|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Disabling rpcbind/portmapper
From: Casper Dik (casper
holland.sun.com)
Date: Tue Nov 04 2003 - 10:57:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>How safe is it to mv/stop the S71rpc startup script in Solaris. I remember
>system panics with Solaris 2.6 and 2.7 when attempting to run "S71rpc stop",
>so I got in the habit of preventing all the associated programs (rpc.statd,
>etc...) from running and then blocking port 111 using wrappers/rpcbind
>replacement and ipf. I thought that some Sun programs like Solstice
>DiskSuite, Legato, CDE, Tooltalk, etc... used to need rpcbind on the
>loopback, is that the case? Can it be safely moved/stopped if I'm not using
>NIS, NFS, or any of the others I've disabled?
If the system paniced, that certainly is a bug (I can't remeber
having seen one).
If nothing much worked, then that certainly could have happened.
Services which depend on rpcbind can easily be spotted using
"rpcinfo -s".
Programs which depend on rpcbind are anything NFS related;
autofs, cachefs, vold (in S9+) and others.
In some cases, the fact that rpcbind not runs will cause a much
longer timeout rather than an immediate "service not there" response.
The risk of rpcbind is fairly minimal; though I supposed we should
put in some work to make it e.g., "localhost only".
Casper
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]