CIT 470: Advanced Network and System Administration

Slides:



Advertisements
Similar presentations
Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.
Advertisements

COS 420 DAY 25. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Network File Sharing Chapter 18. Chapter Goals Understand concepts of network file sharing Understand NFS server setup Understand NFS client setup Understand.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
NETWORK FILE SYSTEM (NFS) By Ameeta.Jakate. NFS NFS was introduced in 1985 as a means of providing transparent access to remote file systems. NFS Architecture.
NFS – Network File System WeeSan Lee
Network File System CIS 238. NFS (Network File System) The most commercially successful and widely available remote file system protocol Designed and.
Joshua Caltagirone-Holzli
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Remote Disk Access with NFS
File Systems (2). Readings r Silbershatz et al: 11.8.
NFS Server Setup NFS SERVER SETUP. Network File Service NFS Server Setup Allows to share Directories between UNIX Systems Daemons: netfs, nfs, nfslock.
1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.
1 COP 4343 Unix System Administration Unit 15: file server – ftp – nfs.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.
SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.
New SA Training Topic 8: File System Access  Our organization uses a variety of services for accessing files on remote systems  WWW  FTP  CIFS/SMB.
2002 Networking Operating Systems (CO32010) 1. Operating Systems 2. Processes and scheduling 3.
Samba version What is the Samba? Samba is a suite of programs which work together to allow clients to access to a server's filespace and printers.
High Availability NFS on Linux Winson Wang Hewlett-Packard Company Cupertino, CA Tel:
TELE 301 Lecture 10: Scheduled … 1 Overview Last Lecture –Post installation This Lecture –Scheduled tasks and log management Next Lecture –DNS –Readings:
DFS & Active Directory Joshua Hedges |Brandon Maxfield | Robert Rivera | Will Zilch.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Accounts and Namespaces.
What is a Distributed File System?? Allows transparent access to remote files over a network. Examples: Network File System (NFS) by Sun Microsystems.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Centralized logins with NIS Eric Stolten Tim Meade Mark Sidnam.
10.1 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.4 File System Mounting A file system must be mounted before it can be accessed.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Change and Configuration Management.
Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Sys Admin Course NFS and SAMBA Fourie Joubert. Sys Admin Course NFS NFS is the Network File System It allows Linux systems to share a file system, or.
NFS : Network File System SMU CSE8343 Prof. Khalil September 27, 2003 Group 1 Group members: Payal Patel, Malka Samata, Wael Faheem, Hazem Morsy, Poramate.
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
Network File System Campus-Booster ID : **XXXXX Copyright © SUPINFO. All rights reserved NFS.
NFS Network File System. NFS (Network File System) Network file systems allow us to share files between users on different systems, often with different.
Distributed File Systems Objectives –to understand Unix network file sharing Contents –Installing NFS –How To Get NFS Started –The /etc/exports File –Activating.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Change and Configuration Management.
Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration System Monitoring.
1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.
EE324 INTRO TO DISTRIBUTED SYSTEMS. Distributed File System  What is a file system?
Linux Operations and Administration
SAMBA (ORIGINAL SLIDES BY DR. JAMES WALDEN, NKU) CT320: Advanced Network and System Administration Slide #1 CT320 : Advanced Network and System Administration.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Introduction to AFS IMSA Intersession 2003 Managing AFS Services Brian Sebby, IMSA ‘96 Copyright 2003 by Brian Sebby, Copies of these slides.
Introduction to AFS IMSA Intersession 2003 An Overview of AFS Brian Sebby, IMSA ’96 Copyright 2003 by Brian Sebby, Copies of these slides.
Network File System Peter DSouza. NFS  Allows machines to mount a disk partition on a remote machine as if it were a local drive  Other systems similar.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
CIT 470: Advanced Network and System Administration
How Do Users Share Computer Files?
Distributed File Systems
Filesystem Caching (FS-Cache)
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
Exercise 7 Samba.
CIT 470: Advanced Network and System Administration
CIT 470: Advanced Network and System Administration
Chapter 3: Windows7 Part 4.
CIT 470: Advanced Network and System Administration
IS3440 Linux Security Unit 4 Securing the Linux Filesystem
– Chapter 3 – Device Security (B)
NFS.
CIT 470: Advanced Network and System Administration
Network File System (NFS)
Presentation transcript:

CIT 470: Advanced Network and System Administration Distributing Files CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Topics Sharing Files Copying Files: push vs pull rsync Network Filesystems Administering NFS CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Sharing Files System files Centralize administration: shared logins, naming. Solution: copy files between machines. Alt Solution: Directory services (LDAP.) User files User wants access to files on every machine. Alt Solution: Network filesystems. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Copying Files Advantages No network services to set up. Works everywhere. Decisions Push vs Pull Solutions ftp wget ssh rsync CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Automating ftp #!/usr/bin/expect spawn ftp mysvr.nku.edu expect “username:” send “ftp\r” expect “password:” send “expect@client.nku.edu\r” expect “ftp>” send “bin\r” send “prompt\r” send “mget *\r” send “bye\r” expect eof CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration wget Non-interactive file retrieval Protocols: ftp, http, https. Useful for automating file xfer in scripts. Ex: wget http://svr.nku.edu/files/etc/hosts Options Authentication and proxying. Quiet Recursive: follows links in HTTP documents. Resume Retries CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration ssh-based copying Securely copy files to/from another host. Limitations scp copies list of files on command line (-r for recursive) to single destination. Copies all files, not just updated files. Must share keys to authenticate securely. sftp most suited for manual fs exploration. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration rsync Synchronizes file trees between machines. Advantages Makes remote tree identical to local one. Only copies files that have been changed. Only copies file parts that have been changed. Useful for local mirroring, staging dirs, &c too. Transport Mechanisms rcp: insecure, avoid. scp: secure, commonly used. rsync: rsync protocol, best for anonymous use. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration rsync over ssh Push rsync -av -e ssh local root@svr:test Pull rsync -av -e ssh root@svr:test local Test rsync -avn -e ssh root@svr:test local CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Fine tuning rsync Deleting removed files (be careful) rsync -av -e ssh --delete local root@svr:test Excluding unwanted files. On the command line rsync -av -e ssh --exclude=“*.bak” --exclude=".?*.sw?” local root@svr:test Through a file rsync -av -e ssh --exclude-from=~/exclude-list local root@svr:test CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration rsync server Setting up an rsync server Create an rsyncd.conf file. Server: rsync --daemon Client: rsync svr::public/new.tgz . Simple, but be careful about security. Often secure by DNS name or IP address. Can secure by user with rsync secrets file. No encryption (need to use ssh tunnel.) CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration rsyncd.conf # "global-only" options syslog facility = local5 # global options which may also be defined in modules use chroot = yes uid = nobody gid = nobody max connections = 20 timeout = 600 read only = yes # module: [public] path = /home/rsync comment = Tarball archive hosts allow = *.nku.edu, 10.18.3.0/24, 10.30.4.4 ignore nonreadable = yes refuse options = checksum dont compress = * CIT 470: Advanced Network and System Administration

Other File Distribution Systems rdist Older tool like rsync but slower, fewer features. unison Unlike rsync, handles updates on both sides. Conflict resolution like CVS to handle case when file is modified on both sides. cfengine Maintains state of system according to policy. Copies files as needed to meet policy. CIT 470: Advanced Network and System Administration

Automating File Copying Write a cron job. Script can verify data before/after copy too. How to deal with many machines? Add a random delay using a simple script: #!/usr/bin/perl # sleep 0-15 minutes (0-900s) sleep rand() * 900; CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Network Filesystems Idea: Use filesystem to transparently share files between computers. Solution: Client mounts network fs as normal. Client filesystem code sends packets to server(s). Server responds with data stored on a regular on-disk filesystem. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration NFS Network File System Transparent, behaves like a regular UNIX filesystem. Uses UNIX UIDs,GIDs,perms but can work on Win. Since NFS is stateless, file locking and recovery are handled by rpc.lockd and rpc.statd daemons. Security Server only lets certain IP addresses mount filesystems. Client UIDs have same permissions on server as client. Client root UID is mapped to nobody, but Root can su to any client UID to access any file. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration CIFS Microsoft Network Filesystem Derived from 1980s IBM SMB net filesystem. Originally ran over NetBIOS, not TCP/IP. \\svr\share\path Universal Naming Convention Auth: NTLM (insecure), NTLMv2, Kerberos Implementation MS Windows-centric (filenames, ACLs, EOLs) Samba: UNIX client and server software. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration AFS Distributed filesystem Global namespace: /afs/abc.com/vol_home1 Servers provide one or more volumes. Volume replication with RO copies on other svrs. Cells are administrative domains within AFS. Cells contain multiple servers. Each server provides multiple volumes. Security Kerberos authentication ACLs with user-administered groups CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration NFSv4 New model of NFS Only one protocol (no separate mount,lock,etc.) Global namespace. Security (ACLs, Kerberos, encryption) Cross platform + internationalized. Better caching via delegation of files to clients. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Adminstering NFS NFS Versions Using NFS NFS Services Server and Client Configuration Automounter Security Performance CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration NFS Verions v2 (1984) UDP 32-bit v3 (1992) TCP 64-bit. v4 (2000) Distributed, x-platform, security. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Using NFS Client Start portmap … Mount filesystems. Server Start portmap Start NFS services. Configure exports. Export filesystems. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration NFS Services portmap — RPC service for Linux portmap nfs — NFS file server processes. rpc.mountd rpc.rquotad nfsd nfslock — Optional file locking service. rpc.statd CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration NFSv2/3 Processes rpc.mountd — Handles client mount requests. rpc.nfsd — NFS server processes. rpc.lockd — Process for optional nfslock service. rpc.statd — Handles server crashes for nfslock. rpc.rquotad — Quotas for remote users. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration rpcinfo > rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 32774 nlockmgr 100021 1 tcp 34437 nlockmgr 100011 1 udp 819 rquotad 100011 2 udp 819 rquotad 100011 1 tcp 822 rquotad 100011 2 tcp 822 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100005 2 udp 836 mountd 100005 2 tcp 839 mountd 100005 3 udp 836 mountd 100005 3 tcp 839 mountd CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration NFSv4 Processes nfsd — NFSv4 server processes. Handles mounts. rpc.idmapd — Maps NFSv4 names (user@domain) and local UIDs and GIDs. Uses /etc/idmapd.conf. rpc.svcgssd — Server transport Kerberos auth. rpc.gssd — Client transport Kerberos auth. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Server Configuration Configure /etc/exports List filesystems to be exported. Specify export options (ro, rw, etc.) Specify hosts/networks to export to. Export filesystems. exportfs Start NFS server (if not already started) service portmap start service nfs start CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration /etc/exports Format: directory hosts(options) Options ro, rw Read-only, read-write. async Server replies before write. sync Save before reply (default) all_squash Map all users to anon UID/GID. root_squash Map root to anon UID (default) no_root_squash Don’t map root (insecure.) anon{uid,gid} Set anonymous UID, GID. Examples: /home *.example.com(rw,sync) /backups 192.168.1.0/24(ro,all_squash) /ex/limited foo.example.com CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Client Configuration Manual mounting mount -t <nfs-type> -o <options> server:/remote/export /local/directory Mounting via /etc/fstab server:/remote/export /local/directory <nfs-type> <options> 0 0 NFS Type is either nfs or nfs4. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Mount Options hard or soft — Error handling hard: NFS requests will uninterruptible wait until server back. soft: NFS requests will timeout and report failure. intr — NFS requests can be interrupted if server unreachable. nfsvers=2,3— NFS protocol version (not 4) noexec — Prevents execution of binaries. nosuid — Disables setuid for security. rsize,wsize=# — NFS data block size (default 8192) sec=mode — NFS security type. sys uses local UIDs and GIDs. krb5 uses Kerberos5 authentication. krb5i uses Kerberos5 authentication + integrity checking krb5p uses Kerberos5 auth + integrity checking + encryption. tcp, udp — Specifies protocol to use for mount. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Automounter Manages NFS mounts Automounter maps vs /etc/fstab. Mounts filesystems only when needed: Makes administering many filesystems easier. Improves startup speed. Provides uniform namespaces. Ex: mounts /home/home7 as /home on login. /etc/auto.master points to maps /home /etc/auto.home Maps describe mounts * -fstype=nfs4,soft,intr,nosuid server:/home CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Security Limit which hosts have access to filesystems. Specify hosts in /etc/exports. Use iptables to limit which hosts can use NFS. Limit mount options Default to ro unless writes are necessary. Disable suid and execution unless needed. Map root to nobody. Block NFS at network firewalls. Block all protocols, not just port 2049. Use NFSv4 with Kerberos auth + encryption. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Performance Measuring performance nfsstat /proc/net/rpc/nfsd Optimizations Increase the block size. Problem: fragments? Set the async option on mounts. Faster network card. Faster disk array. NVRAM cache on array to save NFS writes. CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration References Michael D. Bauer, Linux Server Security, 2nd edition, O’Reilly, 2005. cfengine, http://www.cfengine.org/ Mike Eisler, Ricardo Labiaga, Hal Stern, Managing NFS and NIS, 2nd edition, O’Reilly, 2001. expect, http://expect.nist.gov/ Aeleen Frisch, Essential System Administration, 3rd edition, O’Reilly, 2002. Evi Nemeth et al, UNIX System Administration Handbook, 3rd edition, Prentice Hall, 2001. NFS HOWTO, http://nfs.sourceforge.net/nfs-howto RedHat, Red Hat Enterprise Linux 4 System Administration Guide, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/, 2005. RedHat, Red Hat Enterprise Linux 4 Reference Guide, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ch-nfs.html, 2005. rsync, http://www.samba.org/rsync/ Unison, http://www.cis.upenn.edu/~bcpierce/unison/ CIT 470: Advanced Network and System Administration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.