Disable NFSv4 (server) on Debian, allow NFSv3

问题：

How can the NFS server on a Debian 8 system be limited to NFSv3?

By default, shares can be mounted with both vers=3 and vers=4.

/etc/default/nfs-kernel-server:

# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
#RPCMOUNTDOPTS="--manage-gids"
RPCMOUNTDOPTS="--manage-gids --no-nfs-version 4"

This option does not seem to have any effect (rpcinfo still shows nfs accepting version 4).

解决：

2 down vote accepted

Turns out modifying the RPCMOUNTDOPTS variable as described in /etc/default/nfs-kernel-serverdoes not work and there's a bug report for that: #738063 This variable is used in the rpc.mountd call: # systemctl status nfs-kernel-server ● nfs-kernel-server.service - LSB: Kernel NFS server support Loaded: loaded (/etc/init.d/nfs-kernel-server) Active: active (running) since Sun 2016-06-12 19:46:01 CEST; 6s ago Process: 15110 ExecStop=/etc/init.d/nfs-kernel-server stop (code=exited, status=0/SUCCESS) Process: 15119 ExecStart=/etc/init.d/nfs-kernel-server start (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs-kernel-server.service └─15167 /usr/sbin/rpc.mountd --manage-gids --port 2048 --no-nfs-version 4 However, clients are still able to mount using -o vers=4. Instead, this option must be passed to rpc.nfsd. Looking at the init script /etc/init.d/nfs-kernel-server, it seems like the RPCNFSDCOUNT variable is the only variable that's passed to rpc.nfsd. It's not intended for that purpose, but it works and it seems to be the only option short of editing the init script. Solution: In /etc/default/nfs-kernel-server, add the --no-nfs-version 4 option to RPCNFSDCOUNT instead of RPCMOUNTDOPTS: # Number of servers to start up #RPCNFSDCOUNT=8 RPCNFSDCOUNT="8 --no-nfs-version 4" Restart the NFS service: # systemctl restart nfs-kernel-server Test it: # mount -t nfs -o vers=4 SERVER:/data/public /mnt mount.nfs: Protocol not supported Version 3 still works: # mount -t nfs -o vers=3 SERVER:/data/public /mnt share improve this answer

2 down vote accepted

Turns out modifying the RPCMOUNTDOPTS variable as described in /etc/default/nfs-kernel-serverdoes not work and there's a bug report for that: #738063 This variable is used in the rpc.mountd call: # systemctl status nfs-kernel-server ● nfs-kernel-server.service - LSB: Kernel NFS server support Loaded: loaded (/etc/init.d/nfs-kernel-server) Active: active (running) since Sun 2016-06-12 19:46:01 CEST; 6s ago Process: 15110 ExecStop=/etc/init.d/nfs-kernel-server stop (code=exited, status=0/SUCCESS) Process: 15119 ExecStart=/etc/init.d/nfs-kernel-server start (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs-kernel-server.service └─15167 /usr/sbin/rpc.mountd --manage-gids --port 2048 --no-nfs-version 4 However, clients are still able to mount using -o vers=4. Instead, this option must be passed to rpc.nfsd. Looking at the init script /etc/init.d/nfs-kernel-server, it seems like the RPCNFSDCOUNT variable is the only variable that's passed to rpc.nfsd. It's not intended for that purpose, but it works and it seems to be the only option short of editing the init script. Solution: In /etc/default/nfs-kernel-server, add the --no-nfs-version 4 option to RPCNFSDCOUNT instead of RPCMOUNTDOPTS: # Number of servers to start up #RPCNFSDCOUNT=8 RPCNFSDCOUNT="8 --no-nfs-version 4" Restart the NFS service: # systemctl restart nfs-kernel-server Test it: # mount -t nfs -o vers=4 SERVER:/data/public /mnt mount.nfs: Protocol not supported Version 3 still works: # mount -t nfs -o vers=3 SERVER:/data/public /mnt share improve this answer