Turning off NFS daemons in Mac OSX

(If you’ll ask me, I’ll deny writing down these things to remember them later, but it’s the real reason behind this. I searched in Google for an extended answer, but couldn’t find it)

I’m running 10.4.7 (other releases may be different) and I very rarely use NFS, so I don’t see any real reason to have stuff I don’t use running on my machine – moreover, with listening ports. Yes, I know ipfw blocks them, but I prefer them closed.

Short and slightly wrong answer: change

NFSLOCKS=-AUTOMATIC-
RPCSERVER=-AUTOMATIC-

to

NFSLOCKS=-NO-
RPCSERVER=-NO-

in /etc/hostconfig. This will get rid of rpc.statd,rpc.lockd, and portmapper on boot, but leaves you with many other things running (nfsd-server, mountd, nfsiod). I assume that you already got rid of automounter setting

AUTOMOUNT=-NO-

in the usual place.

Boring answer: I was hoping that I could add/modify another variable to hostconfig to disable NFS completely. If it exists, I couldn’t figure it out.
Let’s see how the system initalizes NFS: [my comments between brackets]

roadrunner:/System/Library/StartupItems/NFS root# sh -x ./NFS start
+ . /etc/rc.common

[ sources common functions and variables ]

++ set -u
++ PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/libexec:/System/Library/CoreServices
++ export PATH
++ . /etc/hostconfig

[ reads system configuration, things like: ]

+++ HOSTNAME=-AUTOMATIC-

[ and so on. then it starts ]

+ AUTOMOUNTDIR=/private/var/automount
+ RunService start
+ StartService
+ CheckForNetwork
+ local test
+ ‘[‘ -z ” ‘]’
++ ifconfig -a inet
++ sed -n -e /127.0.0.1/d -e /0.0.0.0/d -e /inet/p
++ wc -l
+ test= 1
+ ‘[‘ ‘ 1’ -gt 0 ‘]’
+ NETWORKUP=-YES-
+ ‘[‘ -YES- = -NO- ‘]’
+ lockfile -r 0 /var/run/NFS.StartupItem

[ file locking is to prevent starting up multiple instances, I suppose ]

+ echo ‘Starting network file system’
Starting network file system
+ ‘[‘ -d /private/var/automount ‘]’
+ nfsiod -n 4
++ niutil -list . /exports

[ asks NetInfo about the exported file systems… ]

++ wc -w
+ exports_ni= 2
++ grep -v ‘^[[:space:]]*\(#\|$\)’ /etc/exports

[ … and looks for the good ol’ file too! … ]

++ wc -l
+ exports_etc= 0
+ exports=2
+ ‘[‘ 2 -gt 0 ‘]’
+ ‘[‘ -AUTOMATIC- = -AUTOMATIC- ‘]’
+ NFSLOCKS=-YES-
+ ‘[‘ -YES- = -YES- ‘]’
+ rpc.statd
+ rpc.lockd
+ ‘[‘ -YES- = -AUTOMATIC- ‘]’
+ rm -f /var/db/mountdtab
+ ‘[‘ 2 -gt 0 ‘]’
+ echo ‘Starting Network File System server’
Starting Network File System server
+ mountd
++ niutil -readprop . /config/nfsd arguments
niutil: can’t open directory /config/nfsd: No such directory
+ arguments=
+ ‘[‘ ” = ” ‘]’
+ arguments=-t -u -n 6
+ nfsd -t -u -n 6
+ ‘[‘ -NO- = -YES- ‘]’
+ touch /var/run/automount.initialized

As you can see, I couldn’t find any hostconfig variables to avoid all the daemons to start. Moreover, hoping to stop everything using the “stop” argument yelds to no results: it runs the StopService() which is

StopService ()
{
return 0
}

quite useful, isn’t it? :)

I have decided for the simplest (to me) solution. Add a

return 0

at the very beginning of StartService(). This will make the script exit as soon as possible without impacting on anything else. The con is that you’ll lose that change when you’ll upgrade if Apple decides to modify the script. But you can always post the how and where on your blog and recover it at the right moment. :)

If you’re trying to harden your OsX machine, have a look at Bastille, which it seems runs (sort of) on Macs too.

Author: zen

Geek of all trades, having fun with *NIX, the Internet and computer security since 1995.

5 thoughts on “Turning off NFS daemons in Mac OSX”

  1. ciao big man !

    Sto seguendo un corso “avanzato” di OSX curato dall’ universita’ di Lecce dove (se non ho frainteso) hanno un parco macchine di oltre 100 Mac (anche server).

    Stando ai loro commenti (letti per lo piu’ nella chat di supporto alla trasmissione satellitare) pare che NFS sia abbastanza usato all’ interno della loro architettura di sistema, mentre da altre parti ho sentito che il client Samba di OSX non e’ propriamente “vanilla” (non mi veniva in mente altro termine che ne desse l’ idea).

    La domanda quindi e’, posto che su un notebook che si connette spesso in ambienti eterogenei e’ meglio essere “coperti” piuttost che no, in ambiente domestico OSX / Linux vedi come vedi la condivisione di file/risorse via NFS ?

    Grassie.

  2. Come regola generale penso che per ogni piattaforma sia meglio l’utilizzo di protocolli “nativi”, e quindi ad istinto mi sentirei di preferire NFS. Tuttavia, e` necessario tenere in considerazione altri parametri per una decisione come questa, come la flessibilita`, l’impatto e l’integrazione con il pregresso, l’esigenza di performance, e cosi` via. Per un ambiente di tipo domestico, forse l’esigenza primaria e` la comodita`, quindi sceglierei la soluzione che massimizza le funzionalita` minimizzando lo sforzo :)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.