lsg33.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<FONT COLOR="#000080">/usr/tim/book big_*(rw)</FONT></PRE>



<P>allows any machine starting with big_ to mount the directory as read-write. When no hostname is provided (as with the /usr/ftp directory in the previous example), any machine can mount the directory.



<BR>



<P>The /etc/exports file allows a long list of possible permissions for a remote machine to mount a local directory. Although most systems use only rw and ro (for read-write and read-only respectively), you may need more permissions occasionally. The following are valid permissions:



<BR>



<UL>



<UL>



<P>insecure Allows non-authenticated access for the specified machine (overrides authentication requirements)



<BR>



</UL></UL>



<UL>



<UL>



<P>kerberos Forces Kerberos authentication from the remote (not implemented for Linux NFS)



<BR>



</UL></UL>



<UL>



<UL>



<P>link_absolute Leaves symbolic links as they are



<BR>



</UL></UL>



<UL>



<UL>



<P>link_relative Converts absolute symbolic links to relative links by prepending ../ as necessary



<BR>



</UL></UL>



<UL>



<UL>



<P>root_squash Denies root users on remote machines root access on local machine



<BR>



</UL></UL>



<UL>



<UL>



<P>secure-rpc Forces RPC authentication from the remote (on by default, although not implemented in most Linux NFS versions)



<BR>



</UL></UL>



<P>How does NFS handle file and user permissions across mountings? When the NFS daemon transfers files or requests, it passes the user and group ID numbers. If the client and the server have the same user and group ID numbers (called sharing the same uid/gid space), there is no problem with permissions. When the UID and GID numbers do not match, the daemon can handle translations between them.



<BR>



<BR>



<A NAME="E69E216"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Mounting NFS Directories</B></FONT></CENTER></H4>



<BR>



<P>Once NFS is configured, you can use it to mount remote directories on your local filesystem. This is done with the mount command. The general format of the mount command when dealing with NFS is



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">mount -t nfs remote_dir local_dir [-o options]</FONT></PRE>



<P>where remote_dir is the name of the remote machine and directory to be NFS mounted, local_dir is where you want to mount the remote directory, and options can be any of the permissible flags used by NFS. The remote_dir is always specified by the format



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">remote_name:remote_dir</FONT></PRE>



<P>such as wizard:/usr/lib. Many administrators leave off the -t nfs component of the mount command since this format is unique to NFS. Others feel it is good practice to leave the -t option in as it is a constant reminder that the remote is NFS mounted.



<BR>



<P>Although many options are possible for the mount command in NFS mode, only a few are ever used in real situations. You can select valid options from the following list:



<BR>







<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



hard



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This option explicitly tags the directory as hard-mounted. This is a default action.</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



intr



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This option allows interrupts to the NFS call.</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



rsize



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This option specifies the datagram size used for read requests (default is 1024 bytes).</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



soft



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This option soft-mounts the directory (instead of hard mounting).</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



timeo



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This option specifies the timeout in tenths of a second for completion of an NFS request (default is 7/10ths).</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



wsize



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



This option specifies the datagram size used for write requests (default is 1024 bytes).</FONT>



</TABLE><P>The rsize, timeo, and wsize options are followed by an equal sign and the value they are to be assigned. The rsize and wsize options are used primarily to switch the remote machine to another datagram size (in case it uses a larger size than Linux can handle). All NFS options must follow the -o switch on the command line, if the options are set there. For example, to set the timeout to 2 seconds on the remote mount of a directory and allow interrupts, you could issue the command:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">mount -t nfs wizard:/usr/data /usr/data -o timeo=20,intr</FONT></PRE>



<P>Alternatively, if you don't want to specify the options on the command line for frequently mounted volumes, you can use the /etc/fstab file to provide them. The same command line as above can be placed in the /etc/fstab file like this:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">wizard:/usr/data /usr/data nfs timeo=20,intr</FONT></PRE>



<P>When you use the /etc/fstab file to specify options and mount points, you can mount the remote volume much more easily by issuing the command:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">mount wizard:/usr/data</FONT></PRE>



<P>The mount command examines the /etc/fstab file for the mount point and options to use, as well as recognizes the command as an NFS mount. For remote directories you will need often, this command is much easier than typing the entire command line every time.



<BR>



<P>Two of the NFS mount options deal with hard and soft mounting. The default with NFS is to hard mount a directory. What this means is that if NFS is unable to mount a requested volume, it times out, generates an error message, and tries again with double the timeout value. This goes on forever until the remote directory is mounted (generating error messages each time a timeout occurs). Any remote directory that is repeatedly tried until successfully mounted is called a hard mount. A soft mount is one that acts the same way but generates error messages only after a major timeout, which is every 60 seconds. The error messages are not displayed, since they are in the I/O queue, but you can usually gain control of the system more easily with a soft mount after a major timeout.



<BR>



<BR>



<A NAME="E68E188"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>NFS Administration</B></FONT></CENTER></H3>



<BR>



<P>NFS (and RPC, which NFS depends on) has two primary administration tools available for providing status updates and indications of trouble within the system. Running any single tool is usually not sufficient to isolate a problem. It often happens that one tool reports a problem with a port, but, upon closer examination, you find out that the port is functioning and the process at the other end has died. Therefore, these tools are designed to be used as a complement to each other until an accurate diagnosis can be produced.



<BR>



<BR>



<A NAME="E69E217"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>rpcinfo</B></FONT></CENTER></H4>



<BR>



<P>The rpcinfo program monitors the port mapper of the machine on which it is running and, through the network, the port mappers of servers. Because the port mapper is the program that controls access to RPCs, this type of information is important in tracking problems. The rpcinfo program can display the contents of the mapping tables, showing the port and program numbers for each connection, and is able to activate remote servers for testing a connection.



<BR>



<P>Typically, rpcinfo is called with the -p option to show the list of RPC programs that are currently tracked by the port mapper. An optional machine name can be added to display only connections with one machine. A typical output from the rpcinfo program is shown below:



<BR>



<PRE>



<FONT COLOR="#000080">$ rpcinfo -p



 program vers proto port



 100000 2 tcp 111 portmapper



 100000 2 udp 111 portmapper



 100008 1 udp 1026 walld



 150001 1 udp 1027 pcnfsd



 150001 2 udp 1027 pcnfsd



 100002 1 udp 1028 rusersd



 100002 2 udp 1028 rusersd



 100024 1 udp 1029 status



 100024 1 tcp 1024 status



 100020 1 udp 1034 llockmgr



 100020 1 tcp 1025 llockmgr



 100021 2 tcp 1026 nlockmgr



 100021 1 tcp 1027 nlockmgr



 100021 1 udp 1038 nlockmgr



 100021 3 tcp 1028 nlockmgr



 100021 3 udp 1039 nlockmgr</FONT></PRE>



<P>In case of a problem contacting the port mapper, rpcinfo returns an error message. In such a case, the port mapper is not functioning correctly and there may be no contact with other machines. A check using ping will verify this. An example of this kind of fatal error message is:



<BR>



<PRE>



<FONT COLOR="#000080">$ rpcinfo -p



rpcinfo: can't contact port mapper:



RFC: Remote system errer -125</FONT></PRE>



<P>Specific connections can be tested with rpcinfo by using the machine and process name, as the following example shows:



<BR>



<PRE>



<FONT COLOR="#000080">$ rpcinfo -u merlin walld



program 100008 version 1 is ready and waiting</FONT></PRE>



<P>Note that the -u option is used for UDP connections, while -t must be used with TCP connections. In this example, the client rpcinfo sent a request to the program specified and waited for a reply. A successful reply results in the message shown above. If a reply is not received before a timer expires, an error message is displayed.



<BR>



<P>In the sample output above, there is a process called pcnfsd, which is an RPC server developed for use with DOS-based machines. It handles access rights and spooling services for the DOS side, while simplifying the DOS machine's access to NFS services.



<BR>



<BR>



<A NAME="E69E218"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>nfsstat</B></FONT></CENTER></H4>



<BR>



<P>The nfsstat program, as its name suggests, provides statistics about the number and type of RPC requests that are made. Although this command is usually called without an option, several options exist (depending on the implementation and version) to show specific statistics or sample only certain parts of the connection. The nfsstat program is not part of most Linux distributions, but you can find it on some Linux FTP and BBS sites and as part of some system administration utility packages. The output from nfsstat is shown below for a typical small network:



<BR>



<PRE>



<FONT COLOR="#000080">Server rpc:



calls badcalls nullrecv badlen xdrcall



10465 0 0 0 0



Server nfs:



calls badcalls



10432 0



null getattr setattr root lookup readlink read



1 0% 24 0% 1 0% 0 0% 10123 0% 0 0% 5 0%



wrcache write create remove rename link symlink



0 0% 2 0% 0 0% 1 0% 0 0% 1 0% 0 0%



Client rpc:



calls badcalls retrans badxid timeout wait newcred



8273 2 0 0 0 0 0



Client nfs:



calls badcalls



8263 0



null getattr setattr root lookup readlink read