During sysinstall answered no to the server and client nfs questions and after installed completed and system rebooted I see task nfsiod1,2,3,4 running in output of ps ax command. This was not the case in any of the 4.x releases. This can be looked upon as a security leak. This may be a error in the new boot up process. This was first reported 1/16/2004 in 5.2 RC2 as Problem Report kern/61438 and again in 5.3 as Problem Report kern/79539 I tried to run /usr/local/etc/rc.d/killnfs.sh script to kill these unwanted tasks but that does not work. Any suggestions on how I can kill these bogus nfs tasks as part of boot up or what to change in the boot up process so these tasks don't get started in the first place? Doing a manual recompile of the kernel to remove the nfs statements is not a viable solution.
In the last episode (Apr 07), bob@a1poweruser.com said:> During sysinstall answered no to the server and client nfs questions > and after installed completed and system rebooted I see task > nfsiod1,2,3,4 running in output of ps ax command. This was not the > case in any of the 4.x releases. This can be looked upon as a > security leak. This may be a error in the new boot up process. This > was first reported 1/16/2004 in 5.2 RC2 as Problem Report kern/61438 > and again in 5.3 as Problem Report kern/79539Both of those PRs should be closed as not-a-bug, I think. nfsiod threads simply allow multiple concurrent NFS requests. In 4.*, with no nfiod processes running, you can still use NFS (just more slowly than with them). In 5.*, they are auto-created as kernel threads during bootup.> I tried to run /usr/local/etc/rc.d/killnfs.sh script to kill these > unwanted tasks but that does not work.They aren't tasks, but kernel threads. Just like pagedaemon, swapper, g_event, irq*, swi*, and a couple dozen other threads created by the kernel.> Any suggestions on how I can kill these bogus nfs tasks as part of > boot up or what to change in the boot up process so these tasks don't > get started in the first place? Doing a manual recompile of the > kernel to remove the nfs statements is not a viable solution.Why not? If you want to disable NFS, that's the only way. -- Dan Nelson dnelson@allantgroup.com
On Thu, Apr 07, 2005 at 04:11:55PM -0400, bob@a1poweruser.com wrote:> During sysinstall answered no to the server and client nfs questions > and after installed completed and system rebooted I see task > nfsiod1,2,3,4 running in output of ps ax command. This was not the > case in any of the 4.x releases. This can be looked upon as a > security leak. This may be a error in the new boot up process. This > was first reported 1/16/2004 in 5.2 RC2 as Problem Report kern/61438 > and again in 5.3 as Problem Report kern/79539 > > I tried to run /usr/local/etc/rc.d/killnfs.sh script to kill these > unwanted tasks but that does not work. > > Any suggestions on how I can kill these bogus nfs tasks as part of > boot up or what to change in the boot up process so these tasks > don't get started in the first place? Doing a manual recompile of > the kernel to remove the nfs statements is not a viable solution.nfsiod now runs as a kernel process and is control by these sysctls: vfs.nfs.iodmaxidle: 120 vfs.nfs.iodmin: 4 vfs.nfs.iodmax: 20 It looks like setting vfs.nfs.iodmin=0 and then klling them off works. We probably should think about changing the default to 0 and setting appropriate values via /etc/rc.d/nfs. Over all, I can't say this is a very high priority though patches would certaintly be accepted. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050407/d112b98c/attachment.bin
On Thu, Apr 07, 2005 at 04:11:55PM -0400, bob@a1poweruser.com wrote:> During sysinstall answered no to the server and client nfs questions > and after installed completed and system rebooted I see task > nfsiod1,2,3,4 running in output of ps ax command. This was not the > case in any of the 4.x releases. This can be looked upon as a > security leak. This may be a error in the new boot up process. This > was first reported 1/16/2004 in 5.2 RC2 as Problem Report kern/61438 > and again in 5.3 as Problem Report kern/79539I already answered this question when you asked it a few days ago. Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050407/3a4eca5c/attachment.bin