Scribd
Upload
4 views14 pages

016 NFS

Uploaded by

nhutb2303839
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views14 pages

016 NFS

Uploaded by

nhutb2303839
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

CSE 265:

System and Network Administration


● The Network File System
– NFS Introduction
– Server-side NFS
– Client-side NFS
– NFS Statistics with nfsstat
– Dedicated NFS File Servers
– Automatic Mounting

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
NFS: Network File System
● Allows systems to share filesystems with other
computers
– Clients mount network file systems just like local filesystems
● Originally designed to be transparent and stateless
● Consists of
– A mounting protocol
– Mount server
– File service daemons
– Diagnostic utilities

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
NFS
● Network File System
– Version 2: slow (obsolete)
● Originally released by Sun in 1985
– Version 3: faster (common)
– Version 4: security, locking (relatively new)
● Uses Sun's RPC (Remote Procedure Call) protocol
(documented in RFC 1050, 1988)
– Supports UDP or TCP for transport (v2,v3)
● File locking is worse under NFS v3 since servers
are stateless

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Magic cookies (NFS v2,v3)
– The server doesn't track which clients have
mounted filesystems (stateless)
– Instead, the server discloses a secret/magic cookie
that identifies the directory to the server on future
access
● Often the cookie is just the filesystem major and minor
device IDs, plus directory inode
– Unmounting and remounting the actual filesystem
on the server normally changes the cookie

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Security and NFS
– Not originally designed for security!
– Access to NFS volumes is determined via
/etc/exports
● lists hostnames or IP addresses that have access
● assumes clients will identify themselves correctly
– TCP wrappers/firewall can help protect service
– File-level access is managed according to UID, GID,
and file permissions
● Just as in local file systems

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
NFS Security Problems
– Users with given UID can access any file with that
UID (even if different user)
● Good reason for globally unique UID space!
– Root access on a client can access any file
– NFS typically uses option called “squashing root”
● Makes incoming requests for UID 0 look like they came
from some other user
● Account named nobody is utilized
– Option all_squash does the same for all users

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Server-side NFS
– Servers “export” a directory to make it available to others
– Servers run two daemons (v2,v3)
rpc.mountd to handle mount requests

● rpc.nfsd for actual file service

– Filesystems to be exported are in /etc/exports


# sample /etc/exports file
# sample /etc/exports file
/ master(rw) trusty(rw,no_root_squash)
/ master(rw) trusty(rw,no_root_squash)
/projects proj*.local.domain(rw)
/projects proj*.local.domain(rw)
/usr *.local.domain(ro) @trusted(rw)
/usr *.local.domain(ro) @trusted(rw)
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
/pub (ro,insecure,all_squash)
/pub (ro,insecure,all_squash)

– Can modify and view exports using exportfs

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Client-side NFS
– NFS filesystems are mounted much like local
filesystems using mount hostname:directory
– Before mounting, filesystem must be exported
● Check with showmount (v2,v3)

#showmount
#showmount -e
-e wume2
wume2
Export
Export list for wume2:
list for wume2:
/projects2 *.local.cse.lehigh.edu,davison
/projects2 *.local.cse.lehigh.edu,davison
/projects1
/projects1 *.local.cse.lehigh.edu,davison
*.local.cse.lehigh.edu,davison

– Use umount to unmount an NFS filesystem


● Can't be unmounted while in use (just like local disks)
● Use lsof to find processes with open files
Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Mounting NFS filesystems
● Use mount for temporary mounts
## mount
mount -o
-o rw,hard,intr,bg
rw,hard,intr,bg server:/home
server:/home /home
/home
● /etc/fstab contains mounts for boot time
wume1:/home
wume1:/home /home
/home nfs
nfs \\
intr,bg,rw
intr,bg,rw 11 11
wume1:/var/spool/mail
wume1:/var/spool/mail /var/spool/mail
/var/spool/mail nfs
nfs \\
intr,bg,rw
intr,bg,rw 11 11

● Common options:
– rw, ro, bg, hard, soft, intr, tcp, udp

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
NFS Statistics and Utilities
– nfsstat
Server rpc stats:
Server rpc stats:
calls badcalls badauth badclnt xdrcall
calls badcalls badauth badclnt xdrcall
40996991 0 0 0 0
40996991 0 0 0 0
Server nfs v3:
Server nfs v3:
null getattr setattr lookup access readlink
null getattr setattr lookup access readlink
2 0% 428484 1% 25913 0% 444794 1% 398283 0% 3174 0%
2 0% 428484 1% 25913 0% 444794 1% 398283 0% 3174 0%
read write create mkdir symlink mknod
read write create mkdir symlink mknod
10193400 24% 29048042 70% 69068 0% 695 0% 3110 0% 0 0%
10193400 24% 29048042 70% 69068 0% 695 0% 3110 0% 0 0%
remove rmdir rename link readdir readdirplus
remove rmdir rename link readdir readdirplus
5014 0% 81 0% 103716 0% 0 0% 38649 0% 1625 0%
5014 0% 81 0% 103716 0% 0 0% 38649 0% 1625 0%
fsstat fsinfo pathconf commit
fsstat fsinfo pathconf commit
853 0% 356 0% 0 0% 231730 0%
853 0% 356 0% 0 0% 231730 0%

– netstat
● General network statistics, may help debugging
– showmount -a
● Shows all systems believed to have mounted filesystems
Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Dedicated NFS File Servers
● Dedicated NFS appliances are available
● Network Appliance, EMC, HP, Oracle, etc.
– Features
● Provide Network Attached Storage (NAS)
● Optimized for file service
● Can scale to lots of storage and users
● Often provide service to both Unix and Windows clients
● More reliable
– simpler software, redundant hardware, RAID
● Easy to administer
● Often provide backup and checkpoint facilities
Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
Automatic Mounting
– Separate lines in /etc/fstab can be difficult in large
networks
● Maintaining /etc/fstab on more than a few dozen machines
is tedious
● Worse is when those machines mount from many hosts
– When an important host crashes, clients are crippled
● Having a copy of the partition mountable elsewhere would
be ideal
– An automounter mounts filesystems only when
needed, and can work with replicated systems for
redundancy

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
automount
– A background process that watches for requests for
files within a specified directory
● Uses autofs kernel-resident filesystem driver
● Then mounts the requested filesystem
– /etc/init.d/autofs script is configured via
/etc/auto.master
/misc
/misc /etc/auto.misc
/etc/auto.misc --timeout=300
--timeout=300
– Each mount point has separate map file (or script),
listing all valid subdirectories and how to get them

Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison
automount example (misc)
# This is an automounter map and it has the following format
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage
# Details may be found in the autofs(5) manpage
cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
brian-sun-windows -fstype=smbfs,rw,noexec,username=brian,pass\
brian-sun-windows -fstype=smbfs,rw,noexec,username=brian,pass\
word=XYZ,uid=501,gid=501 ://gutenberg/brian
word=XYZ,uid=501,gid=501 ://gutenberg/brian
# the following entries are samples to pique your imagination
# the following entries are samples to pique your imagination
#linux -ro,soft,intr ftp.example.org:/pub/linux
#linux -ro,soft,intr ftp.example.org:/pub/linux
#boot -fstype=ext2 :/dev/hda1
#boot -fstype=ext2 :/dev/hda1
#floppy -fstype=auto :/dev/fd0
#floppy -fstype=auto :/dev/fd0
% mount
% mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda2 on /boot type ext3 (rw)
/dev/sda2 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
tmpfs on /dev/shm type tmpfs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
morning:/raid on /net/morning/raid type nfs
morning:/raid on /net/morning/raid type nfs
(rw,nosuid,nodev,hard,intr,addr=128.180.120.43)
(rw,nosuid,nodev,hard,intr,addr=128.180.120.43)
Spring 2016 CSE 265: System and Network Administration ©2004-2016 Brian D. Davison

You might also like