Bug 521215 - Documentation incorrectly states that rpc.mountd is not needed for NFSv4
Summary: Documentation incorrectly states that rpc.mountd is not needed for NFSv4
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: Deployment_Guide
Version: 5.4
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Douglas Silas
QA Contact: ecs-bugs
URL:
Whiteboard:
Depends On:
Blocks: 561649
TreeView+ depends on / blocked
 
Reported: 2009-09-04 10:56 UTC by Sachin Prabhu
Modified: 2018-10-27 12:24 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-08-10 16:35:19 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Sachin Prabhu 2009-09-04 10:56:33 UTC
rpc.mountd is still needed to setup the exports on NFSv4 server. Please see

https://bugzilla.redhat.com/show_bug.cgi?id=443625#c3

However the documentation states that rpc.mountd is not required for NFSv4. This is not completely true and ends up confusing users.

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-nfs.html#s2-nfs-how-daemons
--
rpc.mountd — This process receives mount requests from NFS clients and verifies the requested file system is currently exported. This process is started automatically by the nfs service and does not require user configuration. *** This is not used with NFSv4. ***
--

http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/s3-nfs-security-hosts-nfsv4.html
--
Another important security feature of NFSv4 is its removal of the rpc.mountd daemon. The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers. 
--
In this case, rpc.mountd is not required for the mounting process. However it is still necessary for setting up exports on the server.

Comment 1 Steve Dickson 2009-10-13 16:08:31 UTC
Well unfortunately rpc.mountd is needed for v4 support. The kernel 
gets the v4 exports form rpc.mountd...

Comment 2 RHEL Program Management 2009-10-13 16:26:45 UTC
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.

Comment 5 Don Domingo 2009-10-19 23:10:19 UTC
reassigning to Douglas Silas Hensley, who is now in charge of the Deployment Guide.

Comment 8 Michael Hideo 2010-02-08 23:27:42 UTC
Silas, can you do this for 5.5, if not, let me know and i'll find someone. - Mike

Comment 9 Douglas Silas 2010-02-09 20:17:24 UTC
Mike,

I've fixed this in DG 5.5 branch, -r26706. Text corrections were as follows:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-nfs.html#s1-nfs-how
<old>
NFSv4 has no interaction with portmapper, rpc.mountd, rpc.lockd, and rpc.statd, since protocol support has been incorporated into the v4 protocol. NFSv4 listens on the well known TCP port (2049) which eliminates the need for the portmapper interaction. The mounting and locking protocols have been incorpated into the V4 protocol which eliminates the need for interaction with rpc.mountd and rpc.lockd. 
</old>
<new>
NFSv4 has no interaction with portmapper, rpc.lockd or rpc.statd, since protocol support has been incorporated into the v4 protocol. NFSv4 listens on the well known TCP port (2049) which eliminates the need for the portmapper interaction. The locking protocol has been incorpated into the V4 protocol which eliminates the need for interaction with rpc.lockd. rpc.mountd is no longer needed during the mount process on the client side, but is still used by the NFSv4 server during the file system export process.
</new>

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/ch-nfs.html#s2-nfs-how-daemons
Removed "This is not used with NFSv4." from description for rpc.mountd.

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/s1-nfs-server-config-exports.html#s1-nfs-server-config-exportfs
Added qualifier: "Since NFSv4 no longer utilizes the rpc.mountd protocol *on the client* as was used in NFSv2 and NFSv3, the mounting of file systems has changed."

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Deployment_Guide/s1-nfs-security.html
<old>
Another important security feature of NFSv4 is its removal of the rpc.mountd daemon. The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers. 
</old>
<new>
Another important security feature of NFSv4 is that the rpc.mountd daemon is no longer used on the client side (it is, however, still used by the NFSv4 server during the export process). The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers.
</new>

Comment 11 Douglas Silas 2010-02-09 22:16:04 UTC
Peter,

Thanks for the review. I also wondered why the text refers to "the rpc.mountd" protocol, since that doesn't make any sense. Packages, daemons and protocols cannot be used interchangeably like that.

I have updated the DG with your text, only slightly modified (no change in meaning). Note that the MOUNT protocol is not mentioned at all, until now, in the NFS chapter. "On the client side" was my misunderstanding.

I will consult with Don Domingo about this chapter. Thanks again for the corrections.

Changed in DG 5.5 -r 267074.

Comment 12 Don Domingo 2010-02-10 00:37:31 UTC
thanks Peter and Silas. i will apply these corrections to the NFS section of the RHEL6 Storage Admin Guide as well.

Silas, i will be on your time tomorrow (Thursday night to Friday morning AU-Queensland time).

Comment 13 Douglas Silas 2010-02-10 06:35:20 UTC
Thanks Don. Text fixes applied, as mentioned. Setting to ON_QA.

Comment 14 John Skeoch 2010-06-07 00:36:06 UTC
Verified on staging server, awaiting release


Note You need to log in before you can comment on or make changes to this bug.