The protocol used by rpc.rquotad is an unsecured and obsolete protocol and should be disabled. This security vulnerability is discussed in CVE-1999-9625 and further details can be found in that document. This procedure can disrupt NFS clients relying on disk quotas. To avoid issues, schedule a maintenance outage and stop these NFS clients.
For CentOS/RHEL 6 and earlier
1. Edit the file /etc/sysconfig/nfs to have an entry which reads RQUOTAD=”no”, for example:
# fgrep RQUOTAD /etc/sysconfig/nfs # The below line disables the insecure, obsolete quota protocol used by RQUOTAD RQUOTAD="no"
2. Restart the NFS service to activate the change:
# /sbin/service nfs stop # /sbin/service nfs start
For CentOS/RHEL 7 and later
CentOS/RHEL 7 and later uses systemd to manage services. The mask operation prevents even root from starting the service:
# /sbin/systemctl stop rpc-rquotad.service # /sbin/systemctl disable rpc-rquotad.service # /sbin/systemctl mask rpc-rquotad.service
Verify the service status and check if the service can be started/restarted.
# /sbin/systemctl restart rpc-rquotad.service Failed to restart rpc-rquotad.service: Unit is masked. # /sbin/systemctl status rpc-rquotad.service ● rpc-rquotad.service Loaded: masked (/dev/null; bad) Active: inactive (dead
rpc.rquotad is an unsecured and obsolete protocol and it should be disabled.