nfs - configuration properties for the Oracle Solaris NFS server and client
The settings formerly managed by the nfs file have been moved to SMF properties and are now managed by sharectl command. For more information, see the sharectl(8) man page.
An authorized user can use the sharectl command to set global values for these properties in SMF.
The following list describes the properties:
The NFS client only uses NFS versions in the range specified by these variables. Valid versions are 2, 3, 4, 4.0, and 4.1. The client's default minimum version is 2. The default maximum version is 4 which can be either 4.1 or 4.0 depending on the server. You can override the default maximum version on a per-mount basis by using the vers=<NFS version> option in the mount_nfs command. For more information, see the mount_nfs(8) man page.
The NFS server only uses NFS versions in the range specified by these variables. Valid values or versions are: 2, 3, 4, 4.0, and 4.1. For the server, the default minimum version is 2 and the default maximum version is 4.1. server_versmin=4 is equivalent to 4.0, while server_versmax=4 is equivalent to 4.1. Both min and max can be set to 4.0 or 4.1 explicitly to avoid confusion.
Delegation is an NFS Version 4 feature in which the server can delegate the management of a file to a client. By default, the NFS server provides delegations to clients. The user can turn off delegations for all exported filesystems by setting this variable to off (case-sensitive).
By default, nfsmapid uses the DNS domain of the system. This setting overrides the default. This domain is used for identifying user and group attribute strings in the NFS Version 4 protocol. Clients and servers must match with this domain for operation to proceed normally. This variable only applies to NFS Version 4. For further details, see "Setting nfsmapid_domain".
Sets the maximum number of concurrently open connections on the server for connection-oriented transports. The default is unlimited and is obtained by setting it to -1. Equivalent to the –c option in nfsd.
Sets connection queue length for the NFS over a connection-oriented transport. The default value is 32, meaning 32 entries in the queue. Equivalent to the –l option in nfsd.
Starts nfsd over the specified protocol only. Equivalent to the –p option in nfsd. ALL is equivalent to –a on the nfsd command line. Mutually exclusive of device. For the UDP protocol, only version 2 and version 3 service is established. NFS Version 4 is not supported for the UDP protocol.
Starts NFS daemon for the transport specified by the given device only. Equivalent to the –t option in nfsd. Mutually exclusive of the protocol parameter. One or the other of NFS SMF parameters device and protocol must not be set.
Maximum number of concurrent NFS requests. Equivalent to last numeric argument on the nfsd command line. The default is 2048.
Sets connection queue length for lockd over a connection-oriented transport. The default and minimum value is 32.
Maximum number of concurrent lockd requests. The default is 1024.
Retransmits timeout, in seconds, before lockd retries. The default is 5.
Grace period, in seconds, that all clients (both NLM and NFSv4) have to reclaim locks after a server reboot. This parameter also controls the NFSv4 lease interval and overrides the deprecated setting LOCKD_GRACE_PERIOD. The default is 90.
By default, this variable is on. Set the variable to off to allow the NFS server to accept numeric UIDs and GIDs from NFS clients using auth_sys authentication and returns numeric UIDs and GIDs to clients using auth_sys. This variable applies only to NFS Version 4 and is intended to ease migration from NFSv2/v3.
Controls the refresh rate of the NFS authentication cache. The default value is 600 seconds. Setting it to 0 means no expiration.
Controls the refresh of the mountd netgroup cache. The default value is 600 seconds and a value of 0 means no expiration.
Controls whether or not the server requires the client to use a reserved port for all NFS calls. The default is false.
As described above, the setting for nfsmapid_domain overrides the domain used by nfsmapid for building and comparing outbound and inbound attribute strings, respectively. This setting overrides any other mechanism for setting the NFSv4 domain. In the absence of a nfsmapid_domain setting, the nfsmapid daemon determines the NFSv4 domain as follows:
If a properly configured /etc/resolv.conf exists, nfsmapid queries specified nameservers for the domain. For more information, see the resolv.conf(5) man page.
If a properly configured /etc/resolv.conf exists, but the queried nameserver does not have a proper record of the domain name, nfsmapid attempts to obtain the domain name through the BIND interface. For more information, see the resolver(3RESOLV) man page.
If no /etc/resolv.conf exists, nfsmapid falls back on using the configured domain name, which is returned with the leading domain suffix removed. For example, for widgets.sales.acme.com, sales.acme.com is returned. For more information, see the domainname(8) man page.
If /etc/resolv.conf does not exist, no domain name has been configured (or no /etc/defaultdomain exists), nfsmapid falls back on obtaining the domain name from the host name, if the host name contains a fully qualified domain name (FQDN).
If a domainname is still not obtained following all of the preceding steps, nfsmapid has no domain configured. This results in the following behavior:
Outbound owner and owner_group attribute strings are encoded as literal id's. For example, the UID 12345 is encoded as "12345".
nfsmapid ignores the "domain" portion of the inbound attribute string and performs name service lookups only for the user or group. If the user or group exists in the local system name service databases, then the proper UID or GID is mapped even when no domain has been configured.
This behavior implies that the same administrative user or group domain exists between NFSv4 client and server (that is, the same UID or GID for users or groups on both client and server). In the case of overlapping id spaces, the inbound attribute string could potentially be mapped to the wrong id. However, this is not functionally different from mapping the inbound string to nobody, yet provides greater flexibility.