Print this page
12278 nfs-zone needs man page changes
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man4/nfs.4
+++ new/usr/src/man/man4/nfs.4
1 1 .\"
2 2 .\" The contents of this file are subject to the terms of the
3 3 .\" Common Development and Distribution License (the "License").
4 4 .\" You may not use this file except in compliance with the License.
5 5 .\"
6 6 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
7 7 .\" or http://www.opensolaris.org/os/licensing.
8 8 .\" See the License for the specific language governing permissions
9 9 .\" and limitations under the License.
10 10 .\"
|
↓ open down ↓ |
10 lines elided |
↑ open up ↑ |
11 11 .\" When distributing Covered Code, include this CDDL HEADER in each
12 12 .\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
13 13 .\" If applicable, add the following below this CDDL HEADER, with the
14 14 .\" fields enclosed by brackets "[]" replaced with your own identifying
15 15 .\" information: Portions Copyright [yyyy] [name of copyright owner]
16 16 .\"
17 17 .\"
18 18 .\" Copyright 1989 AT&T
19 19 .\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved.
20 20 .\" Copyright 2016 Nexenta Systems, Inc.
21 +.\" Copyright 2020 Joyent, Inc.
21 22 .\"
22 -.Dd December 18, 2016
23 +.Dd February 4, 2020
23 24 .Dt NFS 4
24 25 .Os
25 26 .Sh NAME
26 27 .Nm nfs
27 28 .Nd NFS configuration properties
28 29 .Sh DESCRIPTION
29 30 The behavior of the
30 31 .Xr nfsd 1M ,
31 32 .Xr nfsmapid 1M ,
32 33 .Xr lockd 1M ,
33 34 and
34 35 .Xr mountd 1M
35 36 daemons and
36 37 .Xr mount_nfs 1M
37 38 command is controlled by property values that are stored in the Service
38 39 Management Facility, smf(5).
39 40 The
40 41 .Xr sharectl 1M
41 42 command should be used to query or change values for these properties.
42 43 .Pp
43 44 Changes made to
44 45 .Nm
45 46 property values on the
46 47 .Nm nfsd ,
47 48 .Nm lockd ,
48 49 .Nm mountd ,
49 50 or
50 51 .Nm mount_nfs
51 52 command line override the values set using
52 53 .Xr sharectl 1M .
53 54 .Pp
54 55 The following list describes the properties:
55 56 .Bl -tag -width Ds
56 57 .It Xo
57 58 .Sy client_versmin Ns = Ns Ar num
58 59 .br
59 60 .Sy client_versmax Ns = Ns Ar num
60 61 .Xc
61 62 The NFS client only uses NFS versions in the range specified by these
62 63 properties.
63 64 Valid values of versions are: 2, 3, and 4.
64 65 Default minimum version is
65 66 .Li 2 ,
66 67 while default maximum is
67 68 .Li 4 .
68 69 .Pp
69 70 You can override this range on a per-mount basis by using the
70 71 .Fl o Sy vers Ns =
71 72 option to
72 73 .Xr mount_nfs 1M .
73 74 .It Xo
74 75 .Sy server_versmin Ns = Ns Ar num
75 76 .br
76 77 .Sy server_versmax Ns = Ns Ar num
77 78 .Xc
78 79 The NFS server only uses NFS versions in the range specified by these
79 80 properties.
80 81 Valid values of versions are: 2, 3, and 4.
81 82 Default minimum version is
82 83 .Li 2 ,
83 84 while the default maximum version is
84 85 .Li 4 .
85 86 .It Sy server_delegation Ns = Ns Sy on Ns | Ns Sy off
86 87 By default the NFS server provides delegations to clients.
87 88 The user can turn off delegations for all exported filesystems by setting this
88 89 variable to
89 90 .Li off .
90 91 This variable only applies to NFS Version 4.
91 92 .It Sy nfsmapid_domain Ns = Ns Op Ar string
92 93 By default, the
93 94 .Nm nfsmapid
94 95 uses the DNS domain of the system.
95 96 This setting overrides the default.
96 97 This domain is used for identifying user and group attribute strings in the NFS
97 98 Version 4 protocol.
98 99 Clients and servers must match with this domain for operation to proceed
99 100 normally.
100 101 This variable only applies to NFS Version 4.
101 102 See
102 103 .Sx Setting nfsmapid_domain
103 104 below for further details.
104 105 .It Sy max_connections Ns = Ns Ar num
105 106 Sets the maximum number of concurrent, connection-oriented connections.
106 107 The default is
107 108 .Li -1
108 109 .Pq unlimited .
109 110 Equivalent to the
110 111 .Fl c
111 112 option in
112 113 .Nm nfsd .
113 114 .It Sy listen_backlog Ns = Ns Ar num
114 115 Set connection queue length for the NFS over a connection-oriented transport.
115 116 The default value is
116 117 .Li 32 ,
117 118 meaning 32 entries in the queue.
118 119 Equivalent to the
119 120 .Fl l
120 121 option in
121 122 .Nm nfsd .
122 123 .It Sy protocol Ns = Ns Op Sy all Ns | Ns Ar protocol
123 124 Start
124 125 .Nm nfsd
125 126 over the specified protocol only.
126 127 Equivalent to the
127 128 .Fl p
128 129 option in
129 130 .Nm nfsd .
130 131 .Sy all
131 132 is equivalent to
132 133 .Fl a
133 134 on the
134 135 .Nm nfsd
135 136 command line.
136 137 Mutually exlusive of
137 138 .Sy device .
138 139 For the UDP protocol, only version 2 and version 3 service is established.
139 140 NFS Version 4 is not supported for the UDP protocol.
140 141 .It Sy device Ns = Ns Op Ar devname
141 142 Start NFS daemon for the transport specified by the given device only.
142 143 Equivalent to the
143 144 .Fl t
144 145 option in
145 146 .Nm nfsd .
146 147 Mutually exclusive of
147 148 .Sy protocol .
148 149 .It Sy servers Ns = Ns Ar num
149 150 Maximum number of concurrent NFS requests.
150 151 Equivalent to last numeric argument on the
151 152 .Nm nfsd
152 153 command line.
153 154 The default is
154 155 .Li 1024 .
155 156 .It Sy lockd_listen_backlog Ns = Ns Ar num
156 157 Set connection queue length for
157 158 .Nm lockd
158 159 over a connection-oriented transport.
159 160 The default and minimum value is
160 161 .Li 32 .
161 162 .It Sy lockd_servers Ns = Ns Ar num
162 163 Maximum number of concurrent
163 164 .Nm lockd
164 165 requests.
165 166 The default is 256.
166 167 .It Sy lockd_retransmit_timeout Ns = Ns Ar num
167 168 Retransmit timeout, in seconds, before
168 169 .Nm lockd
169 170 retries.
170 171 The default is
171 172 .Li 5 .
172 173 .It Sy grace_period Ns = Ns Ar num
173 174 Grace period, in seconds, that all clients
174 175 .Pq both NLM and NFSv4
175 176 have to reclaim locks after a server reboot.
176 177 This parameter also controls the NFSv4 lease interval.
177 178 The default is
178 179 .Li 90 .
179 180 .It Sy mountd_listen_backlog Ns = Ns Ar num
180 181 Set the connection queue length for
181 182 .Nm mountd
182 183 over a connection-oriented transport.
183 184 The default value is
184 185 .Li 64 .
185 186 .It Sy mountd_max_threads Ns = Ns Ar num
186 187 Maximum number of threads for
187 188 .Nm mountd .
188 189 The default value is
189 190 .Li 16 .
190 191 .It Sy mountd_port Ns = Ns Ar num
191 192 The IP port number on which
192 193 .Nm mountd
193 194 should listen.
194 195 The default value is
195 196 .Li 0 ,
196 197 which means it should use a default binding.
197 198 .It Sy statd_port Ns = Ns Ar num
198 199 The IP port number on which
199 200 .Nm statd
200 201 should listen.
201 202 The default value is
202 203 .Li 0 ,
203 204 which means it should use a default binding.
204 205 .El
205 206 .Ss Setting nfsmapid_domain
206 207 As described above, the setting for
207 208 .Sy nfsmapid_domain
208 209 overrides the domain used by
209 210 .Xr nfsmapid 1M
210 211 for building and comparing outbound and inbound attribute strings, respectively.
211 212 This setting overrides any other mechanism for setting the NFSv4 domain.
212 213 In the absence of a
213 214 .Sy nfsmapid_domain
214 215 setting, the
215 216 .Xr nfsmapid 1M
216 217 daemon determines the NFSv4 domain as follows:
217 218 .Bl -bullet
218 219 .It
219 220 If a properly configured
220 221 .Pa /etc/resolv.conf
221 222 .Po see
222 223 .Xr resolv.conf 4
223 224 .Pc
224 225 exists,
225 226 .Nm nfsmapid
226 227 queries specified nameserver(s) for the domain.
227 228 .It
228 229 If a properly configured
229 230 .Pa /etc/resolv.conf
230 231 .Po see
231 232 .Xr resolv.conf 4
232 233 .Pc
233 234 exists, but the queried nameserver does not have a proper record of the domain
234 235 name,
235 236 .Nm nfsmapid
236 237 attempts to obtain the domain name through the BIND interface
237 238 .Po see
238 239 .Xr resolver 3RESOLV
239 240 .Pc .
240 241 .It
241 242 If no
242 243 .Pa /etc/resolv.conf
243 244 exists,
244 245 .Nm nfsmapid
245 246 falls back on using the configured domain name
246 247 .Po see
247 248 .Xr domainname 1M
248 249 .Pc ,
249 250 which is returned with the leading domain suffix removed.
250 251 For example, for
251 252 .Li widgets.sales.acme.com ,
252 253 .Li sales.acme.com
253 254 is returned.
254 255 .It
255 256 If
256 257 .Pa /etc/resolv.conf
257 258 does not exist, no domain name has been configured
258 259 .Po or no
259 260 .Pa /etc/defaultdomain
260 261 exists
261 262 .Pc ,
262 263 .Nm nfsmapid
263 264 falls back on obtaining the domain name from the host name, if the host name
264 265 contains a fully qualified domain name
265 266 .Pq FQDN .
266 267 .El
267 268 .Pp
268 269 If a domainname is still not obtained following all of the preceding steps,
269 270 .Nm nfsmapid
270 271 will have no domain configured.
271 272 This results in the following behavior:
272 273 .Bl -bullet
273 274 .It
274 275 Outbound
275 276 .Qq owner
276 277 and
277 278 .Qq owner_group
278 279 attribute strings are encoded as literal id's.
279 280 For example, the UID 12345 is encoded as
280 281 .Li 12345 .
281 282 .It
282 283 .Nm nfsmapid
283 284 ignores the
284 285 .Qq domain
285 286 portion of the inbound attribute string and performs name service lookups only
286 287 for the user or group.
287 288 If the user/group exists in the local system name service databases, then the
288 289 proper uid/gid will be mapped even when no domain has been configured.
|
↓ open down ↓ |
256 lines elided |
↑ open up ↑ |
289 290 .Pp
290 291 This behavior implies that the same administrative user/group domain exists
291 292 between NFSv4 client and server (that is, the same uid/gid's for users/groups
292 293 on both client and server).
293 294 In the case of overlapping id spaces, the inbound attribute string could
294 295 potentially be mapped to the wrong id.
295 296 However, this is not functionally different from mapping the inbound string to
296 297 .Sy nobody ,
297 298 yet provides greater flexibility.
298 299 .El
300 +.Sh ZONES
301 +NFS can be served out of a non-global zone.
302 +All of the above documentation applies to an in-zone NFS server.
303 +File sharing in zones is restricted to filesystems a zone completely controls.
304 +Some zone brands (see
305 +.Xr brands 5 )
306 +do not give the zone's root its own filesystem, for example.
307 +Delegated ZFS datasets to a zone are shareable, as well as lofs-remounted
308 +directories.
309 +The zone must have sys_nfs privileges; most brands grant this already.
299 310 .Sh SEE ALSO
300 311 .Xr lockd 1M ,
301 312 .Xr mount_nfs 1M ,
302 313 .Xr mountd 1M ,
303 314 .Xr nfsd 1M ,
304 315 .Xr nfsmapid 1M ,
305 316 .Xr sharectl 1M ,
306 -.Xr smf 5
317 +.Xr brands 5 ,
318 +.Xr smf 5 ,
319 +.Xr zones 5
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX