1 / 23

Network File System

Learn about Network File System (NFS) features, security measures, and automation in this comprehensive overview. Explore server-side setup, client-side commands, and best practices for secure file sharing.

babineaux
Download Presentation

Network File System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network File System Joshua Caltagirone-Holzli

  2. Overview • Introduction to NFS • Features • General Information • Server Side • Client Side • Automount

  3. Introduction to NFS • NFS – Network File System • In widespread use in many organizations • Developed by Sun • Implemented over Sun Remote Procedural Call • Uses either TCP or UDP

  4. Features • File Locking • Disk Quotas • Cookie and Stateless Mounting • Security and NFS

  5. File Locking • File locking • Traditional System Calls • Flock, lockf, fcntl • Daemons NFS utilizes • Lockd • Statd • NFS file locking is still shakey

  6. Disk Quotas • NFS enforces underlying file system quotas • Daemon for user stats • Rquotad • Disk quotas considered obsolete

  7. Cookies and Stateless Mounting • Clients must explicitly mount an NFS filesystem • NFS is stateless • Does not keep track of who mounts a file system • NFS “cookies” • Sent at conclusion of successful mount • Identifies the mounted directory

  8. Cookies and Stateless Mounting • Unmounting/Remounting changes cookies • Means cookies are saved across reboot • Server crashes cause NFS to resume as normal • Cookie uses RPC file/dev IO • Client responsible for acknowledging server before removing local file (writing)

  9. Security and NFS • /etc/exports • Provides access to NFS volumes • This file enumerates the hostnames of systems who have access to the file system • Export file systems only to clients you trust • Access to NFS ports should be restricted

  10. Security and NFS • File level access on NFS based on: • UID, GID, and file permissions • NFS servers trust the client to tell who is accessing flies • Example: if mary and bob have the same UID then they are able to access each other’s files

  11. Security and NFS • Root_squash – prevents root from changing the UID on the NFS server • Forces root to be a normal user on the server • Block access to portmap (port 111)

  12. General Info • Users should usually be given the same UID on all machines • Anonuid/anonguid – used to change the UID/GID mappings for root • All_squash – forces all clients to have the same UID/GID on the server • No_root_squash – turns off UID mapping for root • Used for diskless systems

  13. Server Side NFS • Mountd – handles mount requests • Nfsd – handles the actual file access requests • Both should start when the system starts • Typical startup scripts: • /etc/rc.d/init.d/nfs (Red Hat/Fedora) • /etc/init.d/nfsboot (SUSE) • /etc/init.d/nfs-* (Ubuntu/Debian)

  14. Server Side NFS • Exportfs – used to add and modify entries for sharing • Exportfs –u (to remove entries) • Exportfs –a (to update export after writing to config /etc/exports) • /etc/exports – typical location for this file • Hosts.allow/hosts.deny • Give hosts access to NFS server

  15. /etc/export • Format: • DIRECTORY HOST1(OPTIONS) HOST2(OPTIONS) • Ex: /home/jc 192.168.1.100(rw,no_root_squash) • Gives root on 192.168.1.100 full access of this directory • Common options: • Subtree_check – verifies that all file requests are within the exported subtree • Async – makes server repiles to write requests before actually writing • Unhide – revleasfilesystems mounted within exported file trees • List of options on page 491

  16. Client Side NFS • Mounted the same way as normal file systems • Mount command understands notion hostname:dicrectory • Showmount –e SERVER • Command allows client to verify that server has properly exported file systems

  17. Example Mount • Mount –o rw,hard SERVER:/PATH /LOCALPATH • Hard – causes all operations who are accessing the server to stop if the server crashes until it is back up again • More mount options on page 493

  18. Client Commands • Df – works are normal • Umount – cannot unmount an NFS volume unless it is not in use • lsof

  19. /etc/fstab • Can mount NFS volumes with fstab • Set fstype to nfs • File system should be SERVER:/PATH • Flags would be nfs options

  20. NFS Stats • Nfsstat – displays various stats of the NFS system • Nfsstat –s • shows server side processes • Nfsstat –c • shows client side processes

  21. Automounting • /etc/init.d/autofs • Startup script for automount daemon • /etc/auto.master • Main file for holding the map information • Format: • /DIRECTORY /MAP/POINT +/-OPTIONS

  22. Conclusion • Introduction to NFS • Features • General Information • Server Side • Client Side • Automount

  23. The End Are there any questions???

More Related