Major issues with nfsv4

Alexander Leidinger Alexander at
Mon Dec 14 07:57:35 UTC 2020

Quoting Rick Macklem <rmacklem at> (from Fri, 11 Dec 2020  
23:28:30 +0000):

>> While it's certainly possible to configure NFS not to require reserved
>> ports, the slightest possibility of a non-root user establishing a
>> session to the NFS server kills that as an option.
> Personally, I've never thought the reserved port# requirement provided
> any real security for most situations. Unless you set "vfs.usermount=1"
> only root can do the mount. For non-root to mount the NFS server
> when "vfs.usermount=0", a user would have to run their own custom hacked
> userland NFS client. Although doable, I have never heard of it being done.

22 years ago I wrote an userland NFS client (it triggered my first  
contribution/bugfix to rpcgen in FreeBSD which was MFCed to FreeBSD  
2.2.8) as an university project (an exprimental computer with PRAM  
technology didn't had a network stack but a host-interface to a  
controlling server, and people wanted to access network shares, so the  
controling host was a NFS proxy, and I did this with a NFS userland  
client). IIRC it was NFSv3. I had a little test-tool with a CUI in  
which I was able to interactively list directories and open files (I  
used that for testing). As this more or less was my first software  
project I realized alone, and it was scheduled to be something to be  
realized with a few man-hours per week during half a year, I would say  
it is easy to do for someone with interest / motivation.


-- Alexander at PGP 0x8F31830F9F2772BF    netchild at  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <>

More information about the freebsd-fs mailing list