mirror of
https://github.com/opnsense/src.git
synced 2026-04-04 08:55:18 -04:00
4389a56610
r376026 added a new "-R" option to mountd, which tells it to not support the Mount protocol (not used by NFSv4) and not register with rpcbind. Rpcbind is considered a security issue by some sites now. This patch adds a new yes/no variable called nfsv4_server_only. When that is set, make vfs.nfsd.server_min_vers=4 and set "=R" for mountd. Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind. While here, add a check for "load_kld nfsd" failing to nfsd. Reviewed by: 0mp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D26938
67 lines
1.5 KiB
Bash
Executable file
67 lines
1.5 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: mountd
|
|
# REQUIRE: NETWORKING rpcbind quota
|
|
# KEYWORD: nojail shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="mountd"
|
|
desc="Service remote NFS mount requests"
|
|
rcvar="mountd_enable"
|
|
command="/usr/sbin/${name}"
|
|
pidfile="/var/run/${name}.pid"
|
|
required_files="/etc/exports"
|
|
start_precmd="mountd_precmd"
|
|
extra_commands="reload"
|
|
|
|
mountd_precmd()
|
|
{
|
|
|
|
# Load the modules now, so that the vfs.nfsd sysctl
|
|
# oids are available.
|
|
load_kld nfsd || return 1
|
|
|
|
# Do not force rpcbind to be running for an NFSv4 only server.
|
|
#
|
|
if checkyesno nfsv4_server_only; then
|
|
echo 'NFSv4 only server'
|
|
sysctl vfs.nfsd.server_min_nfsvers=4 > /dev/null
|
|
sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
|
|
rc_flags="${rc_flags} -R"
|
|
else
|
|
force_depend rpcbind || return 1
|
|
fi
|
|
|
|
# mountd flags will differ depending on rc.conf settings
|
|
#
|
|
if checkyesno nfs_server_enable || checkyesno nfsv4_server_only; then
|
|
if checkyesno weak_mountd_authentication; then
|
|
if checkyesno nfsv4_server_only; then
|
|
echo -n 'weak_mountd_authentication '
|
|
echo -n 'incompatible with nfsv4_server_only, '
|
|
echo 'ignored'
|
|
else
|
|
rc_flags="${rc_flags} -n"
|
|
fi
|
|
fi
|
|
else
|
|
if checkyesno mountd_enable; then
|
|
checkyesno weak_mountd_authentication && rc_flags="-n"
|
|
fi
|
|
fi
|
|
|
|
if checkyesno zfs_enable; then
|
|
rc_flags="${rc_flags} /etc/exports /etc/zfs/exports"
|
|
fi
|
|
|
|
rm -f /var/db/mountdtab
|
|
( umask 022 ; > /var/db/mountdtab ) ||
|
|
err 1 'Cannot create /var/db/mountdtab'
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|