As of r321665, an NFSv4 server configuration that supports NFSv4 Kerberos mounts or NFSv4 clients that do not support the uid/gid in the owner/owner_group string will need to have: nfsuserd_enable="YES" in the machine's /etc/rc.conf file.
The background to this is that the capability to put uid/gid #s in the owner/owner_group strings is allowed for AUTH_SYS by RFC7530 (which replaced RFC3530, that didn't allow this). Since Linux uses this capability by default, many NFSv4 server configurations no longer need to run the nfsuserd daemon and, as such, forcing it to run did not make much sense. For sites using the uid/gid in owner/owner_group string capability, the sysctls: vfs.nfs.enable_uidtostring vfs.nfsd.enable_stringtouid should both be set to 1 in /etc/sysctl.conf. Hopefully this small POLA violation will not cause you grief, rick _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
