NFS(5) File Formats and Configurations NFS(5)

nfs
NFS configuration properties

The behavior of the nfsd(8), nfsmapid(8), lockd(8), and mountd(8) daemons and mount_nfs(8) command is controlled by property values that are stored in the Service Management Facility, smf(7). The sharectl(8) command should be used to query or change values for these properties.

Changes made to nfs property values on the nfsd, lockd, mountd, or mount_nfs command line override the values set using sharectl(8).

The following list describes the properties:

client_versmin=num
client_versmax=num
The NFS client only uses NFS versions in the range specified by these properties. Valid values of versions are: 2, 3, and 4. Default minimum version is 2, while default maximum is 4.

You can override this range on a per-mount basis by using the -o vers= option to mount_nfs(8).

server_versmin=num
server_versmax=num
The NFS server only uses NFS versions in the range specified by these properties. Valid values of versions are: 2, 3, and 4. Default minimum version is 2, while the default maximum version is 4.
server_delegation=on|off
By default the NFS server provides delegations to clients. The user can turn off delegations for all exported filesystems by setting this variable to off. This variable only applies to NFS Version 4.
nfsmapid_domain=[string]
By default, the nfsmapid uses the DNS domain of the system. This setting overrides the default. This domain is used for identifying user and group attribute strings in the NFS Version 4 protocol. Clients and servers must match with this domain for operation to proceed normally. This variable only applies to NFS Version 4. See Setting nfsmapid_domain below for further details.
max_connections=num
Sets the maximum number of concurrent, connection-oriented connections. The default is -1 (unlimited). Equivalent to the -c option in nfsd.
listen_backlog=num
Set connection queue length for the NFS over a connection-oriented transport. The default value is 32, meaning 32 entries in the queue. Equivalent to the -l option in nfsd.
protocol=[all|protocol]
Start nfsd over the specified protocol only. Equivalent to the -p option in nfsd. all is equivalent to -a on the nfsd command line. Mutually exclusive of device. For the UDP protocol, only version 2 and version 3 service is established. NFS Version 4 is not supported for the UDP protocol.
device=[devname]
Start NFS daemon for the transport specified by the given device only. Equivalent to the -t option in nfsd. Mutually exclusive of protocol.
servers=num
Maximum number of concurrent NFS requests. Equivalent to last numeric argument on the nfsd command line. The default is 1024.
lockd_listen_backlog=num
Set connection queue length for lockd over a connection-oriented transport. The default and minimum value is 32.
lockd_servers=num
Maximum number of concurrent lockd requests. The default is 256.
lockd_retransmit_timeout=num
Retransmit timeout, in seconds, before lockd retries. The default is 5.
grace_period=num
Grace period, in seconds, that all clients (both NLM and NFSv4) have to reclaim locks after a server reboot. This parameter also controls the NFSv4 lease interval. The default is 90.
mountd_listen_backlog=num
Set the connection queue length for mountd over a connection-oriented transport. The default value is 64.
mountd_max_threads=num
Maximum number of threads for mountd. The default value is 16.
mountd_port=num
The IP port number on which mountd should listen. The default value is 0, which means it should use a default binding.
mountd_remote_dump=boolean
Should mountd respond to remote MOUNTPROC_DUMP queries to read the list of remote mounts. The default value is false, which means only queries from local host will be allowed.
statd_port=num
The IP port number on which statd should listen. The default value is 0, which means it should use a default binding.

As described above, the setting for nfsmapid_domain overrides the domain used by nfsmapid(8) for building and comparing outbound and inbound attribute strings, respectively. This setting overrides any other mechanism for setting the NFSv4 domain. In the absence of a nfsmapid_domain setting, the nfsmapid(8) daemon determines the NFSv4 domain as follows:
  • If a properly configured /etc/resolv.conf (see resolv.conf(5)) exists, nfsmapid queries specified nameserver(s) for the domain.
  • If a properly configured /etc/resolv.conf (see resolv.conf(5)) exists, but the queried nameserver does not have a proper record of the domain name, nfsmapid attempts to obtain the domain name through the BIND interface (see resolver(3RESOLV)).
  • If no /etc/resolv.conf exists, nfsmapid falls back on using the configured domain name (see domainname(8)), which is returned with the leading domain suffix removed. For example, for widgets.sales.example.com, sales.example.com is returned.
  • If /etc/resolv.conf does not exist, no domain name has been configured (or no /etc/defaultdomain exists), nfsmapid falls back on obtaining the domain name from the host name, if the host name contains a fully qualified domain name (FQDN).

If a domainname is still not obtained following all of the preceding steps, nfsmapid will have no domain configured. This results in the following behavior:

  • Outbound “owner” and “owner_group” attribute strings are encoded as literal id's. For example, the UID 12345 is encoded as 12345.
  • nfsmapid ignores the “domain” portion of the inbound attribute string and performs name service lookups only for the user or group. If the user/group exists in the local system name service databases, then the proper uid/gid will be mapped even when no domain has been configured.

    This behavior implies that the same administrative user/group domain exists between NFSv4 client and server (that is, the same uid/gid's for users/groups on both client and server). In the case of overlapping id spaces, the inbound attribute string could potentially be mapped to the wrong id. However, this is not functionally different from mapping the inbound string to nobody, yet provides greater flexibility.

NFS can be served out of a non-global zone. All of the above documentation applies to an in-zone NFS server. File sharing in zones is restricted to filesystems a zone completely controls. Some zone brands (see brands(7)) do not give the zone's root its own filesystem, for example. Delegated ZFS datasets to a zone are shareable, as well as lofs-remounted directories. The zone must have sys_nfs privileges; most brands grant this already.

brands(7), smf(7), zones(7), lockd(8), mount_nfs(8), mountd(8), nfsd(8), nfsmapid(8), sharectl(8)
September 15, 2022 OmniOS