Network File SystemJoshua Caltagirone-Holzli

Introduction to NFS Features General Information Server Side Client Side Automount

Overview

NFS – Network File System In widespread use in many organizations Developed by Sun

◦ Implemented over Sun Remote Procedural Call◦ Uses either TCP or UDP

Introduction to NFS

File Locking Disk Quotas Cookie and Stateless Mounting Security and NFS

Features

File locking◦ Traditional System Calls

Flock, lockf, fcntl Daemons NFS utilizes

◦ Lockd◦ Statd

NFS file locking is still shakey

File Locking

NFS enforces underlying file system quotas Daemon for user stats

◦ Rquotad Disk quotas considered obsolete

Disk Quotas

Clients must explicitly mount an NFS filesystem

NFS is stateless◦ Does not keep track of who mounts a file system

NFS “cookies”◦ Sent at conclusion of successful mount◦ Identifies the mounted directory

Cookies and Stateless Mounting

Unmounting/Remounting changes cookies◦ Means cookies are saved across reboot

Server crashes cause NFS to resume as normal Cookie uses RPC file/dev IO Client responsible for acknowledging server

before removing local file (writing)

Cookies and Stateless Mounting

/etc/exports◦ Provides access to NFS volumes◦ This file enumerates the hostnames of systems

who have access to the file system Export file systems only to clients you trust Access to NFS ports should be restricted

Security and NFS

File level access on NFS based on:◦ UID, GID, and file permissions

NFS servers trust the client to tell who is accessing flies

Example: if mary and bob have the same UID then they are able to access each other’s files

Security and NFS

Root_squash – prevents root from changing the UID on the NFS server◦ Forces root to be a normal user on the server

Block access to portmap (port 111)

Security and NFS

Users should usually be given the same UID on all machines

Anonuid/anonguid – used to change the UID/GID mappings for root

All_squash – forces all clients to have the same UID/GID on the server

No_root_squash – turns off UID mapping for root◦ Used for diskless systems

General Info

Mountd – handles mount requests Nfsd – handles the actual file access

requests Both should start when the system starts Typical startup scripts:

◦ /etc/rc.d/init.d/nfs (Red Hat/Fedora)◦ /etc/init.d/nfsboot (SUSE)◦ /etc/init.d/nfs-* (Ubuntu/Debian)

Server Side NFS

Exportfs – used to add and modify entries for sharing◦ Exportfs –u (to remove entries)◦ Exportfs –a (to update export after writing to

config /etc/exports) /etc/exports – typical location for this file Hosts.allow/hosts.deny

◦ Give hosts access to NFS server

Server Side NFS

Format:◦ DIRECTORY HOST1(OPTIONS) HOST2(OPTIONS)◦ Ex: /home/jc192.168.1.100(rw,no_root_squash)

Gives root on 192.168.1.100 full access of this directory Common options:

◦ Subtree_check – verifies that all file requests are within the exported subtree

◦ Async – makes server repiles to write requests before actually writing

◦ Unhide – revleas filesystems mounted within exported file trees

List of options on page 491

/etc/export

Mounted the same way as normal file systems

Mount command understands notion hostname:dicrectory

Showmount –e SERVER◦ Command allows client to verify that server has

properly exported file systems

Client Side NFS

Mount –o rw,hard SERVER:/PATH /LOCALPATH◦ Hard – causes all operations who are accessing

the server to stop if the server crashes until it is back up again

◦ More mount options on page 493

Example Mount

Df – works are normal Umount – cannot unmount an NFS volume

unless it is not in use lsof

Client Commands

Can mount NFS volumes with fstab Set fstype to nfs File system should be SERVER:/PATH Flags would be nfs options

/etc/fstab

Nfsstat – displays various stats of the NFS system

Nfsstat –s◦ shows server side processes

Nfsstat –c◦ shows client side processes

NFS Stats

/etc/init.d/autofs◦ Startup script for automount daemon

/etc/auto.master◦ Main file for holding the map information◦ Format:

/DIRECTORY /MAP/POINT +/-OPTIONS

Automounting

Introduction to NFS Features General Information Server Side Client Side Automount

Conclusion

The EndAre there any questions???