NFSv4 without Kerberos
Alexander Lunev
lan at zato.ru
Fri Aug 16 16:40:30 UTC 2019
> 1 - setting the sysctls
> vfs.nfsd.enable_stringtouid=1
> vfs.nfs.enable_uidtostring=1
> Allows the uid/gid to be put in the Owner/Owner_group string as a number
> (ie "1001"). This avoids any need to run the nfsuserd if all mounts are sec=sys.
> This is now the default for most Linux distros.
>
> Even if you want to run the nfsuserd, it won't be working until the system is
> booted. (If you don't do the above, all the files needed to get booted must be
> world read/exec.)
Thanks for this! In fact I was moving towards root-on-NFSv4, and your
message is really helpful. It is a pity that there is so little
documentation and even less debugging means for NFSv4 - you can't put
daemon in debug mode, for example, or get some extra debugging messages
from mount_nfs, like with ssh/sshd for example.
> 2 - A Kerberized root mount won't work, because the gssd must be running for
> Kerberos access to work and that can't happen until booted.
And thanks for this! I think you saved me a lot of time figuring how and
why!
--
Best regards
Alexander Lunev
More information about the freebsd-net
mailing list