Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

rpc.fedfsd(8) [centos man page]

RPC.FEDFSD(8)						      System Manager's Manual						     RPC.FEDFSD(8)

NAME
rpc.fedfsd - FedFS administrative service daemon SYNOPSIS
rpc.fedfsd [-?dF] [-u uid] [-g gid] [-o port] DESCRIPTION
RFC 5716 introduces the Federated File System (FedFS, for short). FedFS is an extensible standardized mechanism by which system adminis- trators construct a coherent namespace across multiple file servers using file system referrals. For further details, see fedfs(7). The rpc.fedfsd(8) daemon runs on file servers participating in a FedFS domain. It enables secure remote administration of junctions on that file server. A remote FedFS administrative client can identify new NSDBs, update an NSDB's connection parameters (security informa- tion and DNS name), and create and delete FedFS junctions on that file server. Because rpc.fedfsd(8) can operate on any object in an file server's local file systems, FedFS administrative clients should use strong security such as Kerberos when communicating with rpc.fedfsd(8). Command line arguments -?, --help Prints rpc.fedfsd(8) version and usage message on stderr, then exits. -d, --debug Enables additional debugging messages to be produced during operation. -F, --foreground Keeps rpc.fedfsd(8) attached to its controlling terminal so that operation can be monitored directly, or run under a debugger. rpc.fedfsd(8) also writes log messages on stderr instead of to the system log. If this option is not specified, rpc.fedfsd(8) back- grounds itself soon after it starts. -u, --uid=id Specifies the numeric or text UID that rpc.fedfsd(8) runs under after dropping root privileges. By default, the UID for the user fedfs is used. If that user doesn't exist, then the UID for nobody is used instead. -g, --gid=id Specifies the numeric or text GID that rpc.fedfsd(8) runs under after dropping root privileges. By default, the GID for the group fedfs is used. If that group doesn't exist, then the GID for nobody is used instead. -o, --port=num Specifies the port number used for RPC listener sockets. If this option is not specified, rpc.fedfsd(8) chooses a random ephemeral port for each listener socket. Access control An Access Control List stored in /etc/fedfsd/access.conf manages whom rpc.fedfsd(8) allows to perform ADMIN operations. The following access types are supported: none Enabling none allows anyone using AUTH_NONE security to perform ADMIN operations. none is for backwards compatibility only. It is not recommended for use in production deployments. unix This setting specifies lists of users and groups who are allowed to use AUTH_SYS security to perform ADMIN operations. Though the unix setting provides more security than the none setting, unix is not recommended for use on untrusted networks. gss This setting specifies which GSS mechanisms, services, and principals are authorized to perform ADMIN operations. Currently the only supported GSS mechanism is kerberos_v5. See comments in /etc/fedfsd/access.conf for details on syntax of the Access Control List. To enable Kerberos security via GSS, a service principal for the fedfs-admin service must be created for each host running rpc.fedfsd(8). The resulting key must be retrieved from the KDC and stored in a keytab file (usually /etc/krb5.keytab) on each host running rpc.fedfsd(8). The exact procedure for creating a service principal and retrieving and storing a secret key for it depends on the type of KDC in use for the local Kerberos realm. Consult your local Kerberos realm administrator for more information. NOTES
To create, resolve, or delete a junction, FedFS admin clients specify the pathname of that junction as an argument to the requested opera- tion. The FedFS admin protocol supports at least two types of these pathnames: ADMIN, and NFS. At this time the Linux rpc.fedfs(8) daemon supports only FedFS ADMIN pathnames. This type of pathname represents a fully-qualified POSIX pathname relative to the file server's phys- ical root directory. During each start-up, rpc.fedfsd(8) verifies that the local NSDB connection parameter database exists and is accessible. If it does not exist, rpc.fedfsd(8) attempts to create such a database. If it cannot, the daemon fails to start. FILES
/var/lib/fedfs/nsdbparam.sqlite3 database of NSDB connection parameters /var/lib/fedfs/nsdbcerts local directory that stores X.509 certificates for NSDBs /etc/fedfsd/access.conf controls remote access to rpc.fedfsd SEE ALSO
fedfs(7), nfs(5) RFC 5661 for the NFS version 4 specification RFC 5716 for FedFS requirements and overview COLOPHON
This page is part of the fedfs-utils package. A description of the project and information about reporting bugs can be found at http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject. AUTHOR
Chuck Lever <chuck.lever@oracle.com> 3 February 2014 RPC.FEDFSD(8)
Man Page

Featured Tech Videos