8/9/2019 ch08-DFS
1/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Chapter 08Chapter 08
DISTRIBUTED FILEDISTRIBUTED FILE
SYSTEMSYSTEM
8/9/2019 ch08-DFS
2/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Objectives
Identify and discuss distributed file system (DFS)
concepts
Discuss the basics of NFS and Samba
Demonstrate how to mount and export directorieswith NFS
Discuss and address NFS security issues
8/9/2019 ch08-DFS
3/31
8/9/2019 ch08-DFS
4/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
OverviewOfThe NFS
NFS was developed by Sun Microsystems in 1984. It
is independent of operating system, network, and
transport protocols
For years, the standard file sharing protocol for Unixhas been the Network File System (NFS)
8/9/2019 ch08-DFS
5/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
The NFS Protocols Stack
8/9/2019 ch08-DFS
6/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
The NFS Protocols Stack
NFS is an application
XDR (eXtemal Data Representation) is the
presentation layer, allows OSs: Linux, DOS, to
share data
RPCs (Remote Procedure Calls) are the session layer
entity, helps clients to communicate with the server
On the client side, we mount from the server usingthe mount command
On the server side, mountd responds to the mount
request and allows or disallows the mount
8/9/2019 ch08-DFS
7/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
The NFS Distributed File System
8/9/2019 ch08-DFS
8/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
The NFS Client
NFS client's access network-shared directories using
the mount command
NFS mount options: (more by man nfs command)
rw/ro Read-write (default)orread-onlyhard Retry mountoperation until server
responds (default)
soft Try mountonceandallowtotimeout
timeout Timeout parameters for soft-mountedoperations
retrans Transmission parameters for soft-mountedoperations
bg Afterfirst mountfailure, retry mountinthe background
intr Allowoperations on file systems to beinterruptedwith signals
8/9/2019 ch08-DFS
9/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
# mount-t nfs -o bg,soft,intr sales:/bar/home/sales
client side mount command contacts the server's
rpcbind (portmapper) to ask which port number the
mount daemon (mountd) is listening on
client's mount contacts the server's mountd
server passes the client an identifier called a file
handle
Client machine's kernel puts File Handle in its mount
table.When it references the mounted structure in the
future, it simply passes to the server this File Handle
8/9/2019 ch08-DFS
10/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
AutomaticAutomatic MountAt
Boot Time
Edit /etc/fstab :
# Local mounts
/dev/hda/bootext2 defaults 1 2
/dev/hda5 swap swap defaults 0 0/dev/hda6/ext2 defaults 1 1
# Remote mount
saigonlab:/netshare/data/data nfs ro,bg,soft,intr 0 010.1.1.260:/netshare/info/info nfs rw,bg,hard,intr 0 0
8/9/2019 ch08-DFS
11/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
The NFS Server
The portmapper
#/etc/rc.d/init.d/portmap{start|stop|status|restart|reload}
NFS daemon
#/etc/rc.d/init.d/nfs{start|stop|status|restart|reload}
Mount daemon
mountdis started by running portmap
Sharedfile systems must be specifiedin /etc/exportswith thefollowing form : directory system(options)system(options) ...
8/9/2019 ch08-DFS
12/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
The NFS Server
Syntax of entries in /etc/exports :
directory system(options) system(options)...
Options :
ro Export with read-only attribute.rw Export with read/write attribute, the default.no_root_squash Allow access by GID 0, root.noaccess Prohibit access below the nameddirectory. This has the effect of pruning
parts of other shared directories,perhaps for specific systems
8/9/2019 ch08-DFS
13/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
/etc/exports sample
/orion(rw,no_root_squash)
/usr *.mydomain.com(ro)orion(rw)
/pub (ro,insecure)
/pub/privatefactory*.mydomain.com(noaccess)
8/9/2019 ch08-DFS
14/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
/etc/exports Sample
/ master(rw)trusty(rw,no_root_squash)/projects proj*.local.domain(rw)/usr *.local.domain(ro) @trusted(rw)
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)/pub (ro,insecure,all_squash)
Secure=source port ID
8/9/2019 ch08-DFS
15/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
OVERVIEW OF OF SAMBA
Andrew Tridgell wrotea UNIX implementation ofMicrosoft's SMB (server message block) protocolforfile and printer sharing
Laterversion ofthis protocol are called CIFS(Common Internet File System) by Microsoft
Sambaallows Linuxand UNIX systems toactasfileand print servers for MS Windows clients
8/9/2019 ch08-DFS
16/31
8/9/2019 ch08-DFS
17/31
8/9/2019 ch08-DFS
18/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
SAMBAdaemon in serverside
Packages:
samba-client-2.2.1a-4
samba-2.2.1a-4
samba-swat-2.2.1a-4samba-common-2.2.1a-4
Located in /usr/sbin directory :
smbd SMB daemon, can be started by xinetd, init
scripts, allowsfile and printer sharingnmbd NetBIOS name server supportfor clients. Nmbd
looks after Windows Internet Name Server WINS
8/9/2019 ch08-DFS
19/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
SAMBArelativecommands
smbclient SMB clientfor Linux machine (similartoftp)
smbprint Scriptto printto printeron SMB host(ifin /etc/printcap)
smbstatus List current SMB connections for local
hostsmbrun (on SMB hosts) Glue scripttofacilitate
running applications
smbtar as Unixtar command
nmblookup as DNS nslookup
smbpasswd change SAMBA password, add SAMBAusers
testparm test parameters in /etc/smb.conf
testprns test printers
8/9/2019 ch08-DFS
20/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
SAMBA serverconfiguration
In orderto use Samba, the/etc/smb.conffile mustbe correctly configure. Sample/etc/smb.conf
The manual pages for smb.confgives a completedescription ofthevarious entries in this file
# man smb.conf
8/9/2019 ch08-DFS
21/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Sample/etc/samba/smb.conf
[global]workgroup = SAIGONLABnetbios name= Dataserverserver string = SaigonLAB File Serverencrypt passwords = Yes
log file=/var/log/samba-log.%mhosts allow= 192.168.90.[homes]
comment= Home Directoriesbrowseable= noreadonly = no
create mode= 0750[tmp]
comment= Temporary file spacepath =/tmpreadonly = nopublic = yes
8/9/2019 ch08-DFS
22/31
8/9/2019 ch08-DFS
23/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Custom Share Sections
Sambaalso has thefollowing custom sharesection:
[myshare]
This defines a shareddirectory myshare.The name mysharewill appearas shared
resources to clients. Users' home
directories do not needto beexplicitlysharedif[homes] is used
8/9/2019 ch08-DFS
24/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
[Public] sharefile
[Public]
comment= Public Stuff
path =/home/public
public =yes
writable= yes
printable= yes
8/9/2019 ch08-DFS
25/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
[printers] section
[printers]
path =/usr/spool/public
guestok= yes
printable = yes
8/9/2019 ch08-DFS
26/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Printing from Windows to network
printervia sambaprint server
8/9/2019 ch08-DFS
27/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Setting upprintenvironment
In SAMBA server, using printtool to add a network printer. IPaddress of printer is used
The network printer is figured in /etc/printcap of SAMBAserver
Check if
[printers] session of smb.conf is correctly configure
Restart the lpd and SMB daemons
In Windows, browse to ensure the visibility of printer from theWindows
Add new printer in wndows machine, choose network
printer and mention \\samba\printer_name in printer address Install the driver if needed
Print the test pages
If a printer exist as a session [printer_name] but there is NOcorresponding printer in /etc/printcap => can NOT print
8/9/2019 ch08-DFS
28/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Samba Web Administration Tool
SWAT
http://sambaserver:901 allows to configurethesmb.confvia graphic interface
8/9/2019 ch08-DFS
29/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Setting up SWAT
Install the packagesamba-swat-2.2.1a-4# rpm qa | grep samba
samba-client-2.2.1a-4
samba-2.2.1a-4samba-swat-2.2.1a-4
samba-common-2.2.1a-4 /etc/services must beas
# grep swat /etc/services
swat 901/tcp
8/9/2019 ch08-DFS
30/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Setting up SWAT
# more /etc/xinetd.d/swatservice swat{disable= no
port= 901socket_type= streamwait= nouser=root
server=/usr/sbin/swatlog_on_failure += USERID}
8/9/2019 ch08-DFS
31/31
SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102
Summary
Identify anddiscuss distributedfile system (DFS)concepts
Discuss the basics ofNFS and Samba
Demonstrate howto mountandexportdirectorieswith NFS
Discuss andaddress NFS security issues