RPC.FEDFSD(8) System Manager's Manual RPC.FEDFSD(8)
rpc.fedfsd - FedFS administrative service daemon
rpc.fedfsd [-?dF] [-u uid] [-g gid] [-o port]
RFC 5716 introduces the Federated File System (FedFS, for short). FedFS is an extensible standardized mechanism by which system adminis-
trators construct a coherent namespace across multiple file servers using file system referrals. For further details, see fedfs(7).
The rpc.fedfsd(8) daemon runs on file servers participating in a FedFS domain. It enables secure remote administration of junctions on
that file server. A remote FedFS administrative client can identify new NSDBs, update an NSDB's connection parameters (security informa-
tion and DNS name), and create and delete FedFS junctions on that file server.
Because rpc.fedfsd(8) can operate on any object in an file server's local file systems, FedFS administrative clients should use strong
security such as Kerberos when communicating with rpc.fedfsd(8).
Command line arguments
Prints rpc.fedfsd(8) version and usage message on stderr, then exits.
Enables additional debugging messages to be produced during operation.
Keeps rpc.fedfsd(8) attached to its controlling terminal so that operation can be monitored directly, or run under a debugger.
rpc.fedfsd(8) also writes log messages on stderr instead of to the system log. If this option is not specified, rpc.fedfsd(8) back-
grounds itself soon after it starts.
Specifies the numeric or text UID that rpc.fedfsd(8) runs under after dropping root privileges. By default, the UID for the user
fedfs is used. If that user doesn't exist, then the UID for nobody is used instead.
Specifies the numeric or text GID that rpc.fedfsd(8) runs under after dropping root privileges. By default, the GID for the group
fedfs is used. If that group doesn't exist, then the GID for nobody is used instead.
Specifies the port number used for RPC listener sockets. If this option is not specified, rpc.fedfsd(8) chooses a random ephemeral
port for each listener socket.
An Access Control List stored in /etc/fedfsd/access.conf manages whom rpc.fedfsd(8) allows to perform ADMIN operations. The following
access types are supported:
none Enabling none allows anyone using AUTH_NONE security to perform ADMIN operations. none is for backwards compatibility only. It is
not recommended for use in production deployments.
unix This setting specifies lists of users and groups who are allowed to use AUTH_SYS security to perform ADMIN operations. Though the
unix setting provides more security than the none setting, unix is not recommended for use on untrusted networks.
gss This setting specifies which GSS mechanisms, services, and principals are authorized to perform ADMIN operations. Currently the
only supported GSS mechanism is kerberos_v5.
See comments in /etc/fedfsd/access.conf for details on syntax of the Access Control List.
To enable Kerberos security via GSS, a service principal for the fedfs-admin service must be created for each host running rpc.fedfsd(8).
The resulting key must be retrieved from the KDC and stored in a keytab file (usually /etc/krb5.keytab) on each host running rpc.fedfsd(8).
The exact procedure for creating a service principal and retrieving and storing a secret key for it depends on the type of KDC in use for
the local Kerberos realm. Consult your local Kerberos realm administrator for more information.
To create, resolve, or delete a junction, FedFS admin clients specify the pathname of that junction as an argument to the requested opera-
tion. The FedFS admin protocol supports at least two types of these pathnames: ADMIN, and NFS. At this time the Linux rpc.fedfs(8) daemon
supports only FedFS ADMIN pathnames. This type of pathname represents a fully-qualified POSIX pathname relative to the file server's phys-
ical root directory.
During each start-up, rpc.fedfsd(8) verifies that the local NSDB connection parameter database exists and is accessible. If it does not
exist, rpc.fedfsd(8) attempts to create such a database. If it cannot, the daemon fails to start.
database of NSDB connection parameters
local directory that stores X.509 certificates for NSDBs
controls remote access to rpc.fedfsd
RFC 5661 for the NFS version 4 specification
RFC 5716 for FedFS requirements and overview
This page is part of the fedfs-utils package. A description of the project and information about reporting bugs can be found at
Chuck Lever <email@example.com>
3 February 2014 RPC.FEDFSD(8)