Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used

To: Jochen Sprickerhof <jspricke@debian.org>, 1109999@bugs.debian.org
Subject: Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
From: Jean-Marc LACROIX <jeanmarc.lacroix@free.fr>
Date: Mon, 28 Jul 2025 10:50:46 +0200
Message-id: <[🔎] 14b36cbe-a284-422e-a1d3-758ab2a2f83d@free.fr>
Reply-to: Jean-Marc LACROIX <jeanmarc.lacroix@free.fr>, 1109999@bugs.debian.org
In-reply-to: <[🔎] aIcGsaDwXpbJrpFq@fenchel>
References: <[🔎] e719dfd6-2b12-4e8b-96db-4610385e5e26@free.fr> <[🔎] aIcGsaDwXpbJrpFq@fenchel> <[🔎] e719dfd6-2b12-4e8b-96db-4610385e5e26@free.fr>

Le 28/07/2025 à 07:12, Jochen Sprickerhof a écrit :

Hi Jean-Marc,

* Jean-Marc LACROIX <jeanmarc.lacroix@free.fr> [2025-07-27 23:43]:
In order to increase (a little !) security, and as defined intohttp://wiki.debian.org/SecuringNFS, it is a good practice to definedone static port for nfs-stad daemon.
This feature is available in the man. Furthermore, it is implementedinto /etc/default/nfs-common into variable STATDOPTS.
But is seems that /etc/init/nfs-common script has forgotten to usethis variable when launching daemon. As a result it is not possible tochange ANY option available for this daemon.
On debian bookwoorm, it works.
Find following diff bettween Bookworm and Trixie

diff /tmp/nfs-common-trixie /tmp/nfs-common-bookworm
22a23
RPCGSSDOPTS=
30c31
< [ -x /usr/sbin/rpc.statd ] || exit 0
---
[ -x /sbin/rpc.statd ] || exit 0
42c43
<     while read -r DEV _ _ OPTS _
---
    while read DEV MTPT FSTYPE OPTS REST
89c90
<     if [ -x /sbin/modprobe ] && [ -f /proc/modules ]
---
    if [ -x /sbin/modprobe -a -f /proc/modules ]
136c137
<               --exec /usr/sbin/rpc.statd
---
              --exec /sbin/rpc.statd -- $STATDOPTS
This is no longer supported as stated in the NEWS file:
https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/debian/nfs-common.NEWS?ref_type=heads
The complete removal was done here:
https://salsa.debian.org/kernel-team/nfs-utils/-/commit/6824312704bc066b5867b9777695e46cce52dcbc
So maybe this needs an other NEWS entry and/or mention in the release-notes.
Cheers Jochen


According ...

https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/debian/nfs-common.NEWS?ref_type=heads

i understand there is now one new configuration file , Ok.

But, for daemon rpcbind, it seems that previous old configuration fileis still valid, because ...


ansible@vn-nfs-110:~$ uname -a

Linux vn-nfs-110 6.12.30+bpo-armmp-lpae #1 SMP Debian 6.12.30-1~bpo12+1(2025-06-14) armv7l GNU/Linux

ansible@vn-nfs-110:~$ cat /etc/debian_version
13.0
ansible@vn-nfs-110:~$ dpkg -L rpcbind |grep etc
/etc
/etc/default
/etc/default/rpcbind
/etc/init.d
/etc/init.d/rpcbind
/etc/insserv.conf.d
/etc/insserv.conf.d/rpcbind
ansible@vn-nfs-110:~$

So please, could you confirm that new configuration file /etc/nfs.confis not used for this daemon ?



Cordialement
--
  -- Jean-Marc LACROIX  (06 82 29 98 66) --
    -- mailto : jeanmarc.lacroix@free.fr   --

Reply to:

Follow-Ups:
- Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
  - From: Jochen Sprickerhof <jspricke@debian.org>

References:
- Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
  - From: Jean-Marc LACROIX <jeanmarc.lacroix@free.fr>
- Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
  - From: Jochen Sprickerhof <jspricke@debian.org>

Prev by Date: Re: Installation location of BPF vmlinux.h
Next by Date: Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
Previous by thread: Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
Next by thread: Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used
Index(es):
- Date
- Thread