(If you’ll ask me, I’ll deny writing down these things to remember them later, but it’s the real reason behind this. I searched in Google for an extended answer, but couldn’t find it)
I’m running 10.4.7 (other releases may be different) and I very rarely use NFS, so I don’t see any real reason to have stuff I don’t use running on my machine – moreover, with listening ports. Yes, I know ipfw blocks them, but I prefer them closed.
Short and slightly wrong answer: change
NFSLOCKS=-AUTOMATIC-
RPCSERVER=-AUTOMATIC-
to
NFSLOCKS=-NO-
RPCSERVER=-NO-
in /etc/hostconfig. This will get rid of rpc.statd,rpc.lockd, and portmapper on boot, but leaves you with many other things running (nfsd-server, mountd, nfsiod). I assume that you already got rid of automounter setting
AUTOMOUNT=-NO-
in the usual place.
Boring answer: I was hoping that I could add/modify another variable to hostconfig to disable NFS completely. If it exists, I couldn’t figure it out.
Let’s see how the system initalizes NFS: [my comments between brackets]
roadrunner:/System/Library/StartupItems/NFS root# sh -x ./NFS start
+ . /etc/rc.common
[ sources common functions and variables ]
++ set -u
++ PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices
++ export PATH
++ . /etc/hostconfig
[ reads system configuration, things like: ]
+++ HOSTNAME=-AUTOMATIC-
[ and so on. then it starts ]
+ AUTOMOUNTDIR=/private/var/automount
+ RunService start
+ StartService
+ CheckForNetwork
+ local test
+ ‘[‘ -z ” ‘]’
++ ifconfig -a inet
++ sed -n -e /127.0.0.1/d -e /0.0.0.0/d -e /inet/p
++ wc -l
+ test= 1
+ ‘[‘ ‘ 1’ -gt 0 ‘]’
+ NETWORKUP=-YES-
+ ‘[‘ -YES- = -NO- ‘]’
+ lockfile -r 0 /var/run/NFS.StartupItem
[ file locking is to prevent starting up multiple instances, I suppose ]
+ echo ‘Starting network file system’
Starting network file system
+ ‘[‘ -d /private/var/automount ‘]’
+ nfsiod -n 4
++ niutil -list . /exports
[ asks NetInfo about the exported file systems… ]
++ wc -w
+ exports_ni= 2
++ grep -v ‘^[[:space:]]*\(#\|$\)’ /etc/exports
[ … and looks for the good ol’ file too! … ]
++ wc -l
+ exports_etc= 0
+ exports=2
+ ‘[‘ 2 -gt 0 ‘]’
+ ‘[‘ -AUTOMATIC- = -AUTOMATIC- ‘]’
+ NFSLOCKS=-YES-
+ ‘[‘ -YES- = -YES- ‘]’
+ rpc.statd
+ rpc.lockd
+ ‘[‘ -YES- = -AUTOMATIC- ‘]’
+ rm -f /var/db/mountdtab
+ ‘[‘ 2 -gt 0 ‘]’
+ echo ‘Starting Network File System server’
Starting Network File System server
+ mountd
++ niutil -readprop . /config/nfsd arguments
niutil: can’t open directory /config/nfsd: No such directory
+ arguments=
+ ‘[‘ ” = ” ‘]’
+ arguments=-t -u -n 6
+ nfsd -t -u -n 6
+ ‘[‘ -NO- = -YES- ‘]’
+ touch /var/run/automount.initialized
As you can see, I couldn’t find any hostconfig variables to avoid all the daemons to start. Moreover, hoping to stop everything using the “stop” argument yelds to no results: it runs the StopService() which is
StopService ()
{
return 0
}
quite useful, isn’t it? :)
I have decided for the simplest (to me) solution. Add a
return 0
at the very beginning of StartService(). This will make the script exit as soon as possible without impacting on anything else. The con is that you’ll lose that change when you’ll upgrade if Apple decides to modify the script. But you can always post the how and where on your blog and recover it at the right moment. :)
If you’re trying to harden your OsX machine, have a look at Bastille, which it seems runs (sort of) on Macs too.
ciao big man !
Sto seguendo un corso “avanzato” di OSX curato dall’ universita’ di Lecce dove (se non ho frainteso) hanno un parco macchine di oltre 100 Mac (anche server).
Stando ai loro commenti (letti per lo piu’ nella chat di supporto alla trasmissione satellitare) pare che NFS sia abbastanza usato all’ interno della loro architettura di sistema, mentre da altre parti ho sentito che il client Samba di OSX non e’ propriamente “vanilla” (non mi veniva in mente altro termine che ne desse l’ idea).
La domanda quindi e’, posto che su un notebook che si connette spesso in ambienti eterogenei e’ meglio essere “coperti” piuttost che no, in ambiente domestico OSX / Linux vedi come vedi la condivisione di file/risorse via NFS ?
Grassie.
Come regola generale penso che per ogni piattaforma sia meglio l’utilizzo di protocolli “nativi”, e quindi ad istinto mi sentirei di preferire NFS. Tuttavia, e` necessario tenere in considerazione altri parametri per una decisione come questa, come la flessibilita`, l’impatto e l’integrazione con il pregresso, l’esigenza di performance, e cosi` via. Per un ambiente di tipo domestico, forse l’esigenza primaria e` la comodita`, quindi sceglierei la soluzione che massimizza le funzionalita` minimizzando lo sforzo :)
Reading at page 77 of this document:
http://www.apple.com/server/pdfs/Command_Line.pdf
i am wondering what happens setting at zero the number of running daemons.
PS = zen, maybe it’s time to install Akismet + SpamKarma
http://www.giovy.it/2006/06/10/fighting-spam-in-wordpress/
Yes, TGIF — gonna do it. :)