[Pkg-sysvinit-devel] Bug#359176: initscripts: needs to start rpc.gssd when there are Kerberos NFS mounts involved

Steinar H. Gunderson sgunderson at bigfoot.com
Sat Apr 1 01:16:57 UTC 2006 

On Mon, Mar 27, 2006 at 03:45:41AM +0200, Steinar H. Gunderson wrote:
> See the comments in #294959 for implementation ugliness -- basically, I
> think the best thing to do would be to defer the mounting of these
> filesystems to some later stage, where we're sure to have at least /usr
> up-and-running (and stable time etc.).

I implemented it a bit differently, inspired by the way the portmapper is
handled. Basically, if it finds a situation it can't handle (NFSv4 mounts,
which need idmapd and the nfs4 kernel module, or Kerberos mounts, which need
gssd and the rpcsec_gss_krb5 module), it simply starts nfs-common, which
knows how to handle all these situations (including the user's preferences
for flags given to gssd etc.).

/* Steinar */
-- 
Homepage: http://www.sesse.net/
-------------- next part --------------
--- ./debian/initscripts/etc/init.d/mountnfs.sh	2006-04-01 03:05:35.000000000 +0200
+++ /tmp/S45mountnfs.sh	2006-04-01 03:12:36.000000000 +0200
@@ -26,11 +26,16 @@
 	# Read through fstab line by line. If it is NFS, set the flag
 	# for mounting NFS file systems. If any NFS partition is found and it
 	# not mounted with the nolock option, we start the portmapper.
+	# 
+	# If any sec={krb5,krb5i,krb5p} option is given, or any of the file
+	# systems are nfs4, we'll need to start rpc.gssd and/or rpc.idmapd too;
+	# we'll leave that to nfs-common.
 	#
 
 	exec 9<&0 </etc/fstab
 
 	portmap=no
+	gss_or_idmap=no
 	while read DEV MTPT FSTYPE OPTS REST
 	do
 		case "$DEV" in
@@ -52,6 +57,11 @@
 				portmap=yes
 				;;
 			esac
+			case "$OPTS" in
+			  sec=krb5|*,sec=krb5|sec=krb5,*|*,sec=krb5i,*|sec=krb5i|*,sec=krb5i|sec=krb5i,*|*,sec=krb5i,*|sec=krb5p|*,sec=krb5p|sec=krb5p,*|*,sec=krb5p,*)
+			  	gss_or_idmap=yes
+				;;
+			esac
 			;;
 		  smbfs|cifs|coda|ncp|ncpfs|ocfs2|gfs)
 			;;
@@ -69,6 +79,10 @@
 				;;
 			esac
 		fi
+		if [ "$FSTYPE" = "nfs4" ]
+		then
+			gss_or_idmap=yes
+		fi
 	done
 
 	exec 0<&9 9<&-
@@ -95,6 +109,15 @@
 		fi
 	fi
 
+	#
+	# Initialize nfs-common (which starts rpc.gssd and/or rpc.idmapd, and loads
+	# the right kernel modules if applicable) if we use Kerberos and/or NFSv4 mounts.
+	#
+	if [ "$gss_or_idmap" = yes ] && [ -x /etc/init.d/nfs-common ]
+	then
+		/etc/init.d/nfs-common start
+	fi
+
 	if [ "$NETFS" ]
 	then
 		mount_all_nfs() { mount -a -t$NETFS ; }

More information about the Pkg-sysvinit-devel mailing list