# Properly configuring NFS4 exports on ZFS filesystems



## pkc (Dec 21, 2018)

I have used a `sharenfs` attribute on my ZFS filesystems with success for some time:


```
NAME  PROPERTY  VALUE                                                SOURCE
main  sharenfs  -mapall root -network 192.168.1.1 -mask 255.255.0.0  received
```

Unfortunately, I now have a client that is connecting from ports >1024, so it appears that I will need to add the `insecure` option somewhere. I have read on the internet that it may be necessary to not use `sharenfs` and revert to /etc/exports instead.

It appears that I will want to use comma-separated option syntax to encode this in `sharenfs`. Does anyone have any ideas? Is there any documentation for this? Every comma separated string I have tried has failed with "no valid entries" error from mountd(8).

Thank you


----------



## pkc (Dec 21, 2018)

I was able to get it working with:


```
zfs set sharenfs="-network 192.168.0.0/16(insecure)" main
```

but without any other options, which I may need


----------



## SirDice (Dec 31, 2018)

That's why people typically use the 'normal' /etc/exports. The `sharenfs` option is a bit of a hack. It gets translated to a file: /etc/zfs/exports. On the original Solaris implementation the option would talk to the kernel directly in order to create the share. This wasn't possible on FreeBSD, hence the "hack". But due to this the syntax works somewhat counter-intuitive and it's a little difficult setting multiple NFS options.


----------



## pkc (Jan 1, 2019)

I see. Indeed, I did see `/etc/zfs/exports`. Using `/etc/exports` does seem to make more sense. Thanks for this confirmation.


----------



## yuripv (Jan 1, 2019)

Ugh, I don't see the "insecure" option documented anywhere, is it linux-specific?  More so, our NFSv4 server did NOT force the check for ports < 1024 until it was recently changed in HEAD (https://github.com/freebsd/freebsd/commit/0d33c81f6d77fedd7bc59011928c84f6f510bdff), so I wonder if there's something else going on here.


----------



## yuripv (Jan 1, 2019)

pkc said:


> no valid entries


Guess this is the real issue here, and not the "insecure" setting.  According to examples in zfs(8), your sharenfs contents should be either mapall=root,network 192.168.0.0/16 or -mapall=root -network 192.168.0.0/16.


----------



## sko (Jan 8, 2019)

AFAIK this flag can't be set on a per-share basis but only globally for the mountd service. So you have to set the -n flag via `nfsd_flags` within the rc.conf. That's what we use on our nfs server to allow users on the clients mounting their home directories and various shares.


----------

