Distributed File Systems• Objectives

– to understand Unix network file sharing

• Contents– Installing NFS– How To Get NFS Started– The /etc/exports File– Activating Modifications The Exports File– NFS And DNS– Configuring The NFS Client– Other NFS Considerations

• Practical– to share and mount NFS file systems

• Summary

DFS: An Overview• Unix distributed filesystems are used to

– centralise administration of disks– provide transparent file sharing across a network

• Three main systems:– NFS: Network File Systems developed by Sun Microsystems 1984– AFS: Andrew Filesystem developed by Carnegie-Mellon University

• Unix NFS packages usually include client and server components

– A DFS server shares local files on the network– A DFS client mounts shared files locally– a Unix system can be a client, server or both depending on which

commands are executed

Overview of NFS• Developed by Sun Microsystems 1984• Independent of operating system, network, and transport

protocols.• Now available on many platforms including:

– Linux, Windows, OS/2, MVS, VMS, AIX, HP-UX….

• Restrictions of NFS– stateless open architecture– Unix filesystem semantics not guaranteed– No access to remote special files (devices, etc.)

• Restricted locking– file locking is implemented through a separate lock daemon

MOUNT

The NFS Protocol Stack

RPC

XDR

TRANSPORT, NETWORK, LINK & PHYSICAL LAYERS

NFS

biod

statdlockd

mountd

nfsd

serverclient

statdlockd

The NFS Client• NFS clients access network shared directories using the

mount command• NFS mount options:

rw/ro read-write (default) or read-onlyhard retry mount operation until server responds (default) orsoft try mount once and allow to timeoutretrans & transmission and timeout parameters for soft mounted

operationstimeout

bg after first mount failure, retry mount in the backgroundintr allow operations on filesystems to be interrupted with signals

• Use /etc/fstab to make NFS mounts permanenta02:/tmp  /mnt/nethome   nfs    soft      0      0

• Manually mounting /tmp as /mnt/nethome on local host from a02:

# hostnamea01# mount –o rw,soft -t nfs a02:/tmp /mnt/nethome

Exercise - Using mount with NFS

• What command will mount /usr/share from mash4077 on the local mount point /usr/share?

• How do I check what filesystems are mounted locally?

• Make a static mount in a01 ”/mnt/nethome” of exported ”a02:/tmp” in /etc/fstab:

• Manually mount exported a02:/usr/share as read only on a01:

#

#

#

The NFS Server Solaris type’s• The share command is used to share directories on the

network– any directory can be exported– subdirectories of an exported directory may not be exported unless they

are on a different disk– parents of an exported directory may not be exported unless they are on a

different disk– only local filesystems can be exported

• Share options:ro/rw share readonly or read/write (default) for all clientsrw=host[:host]... allow only the named hosts to write, no access to

othersro=host:[host]... readonly access to the named hosts, no access to

othersroot=host:[host]... allow root access from named hostsonlyanon=-1 deny access to unknown users# share -F nfs -o ro=rosies /home/hawkeye

More on Shared Directories• Add a line to /etc/dfs/dfstab to share a directory permanent

– each line in this file is simply the share command required– commands in this file are executed by the nfs script in /etc/init.d

• Use unshare to stop sharing a directory• Use dfshares to look at your shared resources

– can specify other hosts on command line

• Use dfmounts to look at who has mounted your shares– can specify other hosts on command line

# dfsharesRESOURCE SERVER ACCESS TRANSPORT/home/hawkeye mash4077 - -# dfmountsRESOURCE SERVER PATHNAME CLIENTS/home/hawkeye mash4077 /home/hawkeye rosies

Exercise - Sharing Directories• Write down the commands to do the following?

#share /usr/share readonly for all clients#share /etc readonly for rosies and tokyo and read/write for seoul#list the files containing the permanent shares##two commands showing what your host has shared#check who has mounted your shared directories#check who has mounted directories on rosies

NFS under BSD systems• NFS uses different commands for BSD systems• Mount directories using mount as for SVR4• Share directories using exportfs• Permanently share directories using /etc/exports

– one line per shared directory– use access=host instead of ro=host

• Look at network shares using showmount

# cat /etc/exports/home/hawkeye ro=rosies/etc rw=seoul,access=rosies,tokyo# exportfs -a # showmount -eexport list for mash4077:/home/hawkeye rosies/etc seoul,rosies,tokyo

Installing NFS, RedHat Linux• Check if NFS is installed with rpm

• Check if RPC portmap package installed rpm

# rpm -qa | grep nfsredhat-config-nfs-1.1.3-1nfs-utils-1.0.1-3.9

# rpm -qa | grep portmapportmap-4.0-57

How To Get NFS Started• Activate the 3 nessesary servers for NFS at boot

– NFS server demon– NFS file locking– RPC portmap

• Start the NFS server– With sysconfig

• Check that ther services for NFS is running with rpcinfo

# chkconfig --level 35 nfs on# chkconfig --level 35 nfslock on# chkconfig --level 35 portmap on

# service nfs start

# rpcinfo -p localhost   program vers proto   port    100000    2   tcp    111  portmapper    100000    2   udp    111  portmapper    100003    2   udp   2049  nfs    100003    3   udp   2049  nfs    100021    1   udp   1024  nlockmgr    100021    3   udp   1024  nlockmgr    100021    4   udp   1024  nlockmgr    100005    1   udp   1042  mountd    100005    1   tcp   2342  mountd    100005    2   udp   1042  mountd    100005    2   tcp   2342  mountd    100005    3   udp   1042  mountd    100005    3   tcp   2342  mountd

The /etc/exports File, static shares• Sample exports file

• Some options in exports file

• Squash changes remote identity to selectable local identity• RedHat uses another format in /etc/exports than BSD

system’s

# cat /etc/exports/data/files           *(ro,sync)/home                 192.168.0.0/24(rw,sync)/data/test            *.my-site.com(rw,sync)/data/database        192.168.0.203/32(rw,sync)

ro read only access rw read and write accesssync write when requested wdelay wait for synchide dont show subdirs that is exported of other exportno_all_squash remote uid’s & gid’s become equal of clientroot_squash remote root uid become anonymous on the clientno_root_squash remote root equals to local root user

Activating Modifications The Exports File

• Re-reading all entries in /etc/exports file– When no directories have been exported to NFS, then the "exportfs -a"

command is used:

• After adding share(s) to /etc/exports file– When adding a share you can use the "exportfs -r" command to export only the

new entries:

• Deleting, Moving Or Modifying A Share– In this case it is best to temporarily unmount the NFS directories using the

"exportfs -ua" command followed by the "exportfs -a" command.

• Termporary export /usr/src to host 192.168.0.10

# exportfs -a

# exportfs -r

# exportfs -ua# exportfs -a

# exportfs 192.168.0.10/usr/src –o rw

Configuring The NFS Client

• Ensure Portmap Is Running– Clients need portmap only to be running

• If not, start portmap

• Temporary mount nfs shares on client

• umount temporaty mounted nfs shares on client

• Show exported shares on server

# rpcinfo -p localhost

# /etc/init.d/portmap start

# mkdir /mnt/nethome# mount –t nfs 192.168.0.10:/home /mnt/nethome

# umount /mnt/nethome

# showmount --exports 192.168.0.10

Mount ”nfs-shares” at boot in client• Make entries in /etc/fstab

• Some /etc/fstab mount options

• Mount all unmounted– If you made changes on live system in fstab, you can mount all unmounted filesystem

with:mount –a

#/etc/fstab#Directory MountPoint Type   Options   Dump   FSCK192.168.0.10:/data/files  /mnt/nfs   nfs    soft      0      0

auto mount this when mount –a is useddefaults (rw suid dev exec auto nouser async)user allow regular users to mount/umountsync use syncron I/O most safesoft skip mount if server not respondinghard try until server respondsretry=minutesbg/fg retry mounting in background or foreground

NFS security• NFS is inherently insecure

– NFS can be run in encrypted mode which encrypts data over the network– AFS more appropriate for security conscious sites

• User IDs must be co-ordinated across all platforms– UIDs and not user names are used to control file access– mismatched user id's cause access and security problems

• Fortunately root access is denied by default– over NFS root is mapped to user nobody

# mount | grep "/share"mail:/share on /share# iduid=555(hawkeye) gid=501(hawkeye)# touch /tmp/hawkeye# ssh mail ls -l /tmp/hawkeye-rwxr-xr-x 2 soonlee sonlee 0 Jan 11 11:21 /share/hawkeye

NFS Hanging• Run NFS on a reliable network

• Avoid having NFS servers that NFS mount each other's filesystems or directories

• Always use the sync option whenever possible

• Mission critical computers shouldn't rely on an NFS server to operate

• Dont have NFS shares in search path

NFS Hanging continued• File Locking

– Known issues exist, test your applications carefullý

• Nesting Exports– NFS doesn't allow you to export directories that are subdirectories of directories

that have already been exported unless they are on different partitions.

• Limiting "root" Access– no_root_squash

• Restricting Access to the NFS server– You can add user named "nfsuser" on the NFS client to let this user squash

access for all other users on that client

Other DFS Systems• RFS: Remote File Sharing

– developed by AT&T to address problems with NFS– stateful system supporting Unix filesystem semantics– uses same SVR4 commands as NFS, just use rfs as file type– standard in SVR4 but not found in many other systems

• AFS: Andrew Filesystem– developed as a research project at Carnegie-Mellon University– now distributed by a third party (Transarc Corporation)– available for most Unix platforms and PCs running DOS, OS/2, Windows– uses its own set of commands– remote systems access through a common interface (the /afs directory)– supports local data caching and enhanced security using Kerberos– fast gaining popularity in the Unix community

Summary• Unix supports file sharing across a network• NFS is the most popular system and allows

Unix to share files with other O/S• Servers share directories across the network

using the share command• Permanent shared drives can be configured

into /etc/fstab• Clients use mount to access shared drives• Use mount and exportfs to look at distributed

files/catalogs