1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109999: [nfs-common] default option (${STATDOPTS}) is not used

    From Jean-Marc LACROIX@21:1/5 to All on Mon Jul 28 11:00:01 2025
    XPost: linux.debian.kernel

    Le 28/07/2025 à 07:12, Jochen Sprickerhof a écrit :
    Hi Jean-Marc,

    * Jean-Marc LACROIX <[email protected]> [2025-07-27 23:43]:
    In order to increase (a little !) security, and as defined into
    http://wiki.debian.org/SecuringNFS, it is a good practice to defined
    one static port for nfs-stad daemon.

    This feature is available in the man. Furthermore, it is implemented
    into /etc/default/nfs-common into variable STATDOPTS.

    But is seems that /etc/init/nfs-common script has forgotten to use
    this variable when launching daemon. As a result it is not possible to
    change ANY option available for this daemon.


    On debian bookwoorm, it works.
    Find following diff bettween Bookworm and Trixie

    diff /tmp/nfs-common-trixie /tmp/nfs-common-bookworm
    22a23
    RPCGSSDOPTS=
    30c31
    < [ -x /usr/sbin/rpc.statd ] || exit 0
    ---
    [ -x /sbin/rpc.statd ] || exit 0
    42c43
    <     while read -r DEV _ _ OPTS _
    ---
        while read DEV MTPT FSTYPE OPTS REST
    89c90
    <     if [ -x /sbin/modprobe ] && [ -f /proc/modules ]
    ---
        if [ -x /sbin/modprobe -a -f /proc/modules ]
    136c137
    <               --exec /usr/sbin/rpc.statd
    ---
                  --exec /sbin/rpc.statd -- $STATDOPTS

    This is no longer supported as stated in the NEWS file:

    https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/ debian/nfs-common.NEWS?ref_type=heads

    The complete removal was done here:

    https://salsa.debian.org/kernel-team/nfs-utils/-/ commit/6824312704bc066b5867b9777695e46cce52dcbc

    So maybe this needs an other NEWS entry and/or mention in the release-
    notes.

    Cheers Jochen

    According ...

    https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/debian/nfs-common.NEWS?ref_type=heads

    i understand there is now one new configuration file , Ok.

    But, for daemon rpcbind, it seems that previous old configuration file
    is still valid, because ...

    ansible@vn-nfs-110:~$ uname -a
    Linux vn-nfs-110 6.12.30+bpo-armmp-lpae #1 SMP Debian 6.12.30-1~bpo12+1 (2025-06-14) armv7l GNU/Linux
    ansible@vn-nfs-110:~$ cat /etc/debian_version
    13.0
    ansible@vn-nfs-110:~$ dpkg -L rpcbind |grep etc
    /etc
    /etc/default
    /etc/default/rpcbind
    /etc/init.d
    /etc/init.d/rpcbind
    /etc/insserv.conf.d
    /etc/insserv.conf.d/rpcbind
    ansible@vn-nfs-110:~$

    So please, could you confirm that new configuration file /etc/nfs.conf
    is not used for this daemon ?


    Cordialement
    --
    -- Jean-Marc LACROIX (06 82 29 98 66) --
    -- mailto : [email protected] --

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jochen Sprickerhof@21:1/5 to All on Mon Jul 28 11:40:01 2025
    XPost: linux.debian.kernel

    * Jean-Marc LACROIX <[email protected]> [2025-07-28 10:50]:
    But, for daemon rpcbind, it seems that previous old configuration file
    is still valid, because ...

    ansible@vn-nfs-110:~$ uname -a
    Linux vn-nfs-110 6.12.30+bpo-armmp-lpae #1 SMP Debian
    6.12.30-1~bpo12+1 (2025-06-14) armv7l GNU/Linux
    ansible@vn-nfs-110:~$ cat /etc/debian_version
    13.0
    ansible@vn-nfs-110:~$ dpkg -L rpcbind |grep etc
    /etc
    /etc/default
    /etc/default/rpcbind
    /etc/init.d
    /etc/init.d/rpcbind
    /etc/insserv.conf.d
    /etc/insserv.conf.d/rpcbind
    ansible@vn-nfs-110:~$

    So please, could you confirm that new configuration file /etc/nfs.conf
    is not used for this daemon ?

    That seems to be correct:

    https://codesearch.debian.net/search?q=nfs.conf+package%3Arpcbind

    Note that rpcbind is from src:rpcbind whereas nfs-common is from src:nfs-utils, so different projects.

    Cheers Jochen

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmiHQtIACgkQW//cwljm lDMu+Q//V+Nwa/U1hZ3+Y7DOwur/KScZ//xqAmP5zaOOrReOJ1yUYZetK8XS2ZIe 6eKhaJTfP7Jc484ySfy25D759Z9UgXXaLPBRUMCD90bjDFjRgz97q03a71FwsyWb pRY/Ayl/8xorKuI4SK7xftXg/97vp42UF3IJqb/SAaBUHNhI314YUwezo4QSLePq 53YTRqC9wU112QBJ47APuKHLJAjaBW6cnspBE1Vuxgu6qdNSWo8LatT01iT+jVQr W73KdQI4dgXF7L+uv4dZ7l9dycth0Ubkk6P04b2d3gT14SUOxDn1ZRBjG+jGqHm0 hYXsbRwxmt2AUWQCpAkrhhT74V8PSI/BzVPgpsu0hs8r0JapWzYj5cgA+ATzPlAR RiploArPr59W3c0Ll1ebz/Pi3GfYqPIURTZSnDOD786U311JtVPETi2d/T5L+Vwc laXlWwhiXbX43ml6Q4HD3mffNm2kWwclwag7EOJmMtIyrL6AI/uWb9BWaKbAOQ/t 3bPlY7mfmp21hNFU8oN9KTL8PnL4sH6IuWkRiq4DyUVn6N2CJTZgd+ejn7Wf3F74 RDJx3gW9DO207R7zfLhcS9OZFJ4vIxuq3yoL5LVo+vkYPvHfNoI4r2Cou/HMobBL Jf2o/bOge0LZ48rGFSYrNerpfQlBBmg7uxWwsDnVYJRnly/9OtE=
    =ce0N
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)