Make a sysconfig variable controlling if teh kernel should accept

nfs requests from non-privileged ports.

Change mountd such that it does never set this variable, but only clears
it when run with -n. Also document this in the man page.
This commit is contained in:
Guido van Rooij 1997-04-09 20:17:15 +00:00
parent 07bb70bf47
commit c6e5e15858
4 changed files with 31 additions and 18 deletions

5
etc/rc
View File

@ -1,5 +1,5 @@
#!/bin/sh
# $Id: rc,v 1.114 1997/03/16 15:26:32 joerg Exp $
# $Id: rc,v 1.115 1997/04/01 01:00:34 pst Exp $
# From: @(#)rc 5.27 (Berkeley) 6/5/91
# System startup script run by init on autoboot
@ -262,6 +262,9 @@ if [ "X${nfs_server}" = X"YES" -a -r /etc/exports ]; then
else
mountd
fi
if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
sysctl -w vfs.nfs.nfs_privport=1
fi
echo -n ' nfsd'; nfsd -u -t 4
# Warning: rpc.lockd is broken.
# Only uncomment this line if the consequences are fully understood.

View File

@ -4,7 +4,7 @@
# This is sysconfig - a file full of useful variables that you can set
# to change the default startup behavior of your system.
#
# $Id: sysconfig,v 1.61 1997/03/16 15:26:34 joerg Exp $
# $Id: sysconfig,v 1.62 1997/04/01 01:00:35 pst Exp $
######################### Start Of Local Configuration Section ###########
@ -206,6 +206,12 @@ nfs_client=NO
# Set to YES if this machine will be an NFS server
nfs_server=NO
# the following option controls if the nfs server will be only allow
# requests from reserved ports. NB: running mountd with
# weak_mountd_authentication=YES will automatically clear this flag.
# See also mountd(8)
nfs_reserved_port_only=NO
# Set to appropriate flags if you want to start NIS for a client
nis_clientflags="NO"

View File

@ -43,7 +43,7 @@ static char copyright[] =
#ifndef lint
/*static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; */
static const char rcsid[] =
"$Id: mountd.c,v 1.16 1997/03/29 03:32:49 imp Exp $";
"$Id: mountd.c,v 1.17 1997/04/01 14:15:30 bde Exp $";
#endif /*not lint*/
#include <sys/param.h>
@ -318,13 +318,15 @@ main(argc, argv)
}
}
mib[0] = CTL_VFS;
mib[1] = MOUNT_NFS;
mib[2] = NFS_NFSPRIVPORT;
if (sysctl(mib, 3, NULL, NULL, &resvport_only,
sizeof(resvport_only)) != 0 && errno != ENOENT) {
syslog(LOG_ERR, "sysctl: %m");
exit(1);
if (!resvport_only) {
mib[0] = CTL_VFS;
mib[1] = MOUNT_NFS;
mib[2] = NFS_NFSPRIVPORT;
if (sysctl(mib, 3, NULL, NULL, &resvport_only,
sizeof(resvport_only)) != 0 && errno != ENOENT) {
syslog(LOG_ERR, "sysctl: %m");
exit(1);
}
}
if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL ||

View File

@ -43,7 +43,7 @@ static char copyright[] =
#ifndef lint
/*static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; */
static const char rcsid[] =
"$Id: mountd.c,v 1.16 1997/03/29 03:32:49 imp Exp $";
"$Id: mountd.c,v 1.17 1997/04/01 14:15:30 bde Exp $";
#endif /*not lint*/
#include <sys/param.h>
@ -318,13 +318,15 @@ main(argc, argv)
}
}
mib[0] = CTL_VFS;
mib[1] = MOUNT_NFS;
mib[2] = NFS_NFSPRIVPORT;
if (sysctl(mib, 3, NULL, NULL, &resvport_only,
sizeof(resvport_only)) != 0 && errno != ENOENT) {
syslog(LOG_ERR, "sysctl: %m");
exit(1);
if (!resvport_only) {
mib[0] = CTL_VFS;
mib[1] = MOUNT_NFS;
mib[2] = NFS_NFSPRIVPORT;
if (sysctl(mib, 3, NULL, NULL, &resvport_only,
sizeof(resvport_only)) != 0 && errno != ENOENT) {
syslog(LOG_ERR, "sysctl: %m");
exit(1);
}
}
if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL ||