What is NFS?
Network File System
NFS was developed by Sun and launched in 1984. NFS is an RPC service that enables file sharing. It is designed to be used between different systems, therefore, its communication protocol design has nothing to do with the host and the operating system. when users want to use remote files, they only need to use "Mount" to connect the remote file system to their own file system, so that the remote files are used in a different way from those on local machines.
Machine a machine B
//
Bin etc USR bin etc USR
Man man share local
Assume that we need to mount/usr/man on machine B to/usr/MAN ON MACHINE A, and mount machine_name:/usr/man/usr/home
You can mount it. we can not only mount the directory, but also a file. after mounting, we can only perform the reading (or writing) Action on the file, instead of moving or deleting the file or directory on remote machie, however, after we mount/usr, we cannot mount the directory under/usr. Otherwise, an error will occur.
□Servers & clients
NFS enables the files on the servers to be mounted by other machines to share resources, A client can mount a file or a hierarchical directory (File hierarchies) from the server ). however, in fact, any machine can be used as an NFS server or NFS client, or even an NFS server and NFS client.
□Servers exporting & clients mounting
The files or directories of the NFS server export are recorded in the/etc/exports file. When we start the NFS server. the local script automatically starts the exportfs program, searches for the/etc/exports file, and grants the correct permission to all file hierarchies exported from the export.
However, it must be noted that NFS client can mount only the path from the server's export. Similarly, when the client is started, the system will automatically mount all the server's export paths, all Mount paths are recorded in/etc/fstab, similar to the following fstab files.
/Dev/sd0a/4.2 RW 1 1
/Dev/sd0h/tmp 4.2 RW 1 3
/Dev/sd0g/usr 4.2 RW 1 2
/Dev/fd0/pcfs RW, noauto 0 0
Sparc20:/SWAP/swap nfs rw, Intr, BG, soft 0 0
Sparc17:/home nfs rw, Intr, BG, soft 0 0
Sparc17:/home3/home3 nfs rw, Intr, BG, soft 0 0
Sparc14:/home4/home4 nfs rw, Intr, BG, soft 0 0
Sparc20:/home2/home2 nfs rw, Intr, BG, soft 0 0
Sparc20:/var/spool/mail nfs rw, Intr, BG, soft 0 0
Rs970:/home1/home1 nfs rw, Intr, BG, soft 0 0
★Noted:
When the client is mounted to a path, it definitely does not mean that the path on the copy server is to the local machine. We can use CD to enter the path of this mount, just like using local directory.
□Setting up a NFS server
1. Define the machine as NFS File Server
2. Divide servers disks and define which partitions are provided
File System shared by the client
3. define the parameters of each client on the client form
4. Write/etc/exports (usually the system has a default exports)
5. re-boot the NFS server or use the command exportfs-a to output all directories and use nfsd 8 to start the nfsd daemon.
※Ps. Some details
Check the permissions of the/etc/exports output path and make sure that only the root user can modify the path,
All users can only read
2. Use exportfs to add or delete directories
Exportfs-o Access = engineering, RO = dancer/usr
Exportfs-U/usr
3. If your machine does not have the NIS (YP server) service, remember to modify it when you change the information.
/Etc/passwd
/Etc/group
/Etc/hosts
/Etc/Ethers
4. Set security for your network
Exportfs syntax
/Usr/etc/exportfs [-AVU] [-O option] [Directory]
-A: export all paths in/etc/exports.
-U: remove the export path, such as exportfs-U/usr.
-O option: for example, exportfs-O ro/usr. All/usr pairs are read only.
Option also has root = hostname, access = client
Access = netgroup
For example:
Exportfs-A: export all the paths in exports
Exportfs-o Access = engineeringther/usr
/Usr this path export and only engineering and other
Group can read & write
Exportfs-o Access = oak, RO = dancer/usr
Set the/usr of the dancer client to read only, and only the Oak Group can read
Examples of the/etc/exports file
● Syntax: directory-Option [, option]
(Set two groups to RW)
/Usr-access = engineering: Accounting
/Home-access = engineering: Accounting
/Var/spool/mail-access = engineering: Accounting
/Export/exec/sun3-access = engineering: Accounting
/Export/exec/sun3.sunos. 4.1-access = engineering: Accounting
/Export/exec/KVM/sun3.sunos. 4.1-access = engineering: Accounting
/Export/root/birch-access = Birch, root = Birch
/Export/SWAP/birch-access = Birch, root = Birch
/Export/root/oak-access = oak, root = oak
/Export/SWAP/oak-access = oak, root = oak
/Export/root/willow-access = Willow, root = willow
/Export/SWAP/willow-access = Willow, root = willow
/Export/root/pine-accsee = pine, root = pine
/Export/SWAP/pine-accsee = pine, root = pine
(Access = client, root = hostname so only the superuser of this client has the power RW)
□Setting up a NFS client
1. Declare the machine as a client without a drive or data, before using suninstall
2. Edit the/etc/fstab file to ensure that all the paths to be mounted are in fstab.
3. Set mount points on the client according to the content set by fstab.
(Mount_points is the path output by setting exports with mkdir)
4. determine the path to be mounted, which appears in/etc/exports.
5. You can start mount to connect directories (Mount-A) on the server)
Examples of/etc/fstab files
● Syntax filesystem directory type options freq pass
Oak:/export/root/Boomer/nfs RW 0 0
^
Because the file is on the server, not on Client
Therefore, the client is set to 0.
Oak:/export/exec/sun3/usr NFS Ro 0 0
Oak:/export/exec/KVM/sun3/usr/kvm nfs Ro 0 0
Oak:/usr/share NFS Ro 0 0
Oak:/home/oak nfs rw, BG 0 0
§ Mount syntax
● Syntax: Mount-T type [-RV]-O [Option] serverathname/mount_point
Mount:
Mount-A hangs all the paths listed in/etc/fstab
Mount-O Ro, soft, BG Dancer:/usr/local/dancer
Mount/usr/local of the dancer server to the client
/Usr/local/dancer and read only
-T type: the type you want to mount, such as NFS or 4.2.
-R: The Mount path is set to read only.
-V: every action in the Mount process has messages passed back to the screen.
Hard: repeat the request until the server responds. However, if the server does not respond
The server may be down!
Soft: when the client request does not receive a response, it will be returned after retry one time.
Error Message
BG: when the first request fails, the second mount will be placed in the background for execution.
FG: retries mount is always performed under the prompt symbol
Intr: Allows keyboard interruption when an NFS request is in progress
Message when Mount is successful
NFS Server Hostname OK
Hard Mount fail
NFS Server Hostname not responding, still trying
Soft... hostname server not reponding: RPC: timed out
§ Unmount:
Umount mount_point
Umount-A unload all mounted paths
◎ How NFS work?
When we start NFS file server,/etc/rc. local will automatically start the exportfs program to specify the files or directories that can be export, and what we can mount can only be the specified directory.
□Nfs is built on the XDR/RPC protocol
XDR: (external data representation) External Data Representation
XDR (external data representation) provides a way to convert data from one format to another standard data format notation, ensuring that in different computers, operating systems, and computer languages, all materials represent the same meaning
Remote Procedure Call (RPC)
Remote Procedure (RPC) remote program calls, requests remote computer to provide services, the delegate (client) will send rpc to remote computer through the network, request service.
(Generally, Local Machine: client remote machine: Server)
□How NFS transfers data using RPC
Client process master server process
Certificate ---- certificate ----- Certificate
│ Client │ main service station │
│ Routines │
Begin-Snapshot -- begin certificate ---- Snapshot
Local program call │ 《
(1) │ (10) (6) │ (5)
│
Certificate --- certificate ---- certificate Certificate
│ Client │ main server │
│ Stub │
Begin-Snapshot -- begin certificate ---- Snapshot
System Call │ "│ 《
(2) │ (9) (7) │ (4)
│
Example --- Example example (8) Example ---- example
│ Network │ <------ your network │
│ Routines restart ------> │ routines │
Certificate ---- example (3) Certificate ----- example
Local system core network communication remote system core
(1) the client sends a message and requests the service
(2) client stub converts the parameters sent by the client into xdr-standard data format and sends the messages to the network using system call.
(3) The message is sent to the remote host system through the network.
(4) remote hosts send received messages to server stub (Service Station)
(5) convert the XDR data to the host format, retrieve the service request parameters sent by the client, and send them to the server.
(6) -- (10) is a reverse line, and the server sends the service to the client
□Rc. Local start the daemon
An NFS server needs to be Inet, Portmap, NFS, and mount the four daemon programs, which can only run in the background. (If running NIS must add ypbind daemon)
◆ When NFS file server is started,
The/etc/rc. Local script performs the following actions:
1. Execute exportfs and read servers/etc/exports to inform Kernel
File hierarchies to be output and Access Permissions
(Exportfs-)
2. Start rpc. mountd daemon and nfsd daemon (usually eight)
(Rpc. mountd-N nfsd 8 & Echo-N nfsd)
◆ When NFS client is started
RC. Local performs the following actions:
1. Start the boid daemons program for read/write processing.
(Biod 8 ECHO-N biod)
2. Run Mount-vat nfs to read clients/etc/fstab and mount
Files for NFS-type
□Functions of NFS daemons
NFSD, biod, rpc. mountd, inetd, and Portmap can all be found under/usr/etc.
NFSD: started based on the requirements of the client for the File System
"File system request daemon"
The number of file system request daemon requests
It's "8". That's why we wrote "nfsd 8 &" in RC. Local.
Biod: this command is used on the NFS client to start
"Asynchronous block I/O daemon"
Used to create a buffer cache for reading and writing on the client
MOUNTD: mountd is an RPC server. After rpc. mountd daemon is started, it reads/etc/xtab to check which client is mounting which file system, and responds to the path to be mounted by the client.
(The process of mountd processing can be viewed by showmount)
Inetd: inetd (Internet services daemon). When the system starts, RC. Local will start inetd to read the configuration-file of inetd. conf,
Read all the servers addresses on the network and connect to start inetd. all the servers in the conf file. When the client requests the service, inetd starts related server daemon tasks for clinet. For example, when the user uses telnet, inetd starts telnetd to meet the user's telnet requirements, for other applications such as FTP, finger, and rlogin, inetd also starts the corresponding
Daemons, FTPD, fingerd, rloingd
Portmap: Portmap is a server. The main function is to convert the port number of the TCP/IP communication protocol to the RPC program number, because so that the clinet can do
Generally, RPC server is started by inetd, so Portmap must be started before inetd. Otherwise, RPC call cannot be performed.
□Nfs Network Security
NFS enables the files on the server to be used by the client. At first glance, it seems that anyone on the server can use the files without protection. In fact, this is not the case. before the server needs to exportfs, it has already set the File Usage permission in/etc/exporrc, such as/usr/src-access = engineering: Accounting.
Only the two clients rcgineering and accounting can mount/usr/src.
/Usr/src-access = oak, root = oak
This means that only the oak cilent can mount this path and only the oak clients superuser can exercise the read & write power.
In addition, to maintain the security of exported and mounted, managers must establish public and private key (password ), however, these security problems are built on NIS (Network Infomation System). There is a/etc/publickey file which records public and secret keys, these keys are expressed in a 16-bit code according to machine_name and user_name. Managers can use them on NIS machines.
Newkey-u username gives the user login power
Newkey-H hostname: Password required for creating login this machine
When NFS is just installed, the user is "nobody" and anyone can access it. Therefore, the Administrator must make changes to ensure the security of the data.
Publickey content when the user is nobody
Netname users public key: Users secret key
Nobody 3d91f44568fbbefada5a7: 7675cd9b8753b5db09dabf12
After the administrator gives the user the power, the user can use the chkey to modify its own secret key to create its own account intersection,
Willow % chkey
Generating new key for username
Password:
Sending key change request to server...
Done.
Willow %
The SET Password is the encryption key used by the user in NIS. When we use login, NIS will unbind the password (because the publickey is recorded as a 16-digit code ), store it in keyserv for storage, and then send the encryption key to the client. When the client sends a request, the key is attached to each NFS request and sent to the NFS server, when the encryption key and The keyserv stored on the server are checked correctly, the request will be accepted.
□When fail to mount Server
1. Use rpcinfo-P SERVER_NAME to check whether the server exists.
2. Run rpcinfo-u SERVER_NAME mount to check whether mountd daemon exists.
Run
3. Check
Ethernet connections
4. View Portmap and several biod daemons with PS ax on the client
Running or not!
(Rpcinfo: Used to make RPC calls to the RPC server and return messages in the call process of remote programs)
Some Mount failure error messages
1./etc/mtab: no such file or directory
The mtab path or file must exist before mount.
2. Mount:... block device required
The remote machine name may be incorrect.
3. Mount:... not found in/etc/fstab
Fstab must exist on the client and under/etc.
4... not in hosts Database
/Etc/hosts does not have this hosts database, or
NIS daemon and ypbind are not executed
5. Must be root to use Mount
Generally, only the root user can mount the file.
Superuser
6. Stale NFS file handle
When we have mounted file or directory
This message is displayed when it is suddenly removed or unexport.
Reading: 1527 times
Source: CCID