21.07.2016 18:35, jcsl пишет:
El jueves, 21 de julio de 2016 16:32:27 (CEST) Andrei Borzenkov escribió:
On Thu, Jul 21, 2016 at 4:02 PM, jcsl
wrote: I want to have a NFSv4 without the RPC services running. IIRC it was possible on 13.2
No, it is (and was) not possible.
Thanks, but that is not a very helpful answer without any references or a
It was also wrong answer. Sorry for that. Learn something new every day :)
brief ─one or two lines─ explanation. I still think that it is possible because of the following text taken from from SUSE Linux Enterprise Server 12 SP1 Release Notes:
3.1.4.5 NFSv4 only configuration ... Disabling NFSv3 (and lower) can reduce the attack surface. Setting NFS3_SERVER_SUPPORT=no in /etc/sysconfig/nfs will disable NFSv3 support and ensure that lockd and statd are not started. It does not prevent rpcbind from starting though. This is in part because rpcbind is needed for other services including NIS ¹ (aka yellow-pages) and automatically determining that none of these are required is problematic.
If rpcbind is not needed (so only NFSv4 is used), it can be disabled with the command:
systemctl disable rpcbind.socket
I think that this is how I got rid of RPC on 13.2 (no rpc.whatever running). The problem now is that rpcbind.socket is enabled somewhere (probably by another systemd service) so rpcbind, rpc.statd, rpc.mountd and rpc.imapd are also started.
nfs-server.service explicitly Requires rpcbind.target, rpc-mountd.service and Wants rpc-statd.service; rpcbind.target explicitly Wants rpcbind.socket. I am not sure about lockd, I do not even see binary with this name on Leap 42.1. So this looks like plain bug; at least, release notes are wrong and dependencies are hardcoded in service definitions. Settings NFS3_SERVER_SUPPORT=no only affects arguments to nfsd. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org