rpc.fedfsd(8)

1
2RPC.FEDFSD(8)               System Manager's Manual              RPC.FEDFSD(8)
3
4
5

NAME

7       rpc.fedfsd - FedFS administrative service daemon
8

SYNOPSIS

10       rpc.fedfsd [-?dF] [-u uid] [-g gid] [-o port]
11

DESCRIPTION

13       RFC  5716  introduces  the  Federated  File  System (FedFS, for short).
14       FedFS is an extensible standardized mechanism by which system  adminis‐
15       trators  construct  a  coherent  namespace across multiple file servers
16       using file system referrals.  For further details, see fedfs(7).
17
18       The rpc.fedfsd(8) daemon runs on file servers participating in a  FedFS
19       domain.   It  enables secure remote administration of junctions on that
20       file server.  A remote FedFS administrative  client  can  identify  new
21       NSDBs, update an NSDB's connection parameters (security information and
22       DNS name), and create and delete FedFS junctions on that file server.
23
24       Because rpc.fedfsd(8) can operate on any object  in  an  file  server's
25       local  file  systems,  FedFS  administrative  clients should use strong
26       security such as Kerberos when communicating with rpc.fedfsd(8).
27
28   Command line arguments
29       -?, --help
30              Prints rpc.fedfsd(8) version and usage message on  stderr,  then
31              exits.
32
33       -d, --debug
34              Enables  additional  debugging  messages  to  be produced during
35              operation.
36
37       -F, --foreground
38              Keeps rpc.fedfsd(8) attached to its controlling terminal so that
39              operation  can  be  monitored directly, or run under a debugger.
40              rpc.fedfsd(8) also writes log messages on stderr instead  of  to
41              the  system log.  If this option is not specified, rpc.fedfsd(8)
42              backgrounds itself soon after it starts.
43
44       -u, --uid=id
45              Specifies the numeric or text UID that rpc.fedfsd(8) runs  under
46              after  dropping  root  privileges.   By default, the UID for the
47              user fedfs is used.  If that user doesn't exist,  then  the  UID
48              for nobody is used instead.
49
50       -g, --gid=id
51              Specifies  the numeric or text GID that rpc.fedfsd(8) runs under
52              after dropping root privileges.  By default,  the  GID  for  the
53              group  fedfs is used.  If that group doesn't exist, then the GID
54              for nobody is used instead.
55
56       -o, --port=num
57              Specifies the port number used for  RPC  listener  sockets.   If
58              this  option  is  not  specified, rpc.fedfsd(8) chooses a random
59              ephemeral port for each listener socket.
60
61   Access control
62       An Access Control List stored in /etc/fedfsd/access.conf  manages  whom
63       rpc.fedfsd(8) allows to perform ADMIN operations.  The following access
64       types are supported:
65
66       none   Enabling none allows anyone using AUTH_NONE security to  perform
67              ADMIN operations.  none is for backwards compatibility only.  It
68              is not recommended for use in production deployments.
69
70       unix   This setting specifies lists of users and groups who are allowed
71              to  use  AUTH_SYS  security to perform ADMIN operations.  Though
72              the unix setting provides more security than the  none  setting,
73              unix is not recommended for use on untrusted networks.
74
75       gss    This setting specifies which GSS mechanisms, services, and prin‐
76              cipals are authorized to perform  ADMIN  operations.   Currently
77              the only supported GSS mechanism is kerberos_v5.
78
79       See  comments  in  /etc/fedfsd/access.conf for details on syntax of the
80       Access Control List.
81
82       To enable Kerberos security via GSS, a service principal for the fedfs-
83       admin service must be created for each host running rpc.fedfsd(8).  The
84       resulting key must be retrieved from the KDC and  stored  in  a  keytab
85       file (usually /etc/krb5.keytab) on each host running rpc.fedfsd(8).
86
87       The exact procedure for creating a service principal and retrieving and
88       storing a secret key for it depends on the type of KDC in use  for  the
89       local  Kerberos realm.  Consult your local Kerberos realm administrator
90       for more information.
91

NOTES

93       To create, resolve, or delete a junction, FedFS admin  clients  specify
94       the  pathname  of  that junction as an argument to the requested opera‐
95       tion.  The FedFS admin protocol supports at least two  types  of  these
96       pathnames:  ADMIN, and NFS.  At this time the Linux rpc.fedfs(8) daemon
97       supports only FedFS ADMIN pathnames.  This type of pathname  represents
98       a fully-qualified POSIX pathname relative to the file server's physical
99       root directory.
100
101       During each start-up, rpc.fedfsd(8) verifies that the local  NSDB  con‐
102       nection  parameter  database  exists and is accessible.  If it does not
103       exist, rpc.fedfsd(8) attempts to create such a database.  If it cannot,
104       the daemon fails to start.
105

FILES

107       /var/lib/fedfs/nsdbparam.sqlite3
108              database of NSDB connection parameters
109
110       /var/lib/fedfs/nsdbcerts
111              local directory that stores X.509 certificates for NSDBs
112
113       /etc/fedfsd/access.conf
114              controls remote access to rpc.fedfsd
115

COLOPHON

124       This  page  is  part  of the fedfs-utils package.  A description of the
125       project  and  information  about  reporting  bugs  can  be   found   at
126       http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.
127

AUTHOR

129       Chuck Lever <chuck.lever@oracle.com>
130
131
132
133                                3 February 2014                  RPC.FEDFSD(8)