{"id":140,"date":"2006-07-14T23:16:23","date_gmt":"2006-07-14T21:16:23","guid":{"rendered":"http:\/\/www.kill-9.it\/blog\/index.php\/2006\/07\/14\/turning-off-nfs-daemons-in-mac-osx\/"},"modified":"2006-07-14T23:16:23","modified_gmt":"2006-07-14T21:16:23","slug":"turning-off-nfs-daemons-in-mac-osx","status":"publish","type":"post","link":"https:\/\/www.kill-9.it\/blog\/index.php\/2006\/07\/14\/turning-off-nfs-daemons-in-mac-osx\/","title":{"rendered":"Turning off NFS daemons in Mac OSX"},"content":{"rendered":"<p><em>(If you&#8217;ll ask me, I&#8217;ll deny writing down these things to remember them later, but it&#8217;s the real reason behind this. I searched in Google for an extended answer, but couldn&#8217;t find it)<\/em><\/p>\n<p>I&#8217;m running 10.4.7 (other releases may be different) and I very rarely use NFS, so I don&#8217;t see any real reason to have stuff I don&#8217;t use running on my machine &#8211; moreover, with listening ports. Yes, I know ipfw blocks them, but I prefer them closed.<\/p>\n<p><strong>Short and slightly wrong answer<\/strong>: change<\/p>\n<blockquote><p>NFSLOCKS=-AUTOMATIC-<br \/>\nRPCSERVER=-AUTOMATIC-\n<\/p><\/blockquote>\n<p>to<\/p>\n<blockquote><p>NFSLOCKS=-NO-<br \/>\nRPCSERVER=-NO-\n<\/p><\/blockquote>\n<p>in \/etc\/hostconfig. This will get rid of rpc.statd,rpc.lockd, and portmapper on boot, but leaves you with many other things running (nfsd-server, mountd, nfsiod). I assume that you already got rid of automounter setting<\/p>\n<blockquote><p>AUTOMOUNT=-NO-<\/p><\/blockquote>\n<p>in the usual place.<\/p>\n<p><strong>Boring answer<\/strong>: I was hoping that I could add\/modify another variable to hostconfig to disable NFS completely. If it exists, I couldn&#8217;t figure it out.<br \/>\nLet&#8217;s see how the system initalizes NFS: [my comments between brackets]<\/p>\n<blockquote><p>roadrunner:\/System\/Library\/StartupItems\/NFS root# sh -x .\/NFS start<br \/>\n+ . \/etc\/rc.common\n<\/p><\/blockquote>\n<p>[ sources common functions and variables ]<\/p>\n<blockquote><p>++ set -u<br \/>\n++ PATH=\/bin:\/sbin:\/usr\/bin:\/usr\/sbin:\/usr\/libexec:\/System\/Library\/CoreServices<br \/>\n++ export PATH<br \/>\n++ . \/etc\/hostconfig\n<\/p><\/blockquote>\n<p>[ reads system configuration, things like: ]<\/p>\n<blockquote><p>+++ HOSTNAME=-AUTOMATIC-\n<\/p><\/blockquote>\n<p>[ and so on. then it starts ]<\/p>\n<blockquote><p>+ AUTOMOUNTDIR=\/private\/var\/automount<br \/>\n+ RunService start<br \/>\n+ StartService<br \/>\n+ CheckForNetwork<br \/>\n+ local test<br \/>\n+ &#8216;[&#8216; -z &#8221; &#8216;]&#8217;<br \/>\n++ ifconfig -a inet<br \/>\n++ sed -n -e \/127.0.0.1\/d -e \/0.0.0.0\/d -e \/inet\/p<br \/>\n++ wc -l<br \/>\n+ test=       1<br \/>\n+ &#8216;[&#8216; &#8216;       1&#8217; -gt 0 &#8216;]&#8217;<br \/>\n+ NETWORKUP=-YES-<br \/>\n+ &#8216;[&#8216; -YES- = -NO- &#8216;]&#8217;<br \/>\n+ lockfile -r 0 \/var\/run\/NFS.StartupItem\n<\/p><\/blockquote>\n<p>[ file locking is to prevent starting up multiple instances, I suppose ]<\/p>\n<blockquote><p>+ echo &#8216;Starting network file system&#8217;<br \/>\nStarting network file system<br \/>\n+ &#8216;[&#8216; -d \/private\/var\/automount &#8216;]&#8217;<br \/>\n+ nfsiod -n 4<br \/>\n++ niutil -list . \/exports\n<\/p><\/blockquote>\n<p>[ asks NetInfo about the exported file systems&#8230; ]<\/p>\n<blockquote><p>++ wc -w<br \/>\n+ exports_ni=       2<br \/>\n++ grep -v &#8216;^[[:space:]]*\\(#\\|$\\)&#8217; \/etc\/exports\n<\/p><\/blockquote>\n<p>[ &#8230; and looks for the good ol&#8217; file too! &#8230; ]<\/p>\n<blockquote><p>++ wc -l<br \/>\n+ exports_etc=       0<br \/>\n+ exports=2<br \/>\n+ &#8216;[&#8216; 2 -gt 0 &#8216;]&#8217;<br \/>\n+ &#8216;[&#8216; -AUTOMATIC- = -AUTOMATIC- &#8216;]&#8217;<br \/>\n+ NFSLOCKS=-YES-<br \/>\n+ &#8216;[&#8216; -YES- = -YES- &#8216;]&#8217;<br \/>\n+ rpc.statd<br \/>\n+ rpc.lockd<br \/>\n+ &#8216;[&#8216; -YES- = -AUTOMATIC- &#8216;]&#8217;<br \/>\n+ rm -f \/var\/db\/mountdtab<br \/>\n+ &#8216;[&#8216; 2 -gt 0 &#8216;]&#8217;<br \/>\n+ echo &#8216;Starting Network File System server&#8217;<br \/>\nStarting Network File System server<br \/>\n+ mountd<br \/>\n++ niutil -readprop . \/config\/nfsd arguments<br \/>\nniutil: can&#8217;t open directory \/config\/nfsd: No such directory<br \/>\n+ arguments=<br \/>\n+ &#8216;[&#8216; &#8221; = &#8221; &#8216;]&#8217;<br \/>\n+ arguments=-t -u -n 6<br \/>\n+ nfsd -t -u -n 6<br \/>\n+ &#8216;[&#8216; -NO- = -YES- &#8216;]&#8217;<br \/>\n+ touch \/var\/run\/automount.initialized\n<\/p><\/blockquote>\n<p>As you can see, I couldn&#8217;t find any hostconfig variables to avoid all the daemons to start. Moreover, hoping to stop everything using the &#8220;stop&#8221; argument yelds to no results: it runs the StopService() which is<\/p>\n<blockquote><p>\nStopService ()<br \/>\n{<br \/>\n    return 0<br \/>\n}\n<\/p><\/blockquote>\n<p>quite useful, isn&#8217;t it? :)<\/p>\n<p>I have decided for the simplest (to me) solution. Add a<\/p>\n<blockquote><p>return 0<\/p><\/blockquote>\n<p>at the very beginning of StartService(). This will make the script exit as soon as possible without impacting on anything else. The con is that you&#8217;ll lose that change when you&#8217;ll upgrade if Apple decides to modify the script. But you can always post the how and where on your blog and recover it at the right moment. :)<\/p>\n<p>If you&#8217;re trying to harden your OsX machine, have a look at <a href=\"http:\/\/www.bastille-linux.org\/running_bastille_on.htm\">Bastille<\/a>, which it seems runs (sort of) on Macs too.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(If you&#8217;ll ask me, I&#8217;ll deny writing down these things to remember them later, but it&#8217;s the real reason behind this. I searched in Google for an extended answer, but couldn&#8217;t find it) I&#8217;m running 10.4.7 (other releases may be different) and I very rarely use NFS, so I don&#8217;t see any real reason to &hellip; <a href=\"https:\/\/www.kill-9.it\/blog\/index.php\/2006\/07\/14\/turning-off-nfs-daemons-in-mac-osx\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Turning off NFS daemons in Mac OSX&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,3,4],"tags":[],"class_list":["post-140","post","type-post","status-publish","format-standard","hentry","category-english","category-geek","category-security"],"_links":{"self":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts\/140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=140"}],"version-history":[{"count":0,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/posts\/140\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kill-9.it\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}