21.07.2016 19:28, Dominique Leuenberger / DimStar пишет:
On Thu, 2016-07-21 at 17:35 +0200, jcsl wrote:
El jueves, 21 de julio de 2016 16:32:27 (CEST) Andrei Borzenkov escribió:
On Thu, Jul 21, 2016 at 4:02 PM, jcsl
wrote: I want to have a NFSv4 without the RPC services running. IIRC it was possible on 13.2
No, it is (and was) not possible.
Thanks, but that is not a very helpful answer without any references or a brief ─one or two lines─ explanation. I still think that it is possible because of the following text taken from from SUSE Linux Enterprise Server 12 SP1 Release Notes:
3.1.4.5 NFSv4 only configuration ... Disabling NFSv3 (and lower) can reduce the attack surface. Setting NFS3_SERVER_SUPPORT=no in /etc/sysconfig/nfs will disable NFSv3 support and ensure that lockd and statd are not started. It does not prevent rpcbind from starting though. This is in part because rpcbind is needed for other services including NIS ¹ (aka yellow-pages) and automatically determining that none of these are required is problematic.
If rpcbind is not needed (so only NFSv4 is used), it can be disabled with the command:
systemctl disable rpcbind.socket
As you quote Release Notes from SLE: those are applicable to SLE and there are sometimes differences between how SLE handles things and how openSUSE does (this gap is still there, but everybody is hard at work at closing this gap).
In this specific case, I would like to point you to this patch that is applied on the nfs-utils package on SLE, but not on openSUSE:
https://build.suse.de/package/view_file/SUSE:SLE-12-SP2:GA/nfs-utils/00 01-systemd-unit-files-fix-up-dependencies-on-rpcbind.patch?expand=1
This patch does not change anything and release notes still remain wrong. Even with this patch nfs-server.service explicitly Wants rpc-statd.service while release notes claim "statd is not started". And it still explicitly Wants (and statd Requires) rpcbind.socket.
Based on this I'm sure you can re-create the service file.
Leap 42.2 being based on SLE12SP2 actually contains this patch as well!
Hope this gets you one step further - and this should be great motivation for the NFS maintainers of openSUSE and SLE to sit together, evaluate the differences between the two branches and solve this issue also on Tumbleweed.
Cheers, Dominique