[Bug 637382] New: (r)quotad init missing /etc/sysconfig/quotad for setting of "-p (port)", etc.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c0 Summary: (r)quotad init missing /etc/sysconfig/quotad for setting of "-p (port)", etc. Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: pgngw+dev001+novell.com@f-m.fm QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100723 SUSE/3.6.8-1.3 Firefox/3.6.8 goal is to set *static* ports for nfs services. refs: http://www.lowth.com/LinWiz/nfs_help.html http://www.novell.com/support/viewContent.do?externalId=7000524&sliceId=1 http://wiki.debian.org/SecuringNFS whereas MOUNTD & STATSD opts can be set/overridden in /etc/sysconfig/nfs, QUOTAD is missing the same option. cat /etc/init.d/quotad ... # /etc/init.d/quotad # # and its symbolic link # # /sbin/rcquotad ... rpm -q --whatprovides /etc/init.d/quotad quota-nfs-3.17-7.2.x86_64 ls -al /etc/sysconfig/*quota* /bin/ls: No match. @ http://www.novell.com/support/viewContent.do?externalId=7000524&sliceId=1 "... /etc/services .. * rquota, : add the port assignment to the file. For example: rquotad 4003/tcp rquotad 4003/udp .. Please note that custom edits of the /etc/init.d/nfsserver are not recommend, nor is it supported. Further, changed /etc/init.d scripts may be replaced during online updates or when updating to a new service pack. " iiuc, /etc/services is NOT guaranteed safe from upgrades/overwrites. I tried to raise the issue in #opensuse-factory, as it's likely an issue in/for 11.4 as well. Told 'not interested' ... Checked @ #opensuse, told that the port mods should be made in /etc/sysconfig/foo, ----------------------------- [12:21] <dev001> since there are some 'packagers' around -- where can I find Packaging Guidelines for if/when to use /etc/sysconfig/blah + /etc/init.d/blah pairs? reading here, http://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros, I see mention -- but not guideline statement/policy. [12:21] <yaloki> dev001: there is no need for a guideline [12:22] <yaloki> dev001: you need /etc/init.d/foo to have a script to start a daemon [12:22] <yaloki> dev001: if you can make it configurable (e.g. port number or such), then you store that configuration in /etc/sysconfig/foo and use those parameters in the init script [12:23] <dev001> yaloki: sure, that makes sense. and that's what I thought. but, it's not what novell does/recommends -- in at least the one case i'm looking at. [12:24] <yaloki> dev001: I'm packaging for SUSE/openSUSE since 10 years, so take my word for it [12:24] <yaloki> dev001: and that's also the convention [12:24] <dev001> yaloki: I'm not disagreeing with you. i'm telling you , however, what Novell does in the case of quotad. they recommend making static port assignments by mod'ing /etc/services. [12:25] <yaloki> dev001: well maybe that's because quotad is not configurable in a different way [12:25] <yaloki> dev001: many daemons look up which port they should listen on in /etc/services [12:25] <yaloki> dev001: (actually it's even a system call in glibc) [12:26] <dev001> yaloki: it most certainly is. adding a "-p port" spec is straightforward, and frequently/widely used. [12:26] <yaloki> dev001: well then the packager simply forgot to do that [12:26] <yaloki> dev001: file a bug ----------------------------- checking man page, man rquotad ------------------------- RQUOTAD(8) NAME rquotad, rpc.rquotad - remote quota server SYNOPSIS rpc.rquotad [ -sSFI ] [ -p port ] .. OPTIONS .. -p port, --port port Listen on alternate port port. .. ------------------------- Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c wei wang <wewang@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |wewang@novell.com AssignedTo|bnc-team-screening@forge.pr |jack@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c1 Jan Kara <jack@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jack@novell.com AssignedTo|jack@novell.com |anicka@novell.com --- Comment #1 from Jan Kara <jack@novell.com> 2010-09-08 10:49:12 UTC --- Anicka, would you take care of this please? If I understand right we need to add /etc/sysconfig/rquotad and a way to configure a port where the daemon should listen there. Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c2 --- Comment #2 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-09-08 18:51:51 UTC --- just a note that the semantics are a bit confusing ... pkg name -> quota-nfs init name -> /etc/init.d/quotad RQUOTAD_BIN -> /usr/sbin/rpc.rquotad /etc/services -> rquotad might be helpful to make it all consistently 'rquotad', including the propsed /etc/sysconfig/rquotad -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c3 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |jack@novell.com --- Comment #3 from Anna Bernathova <anicka@novell.com> 2010-09-09 12:27:24 UTC --- Jan, it is no problem, I would just welcome an advice about default settings. My current /etc/services says quotad 762/tcp quotad 762/udp My current process seems to use 996/tcp, 994/udp. So I am confused about its proper default settings. Of course, I can also leave the variable unset and call the binary with -p only when someone sets it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c4 Jan Kara <jack@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|jack@novell.com | --- Comment #4 from Jan Kara <jack@novell.com> 2010-09-09 13:34:17 UTC --- Hmm, you are right, it's a mess. I just did some experiments with the following results: rpc.rquotad looks for a port to use. The names of services it obtains from getrpcbynumber_r (where a number of RPC service corresponding to quota daemon is passed) are: rquotad rquotaprog quota rquota /etc/services contains neither of these so we just continue telling RPC layer that it can use any free port number. Thus in your case ports 996/tcp and 994/udp are used. On my machine different port numbers are used. Clients are still able to connect to the server because they ask the RPC layer for a connection to a particular RPC service and RPC layer tracks on which port each service decided to listen). All in all probably we should add 'quotad' to the list of aliases of the RQUOTAPROG service or add at least one of alias names (I'd vote for rquotad) to /etc/services. That should make the situation less confusing. I'd also leave the port variable unset by default, so that /etc/services are used if user does not wish otherwise. That would seem like the least surprising solution. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c5 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pgajdos@novell.com --- Comment #5 from Anna Bernathova <anicka@novell.com> 2010-09-09 13:43:43 UTC --- OK, let us do it this way. Adding Petr, maintainer of netcfg, to CC, to take care for an alias. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c6 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #6 from Anna Bernathova <anicka@novell.com> 2010-09-09 15:03:06 UTC --- Fix for factory submitted (request id 47612). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c7 --- Comment #7 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-09-09 15:04:10 UTC --- my understanding is that by default, rquotad port is supposed to be *random*. e.g., cref: @ http://www.lowth.com/LinWiz/nfs_help.html. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c8 --- Comment #8 from Jan Kara <jack@novell.com> 2010-09-09 15:37:16 UTC --- But there's no reason for it to be random when /etc/services has a port reserved for it. Or do you see one? On the contrary I'd expect that the value in /etc/services should be used when it's there and admin didn't force us to use a different port. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c9 --- Comment #9 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-09-09 16:03:47 UTC ---
But there's no reason for it to be random when /etc/services has a port reserved for it. Or do you see one?
honestly, i'm confused as to what _should_ be ... i looked for, but did not find, an RFC for rquotad. this comment, http://kerneltrap.org/mailarchive/linux-fsdevel/2007/11/27/451355 seems to verify that there is none, really :-/ i can say simply that /etc/services has quotad 762/tcp quotad 762/udp not rquotad 4003/tcp rquotad 4003/udp as referenced/instructed @ http://www.novell.com/support/viewContent.do?externalId=7000524&sliceId=1 and, rquotad ignores 'quotad' port assignment in /etc/services, but DOES pick up 'rquotad' port if defined _either_ in /etc/services _as_ rquotad, or with a "-p (port)" spec. if you search around, the interchangeable (mis)use of quotad vs rquotad is, at best, confusing. maybe (?) some of the confusion comes from the facts that, per rquotad manpage: "... The results are used by quota(1) ..." my suggestion -- switch to consistent use pf rquotad. it's what novell references in its docs, there's a manpage for it, etc ... even the (mis)named /etc/init.d/quota references it. then again, not sure what implications that has elsewhere. like you said -- it's a mess. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c10 --- Comment #10 from Petr Gajdos <pgajdos@novell.com> 2010-09-13 07:08:10 UTC --- (In reply to comment #9)
rquotad 4003/tcp rquotad 4003/udp
Note: our /etc/services reads pxc-splr-ft 4003/tcp # pxc-splr-ft pxc-splr-ft 4003/udp # pxc-splr-ft But I don't know what pxc-splr-ft is at all. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c11 --- Comment #11 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-09-16 15:43:59 UTC --- (In reply to comment #6)
Fix for factory submitted (request id 47612).
I'd submitted this against 11.3. It's marked as fixed, but sumbitted for factory. Is there a fix for 11.3? (In reply to comment #10)
(In reply to comment #9)
rquotad 4003/tcp rquotad 4003/udp
Note: our /etc/services reads pxc-splr-ft 4003/tcp # pxc-splr-ft pxc-splr-ft 4003/udp # pxc-splr-ft
But I don't know what pxc-splr-ft is at all.
Note that there is NO specification, or even convention afaict, as to which particular static port(s) should be used. only that a static port should be assignable. the recommendation for simplicity in firewall mgmt that i've seen is simply that all the nfs-releated static ports be assigned to a small/contiguous range ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c12 dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #12 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-20 19:18:46 UTC --- can someone please clarify what -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c13 dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |anicka@novell.com --- Comment #13 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-20 19:21:50 UTC --- i'd originally reported this bug against 11.3, not factory. since the FIX was, apparently submitted only against Factroy, will this be -- or has it been -- backported to 11.3? also, what decision exactly was taken? changes to /etc/services? add'l settings in /etc/sysconfig/nfs? other? thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c14 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|anicka@novell.com | --- Comment #14 from Anna Bernathova <anicka@novell.com> 2010-10-21 13:11:05 UTC --- I have created new sysconfig, /etc/sysconfig/rquotad, in Factory. It was not backported for 11.3 because we backport only important bugfixes. As for /etc/services, it is up to Petr to decide and as far as I look at it, he has not done any change yet. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c15 Petr Gajdos <pgajdos@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |jack@novell.com --- Comment #15 from Petr Gajdos <pgajdos@novell.com> 2010-10-21 15:26:49 UTC --- So I am about to change /etc/services following way: -pxc-splr-ft 4003/tcp # pxc-splr-ft -pxc-splr-ft 4003/udp # pxc-splr-ft +rquotad 4003/tcp # rquotad +rquotad 4003/udp # rquotad All right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c16 Jan Kara <jack@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|jack@novell.com | --- Comment #16 from Jan Kara <jack@novell.com> 2010-10-21 15:43:32 UTC --- Petr, we definitely shouldn't have entries for both quotad and rquotad in /etc/services. Moreover port number 4003 is just made up number by the author of the Novell document AFAICT. So what I'd do is to change 'quotad' for port 762 to 'rquotad' so that we consistently use 'rquotad' in as many places as possible and rpc.rquotad can find it. If you'd push that fix to 11.3, it would be nice because that would fix the issue there as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c17 dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |jack@novell.com --- Comment #17 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-21 15:48:11 UTC --- iiuc (?), making those definitions in /etc/services will _force_ the default behavior of a static port assignment for rquotad -- to port 4003. i don't see why that's of benefit, or even recommended. if a static definition is to be added to /etc/services, shouldn't it then be registered? https://secure.wikimedia.org/wikipedia/en/wiki/List_of_TCP_and_UDP_port_numb... ? what is, imo, of value, is the ability to choose/configure in /etc/sysconfig/nfs. options to *set* any/all of the nfs-related ports, and thus make them static assignments, or leave the *unset*, and therefore accept default behavior of dynamic assignment seems, to me, the most accommodating way to go. for reference, here's one of many clear examples, http://www.lovschall.dk/2010/01/nfs-static-ports-and-firewalls.html tbh, i do not know what's "globally" preferable &/or recommended. reading here, e.g., http://download.oracle.com/docs/cd/B10464_05/core.904/b12115/managing.htm#BA... suggests, imo rationally, that "it depends" ... and that the flexibility to use static &/or dynamic ports is what's recommended. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c18 Jan Kara <jack@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|jack@novell.com |pgngw+dev001+novell.com@f-m | |.fm --- Comment #18 from Jan Kara <jack@novell.com> 2010-10-22 00:21:05 UTC --- I was looking at registered port numbers at http://www.iana.org/assignments/port-numbers and 762 is registered there for quotad. So IMHO it makes sense to use this port for rpc.rquotad. Having this port statically assigned solves problem with firewalls and I don't see a benefit in having port number dynamic when the service is assigned a static number. Do you? Of course, sysadmin can always override the port number via setting Anicka implemented. But on a second thought, I don't think we should change 'quotad' in /etc/services to 'rquotad' when IANA registered name is 'quotad'. We should rather update /etc/rpc to contain 'quotad' alias for service 'rquotad'. What do you think? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c19 dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|pgngw+dev001+novell.com@f-m | |.fm | --- Comment #19 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-22 06:12:02 UTC --- the decision is yours, of course. but ... are you sure that "quotad" == "rquotad"? i can find _no_ NFS doc/spec/discussion/etc that refers to any daemon other than *R*quotad. e.g., @ http://www.faqs.org/docs/Linux-HOWTO/NFS-HOWTO.html#SERVICESTART "NFS serving is taken care of by five daemons: rpc.nfsd, which does most of the work; rpc.lockd and rpc.statd, which handle file locking; rpc.mountd, which handles the initial mount requests, and rpc.rquotad, which handles user file quotas on exported volumes. Starting with 2.2.18, lockd is called by nfsd upon demand, so you do not need to worry about starting it yourself. statd will need to be started separately. Most recent Linux distributions will have startup scripts for these daemons." and, i can find no stmt that "port 762" is NFS_related. it may be there -- i'm just not finding it. also, dl'ing the source tarball @ http://sourceforge.net/projects/nfs/, tar xjvf nfs-utils-1.2.3.tar.bz2 cat nfs-utils-1.2.3/NEWS Significant changes for nfs-utils 1.1.0 - March/April 2007 - rpc.lockd is gone. One 3 old kernel releases need it. !! - rpc.rquotad is gone. Use the one from the 'quota' package. Everone else does. ... looking to suse, @ https://build.opensuse.org/package/view_file?file=quota.spec&package=quota&project=Base%3ASystem well, that's _your_ spec. checking @ http://sourceforge.net/projects/linuxquota/, cd quota-tools/ grep quotad `grep -rlni quotad .` i see plenty of rquotad, but no 'just' quotad, and no mention in the sources of port 762 at all. again, i may well be wrong/blind, but, where is there any info, other than the fact that suse seems to use it, that says quotad is, in fact, the same as rquotad? i.e., _should_ quotad in /etc/services be used at all? p.s. hm, here, http://www.vanemery.com/Linux/NFS-Van.html, i find reference to rquotad at port 762. hmm. i'm more confused. bottom line -- allow *all* NFS_related ports to be easily spec'd/overridden in /etc/sysconfig/nfs. then the defaults -- whether dynamic, quotad, or something else -- simply don't matter to me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c20 --- Comment #20 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-22 06:17:30 UTC --- fyi, @ http://tldp.org/HOWTO/NFS-HOWTO/security.html, "In kernels 2.4.13 and later with nfs-utils 0.3.3 or later you no longer have to worry about the floating of ports in the portmapper. Now all of the daemons pertaining to nfs can be "pinned" to a port. Most of them nicely take a -p option when they are started; those daemons that are started by the kernel take some kernel arguments or module options. They are described below. .. .. If you are using quotas and using rpc.quotad to make these quotas viewable over nfs you will need to also take it into account when setting up your firewall. There are two rpc.rquotad source trees. One of those is maintained in the nfs-utils tree. The other in the quota-tools tree. They do not operate identically. The one provided with nfs-utils supports binding the daemon to a port with the -p directive. The one in quota-tools does not. Consult your distribution's documentation to determine if yours does." Iiuc, opensuse uses rpc.rquotad from the quota-tools tree, right? if that is true ... ??? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c21 dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |jack@novell.com --- Comment #21 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-27 15:07:17 UTC --- checking in ... anything else you needed here? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c22 Jan Kara <jack@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|jack@novell.com |pgngw+dev001+novell.com@f-m | |.fm --- Comment #22 from Jan Kara <jack@novell.com> 2010-10-27 16:30:47 UTC --- rpc.rquotad used to be present in both nfs-utils and quota-tools. SUSE uses the one from quota-tools for quite some time and as you correctly found out rpc.rquotad has been dropped from upstream nfs-utils some time ago. Also rpc.rquotad in quota-tools supports --port option for several years already. About the confusion of rquotad and quotad - I *think* that quotad service with port 762 is meant to be rquotad. I'm not sure and I don't know whether there is a way to reliably decide either way... I don't have a strong preference (as I lack any reliable arguments) so if we keep the original behavior of random port selection then so be it. It worked for everybody upto now. As you said you don't mind the default port either as long as you have a way to override it - and that's already implemented for next openSUSE release (sorry, no backport of this enhancement to 11.3 but you can always hack around the init script). So are we still missing something in the end? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c23 dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|pgngw+dev001+novell.com@f-m | |.fm | --- Comment #23 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-10-27 16:59:00 UTC ---
So are we still missing something in the end?
oh, honestly. this whole topic's a mess -- so who knows! ;-) re:
SUSE uses the one from quota-tools for quite some time
"The one provided with nfs-utils supports binding the daemon to a port with the -p directive. The one in quota-tools does not. Consult your distribution's documentation to determine if yours does." reads, to me, as you CAN'T bind the daemon to a static port ... or maybe it's just commenting as to method. i just don't know. but, if that's resolved, "in the end" we have, /etc/sysconfig/nfs providing option for static ports for MOUNTD_PORT="4002" & STATD_OPTIONS="-p 4000" in different formats, a newly created, /etc/sysconfig/rquotad in whatever format, for setting QUOTAD/RQUOTAD static port and, for LOCKD, (http://www.lowth.com/LinWiz/nfs_help_suse.php, https://bugzilla.redhat.com/show_bug.cgi?id=434795) adding to "/etc/modprobe.d/99-local.conf" options lockd nlm_udpport=4001 nlm_tcpport=4001 so that, we end up with (e.g., assigning 4000-4003 block or ports): rpcinfo -p | grep 40 100005 1 udp 4002 mountd 100005 1 tcp 4002 mountd 100005 2 udp 4002 mountd 100005 2 tcp 4002 mountd 100005 3 udp 4002 mountd 100005 3 tcp 4002 mountd 100024 1 udp 4000 status 100024 1 tcp 4000 status 100021 1 udp 4001 nlockmgr 100021 3 udp 4001 nlockmgr 100021 4 udp 4001 nlockmgr 100021 1 tcp 4001 nlockmgr 100021 3 tcp 4001 nlockmgr 100021 4 tcp 4001 nlockmgr 100011 1 udp 4003 rquotad 100011 2 udp 4003 rquotad 100011 1 tcp 4003 rquotad 100011 2 tcp 4003 rquotad so, re:
as long as you have a way to override it
i can override all ports in places that are NOT subject to overwrite. works for me. thanks! fwiw, if were up to me, *I* would strive for some sort of consistency for ALL the nfs-related daemons, & either (a) create ONE /etc/sysconfig/nfs_services config, as one place to config ALL the available options, or (b) at least also create /etc/sysconfig/lockd ... some issues at hand are: https://bugzilla.redhat.com/show_bug.cgi?id=434795#c20. but, like I said -- all options are (well, will be eventually) able to set to static ports, and are "officially" safe from inadvertent overwrite by installs, etc. so, again, if that's all correct -- "WORKS". thx. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c24 Jan Kara <jack@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO InfoProvider| |nfbrown@novell.com --- Comment #24 from Jan Kara <jack@novell.com> 2010-11-09 14:04:04 UTC --- I thought about the consistency for a while. Maybe an idea with a separate file where user could set ports of different NFS services would be nice. And quota-tools could just add to that file what's needed for rpc.rquotad when it gets installed. Setting needinfo to Neil what he thinks about it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c25 Neil Brown <nfbrown@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED CC| |nfbrown@novell.com InfoProvider|nfbrown@novell.com | --- Comment #25 from Neil Brown <nfbrown@novell.com> 2010-11-10 23:04:01 UTC --- I think that if we want a single file with all the RPC port assignments that we want to be static, then that file should be /etc/defaults/something, probably /etc/sysconfig/nfs. Then all the relevant init.d scripts can source that at optionally add a -p arg to the relevant program. I think that yet-another special-purpose /etc/ file with configuration that each daemon reads would be unnecessary complexity ... though I'm not sure that is what you are suggesting. I agree it is a mess. I wouldn't be against leveraging /etc/services and have each rpc daemon do a getservbyname and use th returned port number of there is one. And obviously we would use the IANA names ... except that they are just names, not protocol descriptions, so as noted above, it is hard to be sure that "quotad" is the right thing. Apparently 20048 is mounted - I never new that! I vote for just shell variable defines in /etc/sysconfig/nfs or similar. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c26 --- Comment #26 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-11-10 23:44:04 UTC --- (In reply to comment #25)
I vote for just shell variable defines in /etc/sysconfig/nfs or similar.
+1
I think that yet-another special-purpose /etc/ file with configuration that each daemon reads would be unnecessary complexity ... though I'm not sure that is what you are suggesting.
in my comment, i'd intended just one file -- i'd simply called it /etc/sysconfig-nfs_services to be more descriptive and inclusive of all available ports. If this _is_ trending towards the all-in-one-place solution, great. Still _do_ need to address whether each daemon requires an option for setting UDP & TCP ports separately. Personally, I've never done so -- but, I _do_ note that, e.g., options lockd nlm_udpport=4001 nlm_tcpport=4001 certainly gives you the option. I've never seen the other daemons' ports split by protocol, and, afaict, @dynamic assignment, UDP & TCP get same port assignments. the (complete?) nfs-related services list is mountd status nlockmgr rquotad then, for VARS in a /etc/sysconfig/nfs, if VAR undefined, then port option == /etc/services or build-default (absolutely NO idea what to suggest for quotad vs rquotad, and whether or not to 'take' /etc/services' quotad value as a static *default*) if VAR defined, then simple overwrite of port value. finally, still need to address whether to call out VARS for port-only, or for daemon-options. i.e., from current /etc/syconfig/nfs MOUNTD_PORT="4002" ... STATD_OPTIONS="-p 4000" one's "just the port", the other's "all options". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c27 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED --- Comment #27 from Anna Bernathova <anicka@novell.com> 2010-11-22 12:11:08 UTC --- OK, let us do it this way. Neil, could you please add the file to nfs-tools? I will then take care for quota. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c29 --- Comment #29 from dev001x _ <pgngw+dev001+novell.com@f-m.fm> 2010-12-24 00:29:16 UTC --- has this fix landed somewhere as yet? just checking-in ... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c dev001x _ <pgngw+dev001+novell.com@f-m.fm> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |anicka@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c30 Vitezslav Cizek <vcizek@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vcizek@novell.com InfoProvider|anicka@novell.com |nfbrown@novell.com --- Comment #30 from Vitezslav Cizek <vcizek@novell.com> 2011-01-06 16:58:42 UTC --- Neil, Could you please add the RPC port variables to the /etc/sysconfig/nfs? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c31 Neil Brown <nfbrown@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|nfbrown@novell.com | --- Comment #31 from Neil Brown <nfbrown@novell.com> 2011-02-07 01:08:34 UTC --- OK, I've added "RQUOTAD_PORT" to sysconfig for nfs and submitted the update for Factory. Obviously quotad needs to be changed to use this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c32 --- Comment #32 from Neil Brown <nfbrown@novell.com> 2011-02-08 04:53:36 UTC --- (In reply to comment #31)
OK, I've added "RQUOTAD_PORT" to sysconfig for nfs and submitted the update for Factory. Obviously quotad needs to be changed to use this.
Actually that update didn't work at all.... But I have now updated Base:System and submitted request id 60268 for it to go into Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c33 --- Comment #33 from Neil Brown <nfbrown@novell.com> 2011-02-08 09:16:02 UTC --- lrupp writes ---------------- /mounts/work_src_done/STABLE/nfs-utils was not checked in by lrupp for the following reasons: Please submit a fixed quota-nfs without the /var/adm/fillup-templates/sysconfig.rquotad file for this. To be more consistent, I like to suggest the usage of a separate file in the quota-nfs package adding the relevant information to /etc/sysconfig/nfs - a detailed description can be found here: http://old-en.opensuse.org/SUSE_Package_Conventions/RPM_Macros#3.7._.25fillu... (man => cron example). So users who do not install the quota-nfs package would not get the additional VAR in /etc/sysconfig/nfs, but if the users do, they would find it at that place. ----------------- I'm not entirely sure what this means ... I might look into it later. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c34 --- Comment #34 from Vitezslav Cizek <vcizek@novell.com> 2011-02-08 15:40:06 UTC --- I'm not entirely sure either, but reading the comment, I think that lrupp wants it the other way around: The RQUOTAD_PORT variable will appear in /etc/sysconfig/nfs only if there is package quota installed on the system. Looking at the aforementioned wiki article, this can be achieved by using the %fillup_only macro from the quota package. So, we should add some new file like sysconfig.quota-nfs to the quota package, containing the RQUOTAD_PORT variable stuff. And then source it to the /etc/sysconfig/nfs, via %{fillup_only -an cron} in the quota.spec Do I get it right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c35 --- Comment #35 from Neil Brown <nfbrown@novell.com> 2011-02-16 23:40:12 UTC --- Yes, that agrees with my reading of the page too. So I guess this change can be made entirely in the quota-nfs package without and change in nfs-utils - that is good (For me anyway :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c36 --- Comment #36 from Neil Brown <nfbrown@novell.com> 2011-02-16 23:43:49 UTC --- Just for reference, this is the stanza that I had added to sysconfig.nfs. Feel free to use it or not as you wish.. ## Path: Network/File systems/NFS server ## Description: use fixed port number for rquotad ## Type: integer ## Default: "" ## ServiceRestart: quotad # # Only set this if you want to start quotad on a fixed # port instead of the port assigned by rpc. Only for use # to export nfs-filesystems through firewalls. # RQUOTAD_PORT="" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c37 --- Comment #37 from Vitezslav Cizek <vcizek@novell.com> 2011-02-17 13:13:23 UTC --- Well, this is what I did: I used fillup to append your RQUOTAD_PORT stuff to /etc/sysconfig/nfs. The sysconfig file /etc/sysconfig/rquotad is no longer needed, so I dropped it. The startup quota script and the documentation was updated. I submitted a request to factory. I'll report it here, if it gets through. Maybe the documentation for nfs-utils will need an update, then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c38 --- Comment #38 from Vitezslav Cizek <vcizek@novell.com> 2011-02-18 12:52:42 UTC --- The request has just been accepted to factory. I'm not sure, whether it makes it to 11.4. We can probably close this bug now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=637382 https://bugzilla.novell.com/show_bug.cgi?id=637382#c39 Vitezslav Cizek <vcizek@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #39 from Vitezslav Cizek <vcizek@novell.com> 2011-02-24 13:53:22 UTC --- Fixed in 11.4. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=637382 http://bugzilla.novell.com/show_bug.cgi?id=637382#c40 --- Comment #40 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (637382) was mentioned in https://build.opensuse.org/request/show/47612 Factory / quota https://build.opensuse.org/request/show/52128 Factory / netcfg https://build.opensuse.org/request/show/61747 Factory / quota -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com