mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-25 20:27:55 +01:00
a70ee81756
Given that RFC7530 allows uid/gids to be placed in owner/owner_group strings directly, many NFSv4 environments don't need the nfsuserd. This small patch modified /etc/rc.d/nfsd so that it does not force startup of the nfsuserd daemon unless nfs_server_managegids is enabled. This implies that nfsuserd_enable="YES" must be added to /etc/rc.conf for NFSv4 server environments that use Kerberos mounts or clients that do not support the uid/gid in string capability. Since this could be considered a POLA violation, it will not be MFC'd. Discussed on: freebsd-current
52 lines
984 B
Bash
Executable File
52 lines
984 B
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: nfsd
|
|
# REQUIRE: mountd hostname gssd nfsuserd
|
|
# KEYWORD: nojail shutdown
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="nfsd"
|
|
desc="Remote NFS server"
|
|
rcvar="nfs_server_enable"
|
|
command="/usr/sbin/${name}"
|
|
|
|
load_rc_config $name
|
|
start_precmd="nfsd_precmd"
|
|
sig_stop="USR1"
|
|
|
|
nfsd_precmd()
|
|
{
|
|
rc_flags="${nfs_server_flags}"
|
|
|
|
# Load the modules now, so that the vfs.nfsd sysctl
|
|
# oids are available.
|
|
load_kld nfsd
|
|
|
|
if checkyesno nfs_reserved_port_only; then
|
|
echo 'NFS on reserved port only=YES'
|
|
sysctl vfs.nfsd.nfs_privport=1 > /dev/null
|
|
else
|
|
sysctl vfs.nfsd.nfs_privport=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno nfs_server_managegids; then
|
|
force_depend nfsuserd || err 1 "Cannot run nfsuserd"
|
|
fi
|
|
|
|
if checkyesno nfsv4_server_enable; then
|
|
sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
|
|
else
|
|
echo 'NFSv4 is disabled'
|
|
sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null
|
|
fi
|
|
|
|
force_depend rpcbind || return 1
|
|
force_depend mountd || return 1
|
|
}
|
|
|
|
run_rc_command "$1"
|