[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#738063: nfs-kernel-server: option to disable NFSv4 in /etc/default/nfs-kernel-server not working properly

Package: nfs-kernel-server
Severity: normal
Tags: patch

Instructions to disable NFSv4 in /etc/default/nfs-kernel-server aren't properly
preventing clients to mount the export using NFSv4.

We had to pass the option '--no-nfs-version 4' to mountd *and* nfsd. I found at
least one similar case and solution at
http://andy.delcambre.com/2007/06/25/disabling-nfsv4-on-ubuntu.html

Here is a patch to add a NONFSVERSION option int /etc/default/nfs-kernel-server
and pass it to both daemons. Alternatively or in addition to this one, we could
add a RPCNFSDOPTS as suggested in bug #539201.

*** 0001-default-init-fix-no-nfs-version-4.patch
>From 8cb1b55667fec17b12a9805600417105a203c32c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Barboiron?= <ced@winkie.fr>
Date: Fri, 7 Feb 2014 11:53:32 +0100
Subject: [PATCH] default/init: fix --no-nfs-version 4

---
 debian/nfs-kernel-server.default | 4 +++-
 debian/nfs-kernel-server.init    | 7 ++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/debian/nfs-kernel-server.default b/debian/nfs-kernel-server.default
index 16c0532..4ffd383 100644
--- a/debian/nfs-kernel-server.default
+++ b/debian/nfs-kernel-server.default
@@ -8,9 +8,11 @@ RPCNFSDPRIORITY=0
 # If you have a port-based firewall, you might want to set up
 # a fixed port here using the --port option. For more information, 
 # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
-# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
 RPCMOUNTDOPTS=--manage-gids
 
+# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
+NONFSVERSION=
+
 # Do you want to start the svcgssd daemon? It is only required for Kerberos
 # exports. Valid alternatives are "yes" and "no"; the default is "no".
 NEED_SVCGSSD=
diff --git a/debian/nfs-kernel-server.init b/debian/nfs-kernel-server.init
index d00b2ec..07d1526 100644
--- a/debian/nfs-kernel-server.init
+++ b/debian/nfs-kernel-server.init
@@ -31,6 +31,7 @@ RPCMOUNTDOPTS=
 NEED_SVCGSSD=no
 RPCSVCGSSDOPTS=
 PROCNFSD_MOUNTPOINT=/proc/fs/nfsd
+NONFSVERSION=
 if [ -f $DEFAULTFILE ]; then
     . $DEFAULTFILE
 fi
@@ -100,7 +101,7 @@ case "$1" in
 
 		start-stop-daemon --start --oknodo --quiet \
 		    --nicelevel $RPCNFSDPRIORITY \
-		    --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT
+		    --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT $NONFSVERSION
 		RET=$?
 		if [ $RET != 0 ]; then
 			log_end_msg $RET
@@ -118,7 +119,7 @@ case "$1" in
 		fi
 
 		$PREFIX/bin/rpcinfo -u localhost nfs 3 >/dev/null 2>&1 ||
-		    RPCMOUNTDOPTS="$RPCMOUNTDOPTS --no-nfs-version 3"
+		    NONFSVERSION="$NONFSVERSION --no-nfs-version 3"
 
 		[ -z "$ClearAddr" ] || echo "nfsd 127.0.0.1 1" >/proc/net/rpc/auth.unix.ip/channel
 	
@@ -136,7 +137,7 @@ case "$1" in
 
 		log_progress_msg "mountd"
 		start-stop-daemon --start --oknodo --quiet \
-		    --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS
+		    --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS $NONFSVERSION
 		RET=$?
 		if [ $RET != 0 ]; then
 			log_end_msg $RET
-- 
1.8.5.3
Reply to: