Set Defaults for NFS Mounts

In addition to the settings per each NFS mount, macOS supports general settings which take effect for all NFS mounts, i.e. they affect the whole NFS client. To review or change these settings, select the item NFS Client > Configuration on the left side of the control window. The configuration pane NFS Client Options will be displayed.

General settings

The tab item Settings allows you to get access to general settings of the NFS client.

Allow to request to perform server operations asynchronously: When no checkmark is set at that option, any attempt to establish an asynchronous connection to an NFS server (see the mount option Don’t enforce server operations to be performed asynchronously) will be ignored.

NOTE: By intention, NFS Manager does not offer a mount option to enforce asynchronous mounts. In theory, this option can be set via command-line or Directory Utility. The client setting mentioned here is an additional blockade the system administrator can use to generally prevent use of this option.

Use “access” command when fetching “getattr” data: You can specify whether the operating system should use the internal function access() in an opportunistic fetch operation every time attributes should be fetched. Under normal circumstances, applications use the function getattr() to request attributes and the function access() to determine file system permissions. However, a response to access() contains attribute data as well, so a single call to access() can make an additional call to getattr() obsolete. For this reason, replacing access() by getattr() might save time, but only if the NFS server implements access() efficiently. In modern operating systems, this might not be the case.

Memory-mapped read operations should be uninterruptible: macOS supports memory-mapped file access, i.e. instead of processing a file using conventional file commands, it is handled as if its entire contents resided in the processor’s Virtual Memory. When accessing memory blocks within the file, paging commands are triggered internally, which are processed directly by the processor’s Virtual Memory management. This technology is also available for network access via NFS. However, the failure of a server connection could trigger problems in the memory management of the affected process in this case, causing inconsistent states in memory. If this option is activated, macOS always treats any NFS client access with memory mapping as uninterruptible, even if a contradictory setting (see the mount option Allow hanging operations to be canceled without server response) was selected for an affected mount.

Optimize for desktop or mobile operation: The NFS standard was originally designed for networks with reliable infrastructure. With today’s mobile computers, where wireless connections may temporarily fail, the basic assumption that the network can always be relied upon may no longer be correct, however. The NFS client can be optimized for operation on a mobile computer, supporting automatic forced disconnection from servers when the following conditions are met:

• The NFS connection is an automatic mount, not a manual one.
• The NFS server is not responding.
• No files on the affected connection are currently open for writing.
• No files on this connection are currently memory-mapped.
• No objects on this connection have pending update operations.

The NFS client usually auto-detects what type of computer is in use and optimizes its operation accordingly. However, you can enforce a change of this policy, e.g. when a notebook computer is used as stationary system connected via Ethernet. In this case, you would switch from Detect system to Desktop system.

Maximum number of client threads (nfsiod): This option controls on how many worker threads the administrative tasks for active connections to NFS servers can be distributed.

Timeout for caching permission related information: The NFS client uses a buffer (cache) to hold user and group information as well as permission information for some time in main memory until it refetches the data from the operating system or server. The value specifies the maximum time in seconds how long cached data may assumed to be valid until it expires and has to be discarded.

Time before issuing “server down” warning: When the network connection to a server is lost, or the server is failing, the operating system will display a warning. This value specifies the time in seconds the system should wait until showing the first warning message.

Time before issuing subsequent “server down” warning: If a failing server connection doesn’t recover, the operating system may show subsequent warnings after the initial message. The time interval for subsequent warnings can be set by this value.

Timeout for initial mount connection: This value determines how long the NFS client should wait for a response during the initial mount request to a server.

Timeout for automounts without retry attempts: This also determines how long the NFS client should wait upon an initial request, but only in the special case where the mount is caused by the UNIX autofs automounter and the option for the maximum number of retry attempts is zero.

Advertised standard size of buffer for file info data: If the client calls the UNIX functions stat or statfs to request file or file system information from an NFS mount, a recommended buffer size to transfer the requested data has to be negotiated between client and server. This value is the initial default size in bytes the client will send as recommended size to the server.

Maximum rate of file info requests to send per second: This value specifies how often per second the client is allowed to call the statfs function to request file system information for an NFS mount. If the number is exceeded, the request will not be forwarded to the server but instead be answered using cached information.

Presets for mount options

macOS can define default settings for options which work as a preset for all NFS mounts (manual ones and automounts), so it will no longer be necessary to configure options for each single connection. Please note the following:

• Options which have been enabled as the default will override the settings per mount. They cannot be disabled per mount.
• When editing options per mount, NFS Manager will not display whether some of the options may already have been set as a default.

To set or change the default options click the button Change options…. The usual panel to define mount options will open. By selecting or deselecting options you can define the desired default which should be taken as preset for this computer. If you like to completely remove all preset options, hereby returning to the “empty” standard configuration, click the button Remove all overrides.

Special setting and features for NFSv4 and NFSv4.1

Settings

In the section *NFSv4/v4.1, NFS Manager shows special settings that only have meaning for the operation of NFS version 4 or higher.

Default domain name: This setting controls the default domain name that should be used when processing names (such as user account names, for example) from the NFSv4 server. When checking permissions for file access, identities from the server are defined via text strings such as e.g. username@example.com, which the client must map to local identities within its directory service context. Under normal conditions, server and client are bound to the same LDAP-based directory service, and the domain name for processing names is automatically taken from the domain name of the LDAP server. If this assumption is wrong, so the directory server’s domain name does not match the context of names used by the NFSv4 server, you must set the domain name here. The name must comply with DNS syntax rules.

Predefined port number for callbacks: When using NFSv4 features that require callbacks, the port number on which the server should call the client back can be specified here. A value of 0 indicates that no fixed port number should be used, but server and client can automatically choose any free port.

Checking user and group accounts in the context of NFS Version 4

From version 4 onward, it is no longer mandatory that an NFS server uses the same numeric identifiers (POSIX IDs) for users and groups as the connected clients. Permission evaluation according to the usual UNIX or POSIX rules and via Access Control Lists (ACLs) is instead performed by evaluating user and group names as strings. The context of the environment can be incorporated into those names, for example, the NFS standard domain name or the name of the directory services server. Because it can sometimes be difficult to understand which names client and server use when evaluating permissions, macOS offers a test feature that can be easily operated with NFS Manager. Click Check user account mapping… to test:

• which local account an NFSv4 identity maps to, or
• which NFSv4 identity a numeric user or group account on the local computer maps to.

To do this, proceed as follows:

1. At Type of test, indicate the direction of the mapping you want to examine.
2. Enter the ID to test. The IDs of the local computer must be entered numerically if you want to retrieve the corresponding NFSv4 ID as a name.
3. If the ID refers to a user account, leave the field Enforce interpretation as group, not user blank. If the ID should represent a group account, check this box.
4. Click Test ID or press ⏎.
5. If macOS prompts for an administrator password, provide the required credentials.

In the Result field, the desired outcome is now shown, as it is calculated for each NFSv4 access by the currently running macOS system according to the settings for directory services and the NFSv4 domain. If an intermediate step involving the evaluation of the Generated UUID (Generated Universal Unique Identifier) of an account was required for the mapping, this will be noted accordingly.

Automounter Settings

Settings affecting the automount features of macOS are available on the tab item Automounter. macOS uses the standard “autofs” subsystem which is also used on many other UNIX or Unix-like operating systems. The automounter is capable of supporting very complex setups, controlled by so-called mount maps, i.e. extended lists of automount entries which may also contain template entries and entries containing environment variables. The advanced use of mount maps is beyond the scope of NFS Manager and will not be discussed in this reference manual. Please see text books about NFS and NIS technology for further information.

Disconnect inactive shares after __ s: This option controls after what time period of inactivity the automounter should disconnect a share. The time is specified in seconds. Apple’s default setting is 1 hour (3,600 s). Many other Unix systems use a much shorter time, e.g. 10 minutes.

Don’t list disconnected shares of a mount map: When this option is set, only active (currently mounted) shares will be listed by the operating system when the folder containing the mount points is browsed by an application. It does not matter if a graphical file browser (like the Finder) or a command-line program (like ls) is used. Enabling this feature is helpful to avoid that too many automounts are triggered inadvertently, e.g. by clicking mount points in the Finder.

Enforce ignore of “set user-ID” privileges: After enabling this option, the automounter will ensure that the option to ignore the SUID flag (see the mount option Ignore “set user-ID” privileges) is always on, no matter if this setting is enabled or disabled for the different automount entries individually, or by the automounter defaults (see below).

Write mount map activity messages to system log: This feature will cause the automount process of the autofs subsystem to print more detailed information about its activities to the system log. This mainly affects reports about receiving and processing lists of automount entries via directory services.

Write automount activity messages to system log: This feature will cause the automountd process of the autofs subsystem to print more detailed information about its activities to the system log. This mainly affects reports about the actual connect and disconnect operations with file servers.

Activity trace level: The automountd process also allows tracing of all its internal operations. The level of detail can be controlled by the pop-up menu. The setting 0 won’t include any trace messages in the log. The levels 1 to 4 will add operational messages for more and more detailed aspects of process activity.

Mount Map Variables: The table allows to define environment variables which will be used when processing template-like automount entries found in the mount maps. Each variable has a name and a value. As mentioned in the introductory paragraph, advanced mount map features won’t be discussed here.

Presets for automount options

In addition to the defaults which can be set for all mounts, the operating system can also define defaults for automounts. The settings are controlled by the box Override default options to use for automatic mount requests. The behavior is exactly the same as already described in the section “Presets for mount options” above. The options finally taking effect for a final automount entry combine the defaults for mounts with the defaults for automounts and the individual settings of that entry.

NOTE: The presets apply to all automounts, not only to NFS-based ones. Other types of automatic files server connections, e.g. SMB, will be affected as well.

Save and Revert

To save your changes, click the button Apply at the bottom right corner. If necessary, macOS will ask for an administrator password. Changes may not take effect immediately. Depending on settings, you’ll have to perform a restart of the operating system to ensure that all changes become active.

By clicking Revert, all edited changes will be discarded and the previously saved configuration will be restored. You can undo all changes you have made to client settings and preset options by clicking the button Reset to defaults.