NFS(5) File Formats and Configurations NFS(5)

NAME


nfs - NFS configuration properties

DESCRIPTION


The behavior of the nfsd(8), nfsmapid(8), lockd(8), and mountd(8) daemons
and mount_nfs(8) command is controlled by property values that are stored
in the Service Management Facility, smf(7). The sharectl(8) command should
be used to query or change values for these properties.

Changes made to nfs property values on the nfsd, lockd, mountd, or
mount_nfs command line override the values set using sharectl(8).

The following list describes the properties:

client_versmin=num
client_versmax=num
The NFS client only uses NFS versions in the range specified by
these properties. Valid values of versions are: 2, 3, and 4.
Default minimum version is 2, while default maximum is 4.

You can override this range on a per-mount basis by using the -o
vers= option to mount_nfs(8).

server_versmin=num
server_versmax=num
The NFS server only uses NFS versions in the range specified by
these properties. Valid values of versions are: 2, 3, and 4.
Default minimum version is 2, while the default maximum version is
4.

server_delegation=on|off
By default the NFS server provides delegations to clients. The
user can turn off delegations for all exported filesystems by
setting this variable to off. This variable only applies to NFS
Version 4.

nfsmapid_domain=[string]
By default, the nfsmapid uses the DNS domain of the system. This
setting overrides the default. This domain is used for identifying
user and group attribute strings in the NFS Version 4 protocol.
Clients and servers must match with this domain for operation to
proceed normally. This variable only applies to NFS Version 4.
See Setting nfsmapid_domain below for further details.

max_connections=num
Sets the maximum number of concurrent, connection-oriented
connections. The default is -1 (unlimited). Equivalent to the -c
option in nfsd.

listen_backlog=num
Set connection queue length for the NFS over a connection-oriented
transport. The default value is 32, meaning 32 entries in the
queue. Equivalent to the -l option in nfsd.

protocol=[all|protocol]
Start nfsd over the specified protocol only. Equivalent to the -p
option in nfsd. all is equivalent to -a on the nfsd command line.
Mutually exclusive of device. For the UDP protocol, only version 2
and version 3 service is established. NFS Version 4 is not
supported for the UDP protocol.

device=[devname]
Start NFS daemon for the transport specified by the given device
only. Equivalent to the -t option in nfsd. Mutually exclusive of
protocol.

servers=num
Maximum number of concurrent NFS requests. Equivalent to last
numeric argument on the nfsd command line. The default is 1024.

lockd_listen_backlog=num
Set connection queue length for lockd over a connection-oriented
transport. The default and minimum value is 32.

lockd_servers=num
Maximum number of concurrent lockd requests. The default is 256.

lockd_retransmit_timeout=num
Retransmit timeout, in seconds, before lockd retries. The default
is 5.

grace_period=num
Grace period, in seconds, that all clients (both NLM and NFSv4)
have to reclaim locks after a server reboot. This parameter also
controls the NFSv4 lease interval. The default is 90.

mountd_listen_backlog=num
Set the connection queue length for mountd over a connection-
oriented transport. The default value is 64.

mountd_max_threads=num
Maximum number of threads for mountd. The default value is 16.

mountd_port=num
The IP port number on which mountd should listen. The default
value is 0, which means it should use a default binding.

mountd_remote_dump=boolean
Should mountd respond to remote MOUNTPROC_DUMP queries to read the
list of remote mounts. The default value is false, which means
only queries from local host will be allowed.

statd_port=num
The IP port number on which statd should listen. The default value
is 0, which means it should use a default binding.

Setting nfsmapid_domain
As described above, the setting for nfsmapid_domain overrides the domain
used by nfsmapid(8) for building and comparing outbound and inbound
attribute strings, respectively. This setting overrides any other
mechanism for setting the NFSv4 domain. In the absence of a
nfsmapid_domain setting, the nfsmapid(8) daemon determines the NFSv4 domain
as follows:

+o If a properly configured /etc/resolv.conf (see resolv.conf(5)) exists,
nfsmapid queries specified nameserver(s) for the domain.

+o If a properly configured /etc/resolv.conf (see resolv.conf(5)) exists,
but the queried nameserver does not have a proper record of the domain
name, nfsmapid attempts to obtain the domain name through the BIND
interface (see resolver(3RESOLV)).

+o If no /etc/resolv.conf exists, nfsmapid falls back on using the
configured domain name (see domainname(8)), which is returned with the
leading domain suffix removed. For example, for
widgets.sales.example.com, sales.example.com is returned.

+o If /etc/resolv.conf does not exist, no domain name has been configured
(or no /etc/defaultdomain exists), nfsmapid falls back on obtaining the
domain name from the host name, if the host name contains a fully
qualified domain name (FQDN).

If a domainname is still not obtained following all of the preceding steps,
nfsmapid will have no domain configured. This results in the following
behavior:

+o Outbound "owner" and "owner_group" attribute strings are encoded as
literal id's. For example, the UID 12345 is encoded as 12345.

+o nfsmapid ignores the "domain" portion of the inbound attribute string
and performs name service lookups only for the user or group. If the
user/group exists in the local system name service databases, then the
proper uid/gid will be mapped even when no domain has been configured.

This behavior implies that the same administrative user/group domain
exists between NFSv4 client and server (that is, the same uid/gid's for
users/groups on both client and server). In the case of overlapping id
spaces, the inbound attribute string could potentially be mapped to the
wrong id. However, this is not functionally different from mapping the
inbound string to nobody, yet provides greater flexibility.

ZONES


NFS can be served out of a non-global zone. All of the above documentation
applies to an in-zone NFS server. File sharing in zones is restricted to
filesystems a zone completely controls. Some zone brands (see brands(7))
do not give the zone's root its own filesystem, for example. Delegated ZFS
datasets to a zone are shareable, as well as lofs-remounted directories.
The zone must have sys_nfs privileges; most brands grant this already.

SEE ALSO


brands(7), smf(7), zones(7), lockd(8), mount_nfs(8), mountd(8), nfsd(8),
nfsmapid(8), sharectl(8)

illumos September 15, 2022 illumos