Quoting Tom H tomh0665@gmail.com:

On Fri, Dec 20, 2013 at 2:34 PM, Robert P. J. Day rpjday@crashcourse.ca wrote:

...

a long, long time ago, i reported an apparent glitch with NFS on fedora:

https://lists.fedoraproject.org/pipermail/users/2010-January/097465.html

in that, at the time, it *appeared* that you couldn't set up NFS so that *only* version 4 was running. before i start messing with this again, anyone know whether that's changed? that is, is it possible to set up a network in which only NFSv4 is running, and no earlier versions are supported? thanks.

It's been possible to run nfsv4-only nfs for a long time, with only port 2049 being let through the firewall. It only appears that you can't because because rpc.mountd has to run on the server but it's only involved in the exporting and not the mounting.

a followup question, then -- i'm reading the RHEL docs (but i imagine the contents are applicable here as long as we're talking about NFSv4); the section on NFS reads:

"The mounting and locking protocols have been incorporated into the NFSv4 protocol. The server also listens on the well-known TCP port 2049. As such, NFSv4 does not need to interact with rpcbind [3], lockd, and rpc.statd daemons."

does that mean that if i configure my system(s) to run NFSv4 only, those daemons no longer need to be run? better yet, if i configure for NFSv4 *only*, will those daemons even be started? i guess i could peruse /etc/rc.d/init.d/nfs to find out.

rday

Quoting Tom H tomh0665@gmail.com:

On Fri, Dec 20, 2013 at 2:34 PM, Robert P. J. Day rpjday@crashcourse.ca wrote:

...

a long, long time ago, i reported an apparent glitch with NFS on fedora:

https://lists.fedoraproject.org/pipermail/users/2010-January/097465.html

in that, at the time, it *appeared* that you couldn't set up NFS so that *only* version 4 was running. before i start messing with this again, anyone know whether that's changed? that is, is it possible to set up a network in which only NFSv4 is running, and no earlier versions are supported? thanks.

It's been possible to run nfsv4-only nfs for a long time, with only port 2049 being let through the firewall. It only appears that you can't because because rpc.mountd has to run on the server but it's only involved in the exporting and not the mounting.

how does one configure fedora 20 to support only NFSv4? i'm used to mucking with /etc/sysconfig/nfs in earlier versions of RH, and tweaking the variables MOUNTD_NFS_V* and RPCNFSDARGS. i don't see those vars in fedora 20 and, according to "rpcinfo -p", i'm currently supporting NFS versions both 3 and 4. so how does one turn off NFSv3? thanks.

rday

Quoting Ed Greshko Ed.Greshko@greshko.com:

On 12/24/13 07:16, Robert P. J. Day wrote:

...

Quoting Tom H tomh0665@gmail.com:

...

On Fri, Dec 20, 2013 at 2:34 PM, Robert P. J. Day rpjday@crashcourse.ca wrote:

...

a long, long time ago, i reported an apparent glitch with NFS on fedora:

https://lists.fedoraproject.org/pipermail/users/2010-January/097465.html

in that, at the time, it *appeared* that you couldn't set up NFS so that *only* version 4 was running. before i start messing with this again, anyone know whether that's changed? that is, is it possible to set up a network in which only NFSv4 is running, and no earlier versions are supported? thanks.

It's been possible to run nfsv4-only nfs for a long time, with only port 2049 being let through the firewall. It only appears that you can't because because rpc.mountd has to run on the server but it's only involved in the exporting and not the mounting.

how does one configure fedora 20 to support only NFSv4? i'm used to mucking with /etc/sysconfig/nfs in earlier versions of RH, and tweaking the variables MOUNTD_NFS_V* and RPCNFSDARGS. i don't see those vars in fedora 20 and, according to "rpcinfo -p", i'm currently supporting NFS versions both 3 and 4. so how does one turn off NFSv3? thanks.

In /etc/sysconfig/nfs

# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) RPCNFSDARGS=""

man 8 rpc.nfsd

  -N  or  --no-nfs-version vers
          This option can be used to request that rpc.nfsd does   

not offer certain versions of NFS. The current version of rpc.nfsd can sup‐ port NFS versions 2,3,4 and the newer version 4.1.

Would seem to be what you are searching.

i tried that and it didn't seem to work, in the sense that when i ran "rpcinfo -p" to verify the result, here's part of the output:

100003 3 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100003 4 tcp 2049 nfs 100003 4 udp 2049 nfs

so isn't that telling me i still have both versions 3 and 4? here's the line i added to the file:

RPCNFSDARGS="-N 2 -N 3"

rday

Quoting Ed Greshko Ed.Greshko@greshko.com:

On 12/24/13 08:15, Robert P. J. Day wrote:

...

Quoting Ed Greshko Ed.Greshko@greshko.com:

...

On 12/24/13 07:16, Robert P. J. Day wrote:

...

Quoting Tom H tomh0665@gmail.com:

...

On Fri, Dec 20, 2013 at 2:34 PM, Robert P. J. Day rpjday@crashcourse.ca wrote:

...

a long, long time ago, i reported an apparent glitch with NFS on fedora:

https://lists.fedoraproject.org/pipermail/users/2010-January/097465.html

in that, at the time, it *appeared* that you couldn't set up NFS so that *only* version 4 was running. before i start messing with this again, anyone know whether that's changed? that is, is it possible to set up a network in which only NFSv4 is running, and no earlier versions are supported? thanks.

It's been possible to run nfsv4-only nfs for a long time, with only port 2049 being let through the firewall. It only appears that you can't because because rpc.mountd has to run on the server but it's only involved in the exporting and not the mounting.

how does one configure fedora 20 to support only NFSv4? i'm used to mucking with /etc/sysconfig/nfs in earlier versions of RH, and tweaking the variables MOUNTD_NFS_V* and RPCNFSDARGS. i don't see those vars in fedora 20 and, according to "rpcinfo -p", i'm currently supporting NFS versions both 3 and 4. so how does one turn off NFSv3? thanks.

In /etc/sysconfig/nfs

# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) RPCNFSDARGS=""

man 8 rpc.nfsd

  -N  or  --no-nfs-version vers
          This option can be used to request that rpc.nfsd  

does not offer certain versions of NFS. The current version of rpc.nfsd can sup‐ port NFS versions 2,3,4 and the newer version 4.1.

Would seem to be what you are searching.

i tried that and it didn't seem to work, in the sense that when i ran "rpcinfo -p" to verify the result, here's part of the output:

100003    3   tcp   2049  nfs
100227    3   tcp   2049  nfs_acl
100003    3   udp   2049  nfs
100227    3   udp   2049  nfs_acl
100003    4   tcp   2049  nfs
100003    4   udp   2049  nfs

so isn't that telling me i still have both versions 3 and 4? here's the line i added to the file:

RPCNFSDARGS="-N 2 -N 3"

Port 2049 is used by V4. I don't think V3 or V2 uses it....

I would add to the parameters -U to disable UDP and then attempt a mount while specifying that nfs version 3 be used. That will verify it.

as a quick test, i added "-U" but the only change was that "rpcinfo -p" showed me that UDP was no longer being accepted for v4 only:

100003 3 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100003 4 tcp 2049 nfs

to match what i see under RHEL, i was hoping to see *all* references to NFSv3 disappear from the output of that command. i'll test further later.

rday

On 12/24/13 09:12, Robert P. J. Day wrote:

i'll test further later.

I decided to test for you. :-)

After making the suggested changes.....

[root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt [root@meimei ~]# mount | grep mnt 192.168.0.196:/home on /mnt type nfs4 (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) [root@meimei ~]# umount /mnt

[root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt mount.nfs: requested NFS version or transport protocol is not supported

On 12/24/13 17:21, Tom H wrote:

On Tue, Dec 24, 2013 at 2:10 AM, Ed Greshko Ed.Greshko@greshko.com wrote:

...

After making the suggested changes.....

[root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt [root@meimei ~]# mount | grep mnt 192.168.0.196:/home on /mnt type nfs4 (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) [root@meimei ~]# umount /mnt

[root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt mount.nfs: requested NFS version or transport protocol is not supported

I tried disallowing v2 and v3 on Fedora 19 and failed.

"cat /proc/fs/nfsd/versions" shows that v2 and v3 are allowed by the kernel and "mount -t -o nfsvers=3 ..." succeeds.

I ssh'd into a RHEL 6 box and an Ubuntu 14.04 VM where I know that v2 and v3 are disabled.

"cat /proc/fs/nfsd/versions" shows that v2 and v3 are disallowed and "mount -t -o nfsvers=3 ..." fails.

I must've done something wrong on Fedora 19. I'll have to try again later, but I can't see anything wrong in my setup offhand.

On an F20 system where I'm doing the testing

root@f20f ~]# cat /proc/fs/nfsd/versions -2 -3 +4 +4.1 -4.2

Shows only 4 and 4.1 allowed.

I suppose I could try it on F19 for you at some point.

On 12/24/13 21:24, Robert P. J. Day wrote:

just to explain where this all came from, i was working off of what i was seeing on a RHEL (actually CentOS) 6.5 system, where the config file /etc/sysconfig/nfs had helpful comments which allowed me to tweak that file thusly:

# Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no" ... snip ... # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) # Turn off v2 and v3 protocol support RPCNFSDARGS="-N 2 -N 3"

if i make the above changes and restart NFS (on the RHEL system), the *only* NFS-related entries i see in the output of "rpcinfo -p" are:

100003    4   tcp   2049  nfs
100003    4   udp   2049  nfs

and that's *it*, nothing more, which is what i expected.

sadly, i don't have access to my fedora 20 box at the moment, but all i was doing was trying to produce the same result -- only those two lines in the output of "rpcinfo -p". i can see that the *effect* of the earlier suggestions is the same, in that only NFSv4 is supported, but there is still that crud in the output of "rpcinfo -p" that seems irrelevant.

oh, and on the RHEL 6.5 system, the contents of the file /proc/fs/nfsd/versions correctly contains:

-2 -3 +4 -4.1

OK.....

In any event, I think the original question has been answered. Yes, you can configure nfs on Fedora to allow only NFSv4. Agreed?

On 12/24/2013 05:19 AM, Ed Greshko wrote:

On 12/24/13 17:21, Tom H wrote:

...

On Tue, Dec 24, 2013 at 2:10 AM, Ed Greshko Ed.Greshko@greshko.com wrote:

...

After making the suggested changes.....

[root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt [root@meimei ~]# mount | grep mnt 192.168.0.196:/home on /mnt type nfs4 (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) [root@meimei ~]# umount /mnt

[root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt mount.nfs: requested NFS version or transport protocol is not supported

I tried disallowing v2 and v3 on Fedora 19 and failed.

"cat /proc/fs/nfsd/versions" shows that v2 and v3 are allowed by the kernel and "mount -t -o nfsvers=3 ..." succeeds.

I ssh'd into a RHEL 6 box and an Ubuntu 14.04 VM where I know that v2 and v3 are disabled.

"cat /proc/fs/nfsd/versions" shows that v2 and v3 are disallowed and "mount -t -o nfsvers=3 ..." fails.

I must've done something wrong on Fedora 19. I'll have to try again later, but I can't see anything wrong in my setup offhand.

On an F20 system where I'm doing the testing

root@f20f ~]# cat /proc/fs/nfsd/versions -2 -3 +4 +4.1 -4.2

Shows only 4 and 4.1 allowed.

I suppose I could try it on F19 for you at some point.

Did you look into /etc/nfsmount.conf file? It has lots of useful hints in comments and seems to be able to control NFS versions at 3 levels - per mount point, per server and globally. It is done on the client end.

Cheers,

Leon

On Tue, Dec 24, 2013 at 12:44 AM, Ed Greshko Ed.Greshko@greshko.com wrote:

Port 2049 is used by V4. I don't think V3 or V2 uses it....

2049 is the nfs port for all nfs versions.

"grep nfs /etc/services"

On Mon, Dec 23, 2013 at 11:16 PM, Robert P. J. Day rpjday@crashcourse.ca wrote:

how does one configure fedora 20 to support only NFSv4? i'm used to mucking with /etc/sysconfig/nfs in earlier versions of RH, and tweaking the variables MOUNTD_NFS_V* and RPCNFSDARGS. i don't see those vars in fedora 20 and, according to "rpcinfo -p", i'm currently supporting NFS versions both 3 and 4. so how does one turn off NFSv3? thanks.

RPCNFSDARGS="-N 2 -N3" or RPCNFSDARGS="--no-nfs-version 2 --no-nfs-version 3"