Re: Disabling rpcbind/portmapper

From: Casper *** (casper_at_holland.sun.com)
Date: 11/04/03

  • Next message: António Vasconcelos: "Re: Disabling rpcbind/portmapper" 
    To: Michele Chubirka <chubirka@gwu.edu>
Date: Tue, 04 Nov 2003 17:57:52 +0100

    >How safe is it to mv/stop the S71rpc startup script in Solaris. I remember
    >system panics with Solaris 2.6 and 2.7 when attempting to run "S71rpc stop",
    >so I got in the habit of preventing all the associated programs (rpc.statd,
    >etc...) from running and then blocking port 111 using wrappers/rpcbind
    >replacement and ipf. I thought that some Sun programs like Solstice
    >DiskSuite, Legato, CDE, Tooltalk, etc... used to need rpcbind on the
    >loopback, is that the case? Can it be safely moved/stopped if I'm not using
    >NIS, NFS, or any of the others I've disabled?

    If the system paniced, that certainly is a bug (I can't remeber
    having seen one).

    If nothing much worked, then that certainly could have happened.

    Services which depend on rpcbind can easily be spotted using
    "rpcinfo -s".

    Programs which depend on rpcbind are anything NFS related;
    autofs, cachefs, vold (in S9+) and others.

    In some cases, the fact that rpcbind not runs will cause a much
    longer timeout rather than an immediate "service not there" response.

    The risk of rpcbind is fairly minimal; though I supposed we should
    put in some work to make it e.g., "localhost only".

    Casper

  • Next message: António Vasconcelos: "Re: Disabling rpcbind/portmapper"