Hi Jean-Marc, * Jean-Marc LACROIX <jeanmarc.lacroix@free.fr> [2025-07-27 23:43]:
In order to increase (a little !) security, and as defined into http://wiki.debian.org/SecuringNFS, it is a good practice to defined one static port for nfs-stad daemon.This feature is available in the man. Furthermore, it is implemented into /etc/default/nfs-common into variable STATDOPTS.But is seems that /etc/init/nfs-common script has forgotten to use this variable when launching daemon. As a result it is not possible to change ANY option available for this daemon.On debian bookwoorm, it works. Find following diff bettween Bookworm and Trixie diff /tmp/nfs-common-trixie /tmp/nfs-common-bookworm 22a23RPCGSSDOPTS=30c31 < [ -x /usr/sbin/rpc.statd ] || exit 0 ---[ -x /sbin/rpc.statd ] || exit 042c43 < while read -r DEV _ _ OPTS _ ---while read DEV MTPT FSTYPE OPTS REST89c90 < if [ -x /sbin/modprobe ] && [ -f /proc/modules ] ---if [ -x /sbin/modprobe -a -f /proc/modules ]136c137 < --exec /usr/sbin/rpc.statd -----exec /sbin/rpc.statd -- $STATDOPTS
This is no longer supported as stated in the NEWS file: https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/debian/nfs-common.NEWS?ref_type=heads The complete removal was done here: https://salsa.debian.org/kernel-team/nfs-utils/-/commit/6824312704bc066b5867b9777695e46cce52dcbcSo maybe this needs an other NEWS entry and/or mention in the release-notes.
Cheers Jochen
Attachment:
signature.asc
Description: PGP signature