Rick Macklem 4389a56610 Add support for the new mountd -R option.
r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.

This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.

Reviewed by:	0mp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D26938
2020-11-06 16:33:42 +00:00

60 lines
1.2 KiB
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: nfsd
# REQUIRE: mountcritremote mountd hostname gssd nfsuserd
# KEYWORD: nojail shutdown
. /etc/rc.subr
name="nfsd"
desc="Remote NFS server"
rcvar="nfs_server_enable"
command="/usr/sbin/${name}"
nfs_server_vhost=""
load_rc_config $name
start_precmd="nfsd_precmd"
sig_stop="USR1"
nfsd_precmd()
{
local _vhost
rc_flags="${nfs_server_flags}"
# Load the modules now, so that the vfs.nfsd sysctl
# oids are available.
load_kld nfsd || return 1
if checkyesno nfs_reserved_port_only; then
echo 'NFS on reserved port only=YES'
sysctl vfs.nfsd.nfs_privport=1 > /dev/null
else
sysctl vfs.nfsd.nfs_privport=0 > /dev/null
fi
if checkyesno nfs_server_managegids; then
force_depend nfsuserd || err 1 "Cannot run nfsuserd"
fi
if checkyesno nfsv4_server_enable; then
sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
elif ! checkyesno nfsv4_server_only; then
echo 'NFSv4 is disabled'
sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null
fi
if ! checkyesno nfsv4_server_only; then
force_depend rpcbind || return 1
fi
force_depend mountd || return 1
if [ -n "${nfs_server_vhost}" ]; then
command_args="-V \"${nfs_server_vhost}\""
fi
}
run_rc_command "$1"