Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

rpc.fedfsd(8) [centos man page]

RPC.FEDFSD(8)						      System Manager's Manual						     RPC.FEDFSD(8)

NAME

       rpc.fedfsd - FedFS administrative service daemon

SYNOPSIS

       rpc.fedfsd [-?dF] [-u uid] [-g gid] [-o port]

DESCRIPTION

       RFC  5716  introduces the Federated File System (FedFS, for short).  FedFS is an extensible standardized mechanism by which system adminis-
       trators construct a coherent namespace across multiple file servers using file system referrals.  For further details, see fedfs(7).

       The rpc.fedfsd(8) daemon runs on file servers participating in a FedFS domain.  It enables secure remote  administration  of  junctions	on
       that  file  server.  A remote FedFS administrative client can identify new NSDBs, update an NSDB's connection parameters (security informa-
       tion and DNS name), and create and delete FedFS junctions on that file server.

       Because rpc.fedfsd(8) can operate on any object in an file server's local file systems, FedFS  administrative  clients  should  use  strong
       security such as Kerberos when communicating with rpc.fedfsd(8).

   Command line arguments
       -?, --help
	      Prints rpc.fedfsd(8) version and usage message on stderr, then exits.

       -d, --debug
	      Enables additional debugging messages to be produced during operation.

       -F, --foreground
	      Keeps  rpc.fedfsd(8)  attached  to  its  controlling  terminal so that operation can be monitored directly, or run under a debugger.
	      rpc.fedfsd(8) also writes log messages on stderr instead of to the system log.  If this option is not specified, rpc.fedfsd(8) back-
	      grounds itself soon after it starts.

       -u, --uid=id
	      Specifies  the  numeric  or text UID that rpc.fedfsd(8) runs under after dropping root privileges.  By default, the UID for the user
	      fedfs is used.  If that user doesn't exist, then the UID for nobody is used instead.

       -g, --gid=id
	      Specifies the numeric or text GID that rpc.fedfsd(8) runs under after dropping root privileges.  By default, the GID for	the  group
	      fedfs is used.  If that group doesn't exist, then the GID for nobody is used instead.

       -o, --port=num
	      Specifies  the port number used for RPC listener sockets.  If this option is not specified, rpc.fedfsd(8) chooses a random ephemeral
	      port for each listener socket.

   Access control
       An Access Control List stored in /etc/fedfsd/access.conf manages whom rpc.fedfsd(8) allows to  perform  ADMIN  operations.   The  following
       access types are supported:

       none   Enabling	none allows anyone using AUTH_NONE security to perform ADMIN operations.  none is for backwards compatibility only.  It is
	      not recommended for use in production deployments.

       unix   This setting specifies lists of users and groups who are allowed to use AUTH_SYS security to perform ADMIN operations.   Though  the
	      unix setting provides more security than the none setting, unix is not recommended for use on untrusted networks.

       gss    This  setting  specifies	which  GSS mechanisms, services, and principals are authorized to perform ADMIN operations.  Currently the
	      only supported GSS mechanism is kerberos_v5.

       See comments in /etc/fedfsd/access.conf for details on syntax of the Access Control List.

       To enable Kerberos security via GSS, a service principal for the fedfs-admin service must be created for each host  running  rpc.fedfsd(8).
       The resulting key must be retrieved from the KDC and stored in a keytab file (usually /etc/krb5.keytab) on each host running rpc.fedfsd(8).

       The  exact  procedure for creating a service principal and retrieving and storing a secret key for it depends on the type of KDC in use for
       the local Kerberos realm.  Consult your local Kerberos realm administrator for more information.

NOTES

       To create, resolve, or delete a junction, FedFS admin clients specify the pathname of that junction as an argument to the requested  opera-
       tion.  The FedFS admin protocol supports at least two types of these pathnames: ADMIN, and NFS.	At this time the Linux rpc.fedfs(8) daemon
       supports only FedFS ADMIN pathnames.  This type of pathname represents a fully-qualified POSIX pathname relative to the file server's phys-
       ical root directory.

       During  each  start-up,	rpc.fedfsd(8) verifies that the local NSDB connection parameter database exists and is accessible.  If it does not
       exist, rpc.fedfsd(8) attempts to create such a database.  If it cannot, the daemon fails to start.

FILES

       /var/lib/fedfs/nsdbparam.sqlite3
	      database of NSDB connection parameters

       /var/lib/fedfs/nsdbcerts
	      local directory that stores X.509 certificates for NSDBs

       /etc/fedfsd/access.conf
	      controls remote access to rpc.fedfsd

SEE ALSO

       fedfs(7), nfs(5)

       RFC 5661 for the NFS version 4 specification

       RFC 5716 for FedFS requirements and overview

COLOPHON

       This page is part of the fedfs-utils package.  A description of	the  project  and  information	about  reporting  bugs	can  be  found	at
       http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.

AUTHOR

       Chuck Lever <chuck.lever@oracle.com>

								  3 February 2014						     RPC.FEDFSD(8)
Man Page