200 likes | 443 Views
Network File Sharing. Module - Network File Sharing. Overview This module focuses on configuring Network File System (NFS) for servers and clients. This enables clients to share files across Linux and UNIX networks. Lessons covered in this module Introduction to NFS
E N D
Module - Network File Sharing Overview This module focuses on configuring Network File System (NFS) for servers and clients. This enables clients to share files across Linux and UNIX networks. Lessons covered in this module Introduction to NFS Configuring NFS Server Configuring NFS Client
Lesson 1 - Introduction to NFS Introduction The NFS is a method of sharing files. It provides local access to remote disks and file systems. Its proper understanding will help in sharing files and directories on other systems in a different city or country. Topics covered in this lesson Understanding NFS NFS Installation Merits and Demerits
Topic 1 – Understanding NFS NFS has client/server architecture. The NFS server has consists of physical disks that contain the shared file systems. NFS daemons show and provide them to users on the network. The NFS daemons provide remote access to the exported file systems, enable file locking and help enforce quotas on the NFS exports. An NFS client has only to mount the exported files locally into a file system called an NFS mount. NFS is also used to store users' home directories on a central server and to mount them when users log in or boot their systems.
Topic 2 – NFS Installation The considerations for a good NFS installation Take into account site-specific need Decide which file systems to export Determine the amount of data to be shared Understand the underlying network you will use Other network services to be provided The number and type of servers and clients Installation involves configuring the exports and starting the daemons, testing to ensure that the naming convention and mounting scheme work properly and monitoring.
Topic 3 - Merits and Demerits Merits NFS provides centralized control, maintenance, and administration. It is easier to back up file systems stored on a single server. NFS conserves disk space and prevent duplication of resources. Log in and access the home directories from any system. Protect important data by storing it on an NFS mounted file system. Demerits Sensitive to network congestion, heavy network traffic slows it down. Heavy disk activity on server reduces performance speed. If the disk or server crashes that resource becomes inaccessible. Potential security problems and unsafe across the Internet.
Lesson 2 – Configuring NFS Server Introduction Configuring NFS server involves understanding the contents, format and options of configuration files. These determine the characteristics of the exported file systems and affect the performance of NFS. Topics covered in this lesson Configuration Files Server Daemons Server Scripts and Commands
Topic 1 - Configuration files The NFS server configuration file is /etc/exports. It has a list of file systems to export, the clients permitted to mount them, and the export options. Each line in /etc/exports has the following format: dir [host] (options) [ .……] dir indicates a directory to export, host denotes the hosts permitted to mount dir, and options denotes mount options. If there is space between hostname and options it will make the directory world accessible. The options determine the characteristics of the exported file system
Topic 2 - Server Daemons NFS Server Daemons lockd starts NFS lock manager in the kernel mountd is used to process mount requests from NFS clients nfsd is responsible for all NFS services other than file locking and quota management portmap informs about the NFS services available on any particular NFS server rquotad informs about file system quota of NFS exports to clients statd is used for lock recovery if an NFS server crashes
Topic 3 - Server Scripts and Commands Server Scripts portmap maps calls from other devices to the correct RPC service nfsd translates NFS requests into requests on the local file system rpc.mountd is for mounting and unmounting file systems Commands exportfs -r updates the server's shared files list in /etc/exports. exportfs -v displays list of shares and options on a server. exportfs -a exports shared files listed in /etc/exports. exportfs -u unexports all files without arguments. showmount –e localhost shows the shared files on the host.
Lesson 3 - Configuring NFS Client Introduction In order to be able to use NFS services the client system should be configured. This helps in determining the various options for sharing files across the network and security issues. Topics covered in this lesson Configuration Procedure Automount Services Security Issues NFS Troubleshooting
Topic 1 - Configuration Procedure NFS is implemented in client machines as a kernel module. Network mounts are specified /etc/fstab file. NFS shared files are mounted at boot time by /etc/rc.d/init.d/nfs . autofs can be used to mount and unmount NFS shared files. NFS options in /etc/fstab : rsize=8192 and wsize=8192 speed up NFS throughput soft returns with an error on a failed I/O attempt hard will block if you try to access an unshared file intr interrupts or kills NFS requests if server is unreachable nolock disables file locking (lockd) and allows interoperation with other NFS servers
Topic 2 - Automount Services The easiest way to mount NFS exports is to use autofs. This automatically mounts file systems. autofs uses the automount daemon to mount and unmount file systems configured to control. autofs uses a master map file, /etc/auto.master to associate mount points with secondary map files. The secondary map file defines the mount options for file systems mounted under the corresponding directory. Each line in a secondary map file has the general form: root@ server1~]# localdir [-[options]] remotefs localdir is the directory beneath the NFS mount point. remotefs specifies the host and pathname of the NFS mount.
Topic 3 - Security Issues The /etc/exports file is a weak point in NFS. Use host access control to limit access to services Use of IP packet firewalls and netfilter or TCP Wrappers increase NFS server security Always use the root_squash option in /etc/exports All critical files should be owned by root Export file systems using the all_squash option Disable SUID root programs on NFS mounts with the nosuid option.
Topic 4 – NFS Troubleshooting Export Failures Entering a user name as the anonymous user when the option requires a UID number (such as 505). The name of the computer being allowed to share the directory failing to have its address resolved. Unmount Failures If there is a process holding the directory open it should be killed to unmount. Contd…
Topic 4 – NFS Troubleshooting Mount Failures - reasons Wrong share Information Firewalls blocking NFS ports Directory is not being accessed. You don't have proper permission
Lab Exercises Configuring NFS to share users home directory with the server has read-write.
Conclusion Summary NFS monitoring is necessary to export file systems, network security and satisfactory performance. NFS has potential security problems and is unsafe across the Internet. NFS services daemons portmap, mountd, nfsd, statd, lockd, and rquotad. NFS commands configure the server with access permissions and export characteristics. nosuid option, file locking, TCP wrappers, and packet filters can ensure security for NFS clients. Mount, unmount and export failures can occur in NFS due to wrong share information or firefalls. Question and Answer Session