mount clntudp_create: RPC: Program not registered

Constance Sieh ([email protected])
Tue, 26 Jan 1999 17:22:48 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Constance Sieh: "MS Intellimouse(scroll wheel) and X"
Previous message: [email protected]: "Netscape Mail Problems"

Problem:

The following error message appears when trying to mount a Linux exported
file system.

Solution:
Excerpt from /usr/doc/portmap*/README

----------------------------------------------------------------------------

@(#) README 1.6 96/05/31 15:52:57

This is the README file for the 4th enhanced portmapper release.

Description
-----------

This README describes a replacement portmapper that prevents theft of
NIS (YP), NFS, and other sensitive information via the portmapper. As
an option, the program supports access control in the style of the tcp
wrapper (log_tcp) package.

Access control:
---------------

By default, host access control is enabled. However, the host that runs
the portmapper is always considered authorized. The host access control
tables are never consulted with requests from the local system itself;
they are always consulted with requests from other hosts.

In order to avoid deadlocks, the portmap program does not attempt to
look up the remote host name or user name, nor will it try to match NIS
netgroups. The upshot of all this is that only network number patterns
will work for portmap access control.

Sample entries for the host access-control files are:

/etc/hosts.allow:
portmap: your.sub.net.number/your.sub.net.mask
portmap: 255.255.255.255 0.0.0.0

/etc/hosts.deny
portmap: ALL: (/some/where/safe_finger -l @%h | mail root) &

The syntax of the access-control files is described in the
hosts_access.5 manual page that comes with the tcp wrapper (log_tcp)
sources. The safe_finger command comes with later wrapper releases.

The first line in the hosts.allow file permits access from all systems
within your own subnet. Some rpc services rely on broadcasts and will
contact your portmapper anyway; and once an intruder has access to your
local network segment you're already in deep trouble.

The second line in the hosts.allow file may be needed if there are
any PC-NFS systems on your network segment.

For security reasons, the portmap process drops root privilegs after
initialization. The access control files should therefore be readable
for group or world.

------------------------------------------------------------------------
-Connie Sieh

Next message: Constance Sieh: "MS Intellimouse(scroll wheel) and X"
Previous message: [email protected]: "Netscape Mail Problems"