nfsiod

[Erik Trulsson]

On Tue, Oct 31, 2006 at 04:09:14PM -0700, Brett Glass wrote:
> On my system, sysctl(8) shows that vfs.nfs.iodmin is 4. And this
> is out of the box on a fresh install of 6.1 in which I told
> sysinstall that I wanted no NFS. Sounds like a bug. Now that you've
> explained where the knobs are, I see that I can work around it 
> via lines in /boot/loader.conf, which can set sysctl variables
> at the time when the kernel is loaded. But the bug should be 
> addressed in 6.2. If you're not running NFS, you don't need NFS-
> related processes laying around.
> 
> --Brett Glass

The default value for vfs.nfs.iodmin was 4 in 6.1.  It has since been
changed to 0 in both -CURRENT and RELENG_6.


If you are really sure that you don't need NFS, then I guess the best for
you would be to use a custom kernel configuration with all NFS options
removed.  Then you can be quite certain that nothing NFS-related will
be activated.





> 
> At 02:42 PM 10/31/2006, Dan Nelson wrote:
>  
> 
> >In the last episode (Oct 31), Brett Glass said:
> >> I have no interest in running NFS (AKA "no file security") on my 
> >> FreeBSD boxes, but have  noticed that FreeBSD 6.x seems to start a 
> >> daemon called "nfsiod" by default even when it is not configured as 
> >> an NFS server or client. What's the best way to instruct the system 
> >> not to start these processes, which take up resources and may be a 
> >> security risk? Why isn't this done at sysinstall time?
> >
> >nfsiods are kernel threads that allow for parallel client requests from
> >a machine.  You must still have some sort of NFS client functionality
> >in the kernel for them to exist, but you can tell them to quit by
> >setting the vfs.nfs.iodmax sysctl to 0.  They should exit imediately. 
> >In fact, since iodmin defaults to zero, there shouldn't be any running
> >unless you are actively using nfs.
> >

-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013 at student.uu.se