joshua caltagirone-holzli. introduction to nfs features general information server side client...
TRANSCRIPT
NFS – Network File System In widespread use in many organizations Developed by Sun
◦ Implemented over Sun Remote Procedural Call◦ Uses either TCP or UDP
Introduction to NFS
File locking◦ Traditional System Calls
Flock, lockf, fcntl Daemons NFS utilizes
◦ Lockd◦ Statd
NFS file locking is still shakey
File Locking
NFS enforces underlying file system quotas Daemon for user stats
◦ Rquotad Disk quotas considered obsolete
Disk Quotas
Clients must explicitly mount an NFS filesystem
NFS is stateless◦ Does not keep track of who mounts a file system
NFS “cookies”◦ Sent at conclusion of successful mount◦ Identifies the mounted directory
Cookies and Stateless Mounting
Unmounting/Remounting changes cookies◦ Means cookies are saved across reboot
Server crashes cause NFS to resume as normal Cookie uses RPC file/dev IO Client responsible for acknowledging server
before removing local file (writing)
Cookies and Stateless Mounting
/etc/exports◦ Provides access to NFS volumes◦ This file enumerates the hostnames of systems
who have access to the file system Export file systems only to clients you trust Access to NFS ports should be restricted
Security and NFS
File level access on NFS based on:◦ UID, GID, and file permissions
NFS servers trust the client to tell who is accessing flies
Example: if mary and bob have the same UID then they are able to access each other’s files
Security and NFS
Root_squash – prevents root from changing the UID on the NFS server◦ Forces root to be a normal user on the server
Block access to portmap (port 111)
Security and NFS
Users should usually be given the same UID on all machines
Anonuid/anonguid – used to change the UID/GID mappings for root
All_squash – forces all clients to have the same UID/GID on the server
No_root_squash – turns off UID mapping for root◦ Used for diskless systems
General Info
Mountd – handles mount requests Nfsd – handles the actual file access
requests Both should start when the system starts Typical startup scripts:
◦ /etc/rc.d/init.d/nfs (Red Hat/Fedora)◦ /etc/init.d/nfsboot (SUSE)◦ /etc/init.d/nfs-* (Ubuntu/Debian)
Server Side NFS
Exportfs – used to add and modify entries for sharing◦ Exportfs –u (to remove entries)◦ Exportfs –a (to update export after writing to
config /etc/exports) /etc/exports – typical location for this file Hosts.allow/hosts.deny
◦ Give hosts access to NFS server
Server Side NFS
Format:◦ DIRECTORY HOST1(OPTIONS) HOST2(OPTIONS)◦ Ex: /home/jc192.168.1.100(rw,no_root_squash)
Gives root on 192.168.1.100 full access of this directory Common options:
◦ Subtree_check – verifies that all file requests are within the exported subtree
◦ Async – makes server repiles to write requests before actually writing
◦ Unhide – revleas filesystems mounted within exported file trees
List of options on page 491
/etc/export
Mounted the same way as normal file systems
Mount command understands notion hostname:dicrectory
Showmount –e SERVER◦ Command allows client to verify that server has
properly exported file systems
Client Side NFS
Mount –o rw,hard SERVER:/PATH /LOCALPATH◦ Hard – causes all operations who are accessing
the server to stop if the server crashes until it is back up again
◦ More mount options on page 493
Example Mount
Df – works are normal Umount – cannot unmount an NFS volume
unless it is not in use lsof
Client Commands
Can mount NFS volumes with fstab Set fstype to nfs File system should be SERVER:/PATH Flags would be nfs options
/etc/fstab
Nfsstat – displays various stats of the NFS system
Nfsstat –s◦ shows server side processes
Nfsstat –c◦ shows client side processes
NFS Stats
/etc/init.d/autofs◦ Startup script for automount daemon
/etc/auto.master◦ Main file for holding the map information◦ Format:
/DIRECTORY /MAP/POINT +/-OPTIONS
Automounting