LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   NFS : how to specify a port number for rpc.statd ? (https://www.linuxquestions.org/questions/linux-networking-3/nfs-how-to-specify-a-port-number-for-rpc-statd-939972/)

anctop 04-15-2012 11:38 PM
NFS : how to specify a port number for rpc.statd ?
 
My system has been running nfs-utils-1.2.0 for a few years.
Recently I proceed to upgrade to the latest nfs-utils-1.2.5.

My configure options are "--disable-nfsv4 --disable-nfsv41 --disable-gss --disable-uuid --enable-mount --enable-shared --with-statduser=statd --with-rpcgen=internal --without-tcp-wrappers".
There is no problem in building it, but rpc.statd refuses to start.

The (server) startup steps are :

1. mount -t nfsd /proc/fs/nfsd
2. exportfs -av
3. rpc.mountd -p 1011
4. rpc.statd -o 1013 -p 1014 --no-notify

At this point, rpc.statd fails. The syslog says

> rpc.statd[875]: Version 1.2.5 starting
> rpc.statd[875]: Flags:
> rpc.statd[875]: Could not bind name to socket: Permission denied

The same steps worked well for the old version.
It is started by root in the init script and I'm sure that all the ports (tcp & udp) 1011, 1013 & 1014 are available on my system.

Then I've tried different combinations of values for -o and -p, found that the port number for -p must be at least 1024.
It seems that -p requires an un-privileged port, but there is no mention in the ChangeLog's of the releases from 1.2.1 through 1.2.5.

Since the daemons will run along with a firewall, is there any way to make rpc.statd listening on the specified ports ?

tshikose 04-16-2012 05:14 AM
Is SELinux in enforcing mode on your machine?
If yes, try putting it in permissive mode.
If it works, then add SELinux manage rules to allow rpc.statd to listen on required ports, and then put SELinux back in enforcing mode.
To start give the output of
Code:
sestatus

anctop 04-16-2012 07:54 PM
Quote:
Originally Posted by tshikose (Post 4653900)
Is SELinux in enforcing mode on your machine?
If yes, try putting it in permissive mode.
If it works, then add SELinux manage rules to allow rpc.statd to listen on required ports, and then put SELinux back in enforcing mode.
To start give the output of
Code:
sestatus
Thanks for your hint.

As far as I know, I'm not using SELinux features and "sestatus" is not yet available on my system.
It was initially a LFS system installed some years ago, but with constant kernel & packages updates.
The current kernel is version 2.6.39.2 . The SELinux-related kernel configs are just the defaults :

Code:
# Security options
#
CONFIG_KEYS=y
# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_CRYPTO=y
What else to check for problems ?

tshikose 04-17-2012 02:15 AM
Hi,

I am sorry, but I haven't really any hint.
Can you have a look at the log files while trying to launch the service?

anctop 04-17-2012 02:52 AM
Quote:
Originally Posted by tshikose (Post 4654728)
Hi,

I am sorry, but I haven't really any hint.
Can you have a look at the log files while trying to launch the service?
I've mentioned the log contents in the first post :

> rpc.statd[875]: Version 1.2.5 starting
> rpc.statd[875]: Flags:
> rpc.statd[875]: Could not bind name to socket: Permission denied

It can start if the value of -p is at least 1024.
I guess the nfs-utils developers should have changed something in rpc.statd, but I can't find where this is documented.
Also, I'd like to know if some hack on the codes can restore its original behaviour.


All times are GMT -5. The time now is 03:52 AM.