Presentation is loading. Please wait.

Presentation is loading. Please wait.

System Administration HW5 - Mini Private Lab

Published byIzabel Bugalho Modified over 5 years ago

Similar presentations

Presentation on theme: "System Administration HW5 - Mini Private Lab"— Presentation transcript:

1 System Administration HW5 - Mini Private Lab
tzute

2 Architecture Overview (1/3)
behind SSH with admins account SSH SSH with admins playground storage

3 Architecture Overview (2/3)
Sharing these via YP: hosts passwd group netgroup ypservers behind ypbind account NIS Master yppush ypbind ypbind playground storage NIS Slave

4 Architecture Overview (3/3)
behind Export these mountpoints: /net/home /net/shares /net/datas account export export playground storage NFS Server

5 Requirements (1/7) - Overview
Machines account: NIS Master Server, (NIS/NFSv4 Client) storage: NFS Server, NIS Slave Server, (NIS/NFSv4 Client) playground: NIS/NFSv4 Client Groups acctadm: can sudo inside "account" storadm: can sudo inside "storage" users: can access /net/shares Netgroups admins: admin users, can login behind behind: machine "account" and "storage" front: machine "playground"

6 Requirements (2/7) - Overview
Users god Group: acctadm, storadm, users Netgroup: admins <student-id-A> Group: acctadm, users <student-id-B> Group: storadm, users user Group: users

7 Requirements (3/7) - Account
NFSv4 storage:/net/home (maproot=nobody) storage:/net/shares (all_squash, anonuid=user, anongid=users) storage:/net/datas (rw) NIS Bind priority: account > storage login ssh from playground only ssh by admins only sudo with acctadm only

8 Requirements (4/7) - Storage
NFSv4 exports /net/home /net/shares /net/datas NIS Bind priority: storage > account Slave of account login ssh from playground only ssh by admins only sudo with storadm only

9 Requirements (5/7) - Playground
NFSv4 storage:/net/home (maproot=nobody) storage:/net/shares (all_squash, anonuid=user, anongid=users) storage:/net/datas (ro) NIS Bind priority: storage > account login ALL

10 Requirement (6/7) All machines share /net/datas/sudoers
All user's home directory must be in /net/home except root Auto-start all services Auto-mount all folders with autofs

11 Requirement (7/7) NFSv4 with nfsuserd for mapping uid and username
/etc/exports must be NFSv4 format User can change password on NIS Clients NIS share file must be in /var/yp/src configure /var/yp/Makefile

12 Single Player Team If you are in a single player team, here are some boost for you Combine account and storage as machine named "pro" Make playground as NIS Slave like the original storage

13 Architecture Overview (1/3)
behind SSH with admins SSH pro playground

14 Architecture Overview (2/3)
Sharing these via YP: hosts passwd group netgroup ypservers autofs.map behind ypbind ypbind yppush pro playground NIS Master NIS Slave

15 Architecture Overview (3/3)
behind Export these mountpoints: /net/home /net/shares /net/datas export pro playground NFS Server

16 Step 1 - Setup NIS Master Server
Edit /etc/rc.conf nis_server, nisdomainname, yppasswdd Edit /var/yp/Makefile #NOPUSH = "True" $(YPSRCDIR) = < to be modified > TARGETS = < to be modified > Create /var/yp/src/hosts, /var/yp/src/group…etc Edit /var/yp/src/master.passwd & /var/yp/src/group to create your accounts Initial and start services ypinit service [ ypserv | ypbind | rpcbind ] [ start | restart | stop ] services started order is important!

17 Step 2 - Setup NIS Clients
Add NIS Servers’ IP to /etc/hosts Edit /etc/master.passwd & /etc/group vipw vigr Edit /etc/nsswitch.conf hosts : files nis dns Edit /etc/rc.conf nis_client, nis_client_flags, nisdomainname Modify ypbind sequence (on every clients) Testing tools ypcat ypwhich

18 Step 3 - Setup NIS Slave Server
Edit /etc/rc.conf nis_server, nisdomainname Edit /var/yp/ypservers (on cshome) Initial and (re)start services ypinit

19 Step 4 - Setup NFSv4 environment
Edit /etc/rc.conf autofs (NFS Client) nfs_server, mountd, nfsv4_server, nfsuserd, nfsuserd_flags (NFS Server) Edit /etc/exports (NFSv4 Server) Must be NFSv4 format Edit autofs.map / amd.map

20 Step 4 - Setup NFSv4 environment (Cont.)
Initial and start services service [ rpcbind | nfsd | nfsuserd | mountd ] [ start | restart | stop ] Do something for mapping uid/gid and user/group nfsuserd

21 Step 5 - Finishing sudoers (/usr/local/etc/sudoers) Login permissions
Including other sudoers file from /net/data/sudoers man sudoers to see more about “include” Login permissions only admins (netgroup) can login behind /etc/hosts.allow only can login behind from playground /net/shares Squash all as user:users If you restart rpcbind, all of service based on rpc also need to restart

22 Bonus - Share autofs.map
Share autofs.map via yp with automountd yp key map name auto_behind for account auto_front for playground ypcat -k auto_behind auto_master +auto_behind Hint man auto_master

23 Bonus - Script to create account
Write a script to create accounts on NIS random password read from <account_info> file only contain username, fullname e.g. bigwang, Da-Chui Wang define group by args e.g. ./autocreate users <account-list.txt> user home directory must be created on NFS you can use any language to implement

24 Deadline 2019/1/15 You do not need to submit anything

25 Checklist (1/2) Service auto start (5%) SSH limitation (10%)
Only can login behind from playground (5%) Only admins can login behind (5%) Sudo (15%) acctadm can sudo in account (5%) storadm can sudo in storage (5%) Sharing and including /net/datas/sudoers (5%) NIS (30%) Bind priority (5%) Slave configured (5%) passwd on client (10%) File sharing (10%)

26 Checklist (2/2) NFS (40%) Bonus (20%) Export using NFSv4 (5%)
Mount storage:/net/home as nobody (5%) Mount storage:/net/shares and squash all as user:users (5%) Mount storage:/net/datas with rw on behind (5%) Mount storage:/net/datas with ro on playground (5%) Auto mount all folders (10%) Mapping uid and username (5%) Bonus (20%) Sharing autofs.map via yp with automountd (10%) Account creating script (10%)

27 Help E-mail ta@nasa.cs.nctu.edu.tw New E3 https://e3new.nctu.edu.tw/
Office hour: 3GH at EC320

28 Appendix Virtualbox Network Type Comparison VM ↔ Host VM1 ↔ VM2
VM → Internet VM ← Internet Host-only + Internal Bridged NAT Port forwarding NAT Network

Download ppt "System Administration HW5 - Mini Private Lab"

Similar presentations

System Administration Final Project - Micro Computer Center hchung, hwchiu.

System Administration Final Project - Micro Computer Center hchung, hwchiu.
NIS Consistent configuration across the network. Why NIS? Primary reason is to provide same user configuration across the network Users go any machine.

NIS Consistent configuration across the network. Why NIS? Primary reason is to provide same user configuration across the network Users go any machine.
PC Cluster Setup on Linux Fedora Core 5 High Performance Computing Lab Department of Computer Science and Information Engineering Tunghai University, Taichung,

PC Cluster Setup on Linux Fedora Core 5 High Performance Computing Lab Department of Computer Science and Information Engineering Tunghai University, Taichung,
NIS – Network Information System WeeSan Lee

NIS – Network Information System WeeSan Lee
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.

Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.
Network File System CIS 238. NFS (Network File System) The most commercially successful and widely available remote file system protocol Designed and.

Network File System CIS 238. NFS (Network File System) The most commercially successful and widely available remote file system protocol Designed and.
Joshua Caltagirone-Holzli

Joshua Caltagirone-Holzli
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
DHCP. DHCP (Dynamic Host Configuration Protocol) is a network service that enables clients to obtain network settings (IP Address, Subnet Mask, Default.

DHCP. DHCP (Dynamic Host Configuration Protocol) is a network service that enables clients to obtain network settings (IP Address, Subnet Mask, Default.
Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.

Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.
Lecture – Single Login NIS and Winbind. NIS Network Information Service (NIS) is the traditional directory service on UNIX platforms Still widely used.

Lecture – Single Login NIS and Winbind. NIS Network Information Service (NIS) is the traditional directory service on UNIX platforms Still widely used.
Linux Networking #2 Dr. Michael L. Collard 1.

Linux Networking #2 Dr. Michael L. Collard 1.
1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.

1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.
Final Project – NFS and NIS jwbai. Computer Center, CS, NCTU 2 Goal master.passwd passwd group netgroup amd.conf userA, /nis/home/userA userB, /nis/home/userB.

Final Project – NFS and NIS jwbai. Computer Center, CS, NCTU 2 Goal master.passwd passwd group netgroup amd.conf userA, /nis/home/userA userB, /nis/home/userB.
Setting up NIS and HTTP. Network Information Service Reading: 1. Linux NIS HOWTO: howto/HOWTOhttp://www.linux-nis.org/nis-

Setting up NIS and HTTP. Network Information Service Reading: 1. Linux NIS HOWTO: howto/HOWTOhttp://
ITI-481: Unix Administration Meeting 5. Today’s Agenda Network Information Service (NIS) The Cron Program Syslogd and Logging.

ITI-481: Unix Administration Meeting 5. Today’s Agenda Network Information Service (NIS) The Cron Program Syslogd and Logging.
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.

Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.
Network Security SSH Tunneling David Funk Matt McLaughlin Systems Administrators Computer Systems Support COE, University of Iowa.

Network Security SSH Tunneling David Funk Matt McLaughlin Systems Administrators Computer Systems Support COE, University of Iowa.

Similar presentations

Ads by Google