Network File System - Computing
Download
Report
Transcript Network File System - Computing
NFS
Network File System
NFS (Network File System)
Network file systems allow us to share files between
users on different systems, often with different operating
systems
The Windows® operating systems use CIFS (SMB)
network file system as implemented by the Samba
package on UNIX systems
Developed by Sun Microsystems
Uses the RPC (remote procedure call) service
Requires portmap
Directories shared through the /etc/exports file
Directories mounted through the mount command
NFS: Service Profile
Type: System-V managed service
Package: nfs-utils
Daemons: nfsd, lockd, rpciod, rpc.mountd
rpc.rquotad, rpc.statd
Scripts: nfs, nfslock
Ports: assigned by portmap (111)
Configuration: /etc/exports
Packaging for Unix/Linux
Different packaging approaches
Solaris: Pkg* (pkginfo, pkgadd, pkgmake)
Linux: rpm / rpmbuild
Uses digital signatures
Overall objectives and approaches are similar
Packages are created
NFS Server Components
portmap: maps calls from other machines to
the correct RPC service
nfs: kernel module translates NFS requests
into local file system requests
rpc,mountd: file client used to mount and
unmount remote file systems
/etc/exports examples
/var/ftp/pub
*.dit.ie(ro,sync)
*.comp.dit.ie(rw,sync)
/root/presentations
rbradley.dit.ie(rw,sync)
/data
147.252.230.230(sync)
Note that whitespace makes a difference
[server]([options]) applies the options to that
server
[server1] ([options]) applies the options to
everything apart from the server
/etc/exports
Exported with root-squashing turned on, this
ensures that requests from the root user on a
client machine are denied root access to rootowned files on a server machine
Such requests are mapped onto a uid such as
65534
Can be prevented with the no_root_squash
option, but this is not recommended
/etc/exports examples
More examples:
/usr/local 192.168.0.1(ro) 192.168.0.2(ro)
/home 192.168.0.1(rw) 192.168.0.2(rw, no_root_squash)
Also allow access to sets of computers:
/usr/local 192.168.0.0/255.255.255.0(ro)
/home 192.168.0.0/255.255.255.0(rw)
Controlling access
Most services (anything controlled by inetd and also
nfs) support access control with /etc/hosts.allow,
/etc/hosts.deny
Format of files is:
E.g:
[service name]: [host or network/netmask], [host
or network/netmask] …
portmap: 192.168.0.1 , 192.168.0.2
mountd: 192.168.0.1 , 192.168.0.2
All: all
Controlling access
Any service using this approach will follow
the process:
Check in hosts.allow: if the requesting server is in
this file, allow the access and finish
Now check in hosts.deny, if the requesting server
is not in this file, allow the access and finish.
Allow access
For nfs, to allow/deny access ALL the
services need to be included in the file.
portmap, lockd, mountd, rquotad, statd
NFS Client
Client side NFS implemented as a kernel
module
/etc/fstab used to specify network mounts.
NFS shares are mounted at boot time by
/etc/rc.d/init.d/netfs
NFS Client
Shares can be mounted manually by root, or
automatically at boot time.
The default /etc/fstab nfs entries in UML
Device
/dev/ubd/0
/proc
/dev/ubd/1
mountpoint type options dump fsckorder
/
ext2
defaults 1 1
/proc
proc
defaults
none
swap
sw
/etc/fstab nfs entry
Device
mountpoint type options dump fsckorder
Server1:/var/ftp/pub /mnt/pub nfs defaults 0 0
NFS Mount Options
Options include
rsize=8192 and wsize=8192 will speed up transfers considerably
soft: processes return with an error on a failed I/O attempt
hard: will block a process that tries to access an unreachable
share.
nolock: disables file locking and allows inter operation with older
NFS servers
nosuid: stops suid enabled programmes executing from the
mounted file system.
noexec: stops all programmes executing from the mounted file
system.
ro: Read only file system
rw: Read/write access
NFS autofs
autofs provides the ability to mount NFS
shares on demand and to unmount them
when they are idle
autofs uses the files /etc/auto.master and
/etc/auto.misc for configuration
autofs is a kernel service, but must be
enabled by configuring autofs to run in the
appropriate run levels
NFS Services
exportfs –r refreshes the server’s share list
after modifying /etc/exports
-v displays a list of the shared directories and
options on a server
-a exports all shares listed in the /etc/exports or a
share named as an argument
-u unexports the share named as an argument or
all shares with no argument and a –a
-e host shows the available shares on host
Trouble shooting nfs
Unable to see a mounted file system:
cat /proc/mounts
mount –f
Permission denied on mount attempt:
Check that the fstab entry and exports have the
same access (i.e. ro, rw etc)
Check you haven’t attempted to export both a
parent and a child
i.e. /usr and /usr/local can’t be both exported.
Trouble shooting nfs II
RPC: Program not registered
On the server, use ps or rpcinfo –p to check that
portmapper, nfs and mountd are running
On the client, use rpcinfo –p [server] to check that
it can see the services
If the client gets No Remote programs registered,
check hosts.allow and hosts.deny
Trouble shooting nfs III
Permissions aren’t right
/export/dir hostname(rw,no_root_squash)
/export/dir hostname (rw,no_root_squash)
These statements aren’t the same. White
space in the second will mean that everybody
apart from hostname will get the privileges in
the ().
NFS optimisation
Issues:
NFS is sensitive to network traffic
NFS needs both read and write performance
NFS traffic is bursty
Detection:
/usr/sbin/nfsstat –n -a
NFS optimisation
Lower the nice value
Switch to a journaling file system
Spread NFS exported file systems across
multiple disks and disk controllers.
Use RAID 0/1
RAID 5 isn’t fast on writes
Reduce the number of write intensive mounts
Automount is difficult to get away from
FTP
File Transfer Protocol
FTP Service Profile
System-V managed Service
Package: vsftpd
Script: vsftpd
Ports: 21 (ftp) 20 (ftp-data)
Config Files:
/etc/vsftpd/vsftpd.conf
/etc/vsftpd.ftpusers
/etc/pam.d/vsftpd
Log File: /var/log/vsftpd.log
FTP (File Transfer Protocol)
Linux uses vsftpd, which is no longer
managed by inetd by default
Can be configured to use xinetd.
/etc/vsftpd/vsftpd.conf is the main
configuration file
Two levels of access:
anonymous, by default, users are based in
/var/ftp
By default, anonymous users can download files,
but not upload them
FTP (File Transfer Protocol)
rbradley@aisling:~$ ftp taranaki
Connected to taranaki.student.comp.dit.ie.
220 taranaki FTP server (SunOS 5.8) ready.
Name (taranaki:rbradley): rbradley
331 Password required for rbradley.
Password:
230 User rbradley logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
FTP – User access
In /etc/vsftpd/vsftpd.conf
Control anonymous user access with
anonymous_enable=YES/NO
Control anonymous user access with upload
anon_upload_enable=YES/NO
Existing users on a system log in using their usual
username and password
By default, users can download any file they can
read and upload to any directory to which they
have write access
FTP – User access
ftp> pwd
257 "/export/home/lecturer/rbradley" is current directory.
ftp> cd ..
250 CWD command successful.
ftp> pwd
257 "/export/home/lecturer" is current directory.
ftp> lcd ..
Local directory now /home/staff
ftp>
FTP – controlling user access
/etc/vsftpd/vsftpd.conf
the main configuration file
Two additional files used to control access
/etc/vsftpd.ftpusers
/etc/vsftpd.user_list
FTP – controlling user access
Individual users can be denied access by placing
their names in /etc/vsftpd.ftpusers
/etc/vsftpd.user_list is examined if
userlist_enable=YES is set in /etc/vsftpd.conf
The list file can be used either to grant access
(userlist_deny=NO) or to deny access
(userlist_deny=YES)
.message file will be displayed to anybody changing
to a directory.
Can also use hosts.allow and hosts.deny
FTP – Controlling directory
access
By default, ftp connects to the /usr/ftp/pub
directory.
Users can be restricted to only their home
directory
chroot_list_enable=NO/YES
chroot_list_file=/usr/local/etc/vsftpd.chroot_list