Trying to debug nfs install issue, increase verbosity of nfs server?
Steve Dickson
SteveD at redhat.com
Mon Jan 19 15:35:55 UTC 2009
Patrice Dumas wrote:
> On Mon, Jan 19, 2009 at 09:08:11AM -0500, Steve Dickson wrote:
>
>> The discussion about the fact mountd (statd) no longer accept connections from
>> unknown IP address (similar to other system daemon) due to a "fix" in the tcp
>> wrapper code is at:
>
> This is not a change in tcp_wrapper, but in nfs-utils. And as far as I
> can tell this is not already upstream, so this looks like (but I may
> be wrong) a fedora specific change in mountd.
>
> I think that it is a very questionable change. Maybe it makes sense
> for NFSv4 (but is mountd involved in NFSv4?), but for NFSv3, it
> doesn't make sense to me, since there is no security at all in any
> case.
>
> I may very well be missing something, though.
>
>> Through some side bar discussion it been suggested an update to
>> the man page is probably need (which I agree) and maybe a flag
>> of some sort to allow unknown IP address access. I must admit, I'm
>> a bit hesitant to do the later, since I don't think its a good idea
>> to allow unknown client access any system daemon...
>
> Why not? Forcing reverse DNS lookup to be working seems to me to be
> quite extreme. In a typical local network, for NFSv3, not having
> reverse lookup working for clients seems quite natural to me, especially
> on NATed networks.
hmm... the real need for the lookup is so the 'mountd: <hostsname>' in
either /etc/hosts.deny/allow will work... so I guess the idea of
not don the tcp wrappers check at all might be the answer...
steved.
More information about the fedora-devel-list
mailing list