This problem is still present in buster. The relevant strace output seems to be: capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0 capset({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, permitted=0, inheritable=0}) = 0 access("/var/lib/nfs/nfsdcltrack", W_OK) = -1 ENOENT (No such file or directory) lstat("/var/lib/nfs/nfsdcltrack/main.sqlite", 0x7fffcc2d1530) = -1 ENOENT (No such file or directory) getpid() = 9566 getpid() = 9566 openat(AT_FDCWD, "/var/lib/nfs/nfsdcltrack/main.sqlite", O_RDWR|O_CREAT|O_CLOEXEC, 0644) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/var/lib/nfs/nfsdcltrack/main.sqlite", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) mkdir("/var/lib/nfs/nfsdcltrack", 0700) = -1 EACCES (Permission denied)
So my understanding is that it's dropping priviledges, and /var/lib/nfs is owned by statd, but nfsdcltrack is probably run as root instead. Kurt