Package: nfs-kernel-server Severity: normal Tags: patch Instructions to disable NFSv4 in /etc/default/nfs-kernel-server aren't properly preventing clients to mount the export using NFSv4.
We had to pass the option '--no-nfs-version 4' to mountd *and* nfsd. I found at least one similar case and solution at http://andy.delcambre.com/2007/06/25/disabling-nfsv4-on-ubuntu.html Here is a patch to add a NONFSVERSION option int /etc/default/nfs-kernel-server and pass it to both daemons. Alternatively or in addition to this one, we could add a RPCNFSDOPTS as suggested in bug #539201. *** 0001-default-init-fix-no-nfs-version-4.patch >From 8cb1b55667fec17b12a9805600417105a203c32c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Barboiron?= <c...@winkie.fr> Date: Fri, 7 Feb 2014 11:53:32 +0100 Subject: [PATCH] default/init: fix --no-nfs-version 4 --- debian/nfs-kernel-server.default | 4 +++- debian/nfs-kernel-server.init | 7 ++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/debian/nfs-kernel-server.default b/debian/nfs-kernel-server.default index 16c0532..4ffd383 100644 --- a/debian/nfs-kernel-server.default +++ b/debian/nfs-kernel-server.default @@ -8,9 +8,11 @@ RPCNFSDPRIORITY=0 # If you have a port-based firewall, you might want to set up # a fixed port here using the --port option. For more information, # see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS -# To disable NFSv4 on the server, specify '--no-nfs-version 4' here RPCMOUNTDOPTS=--manage-gids +# To disable NFSv4 on the server, specify '--no-nfs-version 4' here +NONFSVERSION= + # Do you want to start the svcgssd daemon? It is only required for Kerberos # exports. Valid alternatives are "yes" and "no"; the default is "no". NEED_SVCGSSD= diff --git a/debian/nfs-kernel-server.init b/debian/nfs-kernel-server.init index d00b2ec..07d1526 100644 --- a/debian/nfs-kernel-server.init +++ b/debian/nfs-kernel-server.init @@ -31,6 +31,7 @@ RPCMOUNTDOPTS= NEED_SVCGSSD=no RPCSVCGSSDOPTS= PROCNFSD_MOUNTPOINT=/proc/fs/nfsd +NONFSVERSION= if [ -f $DEFAULTFILE ]; then . $DEFAULTFILE fi @@ -100,7 +101,7 @@ case "$1" in start-stop-daemon --start --oknodo --quiet \ --nicelevel $RPCNFSDPRIORITY \ - --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT + --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT $NONFSVERSION RET=$? if [ $RET != 0 ]; then log_end_msg $RET @@ -118,7 +119,7 @@ case "$1" in fi $PREFIX/bin/rpcinfo -u localhost nfs 3 >/dev/null 2>&1 || - RPCMOUNTDOPTS="$RPCMOUNTDOPTS --no-nfs-version 3" + NONFSVERSION="$NONFSVERSION --no-nfs-version 3" [ -z "$ClearAddr" ] || echo "nfsd 127.0.0.1 1" >/proc/net/rpc/auth.unix.ip/channel @@ -136,7 +137,7 @@ case "$1" in log_progress_msg "mountd" start-stop-daemon --start --oknodo --quiet \ - --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS + --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS $NONFSVERSION RET=$? if [ $RET != 0 ]; then log_end_msg $RET -- 1.8.5.3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
