Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E60AC43441 for ; Sun, 11 Nov 2018 10:08:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C65F820854 for ; Sun, 11 Nov 2018 10:08:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C65F820854 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727462AbeKKT4c (ORCPT ); Sun, 11 Nov 2018 14:56:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42130 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727448AbeKKT4c (ORCPT ); Sun, 11 Nov 2018 14:56:32 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D114C308A96E; Sun, 11 Nov 2018 10:08:24 +0000 (UTC) Received: from localhost (ovpn-117-40.ams2.redhat.com [10.36.117.40]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 606A85D717; Sun, 11 Nov 2018 10:08:24 +0000 (UTC) Date: Sun, 11 Nov 2018 11:08:22 +0100 From: Niels de Vos To: Naruto Nguyen Cc: Linux NFS Mailing List Subject: Re: mount client port allocated in privilege port range Message-ID: <20181111100822.GB4421@ndevos-x270> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Sun, 11 Nov 2018 10:08:24 +0000 (UTC) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Sat, Nov 10, 2018 at 10:48:41AM +0700, Naruto Nguyen wrote: > Hi everyone, > > When running mount command with tcp under root account, I see that the > tcp client port is allocated in privilege range like 830... I do not > think it's a good behavior as port in privilege range is limited and a > lot of well known service is using it. Could you please let me know > any reason for that? It's better for mount nfs client port to be > allocated in dynamic port range instead even the system is running > under root permission? and any other way to make it happens besides > running under a normal user? Have a look at 'man 5 nfs' and search for the "noresvport" option. You will also want to read the "Using non-privileged source ports" paragraph. HTH, Niels