Disable NFSv3 on Ubuntu 22.04 and newer
As the title states, for my Ubuntu 22.04 NFS server I want to disable NFSv3 to make sure all the connected clients are using
the NFSv4 protocol. None of the instructions to edit the RPCNFSDOPTS and RPCMOUNTDOPTS in
/etc/default/nfs-kernel-server are working.
I just found out why:
the /etc/default/nfs-* files are ignored by the NFS server or client in Ubuntu 22.04. They were left there as a precaution because of the conversion process that converts those options into the new /etc/nfs.conf and /etc/nfs.conf.d/local.conf files.
Some more digging revealed that this config file change was added in nfs-utils version 1.3.5-rc5 and Ubuntu 20.04 still
ships with version 1.3.4. Ubuntu 22.04 and newer are using the 2.x version of nfs-utils.
So I hope this helps someone who is struggling with the same issue.
How to disable NFSv3 on Ubuntu 22.04 and newer
First check which versions are currently exposed:
# sudo cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2
A plus means available, a minus means unavailable.
As seen v3 is still supported +3 and v2 -2 is disabled by default. So let’s disable v3.
The first step is to create a /etc/nfs.conf.d/nfsv3-disable.conf file with the following:
[nfsd]
vers3=n
For more available options check the /etc/nfs.conf file.
Restart the nfs-server and check if v3 is successfully disabled:
# sudo systemctl restart nfs-server
# sudo cat /proc/fs/nfsd/versions
-2 -3 +4 +4.1 +4.2
As seen above the v3 version is now not available anymore -3.
If you want to be complete, you can mask the services not needed for NFSv4 and reduce the system load and attack surface:
# sudo systemctl mask rpcbind.service
Created symlink /etc/systemd/system/rpcbind.service → /dev/null.
# sudo systemctl mask rpcbind.socket
Created symlink /etc/systemd/system/rpcbind.socket → /dev/null.
Just for reference, here is the link to the Debian wiki how to disable NFSv4 for older nfs-utils versions: