Le 28/07/2025 à 07:12, Jochen Sprickerhof a écrit :
Hi Jean-Marc,
* Jean-Marc LACROIX <[email protected]> [2025-07-27 23:43]:
In order to increase (a little !) security, and as defined into
http://wiki.debian.org/SecuringNFS, it is a good practice to defined
one static port for nfs-stad daemon.
This feature is available in the man. Furthermore, it is implemented
into /etc/default/nfs-common into variable STATDOPTS.
But is seems that /etc/init/nfs-common script has forgotten to use
this variable when launching daemon. As a result it is not possible to
change ANY option available for this daemon.
On debian bookwoorm, it works.
Find following diff bettween Bookworm and Trixie
diff /tmp/nfs-common-trixie /tmp/nfs-common-bookworm
22a23
RPCGSSDOPTS=
30c31
< [ -x /usr/sbin/rpc.statd ] || exit 0
---
[ -x /sbin/rpc.statd ] || exit 0
42c43
< while read -r DEV _ _ OPTS _
---
while read DEV MTPT FSTYPE OPTS REST
89c90
< if [ -x /sbin/modprobe ] && [ -f /proc/modules ]
---
if [ -x /sbin/modprobe -a -f /proc/modules ]
136c137
< --exec /usr/sbin/rpc.statd
---
--exec /sbin/rpc.statd -- $STATDOPTS
This is no longer supported as stated in the NEWS file:
https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/
debian/nfs-common.NEWS?ref_type=heads
The complete removal was done here:
https://salsa.debian.org/kernel-team/nfs-utils/-/
commit/6824312704bc066b5867b9777695e46cce52dcbc
So maybe this needs an other NEWS entry and/or mention in the release-
notes.
Cheers Jochen
According ...
https://salsa.debian.org/kernel-team/nfs-utils/-/blob/debian/latest/debian/nfs-common.NEWS?ref_type=heads
i understand there is now one new configuration file , Ok.
But, for daemon rpcbind, it seems that previous old configuration file
is still valid, because ...
ansible@vn-nfs-110:~$ uname -a
Linux vn-nfs-110 6.12.30+bpo-armmp-lpae #1 SMP Debian 6.12.30-1~bpo12+1
(2025-06-14) armv7l GNU/Linux
ansible@vn-nfs-110:~$ cat /etc/debian_version
13.0
ansible@vn-nfs-110:~$ dpkg -L rpcbind |grep etc
/etc
/etc/default
/etc/default/rpcbind
/etc/init.d
/etc/init.d/rpcbind
/etc/insserv.conf.d
/etc/insserv.conf.d/rpcbind
ansible@vn-nfs-110:~$
So please, could you confirm that new configuration file /etc/nfs.conf
is not used for this daemon ?
Cordialement
--
-- Jean-Marc LACROIX (06 82 29 98 66) --
-- mailto : [email protected] --
