Fabian Wenk
2016-Mar-01 17:43 UTC
[Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA?
Hello I have installed Gluster 3.6.8 on Ubuntu 14.04 LTS (from PPA). I did create a volume with the following command: gluster volume create myvol replica 2 server1:/export/glusterfs/myvol/brick1 server2:/export/glusterfs/myvol/brick2 and followed with 'gluster volume start myvol', then 'gluster volume info' showed this: Volume Name: myvol Type: Replicate Volume ID: eea55188-9f4a-4589-a0b7-d8e2d85f103f Status: Started Number of Bricks: 1 x 2 = 2 Transport-type: tcp Bricks: Brick1: server1:/export/glusterfs/myvol/brick1 Brick2: server2:/export/glusterfs/myvol/brick2 As this volume was available to be mounted from anywhere with glusterfs, I did also run: gluster volume set myvol auth.allow 127.0.0.1,<IP-addresses-of-clients> With some testing, I did realize, that I can mount the volume with NFS from anywhere in my local network. According to the documentation [1], the option nfs.rpc-auth-allow should be set to 'Reject All' as default, but somehow it is not. [1] https://gluster.readthedocs.org/en/latest/Administrator%20Guide/Managing%20Volumes/ As a work around I did the following additional steps: gluster volume set myvol nfs.rpc-auth-allow 127.0.0.1 This gave a 'Permission denied' message when tried to mount with NFS from an other system, and then I also did run: gluster volume set myvol nfs.disable On which disabled NFS so far and GlusterFS is not listening on TCP port 2049 any more. Is something broken with the default Ubuntu PPA package? Or did I miss a configuration option to disable NFS on default for all (new) volumes? bye Fabian
Joe Julian
2016-Mar-01 18:07 UTC
[Gluster-users] Is NFS available / enabled on purpose as default in the Ubuntu PPA?
On 03/01/2016 09:43 AM, Fabian Wenk wrote:> > With some testing, I did realize, that I can mount the volume with NFS > from anywhere in my local network. According to the documentation [1], > the option nfs.rpc-auth-allow should be set to 'Reject All' as > default, but somehow it is not. > > [1] > https://gluster.readthedocs.org/en/latest/Administrator%20Guide/Managing%20Volumes/Yep, that's a documentation bug. The source says, "By default, all connections are allowed." - xlators/nfs/server/src/nfs.c#1848..1849