While rpcbind is primarily known for its role in NFS servers (handling port-mapping requests from clients), its presence on NFS clients often raises questions. The Debian package nfs-common explicitly lists rpcbind as a dependency, even for client installations.

Modern NFSv4 clients typically don't require rpcbind for basic operations, as NFSv4 uses well-known ports (2049 TCP). However, consider these scenarios where it becomes necessary:

# Example scenario requiring rpcbind on client:
# When using NFSv3 with file locking (lockd, statd)
mount -t nfs -o vers=3 nfs-server:/share /mnt/nfs

The Debian dependency exists for backward compatibility and to support these features:

• NFSv3 operations
• File locking mechanisms (lockd)
• Status monitoring (statd)
• Mount protocol (mountd)

You can verify if your client needs rpcbind with this experimental approach:

# Stop rpcbind temporarily
sudo systemctl stop rpcbind
# Attempt NFS operations
mount -t nfs4 nfs-server:/share /mnt/nfs
# Check for errors in dmesg or journalctl

If you confirm rpcbind isn't needed:

# On Debian-based systems:
sudo apt purge rpcbind
# Note: This will remove nfs-common too unless you use:
sudo apt --no-remove purge rpcbind

For a pure NFSv4 client in a restricted environment:

# Minimal /etc/nfs.conf configuration for NFSv4-only client
[nfsd]
# Disable all auxiliary services
no-nfsv3=1
no-udp=1

[lockd]
# Disable file locking if not needed
port=0

Remember that while removal is possible for simple use cases, enterprise environments often require the full feature set that depends on rpcbind.

When setting up NFS clients, many administrators encounter the rpcbind dependency and wonder about its necessity. While rpcbind is absolutely critical for NFS servers, its role on clients is more nuanced.

RPC (Remote Procedure Call) services like NFS use port mapping to establish connections. The traditional flow:

Client → rpcbind (port 111) → Gets server port → Connects to NFS service

However, modern Linux kernels (2.6.18+) support the nfs.nolock option and can use direct connections without rpcbind for basic NFS operations.

• Using NFSv3 (which requires portmapper)
• Implementing file locking (via rpc.lockd)
• Running statd for crash recovery
• Mounting with the lock option

Try mounting with these options:

# mount -t nfs -o nolock,vers=3 server:/share /mnt
# mount -t nfs -o vers=4.2 server:/share /mnt

For systemd-based systems, mask the service:

# systemctl mask rpcbind.socket rpcbind.service

The nfs-common package includes client utilities that may need RPC services:

# dpkg -L nfs-common | grep -E 'statd|lockd'
/usr/sbin/rpc.statd
/usr/sbin/rpc.lockd

For minimal clients, consider installing just the kernel NFS modules:

# apt install --no-install-recommends nfs-common

Running rpcbind on clients exposes port 111, which:

• Increases attack surface
• May conflict with firewall rules
• Could leak information about RPC services

For an NFSv4-only client:

# /etc/nfs.conf
[nfsd]
vers4=y
vers3=n

[lockd]
port=0

Combine this with firewall rules blocking port 111:

# iptables -A INPUT -p tcp --dport 111 -j DROP
# iptables -A INPUT -p udp --dport 111 -j DROP