How to run NFS4-only Server without rpcbind on SLES 12 or 15
This document (7024154) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12
Situation
NFSv4 can run without rpcbind, and without other nfs-related services needed for v3 or v2, which normally register themselves with rpcbind.
However, NFS on SLES 12 and 15 still defaults to supporting all of the above, and does not automatically disable the potentially unnecessary services when you switch off NFS Server v3/v2 support.
This document discusses how that is done and some impacts of doing so.
NOTE: This document does not apply to SLES 11 or older distributions.
Resolution
To create a NFS4-only NFS Server without rpcbind:
1. Edit /etc/sysconfig/nfs and set these two options thusly:
NFS3_SERVER_SUPPORT="no"
MOUNTD_OPTIONS="--no-nfs-version 2 --no-nfs-version 3
2. As root, give the command:
systemctl mask rpcbind.service
3. Reboot. If it is undesirable to reboot, stop/start the following:
systemctl stop nfs-server
systemctl stop rpc-statd
systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl start nfs-server
ALTERNATIVE: If you want to leave rpcbind running but disable rpc.statd (nfs status daemon), then replace step #2 with:
systemctl mask rpc-statd.service
and for step #3 (without reboot) skip the 2 lines for rpcbind and rpcbind.socket.
See the "Additional Information" section for important notes.
Additional Information
Various notes are important to consider or provide useful background information when considering whether to disable the rpcbind services when implementing an NFS4-only server:
1. The configuration in the "Resolution" section above will prevent rpc.mountd from registering with rpcbind, but rpc.mountd will still run. It performs some internal functions for the v4 NFS Server, even though clients do not need to communicate with it.
2. Without rpc.mountd servicing v3/v2 calls, any machine attempting to do "showmount -e" (or similar calls) against this NFS Server (to get a lists of exports) will fail. Various applications, including some setups of autofs (automount) rely on such queries to discover available nfs shares.
3. Without rpcbind or rpc.statd and other v3/v2 services enabled, not only will this machine be a NFS4-only Server, it will also be a NFS4-only client. In other words, if this machine attempts to perform an NFS mount command (even one pointing to a different, remote NFS server that supports both v4 and v3), a vers=4 mount will work, but a vers=3 mount will fail with dependency errors about the various disabled or masked services. This is because some services (rpcbind, statd, lockd) are necessary for NFS v3/v2 Client functions, not just NFS v3/v2 Server functions.
4. To unmask a service which was previously masked, use the "unmask" directive, such as:
systemctl unmask rpcbind
systemctl unmask rpc-statd
5. For more information on systemd and nfs, see "man nfs.systemd".
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7024154
- Creation Date: 01-Oct-2019
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
Run SAP
SUSE for Public Cloud
Security
