ch08-DFS

8/9/2019 ch08-DFS

1/31

SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

Chapter 08Chapter 08

DISTRIBUTED FILEDISTRIBUTED FILE

SYSTEMSYSTEM

8/9/2019 ch08-DFS

2/31


Objectives

Identify and discuss distributed file system (DFS)

concepts

Discuss the basics of NFS and Samba

Demonstrate how to mount and export directorieswith NFS

Discuss and address NFS security issues

8/9/2019 ch08-DFS

3/31

8/9/2019 ch08-DFS

4/31


OverviewOfThe NFS

NFS was developed by Sun Microsystems in 1984. It

is independent of operating system, network, and

transport protocols

For years, the standard file sharing protocol for Unixhas been the Network File System (NFS)

8/9/2019 ch08-DFS

5/31


The NFS Protocols Stack

8/9/2019 ch08-DFS

6/31


The NFS Protocols Stack

NFS is an application

XDR (eXtemal Data Representation) is the

presentation layer, allows OSs: Linux, DOS, to

share data

RPCs (Remote Procedure Calls) are the session layer

entity, helps clients to communicate with the server

On the client side, we mount from the server usingthe mount command

On the server side, mountd responds to the mount

request and allows or disallows the mount

8/9/2019 ch08-DFS

7/31


The NFS Distributed File System

8/9/2019 ch08-DFS

8/31


The NFS Client

NFS client's access network-shared directories using

the mount command

NFS mount options: (more by man nfs command)

rw/ro Read-write (default)orread-onlyhard Retry mountoperation until server

responds (default)

soft Try mountonceandallowtotimeout

timeout Timeout parameters for soft-mountedoperations

retrans Transmission parameters for soft-mountedoperations

bg Afterfirst mountfailure, retry mountinthe background

intr Allowoperations on file systems to beinterruptedwith signals

8/9/2019 ch08-DFS

9/31


# mount-t nfs -o bg,soft,intr sales:/bar/home/sales

client side mount command contacts the server's

rpcbind (portmapper) to ask which port number the

mount daemon (mountd) is listening on

client's mount contacts the server's mountd

server passes the client an identifier called a file

handle

Client machine's kernel puts File Handle in its mount

table.When it references the mounted structure in the

future, it simply passes to the server this File Handle

8/9/2019 ch08-DFS

10/31


AutomaticAutomatic MountAt

Boot Time

Edit /etc/fstab :

# Local mounts

/dev/hda/bootext2 defaults 1 2

/dev/hda5 swap swap defaults 0 0/dev/hda6/ext2 defaults 1 1

# Remote mount

saigonlab:/netshare/data/data nfs ro,bg,soft,intr 0 010.1.1.260:/netshare/info/info nfs rw,bg,hard,intr 0 0

8/9/2019 ch08-DFS

11/31


The NFS Server

The portmapper

#/etc/rc.d/init.d/portmap{start|stop|status|restart|reload}

NFS daemon

#/etc/rc.d/init.d/nfs{start|stop|status|restart|reload}

Mount daemon

mountdis started by running portmap

Sharedfile systems must be specifiedin /etc/exportswith thefollowing form : directory system(options)system(options) ...

8/9/2019 ch08-DFS

12/31


The NFS Server

Syntax of entries in /etc/exports :

directory system(options) system(options)...

Options :

ro Export with read-only attribute.rw Export with read/write attribute, the default.no_root_squash Allow access by GID 0, root.noaccess Prohibit access below the nameddirectory. This has the effect of pruning

parts of other shared directories,perhaps for specific systems

8/9/2019 ch08-DFS

13/31


/etc/exports sample

/orion(rw,no_root_squash)

/usr *.mydomain.com(ro)orion(rw)

/pub (ro,insecure)

/pub/privatefactory*.mydomain.com(noaccess)

8/9/2019 ch08-DFS

14/31


/etc/exports Sample

/ master(rw)trusty(rw,no_root_squash)/projects proj*.local.domain(rw)/usr *.local.domain(ro) @trusted(rw)

/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)/pub (ro,insecure,all_squash)

Secure=source port ID

8/9/2019 ch08-DFS

15/31


OVERVIEW OF OF SAMBA

Andrew Tridgell wrotea UNIX implementation ofMicrosoft's SMB (server message block) protocolforfile and printer sharing

Laterversion ofthis protocol are called CIFS(Common Internet File System) by Microsoft

Sambaallows Linuxand UNIX systems toactasfileand print servers for MS Windows clients

8/9/2019 ch08-DFS

16/31

8/9/2019 ch08-DFS

17/31

8/9/2019 ch08-DFS

18/31


SAMBAdaemon in serverside

Packages:

samba-client-2.2.1a-4

samba-2.2.1a-4

samba-swat-2.2.1a-4samba-common-2.2.1a-4

Located in /usr/sbin directory :

smbd SMB daemon, can be started by xinetd, init

scripts, allowsfile and printer sharingnmbd NetBIOS name server supportfor clients. Nmbd

looks after Windows Internet Name Server WINS

8/9/2019 ch08-DFS

19/31


SAMBArelativecommands

smbclient SMB clientfor Linux machine (similartoftp)

smbprint Scriptto printto printeron SMB host(ifin /etc/printcap)

smbstatus List current SMB connections for local

hostsmbrun (on SMB hosts) Glue scripttofacilitate

running applications

smbtar as Unixtar command

nmblookup as DNS nslookup

smbpasswd change SAMBA password, add SAMBAusers

testparm test parameters in /etc/smb.conf

testprns test printers

8/9/2019 ch08-DFS

20/31


SAMBA serverconfiguration

In orderto use Samba, the/etc/smb.conffile mustbe correctly configure. Sample/etc/smb.conf

The manual pages for smb.confgives a completedescription ofthevarious entries in this file

# man smb.conf

8/9/2019 ch08-DFS

21/31


Sample/etc/samba/smb.conf

[global]workgroup = SAIGONLABnetbios name= Dataserverserver string = SaigonLAB File Serverencrypt passwords = Yes

log file=/var/log/samba-log.%mhosts allow= 192.168.90.[homes]

comment= Home Directoriesbrowseable= noreadonly = no

create mode= 0750[tmp]

comment= Temporary file spacepath =/tmpreadonly = nopublic = yes

8/9/2019 ch08-DFS

22/31

8/9/2019 ch08-DFS

23/31


Custom Share Sections

Sambaalso has thefollowing custom sharesection:

[myshare]

This defines a shareddirectory myshare.The name mysharewill appearas shared

resources to clients. Users' home

directories do not needto beexplicitlysharedif[homes] is used

8/9/2019 ch08-DFS

24/31


[Public] sharefile

[Public]

comment= Public Stuff

path =/home/public

public =yes

writable= yes

printable= yes

8/9/2019 ch08-DFS

25/31


[printers] section

[printers]

path =/usr/spool/public

guestok= yes

printable = yes

8/9/2019 ch08-DFS

26/31


Printing from Windows to network

printervia sambaprint server

8/9/2019 ch08-DFS

27/31


Setting upprintenvironment

In SAMBA server, using printtool to add a network printer. IPaddress of printer is used

The network printer is figured in /etc/printcap of SAMBAserver

Check if

[printers] session of smb.conf is correctly configure

Restart the lpd and SMB daemons

In Windows, browse to ensure the visibility of printer from theWindows

Add new printer in wndows machine, choose network

printer and mention \\samba\printer_name in printer address Install the driver if needed

Print the test pages

If a printer exist as a session [printer_name] but there is NOcorresponding printer in /etc/printcap => can NOT print

8/9/2019 ch08-DFS

28/31


Samba Web Administration Tool

SWAT

http://sambaserver:901 allows to configurethesmb.confvia graphic interface

8/9/2019 ch08-DFS

29/31


Setting up SWAT

Install the packagesamba-swat-2.2.1a-4# rpm qa | grep samba

samba-client-2.2.1a-4

samba-2.2.1a-4samba-swat-2.2.1a-4

samba-common-2.2.1a-4 /etc/services must beas

# grep swat /etc/services

swat 901/tcp

8/9/2019 ch08-DFS

30/31


Setting up SWAT

# more /etc/xinetd.d/swatservice swat{disable= no

port= 901socket_type= streamwait= nouser=root

server=/usr/sbin/swatlog_on_failure += USERID}

8/9/2019 ch08-DFS

31/31


Summary

Identify anddiscuss distributedfile system (DFS)concepts

Discuss the basics ofNFS and Samba

Demonstrate howto mountandexportdirectorieswith NFS

Discuss andaddress NFS security issues

ch08-DFS

Documents

Transcript of ch08-DFS