Bug 521215

Summary: Documentation incorrectly states that rpc.mountd is not needed for NFSv4
Product: Red Hat Enterprise Linux 5 Reporter: Sachin Prabhu <sprabhu>
Component: doc-Deployment_GuideAssignee: Douglas Silas <dhensley>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: low    
Version: 5.4CC: ddomingo, jlayton, jskeoch, jwest, mhideo, rwheeler, syeghiay, tao
Target Milestone: rcKeywords: Documentation, Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-08-10 16:35:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 561649    

Description Sachin Prabhu 2009-09-04 10:56:33 UTC 
rpc.mountd is still needed to setup the exports on NFSv4 server. Please see

https://bugzilla.redhat.com/show_bug.cgi?id=443625#c3

However the documentation states that rpc.mountd is not required for NFSv4. This is not completely true and ends up confusing users.

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-nfs.html#s2-nfs-how-daemons
--
rpc.mountd — This process receives mount requests from NFS clients and verifies the requested file system is currently exported. This process is started automatically by the nfs service and does not require user configuration. *** This is not used with NFSv4. ***
--

http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/s3-nfs-security-hosts-nfsv4.html
--
Another important security feature of NFSv4 is its removal of the rpc.mountd daemon. The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers. 
--
In this case, rpc.mountd is not required for the mounting process. However it is still necessary for setting up exports on the server.
Comment 1 Steve Dickson 2009-10-13 16:08:31 UTC 
Well unfortunately rpc.mountd is needed for v4 support. The kernel 
gets the v4 exports form rpc.mountd...
Comment 2 RHEL Program Management 2009-10-13 16:26:45 UTC 
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.
Comment 5 Don Domingo 2009-10-19 23:10:19 UTC 
reassigning to Douglas Silas Hensley, who is now in charge of the Deployment Guide.
Comment 8 Michael Hideo 2010-02-08 23:27:42 UTC 
Silas, can you do this for 5.5, if not, let me know and i'll find someone. - Mike
Comment 9 Douglas Silas 2010-02-09 20:17:24 UTC 
Mike,

I've fixed this in DG 5.5 branch, -r26706. Text corrections were as follows:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-nfs.html#s1-nfs-how
<old>
NFSv4 has no interaction with portmapper, rpc.mountd, rpc.lockd, and rpc.statd, since protocol support has been incorporated into the v4 protocol. NFSv4 listens on the well known TCP port (2049) which eliminates the need for the portmapper interaction. The mounting and locking protocols have been incorpated into the V4 protocol which eliminates the need for interaction with rpc.mountd and rpc.lockd. 
</old>
<new>
NFSv4 has no interaction with portmapper, rpc.lockd or rpc.statd, since protocol support has been incorporated into the v4 protocol. NFSv4 listens on the well known TCP port (2049) which eliminates the need for the portmapper interaction. The locking protocol has been incorpated into the V4 protocol which eliminates the need for interaction with rpc.lockd. rpc.mountd is no longer needed during the mount process on the client side, but is still used by the NFSv4 server during the file system export process.
</new>

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-nfs.html#s2-nfs-how-daemons
Removed "This is not used with NFSv4." from description for rpc.mountd.

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/s1-nfs-server-config-exports.html#s1-nfs-server-config-exportfs
Added qualifier: "Since NFSv4 no longer utilizes the rpc.mountd protocol *on the client* as was used in NFSv2 and NFSv3, the mounting of file systems has changed."

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/s1-nfs-security.html
<old>
Another important security feature of NFSv4 is its removal of the rpc.mountd daemon. The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers. 
</old>
<new>
Another important security feature of NFSv4 is that the rpc.mountd daemon is no longer used on the client side (it is, however, still used by the NFSv4 server during the export process). The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers.
</new>
Comment 11 Douglas Silas 2010-02-09 22:16:04 UTC 
Peter,

Thanks for the review. I also wondered why the text refers to "the rpc.mountd" protocol, since that doesn't make any sense. Packages, daemons and protocols cannot be used interchangeably like that.

I have updated the DG with your text, only slightly modified (no change in meaning). Note that the MOUNT protocol is not mentioned at all, until now, in the NFS chapter. "On the client side" was my misunderstanding.

I will consult with Don Domingo about this chapter. Thanks again for the corrections.

Changed in DG 5.5 -r 267074.
Comment 12 Don Domingo 2010-02-10 00:37:31 UTC 
thanks Peter and Silas. i will apply these corrections to the NFS section of the RHEL6 Storage Admin Guide as well.

Silas, i will be on your time tomorrow (Thursday night to Friday morning AU-Queensland time).
Comment 13 Douglas Silas 2010-02-10 06:35:20 UTC 
Thanks Don. Text fixes applied, as mentioned. Setting to ON_QA.
Comment 14 John Skeoch 2010-06-07 00:36:06 UTC 
Verified on staging server, awaiting release