Bug#738063: nfs-kernel-server: option to disable NFSv4 in /etc/default/nfs-kernel-server not working properly
Package: nfs-kernel-server
Severity: normal
Tags: patch
Instructions to disable NFSv4 in /etc/default/nfs-kernel-server aren't properly
preventing clients to mount the export using NFSv4.
We had to pass the option '--no-nfs-version 4' to mountd *and* nfsd. I found at
least one similar case and solution at
http://andy.delcambre.com/2007/06/25/disabling-nfsv4-on-ubuntu.html
Here is a patch to add a NONFSVERSION option int /etc/default/nfs-kernel-server
and pass it to both daemons. Alternatively or in addition to this one, we could
add a RPCNFSDOPTS as suggested in bug #539201.
*** 0001-default-init-fix-no-nfs-version-4.patch
>From 8cb1b55667fec17b12a9805600417105a203c32c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Barboiron?= <ced@winkie.fr>
Date: Fri, 7 Feb 2014 11:53:32 +0100
Subject: [PATCH] default/init: fix --no-nfs-version 4
---
debian/nfs-kernel-server.default | 4 +++-
debian/nfs-kernel-server.init | 7 ++++---
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/debian/nfs-kernel-server.default b/debian/nfs-kernel-server.default
index 16c0532..4ffd383 100644
--- a/debian/nfs-kernel-server.default
+++ b/debian/nfs-kernel-server.default
@@ -8,9 +8,11 @@ RPCNFSDPRIORITY=0
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
-# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
RPCMOUNTDOPTS=--manage-gids
+# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
+NONFSVERSION=
+
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=
diff --git a/debian/nfs-kernel-server.init b/debian/nfs-kernel-server.init
index d00b2ec..07d1526 100644
--- a/debian/nfs-kernel-server.init
+++ b/debian/nfs-kernel-server.init
@@ -31,6 +31,7 @@ RPCMOUNTDOPTS=
NEED_SVCGSSD=no
RPCSVCGSSDOPTS=
PROCNFSD_MOUNTPOINT=/proc/fs/nfsd
+NONFSVERSION=
if [ -f $DEFAULTFILE ]; then
. $DEFAULTFILE
fi
@@ -100,7 +101,7 @@ case "$1" in
start-stop-daemon --start --oknodo --quiet \
--nicelevel $RPCNFSDPRIORITY \
- --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT
+ --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT $NONFSVERSION
RET=$?
if [ $RET != 0 ]; then
log_end_msg $RET
@@ -118,7 +119,7 @@ case "$1" in
fi
$PREFIX/bin/rpcinfo -u localhost nfs 3 >/dev/null 2>&1 ||
- RPCMOUNTDOPTS="$RPCMOUNTDOPTS --no-nfs-version 3"
+ NONFSVERSION="$NONFSVERSION --no-nfs-version 3"
[ -z "$ClearAddr" ] || echo "nfsd 127.0.0.1 1" >/proc/net/rpc/auth.unix.ip/channel
@@ -136,7 +137,7 @@ case "$1" in
log_progress_msg "mountd"
start-stop-daemon --start --oknodo --quiet \
- --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS
+ --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS $NONFSVERSION
RET=$?
if [ $RET != 0 ]; then
log_end_msg $RET
--
1.8.5.3
Reply to: