[LUNA] NFS on unprivileged ports ....
William A. Mahaffey III
wam at hiwaay.net
Tue Aug 26 14:16:42 CDT 2014
'-n' is indeed an option, I could (easily) edit the rc.d/mountd file,
but then I would have to remember to redo that every upgrade .... There
doesn't seem to be any way to pass that option in .... I could try to
'correct' the other box, but it is a VM running on an FC14 box, I think
that has something to do w/ it ....
The linux boxen seem to allow it automatically, have for years now (at
least on my LAN, all w/ *old* distros, FC14 era ....)
On 08/26/14 10:05, Bob Nance wrote:
> Go look at your “mountd” options and see if there is one that allows connections from an unprivileged port (a port higher that 1024, as all ports under 1024 can only be opened by a “root” level account/process). It’s likely that it is NOT an option. I think at least one BSD build of mountd offered a “-n” option, but I don’t think it’s there in any of the Linux distros.
>
> The real fix would be to get the offending connection to use the right port. Can you make it a system-based mount instead of a user-environment mount? That might fix it by allowing the NFS mount program to use a port lower than 1024.
>
> -Bob
>
>
>
> ---
> Bob Nance
> Novation Systems
> bob.nance at novationsys.com
> 256-534-4620
>
> On Aug 26, 2014, at 9:30 AM, William A. Mahaffey III <wam at HiWAAY.net> wrote:
>
>>
>> .... I have nfsd running on my FBSD 9.3 desktop, exporting /home (~3.6 TiB). I can mount/see/use it from all other machines on my LAN (all Linux boxen) *except* for a CentOS 5.n VM running on one of the other boxen. When the VM tries to (auto)mount the exported partition on the FBSD box ('jaguar'), I get the following (from earlier this A.M.):
>>
>>
>> [root at centos-5:/etc, Tue Aug 26, 06:28 AM] 1008 # lf /net/jaguar/home/ /net/q6600/home/ /net/opty165a/work/ /net/opty165a/home/ /net/cube/home/
>> ls: /net/jaguar/home/: No such file or directory
>> /net/cube/home/:
>> Opty165A/ Q6600/ VMs/ archive/ lost+found/ makedepend* pub/ wam/
>>
>> /net/opty165a/home/:
>> FTP/ RPMs/ SGI/ archive/ lost+found/ rsync/ wam/
>>
>> /net/opty165a/work/:
>> FTP/ ISOs/ RPMs/ VMs/ archive/ lost+found/ vmware/ wam/
>>
>> /net/q6600/home/:
>> FTP/ ISOs/ VMs/ archive/ lost+found/ rsync/ wam/ work/
>> [root at centos-5:/etc, Tue Aug 26, 06:29 AM] 1009 # df ; w ; /sbin/swapon -s ; free -m ; uname -a ; hwclock -r; date
>> Filesystem Type 1K-blocks Used Available Use% Mounted on
>> /dev/mapper/VolGroup00-LogVol00
>> ext3 46691248 7505344 36775820 17% /
>> /dev/hda1 ext3 101086 26854 69013 29% /boot
>> tmpfs tmpfs 1029372 0 1029372 0% /dev/shm
>> q6600:/home nfs 1906370560 1025951744 783581184 57% /net/q6600/home
>> opty165a:/work nfs 480719104 410868736 45431040 91% /net/opty165a/work
>> opty165a:/home nfs 473086208 351912192 96754944 79% /net/opty165a/home
>> cube:/home nfs 155794432 143113728 4638976 97% /net/cube/home
>> 06:29:20 up 121 days, 12:12, 3 users, load average: 0.04, 0.02, 0.00
>> USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
>> wam pts/0 192.168.122.1 Thu07 46:20m 1.96s 1.96s -tcsh
>> root pts/1 192.168.122.1 Sun08 46:11m 0.09s 0.09s -bash
>> root pts/2 192.168.122.1 Sun08 0.00s 0.09s 0.08s -bash
>> Filename Type Size Used Priority
>> /dev/mapper/VolGroup00-LogVol01 partition 4095992 76 -1
>> total used free shared buffers cached
>> Mem: 2010 1891 118 0 327 943
>> -/+ buffers/cache: 620 1389
>> Swap: 3999 0 3999
>> Linux centos-5.6-vm 2.6.18-371.8.1.el5.centos.plus #1 SMP Thu Apr 24 18:32:18 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
>> Tue Aug 26 06:29:28 2014 -1.008094 seconds
>> Tue Aug 26 06:29:21 CDT 2014
>> [root at centos-5:/etc, Tue Aug 26, 06:29 AM] 1010 #
>>
>>
>> i.e., it can see all other exported partitions except the FBSD (jaguar). On the FBSD box, I get the following:
>>
>>
>>
>> [root at kabini1, /etc, 6:24:31am] 708 % grep vfs LIST.sysctl-A.txt | grep nfs | grep priv
>> vfs.nfsd.nfs_privport: 0
>> [root at kabini1, /etc, 6:24:50am] 709 % service mountd status
>> Cannot 'status' mountd. Set mountd_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
>> [root at kabini1, /etc, 6:26:08am] 710 % service mountd onestatus
>> mountd is running as pid 718.
>> [root at kabini1, /etc, 6:26:16am] 711 % ps -aux | grep mountd
>> root 718 0.0 0.0 16180 3836 ?? Is 15Aug14 0:00.03 /usr/sbin/mountd -r
>> root 51859 0.0 0.0 16332 2024 10 S+ 6:26AM 0:00.00 grep mountd
>> wam 51820 0.0 0.0 14544 2428 17 I+ 6:22AM 0:00.01 /bin/sh /usr/bin/man mountd
>> [root at kabini1, /etc, 6:26:35am] 712 % grep -i mountd rc.d/*
>> rc.d/mountd:# $FreeBSD: releng/9.3/etc/rc.d/mountd 231792 2012-02-15 22:59:15Z dougb $
>> rc.d/mountd:# PROVIDE: mountd
>> rc.d/mountd:name="mountd"
>> rc.d/mountd:rcvar="mountd_enable"
>> rc.d/mountd:start_precmd="mountd_precmd"
>> rc.d/mountd:mountd_precmd()
>> rc.d/mountd: # mountd flags will differ depending on rc.conf settings
>> rc.d/mountd: if checkyesno weak_mountd_authentication; then
>> rc.d/mountd: rc_flags="${mountd_flags} -n"
>> rc.d/mountd: if checkyesno mountd_enable; then
>> rc.d/mountd: checkyesno weak_mountd_authentication && rc_flags="-n"
>> rc.d/mountd: rm -f /var/db/mountdtab
>> rc.d/mountd: ( umask 022 ; > /var/db/mountdtab ) ||
>> rc.d/mountd: err 1 'Cannot create /var/db/mountdtab'
>> rc.d/nfsd:# REQUIRE: mountd hostname gssd nfsuserd
>> rc.d/nfsd: force_depend mountd || return 1
>> [root at kabini1, /etc, 6:27:19am] 713 % (tail -10 /var/log/messages ; date)
>> Aug 24 08:09:44 kabini1 mountd[718]: mount request from 192.168.0.9 from unprivileged port
>> Aug 24 08:18:12 kabini1 mountd[718]: mount request from 192.168.0.9 from unprivileged port
>> Aug 24 08:18:51 kabini1 su: wam to root on /dev/pts/19
>> Aug 24 08:52:04 kabini1 mountd[718]: mount request from 192.168.0.9 from unprivileged port
>> Aug 24 09:10:23 kabini1 ntpd[804]: time reset +0.186836 s
>> Aug 24 11:37:21 kabini1 dbus[738]: [system] Failed to activate service 'org.freedesktop.Avahi': timed out
>> Aug 24 11:38:57 kabini1 dbus[738]: [system] Failed to activate service 'org.freedesktop.Avahi': timed out
>> Aug 24 11:40:21 kabini1 dbus[738]: [system] Failed to activate service 'org.freedesktop.Avahi': timed out
>> Aug 24 11:48:49 kabini1 last message repeated 7 times
>> Aug 26 06:29:25 kabini1 mountd[718]: mount request from 192.168.0.9 from unprivileged port
>> Tue Aug 26 06:30:14 CDT 2014
>> [root at kabini1, /etc, 6:30:14am] 714 %
>>
>>
>> i.e., the mount request from the VM is apparently coming in on an unprivileged port & the FBSD box's mountd is dropping/ignoring it. The other boxen handle it OK. I have ipfw dropping all such traffic *not* originating on my LAN, so I don't mind using the unprivileged port (I don't think there are any security issues). How do I get FBSD's nfsd/mountd to allow/handle the mount request on unprivileged ports ? TIA ....
>>
>>
>>
>> --
>>
>> William A. Mahaffey III
>>
>> ----------------------------------------------------------------------
>>
>> "The M1 Garand is without doubt the finest implement of war
>> ever devised by man."
>> -- Gen. George S. Patton Jr.
>>
>> _______________________________________________
>> LUNA mailing list
>> LUNA at lunagroup.us
>> http://lunagroup.us/mailman/listinfo/luna
> _______________________________________________
> LUNA mailing list
> LUNA at lunagroup.us
> http://lunagroup.us/mailman/listinfo/luna
>
--
William A. Mahaffey III
----------------------------------------------------------------------
"The M1 Garand is without doubt the finest implement of war
ever devised by man."
-- Gen. George S. Patton Jr.
More information about the LUNA
mailing list