On Sat, 22 Jul 2017, NeilBrown wrote: > On Thu, Jul 20 2017, Scott Mayhew wrote: > > > We've had several users complain about gssd automatically starting. Not > > everyone who has a krb5.keytab want to use secure NFS; the instructions > > for disabling gssd ought to be on the man page in addition to the README > > (which may not even be included in a distro's nfs-utils package). > > > > Signed-off-by: Scott Mayhew <smayhew@xxxxxxxxxx> > > --- > > systemd/nfs.systemd.man | 17 ++++++++++++++++- > > 1 file changed, 16 insertions(+), 1 deletion(-) > > > > diff --git a/systemd/nfs.systemd.man b/systemd/nfs.systemd.man > > index 01801eb..7675320 100644 > > --- a/systemd/nfs.systemd.man > > +++ b/systemd/nfs.systemd.man > > @@ -79,11 +79,26 @@ unit should be enabled. > > Several other units which might be considered to be optional, such as > > .I rpc-gssd.service > > are careful to only start if the required configuration file exists. > > -.I rpc-gsdd.service > > +.I rpc-gssd.service > > will not start if the > > .I krb5.keytab > > file does not exist (typically in > > .IR /etc ). > > +.B rpc.gssd > > +is assumed to be needed if the > > +.I krb5.keytab > > +file is present. If a site needs this file present but does not want > > +.B rpc.gssd > > +running, it should create > > +.B /etc/systemd/system/rpc-gssd.service.d/01-disable.conf > > A substantially simpler approach would be to recommend > > systemctl mask rpc-gssd.service Thanks, Neil. I had actually tried that a while back, but it doesn't seem to work in RHEL. It works fine for rpcbind, so I thought that maybe the Condition clause in the unit file took precedence over masking or something. I see now that masking rpc-gssd works in Fedora, so I'll go digging in systemd to see if there's a bug fix that might need to be backported to RHEL. Anyways, any objection to listing both methods in the man page? -Scott > > "mask" is also useful for disabling rpcbind if you use NFSv4 only and > don't want the extra service. > > NeilBrown > > > > +containing > > +.RS > > +.nf > > +[Unit] > > +ConditionNull=false > > +.fi > > +.RE > > + > > .SS Restarting NFS services > > Most NFS daemons can be restarted at any time. They will reload any > > state that they need, and continue servicing requests. This is rarely > > -- > > 2.9.4 > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
