsmapid_domain=[string]
By default, the nfsmapid uses the DNS domain of the system.
This setting overrides the default. This domain is used for
identifying user and group attribute strings in the NFS Version
4 protocol. Clients and servers must match with this domain
for operation to proceed normally. This variable only applies
to NFS Version 4. See Setting nfsmapid_domain below for
further details.

max_connections=num
Sets the maximum number of concurrent, connection-oriented
connections. The default is -1 (unlimited). Equivalent to the
-c option in nfsd.

listen_backlog=num
Set connection queue length for the NFS over a connection-
oriented transport. The default value is 32, meaning 32
entries in the queue. Equivalent to the -l option in nfsd.

protocol=[all|protocol]
Start nfsd over the specified protocol only. Equivalent to the
-p option in nfsd. all is equivalent to -a on the nfsd command
line. Mutually exclusive of device. For the UDP protocol,
only version 2 and version 3 service is established. NFS
Version 4 is not supported for the UDP protocol.

device=[devname]
Start NFS daemon for the transport specified by the given
device only. Equivalent to the -t option in nfsd. Mutually
exclusive of protocol.

servers=num
Maximum number of concurrent NFS requests. Equivalent to last
numeric argument on the nfsd command line. The default is
1024.

lockd_listen_backlog=num
Set connection queue length for lockd over a connection-
oriented transport. The default and minimum value is 32.

lockd_servers=num
Maximum number of concurrent lockd requests. The default is
256.

lockd_retransmit_timeout=num
Retransmit timeout, in seconds, before lockd retries. The
default is 5.

grace_period=num
Grace period, in seconds, that all clients (both NLM and NFSv4)
have to reclaim locks after a server reboot. This parameter
also controls the NFSv4 lease interval. The default is 90.

mountd_listen_backlog=num
Set the connection queue length for mountd over a connection-
oriented transport. The default value is 64.

mountd_max_threads=num
Maximum number of threads for mountd. The default value is 16.

mountd_port=num
The IP port number on which mountd should listen. The default
value is 0, which means it should use a default binding.

mountd_remote_dump=boolean
Should mountd respond to remote MOUNTPROC_DUMP queries to read
the list of remote mounts. The default value is false, which
means only queries from local host will be allowed.

statd_port=num
The IP port number on which statd should listen. The default
value is 0, which means it should use a default binding.

Setting nfsmapid_domain
As described above, the setting for nfsmapid_domain overrides the
domain used by nfsmapid(8) for building and comparing outbound and
inbound attribute strings, respectively. This setting overrides any
other mechanism for setting the NFSv4 domain. In the absence of a
nfsmapid_domain setting, the nfsmapid(8) daemon determines the NFSv4
domain as follows:

+o If a properly configured /etc/resolv.conf (see resolv.conf(5))
exists, nfsmapid queries specified nameserver(s) for the domain.

+o If a properly configured /etc/resolv.conf (see resolv.conf(5))
exists, but the queried nameserver does not have a proper record of
the domain name, nfsmapid attempts to obtain the domain name
through the BIND interface (see resolver(3RESOLV)).

+o If no /etc/resolv.conf exists, nfsmapid falls back on using the
configured domain name (see domainname(8)), which is returned with
the leading domain suffix removed. For example, for
widgets.sales.example.com, sales.example.com is returned.

+o If /etc/resolv.conf does not exist, no domain name has been
configured (or no /etc/defaultdomain exists), nfsmapid falls back
on obtaining the domain name from the host name, if the host name
contains a fully qualified domain name (FQDN).

If a domainname is still not obtained following all of the preceding
steps, nfsmapid will have no domain configured. This results in the
following behavior:

+o Outbound "owner" and "owner_group" attribute strings are encoded as
literal id's. For example, the UID 12345 is encoded as 12345.

+o nfsmapid ignores the "domain" portion of the inbound attribute
string and performs name service lookups only for the user or
group. If the user/group exists in the local system name service
databases, then the proper uid/gid will be mapped even when no
domain has been configured.

This behavior implies that the same administrative user/group
domain exists between NFSv4 client and server (that is, the same
uid/gid's for users/groups on both client and server). In the case
of overlapping id spaces, the inbound attribute string could
potentially be mapped to the wrong id. However, this is not
functionally different from mapping the inbound string to nobody,
yet provides greater flexibility.

ZONES


NFS can be served out of a non-global zone. All of the above
documentation applies to an in-zone NFS server. File sharing in zones
is restricted to filesystems a zone completely controls. Some zone
brands (see brands(7)) do not give the zone's root its own filesystem,
for example. Delegated ZFS datasets to a zone are shareable, as well
as lofs-remounted directories. The zone must have sys_nfs privileges;
most brands grant this already.

SEE ALSO


brands(7), smf(7), zones(7), lockd(8), mount_nfs(8), mountd(8),
nfsd(8), nfsmapid(8), sharectl(8)

illumos March 23, 2024 illumos
tribblix@gmail.com :: GitHub :: Privacy