Distributed File Systems Objectives –to understand Unix network file sharing Contents –Installing NFS –How To Get NFS Started –The /etc/exports File –Activating Modifications The Exports File –NFS And DNS –Configuring The NFS Client –Other NFS Considerations Practical –to share and mount NFS file systems Summary

DFS: An Overview Unix distributed filesystems are used to –centralise administration of disks –provide transparent file sharing across a network Three main systems: –NFS: Network File Systems developed by Sun Microsystems 1984 –AFS: Andrew Filesystem developed by Carnegie-Mellon University Unix NFS packages usually include client and server components –A DFS server shares local files on the network –A DFS client mounts shared files locally –a Unix system can be a client, server or both depending on which commands are executed

Overview of NFS Developed by Sun Microsystems 1984 Independent of operating system, network, and transport protocols. Now available on many platforms including: –Linux, Windows, OS/2, MVS, VMS, AIX, HP-UX…. Restrictions of NFS –stateless open architecture –Unix filesystem semantics not guaranteed –No access to remote special files (devices, etc.) Restricted locking –file locking is implemented through a separate lock daemon

MOUNT The NFS Protocol Stack RPC XDR TRANSPORT, NETWORK, LINK & PHYSICAL LAYERS NFS biodstatd lockd mountdnfsd server client statd lockd

The NFS Client NFS clients access network shared directories using the mount command NFS mount options: rw/roread-write (default) or read-only hardretry mount operation until server responds (default) or soft try mount once and allow to timeout retrans &transmission and timeout parameters for soft mounted operations timeout bgafter first mount failure, retry mount in the background intrallow operations on filesystems to be interrupted with signals Use /etc/fstab to make NFS mounts permanent a02:/tmp /mnt/nethome nfs soft 0 0 Manually mounting /tmp as /mnt/nethome on local host from a02: # hostname a01 # mount –o rw,soft -t nfs a02:/tmp /mnt/nethome # hostname a01 # mount –o rw,soft -t nfs a02:/tmp /mnt/nethome

Exercise - Using mount with NFS What command will mount /usr/share from mash4077 on the local mount point /usr/share? How do I check what filesystems are mounted locally? Make a static mount in a01 ”/mnt/nethome” of exported ”a02:/tmp” in /etc/fstab: Manually mount exported a02:/usr/share as read only on a01: # # # # # #

The NFS Server Solaris type’s The share command is used to share directories on the network –any directory can be exported –subdirectories of an exported directory may not be exported unless they are on a different disk –parents of an exported directory may not be exported unless they are on a different disk –only local filesystems can be exported Share options: ro/rwshare readonly or read/write (default) for all clients rw= host [: host ]...allow only the named hosts to write, no access to others ro= host :[ host ]...readonly access to the named hosts, no access to others root= host :[ host ]...allow root access from named hostsonly anon=-1deny access to unknown users # share -F nfs -o ro=rosies /home/hawkeye

More on Shared Directories Add a line to /etc/dfs/dfstab to share a directory permanent –each line in this file is simply the share command required –commands in this file are executed by the nfs script in /etc/init.d Use unshare to stop sharing a directory Use dfshares to look at your shared resources –can specify other hosts on command line Use dfmounts to look at who has mounted your shares –can specify other hosts on command line # dfshares RESOURCE SERVER ACCESS TRANSPORT /home/hawkeye mash # dfmounts RESOURCE SERVER PATHNAME CLIENTS /home/hawkeye mash4077 /home/hawkeye rosies # dfshares RESOURCE SERVER ACCESS TRANSPORT /home/hawkeye mash # dfmounts RESOURCE SERVER PATHNAME CLIENTS /home/hawkeye mash4077 /home/hawkeye rosies

Exercise - Sharing Directories Write down the commands to do the following? # share /usr/share readonly for all clients # share /etc readonly for rosies and tokyo and read/write for seoul # list the files containing the permanent shares # two commands showing what your host has shared # check who has mounted your shared directories # check who has mounted directories on rosies # share /usr/share readonly for all clients # share /etc readonly for rosies and tokyo and read/write for seoul # list the files containing the permanent shares # two commands showing what your host has shared # check who has mounted your shared directories # check who has mounted directories on rosies

NFS under BSD systems NFS uses different commands for BSD systems Mount directories using mount as for SVR4 Share directories using exportfs Permanently share directories using /etc/exports –one line per shared directory –use access= host instead of ro= host Look at network shares using showmount # cat /etc/exports /home/hawkeye ro=rosies /etc rw=seoul,access=rosies,tokyo # exportfs -a # showmount -e export list for mash4077: /home/hawkeye rosies /etc seoul,rosies,tokyo # cat /etc/exports /home/hawkeye ro=rosies /etc rw=seoul,access=rosies,tokyo # exportfs -a # showmount -e export list for mash4077: /home/hawkeye rosies /etc seoul,rosies,tokyo

Installing NFS, RedHat Linux Check if NFS is installed with rpm Check if RPC portmap package installed rpm # rpm -qa | grep nfs redhat-config-nfs nfs-utils # rpm -qa | grep nfs redhat-config-nfs nfs-utils # rpm -qa | grep portmap portmap # rpm -qa | grep portmap portmap

How To Get NFS Started Activate the 3 nessesary servers for NFS at boot –NFS server demon –NFS file locking –RPC portmap Start the NFS server –With sysconfig Check that ther services for NFS is running with rpcinfo # chkconfig --level 35 nfs on # chkconfig --level 35 nfslock on # chkconfig --level 35 portmap on # chkconfig --level 35 nfs on # chkconfig --level 35 nfslock on # chkconfig --level 35 portmap on # service nfs start # rpcinfo -p localhost program vers proto port tcp 111 portmapper udp 111 portmapper udp 2049 nfs udp 2049 nfs udp 1024 nlockmgr udp 1024 nlockmgr udp 1024 nlockmgr udp 1042 mountd tcp 2342 mountd udp 1042 mountd tcp 2342 mountd udp 1042 mountd tcp 2342 mountd # rpcinfo -p localhost program vers proto port tcp 111 portmapper udp 111 portmapper udp 2049 nfs udp 2049 nfs udp 1024 nlockmgr udp 1024 nlockmgr udp 1024 nlockmgr udp 1042 mountd tcp 2342 mountd udp 1042 mountd tcp 2342 mountd udp 1042 mountd tcp 2342 mountd

The /etc/exports File, static shares Sample exports file Some options in exports file Squash changes remote identity to selectable local identity RedHat uses another format in /etc/exports than BSD system’s # cat /etc/exports /data/files *(ro,sync) /home /24(rw,sync) /data/test *.my-site.com(rw,sync) /data/database /32(rw,sync) # cat /etc/exports /data/files *(ro,sync) /home /24(rw,sync) /data/test *.my-site.com(rw,sync) /data/database /32(rw,sync) ro read only accessrw read and write access syncwrite when requestedwdelay wait for sync hide dont show subdirs that is exported of other export no_all_squash remote uid’s & gid’s become equal of client root_squash remote root uid become anonymous on the client no_root_squash remote root equals to local root user ro read only accessrw read and write access syncwrite when requestedwdelay wait for sync hide dont show subdirs that is exported of other export no_all_squash remote uid’s & gid’s become equal of client root_squash remote root uid become anonymous on the client no_root_squash remote root equals to local root user

Activating Modifications The Exports File Re-reading all entries in /etc/exports file –When no directories have been exported to NFS, then the "exportfs -a" command is used: After adding share(s) to /etc/exports file –When adding a share you can use the "exportfs -r" command to export only the new entries: Deleting, Moving Or Modifying A Share –In this case it is best to temporarily unmount the NFS directories using the "exportfs -ua" command followed by the "exportfs -a" command. Termporary export /usr/src to host # exportfs -a # exportfs -r # exportfs -ua # exportfs -a # exportfs -ua # exportfs -a # exportfs /usr/src –o rw

Configuring The NFS Client Ensure Portmap Is Running –Clients need portmap only to be running If not, start portmap Temporary mount nfs shares on client umount temporaty mounted nfs shares on client Show exported shares on server # rpcinfo -p localhost # /etc/init.d/portmap start # mkdir /mnt/nethome # mount –t nfs :/home /mnt/nethome # mkdir /mnt/nethome # mount –t nfs :/home /mnt/nethome # umount /mnt/nethome # showmount --exports

Mount ”nfs-shares” at boot in client Make entries in /etc/fstab Some /etc/fstab mount options Mount all unmounted –If you made changes on live system in fstab, you can mount all unmounted filesystem with: mount –a #/etc/fstab #Directory MountPoint Type Options Dump FSCK :/data/files /mnt/nfs nfs soft 0 0 #/etc/fstab #Directory MountPoint Type Options Dump FSCK :/data/files /mnt/nfs nfs soft 0 0 automount this when mount –a is used defaults (rw suid dev exec auto nouser async) userallow regular users to mount/umount syncuse syncron I/O most safe soft skip mount if server not responding hardtry until server responds retry=minutes bg/fg retry mounting in background or foreground automount this when mount –a is used defaults (rw suid dev exec auto nouser async) userallow regular users to mount/umount syncuse syncron I/O most safe soft skip mount if server not responding hardtry until server responds retry=minutes bg/fg retry mounting in background or foreground

NFS security NFS is inherently insecure –NFS can be run in encrypted mode which encrypts data over the network –AFS more appropriate for security conscious sites User IDs must be co-ordinated across all platforms –UIDs and not user names are used to control file access –mismatched user id's cause access and security problems Fortunately root access is denied by default –over NFS root is mapped to user nobody # mount | grep "/share" mail:/share on /share # id uid=555(hawkeye) gid=501(hawkeye) # touch /tmp/hawkeye # ssh mail ls -l /tmp/hawkeye -rwxr-xr-x 2 soonlee sonlee 0 Jan 11 11:21 /share/hawkeye # mount | grep "/share" mail:/share on /share # id uid=555(hawkeye) gid=501(hawkeye) # touch /tmp/hawkeye # ssh mail ls -l /tmp/hawkeye -rwxr-xr-x 2 soonlee sonlee 0 Jan 11 11:21 /share/hawkeye

NFS Hanging Run NFS on a reliable network Avoid having NFS servers that NFS mount each other's filesystems or directories Always use the sync option whenever possible Mission critical computers shouldn't rely on an NFS server to operate Dont have NFS shares in search path

NFS Hanging continued File Locking –Known issues exist, test your applications carefullý Nesting Exports –NFS doesn't allow you to export directories that are subdirectories of directories that have already been exported unless they are on different partitions. Limiting "root" Access –no_root_squash Restricting Access to the NFS server –You can add user named "nfsuser" on the NFS client to let this user squash access for all other users on that client

Other DFS Systems RFS: Remote File Sharing –developed by AT&T to address problems with NFS –stateful system supporting Unix filesystem semantics –uses same SVR4 commands as NFS, just use rfs as file type –standard in SVR4 but not found in many other systems AFS: Andrew Filesystem –developed as a research project at Carnegie-Mellon University –now distributed by a third party (Transarc Corporation) –available for most Unix platforms and PCs running DOS, OS/2, Windows –uses its own set of commands –remote systems access through a common interface (the /afs directory) –supports local data caching and enhanced security using Kerberos –fast gaining popularity in the Unix community

Summary Unix supports file sharing across a network NFS is the most popular system and allows Unix to share files with other O/S Servers share directories across the network using the share command Permanent shared drives can be configured into /etc/fstab Clients use mount to access shared drives Use mount and exportfs to look at distributed files/catalogs