How to run NFS4-only Server without rpcbind on SLES 12 or 15

This document (7024154) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12

Situation

NFSv4 can run without rpcbind, and without other nfs-related services needed for v3 or v2, which normally register themselves with rpcbind.
 
However, NFS on SLES 12 and 15 still defaults to supporting all of the above, and does not automatically disable the potentially unnecessary services when you switch off NFS Server v3/v2 support.
 
This document discusses how that is done and some impacts of doing so.
 
NOTE:  This document does not apply to SLES 11 or older distributions.

Resolution

To create a NFS4-only NFS Server without rpcbind:
 
1.  Edit /etc/sysconfig/nfs and set these two options thusly:
 
   NFS3_SERVER_SUPPORT="no"
   MOUNTD_OPTIONS="--no-nfs-version 2 --no-nfs-version 3
 
2.  As root, give the command:
 
systemctl mask rpcbind.service
 
3.  Reboot.  If it is undesirable to reboot, stop/start the following:
 
systemctl stop nfs-server
systemctl stop rpc-statd
systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl start nfs-server
 
 
ALTERNATIVE:  If you want to leave rpcbind running but disable rpc.statd (nfs status daemon), then replace step #2 with:
 
systemctl mask rpc-statd.service
 
and for step #3 (without reboot) skip the 2 lines for rpcbind and rpcbind.socket.
 
 
See the "Additional Information" section for important notes.

Additional Information

Various notes are important to consider or provide useful background information when considering whether to disable the rpcbind services when implementing an NFS4-only server:
 
1.  The configuration in the "Resolution" section above will prevent rpc.mountd from registering with rpcbind, but rpc.mountd will still run.  It performs some internal functions for the v4 NFS Server, even though clients do not need to communicate with it.
 
2.  Without rpc.mountd servicing v3/v2 calls, any machine attempting to do "showmount -e" (or similar calls) against this NFS Server (to get a lists of exports) will fail.  Various applications, including some setups of autofs (automount) rely on such queries to discover available nfs shares.
 
3.  Without rpcbind or rpc.statd and other v3/v2 services enabled, not only will this machine be a NFS4-only Server, it will also be a NFS4-only client.  In other words, if this machine attempts to perform an NFS mount command (even one pointing to a different, remote NFS server that supports both v4 and v3), a vers=4 mount will work, but a vers=3 mount will fail with dependency errors about the various disabled or masked services.  This is because some services (rpcbind, statd, lockd) are necessary for NFS v3/v2 Client functions, not just NFS v3/v2 Server functions.
 
4.  To unmask a service which was previously masked, use the "unmask" directive, such as:
 
systemctl unmask rpcbind
systemctl unmask rpc-statd
 
5.  For more information on systemd and nfs, see "man nfs.systemd".

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7024154
  • Creation Date: 01-Oct-2019
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center