C S E 265: S ys te m a nd Ne twork Adm inis tra tion

The Network File System
– – – – – –

NFS Introduction Server-side NFS Client-side NFS NFS Statistics with nfsstat Dedicated NFS File Servers Automatic Mounting

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

NFS
– – – –

Network File System Allows systems to share filesystems among computers Designed to be transparent and stateless Consists of
● ● ● ●

A mounting protocol Mount server File service daemons Diagnostic utilities

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

Magic cookies
– –

The server doesn't track which clients have mounted filesystems (stateless) Instead, the server discloses a secret/magic cookie that identifies the directory to the server on future access

Often the cookie is just the filesystem major and minor device IDs, plus directory inode

Unmounting and remounting the actual filesystem on the server normally changes the cookie

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

NFS

Network File System
– – –

Version 2: slow

Originally released by Sun in 1985

Version 3: faster (common) Version 4: security, locking (relatively new)

Uses Sun's RPC (Remote Procedure Call) protocol (documented in RFC 1050, 1988)

Supports UDP or TCP for transport

File locking is worse under NFS v3 since servers are stateless
CSE 265: System and Network Administration ©2004-2010 Brian D. Davison

Spring 2010

Security and NFS
– –

Not originally designed for security! Access to NFS volumes is determined via /etc/exports
● ●

lists hostnames or IP addresses that have access assumes clients will identify themselves correctly

– –

TCP wrappers/firewall can help protect service File-level access is managed according to UID, GID, and file permissions

Just as in local file systems

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

NFS Security Problems

Users with given UID can access any file with that UID (even if different user)

Good reason for globally unique UID space!

– –

Root access on a client can access any file NFS typically uses option called “squashing root”

Makes incoming requests for UID 0 look like they came from some other user Account named nobody is utilized

Option all_squash does the same for all users

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

Server-side NFS
– –

Servers “export” a directory to make it available to others Servers run two daemons rpc.mountd to handle mount requests ● rpc.nfsd for actual file service Filesystems to be exported are in /etc/exports

# s a mp l e / e t c /e x p o r t s f i l e # s a mp l e / e t c /e x p o r t s f i l e / ma s t e r ( r w) t r u s t y ( r w, n o _ r o o t _ s q u a s h ) / ma s t e r ( r w) t r u s t y ( r w, n o _r o o t _ s q u a s h ) /p r o j e c t s p r o j * . l o c a l . d o ma i n ( r w) /p r o j e c t s p r o j * . l o c a l . d o ma i n ( r w) /u s r * . l o c a l . d o ma i n ( r o ) @ r u s t e d ( r w) t /u s r * . l o c a l . d o ma i n ( r o ) @ r u s t e d ( r w) t /h o me / j o e p c 0 0 1 ( r w, a l l _s q u a s h , a n o n u i d =1 5 0 , a n o n g i d =1 0 0 ) /h o me / j o e p c 0 0 1 ( r w, a l l _ s q u a s h , a n o n u i d =1 5 0 , a n o n g i d =1 0 0 ) /p u b ( r o , i n s e c u r e , a l l _s q u a s h ) /p u b ( r o , i n s e c u r e , a l l _s q u a s h )

Can modify and view exports using exportfs

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

Client-side NFS
– –

NFS filesystems are mounted much like local filesystems using mount hostname:directory Before mounting, filesystem must be exported

Check with showmount
#s h h o wmo u n t - -e e wu me 22 #s o wmo u n t wu me Ex pp o r t l li is st t f foo r wu me 22 : or t r wu me : Ex // p r o je e c ts s22 ** .l loo c a l. .c c se e .l le e h ig g h .e e d u ,dd a v is soo n pr oj c t . cal s . hi h. du, a vi n // p r o je e c ts s11 ** .l loo c a l. .c c se e .l le e h ig g h .e e d u ,dd a v is soo n pr oj c t . cal s . hi h. du, a vi n

Use umount to unmount an NFS filesystem
● ●

Can't be unmounted while in use Use lsof to find processes with open files
CSE 265: System and Network Administration ©2004-2010 Brian D. Davison

Spring 2010

Mounting NFS filesystems

Use mount for temporary mounts
# mo uu n t - -oo r rw, hh ar rdd ,i inn tr r, ,bb g s seer rvv er r: :// h o me // h o me t g e h o me h o me # mo n t w, a ,

/etc/fstab contains mounts for boot time
wu me 11 :/h oo me wu me : /h me i inn tr r, ,bb g ,r rw 11 11 t g, w wu me 11 :/v aar r// spp o o l// mai il l s o o l ma wu me : /v i inn tr r, ,bb g ,r rw 11 11 t g, w // h o me h o me // v ar r// spp o o l/ma i il l v a s o o l / ma nn fs s f nn fs s f \\ \\

Common options:

rw, ro, bg, hard, soft, intr, tcp, udp
CSE 265: System and Network Administration ©2004-2010 Brian D. Davison

Spring 2010

NFS Statistics and Utilities

nfsstat

S e r ve r r pc s t a t s : Se r ve r r pc s t a t s : cal l s ba dc a l l s ba da ut h ba dc l nt xdr c a l l cal l s ba dc a l l s ba da ut h ba dc l nt xdr c a l l 40996991 0 0 0 0 40996991 0 0 0 0 S e r ve r nf s v3: Se r ve r nf s v 3: nul l get at t r s et at t r l ookup acces s r e a dl i nk nul l get at t r s et at t r l ookup acces s r e a dl i nk 2 0% 428484 1% 25913 0% 444794 1% 398283 0% 3174 0% 2 0% 428484 1% 25913 0% 444794 1% 398283 0% 3174 0% r ead wr i t e cr eat e mk d i r s y ml i n k mk n o d read wr i t e cr eat e mk d i r s y ml i n k mk n o d 10193400 24% 29048042 70% 69068 0% 695 0% 3110 0% 0 0% 10193400 24% 29048042 70% 69068 0% 695 0% 3110 0% 0 0% r e mo v e r md i r r e n a me l i nk r e a ddi r r e a ddi r pl us r e mo v e r md i r r e n a me l i nk r e a ddi r r e a ddi r pl us 5014 0% 81 0% 103716 0% 0 0% 38649 0% 1625 0% 5014 0% 81 0% 103716 0% 0 0% 38649 0% 1625 0% f sst at f s i nf o pa t hc onf c o mmi t f sst at f s i nf o pa t hc onf c o mmi t 853 0% 356 0% 0 0% 231730 0% 853 0% 356 0% 0 0% 231730 0%

– –

netstat

General network statistics, may help debugging Shows all systems believed to have mounted filesystems
CSE 265: System and Network Administration ©2004-2010 Brian D. Davison

showmount -a

Spring 2010

Dedicated NFS File Servers

Dedicated NFS appliances are available

Network Appliance, EMC, HP/Dell, Oracle/Sun, etc. Provide Network Attached Storage (NAS) Optimized for file service Can scale to lots of storage and users Often provide service to both *nix and Windows clients More reliable

Features
● ● ● ● ●

simpler software, redundant hardware, RAID

● ●

Easy to administer Often provide backup and checkpoint facilities
CSE 265: System and Network Administration ©2004-2010 Brian D. Davison

Spring 2010

Automatic Mounting

Separate lines in /etc/fstab can be difficult in large networks

Maintaining /etc/fstab on more than a few dozen machines is tedious Worse is when those machines mount from many hosts Having a copy of the partition mountable elsewhere would be ideal

When an important host crashes, clients are crippled

An automounter mounts filesystems only when needed, and can work with replicated systems for redundancy
CSE 265: System and Network Administration ©2004-2010 Brian D. Davison

Spring 2010

automount

A background process that watches for requests for files within a specified directory
● ●

Uses autofs kernel-resident filesystem driver Then mounts the requested filesystem

/etc/init.d/autofs script is configured via /etc/auto.master
/mi s sc c /e t tc c /auu too .mi s sc c - -- -t ti ime oo u t=6 00 /mi /e /a t . mi me u t =6

Each mount point has separate map file (or script), listing all valid subdirectories and how to get them

Spring 2010

CSE 265: System and Network Administration

©2004-2010 Brian D. Davison

automount example
# Th i s i s a n a u t o mo u n t e r ma p a n d i t h a s t h e f o l l o wi n g f o r ma t # Th i s i s a n a u t o mo u n t e r ma p a n d i t h a s t h e f o l l o wi n g f o r ma t # k e y [ - mo u n t - o p t i o n s - s e p a r a t e d - b y - c o mma ] l o c a t i o n # k e y [ - mo u n t - o p t i o n s - s e p a r a t e d - b y - c o mma ] l o c a t i o n # De t a i l s ma y b e f o u n d i n t h e a u t o f s ( 5 ) ma n p a g e # De t a i l s ma y b e f o u n d i n t h e a u t o f s ( 5 ) ma n p a g e cd - f s t y p e =i s o 9 6 6 0 , r o , n o s u i d , n o d e v : / d e v / c d r o m cd - f s t y p e =i s o 9 6 6 0 , r o , n o s u i d , n o d e v : / d e v / c d r o m b r i a n - s u n - wi n d o ws - f s t y p e =s mb f s , r w, n o e x e c , u s e r n a me =b r i a n , p a s s \ b r i a n - s u n - wi n d o ws - f s t y p e =s mb f s , r w, n o e x e c , u s e r n a me =b r i a n , p a s s \ wo r d =XYZ, u i d =5 0 1 , g i d =5 0 1 : / / g u t e n b e r g / b r i a n wo r d =XYZ, u i d =5 0 1 , g i d =5 0 1 : / / g u t e n b e r g / b r i a n # t h e f o l l o wi n g e n t r i e s a r e s a mp l e s t o p i q u e y o u r i ma g i n a t i o n # t h e f o l l o wi n g e n t r i e s a r e s a mp l e s t o p i q u e y o u r i ma g i n a t i o n #l i n u x - r o, s of t , i nt r f t p . e x a mp l e . o r g : / p u b / l i n u x #l i n u x - r o, s of t , i nt r f t p . e x a mp l e . o r g : / p u b / l i n u x #b o o t - f s t y p e =e x t 2 : /d e v /h d a 1 #b o o t - f s t y p e =e x t 2 : /d e v /h d a 1 #f l o p p y - f s t y p e =a u t o : /d e v /f d 0 #f l o p p y - f s t y p e =a u t o : /d e v /f d 0 % mo u n t % mo u n t /d e v /h d a 2 o n / t y p e e x t 3 ( r w) /d e v /h d a 2 o n / t y p e e x t 3 ( r w) a u t o mo u n t ( p i d 7 9 0 9 ) o n / mi s c t y p e a u t o f s ( r w, f d =5 , p g r p =7 9 0 9 , mi n p r o t o \ a u t o mo u n t ( p i d 7 9 0 9 ) o n / mi s c t y p e a u t o f s ( r w, f d =5 , p g r p =7 9 0 9 , mi n p r o t o \ =2 , ma x p r o t o =3 ) =2 , ma x p r o t o =3 ) % p s a u x | g r e p a u t o mo u n t % p s a u x | g r e p a u t o mo u n t r oot 7 9 0 9 0 . 0 0 . 1 2 6 4 4 6 2 0 p t s /1 S 19: 43 r oot 7 9 0 9 0 . 0 0 . 1 2 6 4 4 6 2 0 p t s /1 S 19: 43 s b i n /a u t o mo u n t - - t i me o u t 6 0 / mi s c f i l e / e t c / a u t o . mi s c s b i n /a u t o mo u n t - - t i me o u t 6 0 / mi s c f i l e / e t c / a u t o . mi s c
Spring 2010 CSE 265: System and Network Administration

0 : 0 0 /u s r /\ 0 : 0 0 /u s r /\

©2004-2010 Brian D. Davison

Sign up to vote on this title
UsefulNot useful