NFSv4 server configs may need nfsuserd_enable="YES"
Rick Macklem
rmacklem at uoguelph.ca
Fri Jul 28 21:21:26 UTC 2017
As of r321665, an NFSv4 server configuration that supports NFSv4 Kerberos mounts
or NFSv4 clients that do not support the uid/gid in the owner/owner_group string
will need to have:
nfsuserd_enable="YES"
in the machine's /etc/rc.conf file.
The background to this is that the capability to put uid/gid #s in the owner/owner_group
strings is allowed for AUTH_SYS by RFC7530 (which replaced RFC3530, that didn't allow this).
Since Linux uses this capability by default, many NFSv4 server configurations no longer
need to run the nfsuserd daemon and, as such, forcing it to run did not make much sense.
For sites using the uid/gid in owner/owner_group string capability, the sysctls:
vfs.nfs.enable_uidtostring
vfs.nfsd.enable_stringtouid
should both be set to 1 in /etc/sysctl.conf.
Hopefully this small POLA violation will not cause you grief, rick
More information about the freebsd-current
mailing list