As the title states, for my Ubuntu 22.04 NFS server I want to disable NFSv3 to make sure all the connected clients are using the NFSv4 protocol. None of the instructions to edit the RPCNFSDOPTS and RPCMOUNTDOPTS in /etc/default/nfs-kernel-server are working.

I just found out why:

the /etc/default/nfs-* files are ignored by the NFS server or client in Ubuntu 22.04. They were left there as a precaution because of the conversion process that converts those options into the new /etc/nfs.conf and /etc/nfs.conf.d/local.conf files.

Andreas Hasenack(ahasenack) in nfs-utils/+bug/1971096

Some more digging revealed that this config file change was added in nfs-utils version 1.3.5-rc5 and Ubuntu 20.04 still ships with version 1.3.4. Ubuntu 22.04 and newer are using the 2.x version of nfs-utils.

So I hope this helps someone who is struggling with the same issue.

How to disable NFSv3 on Ubuntu 22.04 and newer

First check which versions are currently exposed:

# sudo cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2

A plus means available, a minus means unavailable. As seen v3 is still supported +3 and v2 -2 is disabled by default. So let’s disable v3.

The first step is to create a /etc/nfs.conf.d/nfsv3-disable.conf file with the following:

[nfsd]
vers3=n

For more available options check the /etc/nfs.conf file.

Restart the nfs-server and check if v3 is successfully disabled:

# sudo systemctl restart nfs-server
# sudo cat /proc/fs/nfsd/versions
-2 -3 +4 +4.1 +4.2

As seen above the v3 version is now not available anymore -3.

If you want to be complete, you can mask the services not needed for NFSv4 and reduce the system load and attack surface:

# sudo systemctl mask rpcbind.service
Created symlink /etc/systemd/system/rpcbind.service → /dev/null.
# sudo systemctl mask rpcbind.socket
Created symlink /etc/systemd/system/rpcbind.socket → /dev/null.

Just for reference, here is the link to the Debian wiki how to disable NFSv4 for older nfs-utils versions:

https://wiki.debian.org/NFSServerSetup#NFSv4_only