0281-0283.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:TCP/IP Network Management</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=13 //-->
<!-- PAGES=0243-0298 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="0278-0280.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0284-0286.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-281"><P>Page 281</P></A>

<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
WARNING
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
NFS's design by nature is, unfortunately, insecure. While there are some steps that
provide a moderate level of security to protect you from the common user pretending to be an
evil hacker, there is not much more you can do. Any time you share a disk via NFS with
another machine, you need to give the users of that machine (especially the root user) a
certain amount of trust. If you believe that the person you are sharing the disk with is
untrustworthy, you need to explore alternatives to NFS for sharing data and disk space.
<BR><BR>
Be sure to keep up with security bulletins from both Red Hat and the Computer
Emergency Response Team (CERT). You can find these on Red Hat's site at
www.redhat.com, CERT's site at www.cert.org, or the moderated
newsgroup comp.security.announce.
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>
<BR>

<H4>
Installing NFS
</H4>




<P>Although the NFS software that comes with Red Hat Linux does come preinstalled, you
do need to be aware of what the software is and what each specific program does. This is
important when trying to troubleshoot problems and configure NFS-related tools such as
the automounter.
</P>




<P>There are three programs used to provide NFS server services:</P>

<TABLE WIDTH="360">
<TR><TD>
rpc.portmapper
</TD><TD>
This program does not directly provide NFS
services itself; however, it maps calls made from other
machines to the correct NFS daemons.
</TD></TR>
<TR><TD>
rpc.nfsd
</TD><TD>
This daemon is what translates the NFS requests
into actual requests on the local filesystem.
</TD></TR>
<TR><TD>
rpc.mountd
</TD><TD>
This daemon's services requests to mount and
unmount filesystems.
</TD></TR>
</TABLE>
<BR>

<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
NOTE
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
The rpc.nfsd and rpc.mountd programs need only run on your NFS servers. In fact,
you might find it prudent to not have them run at all on your client machines for
security concerns and to free up resources that might otherwise be consumed by them. NFS
clients do not need any special NFS software to run. They should, however, run
the rpc.portmapper program because it provides RPC functionality to programs other
than NFS as well.
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>
<BR>


<P>By default, these programs are installed and loaded at boot time for you. To check
for this, use the rpcinfo command as follows:
</P>

<!-- CODE SNIP //-->
<PRE>
rpcinfo -p
</PRE>
<!-- END CODE SNIP //-->



<A NAME="PAGENUM-282"><P>Page 282</P></A>






<P>This will display all the registered RPC programs running on your system. To check
which RPC programs are registered on a remote host, use
rpcinfo such as
</P>


<!-- CODE SNIP //-->
<PRE>
rpcinfo -p hostname
</PRE>
<!-- END CODE SNIP //-->





<P>where hostname is the name of the remote host you want to check. The output for a Linux
host running NFS appears something like the following:
</P>


<!-- CODE //-->
<PRE>
[root@vestax /root]# rpcinfo -p
  program   vers   proto   port
   100000      2     tcp    111   portmapper
   100000      2     udp    111   portmapper
   100005      1     udp    821   mountd
   100005      1     tcp    823   mountd
   100003      2     udp   2049   nfs
   100003      2     tcp   2049   nfs
</PRE>
<!-- END CODE //-->





<P>Note the number specified after rpc.nfsd and
rpc.mountd. Those numbers tell each program how many instances it should start up at once. Having several instances of each daemon
improves network performance up to a point. Having too many started will degrade
performance. Unfortunately, there is no magic formula for determining the ideal number to use for
your system as it varies depending on your own usage. Typically, most sites start with four and
adjust later.
</P>
<P>
<P>

<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
NOTE
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
Currently, multiple NFS servers running in parallel is still experimental. The key limitation
is that when running more than one instance of
rpc.nfsd, the filesystem can only be shared read-only. This is useful for disks that hold large quantities of read-only information such
as Usenet news spools, but not much else.
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>
<BR>

<H4>
Starting and Stopping the NFS daemons
</H4>




<P>You might run across instances when you need to stop NFS and restart it later. You can do
this by using the startup scripts that are executed at boot time and shutdown. NFS's scripts are
/etc/rc.d/init.d/nfs.
</P>




<P>To start the NFS services, run the following as root:</P>


<!-- CODE SNIP //-->
<PRE>
[root@vestax /root]# /etc/rc.d/init.d/nfs start
</PRE>
<!-- END CODE SNIP //-->





<P>To stop NFS services, run the following as root:</P>


<!-- CODE SNIP //-->
<PRE>
[root@vestax /root]# /etc/rc.d/init.d/nfs stop
</PRE>
<!-- END CODE SNIP //-->





<H4><A NAME="ch13_ 39">


Configuring NFS
</A></H4>




<P>The two key files to NFS are the /etc/exports and
/etc/fstab files. The exports file is configured on the server side. This file specifies which directories are to be shared with which
clients
</P>


<A NAME="PAGENUM-283"><P>Page 283</P></A>






<P>and each client's access rights. The fstab file is configured on the client side and specifies
which servers to contact for certain directories as well as where to place them in the directory tree.<BR>
</P>




<H4><A NAME="ch13_ 40">
Setting Up the /etc/exports File

</A></H4>




<P>The /etc/exports file specifies which directories to share with which hosts on the
network. This file needs only to be set up on your NFS servers.
</P>




<P>The /etc/exports file follows the following format:
</P>


<!-- CODE //-->
<PRE>
/directory/to/export    host1(permissions) host2(permissions)
                        &Acirc;host3(permissions) host4(permissions)
#
# Comments begin with the pound sign and must be at the start of
# the line
#
/another/dir/to/export    host2(permissions) host5(permissions)
</PRE>
<!-- END CODE //-->





<P>In this example, /directory/to/export is the directory you want to make available to
other machines on the network. You must supply the absolute pathname for this entry. On the
same line, the hosts that can access this directory are listed. If the list is longer than the line size
permits, you can use the standard continuation character (the backslash,
\) to continue onto the next line. Each host is given a set of access permissions. They are as follows:
</P>

<TABLE WIDTH="360">
<TR><TD>
rw
</TD><TD>
Read and write access.
</TD></TR>
<TR><TD>
ro
</TD><TD>
Read-only access.
</TD></TR>
<TR><TD>
no_root_squash
</TD><TD>
Acknowledge and trust the client's root account.
</TD></TR>
</TABLE>




<P>If you are familiar with the export file configurations of other flavors of UNIX, you know
that this is not similar. Whether one is better than the other is a holy war discussion best left
to Usenet newsgroups.
</P>




<P>After you have set up your /etc/exports file, run the
exportfs command with the -a option&#151;for example,
</P>


<!-- CODE SNIP //-->
<PRE>
exportfs -a
</PRE>
<!-- END CODE SNIP //-->





<P>This sends the appropriate signals to the
rpc.nfsd and rpc.mountd daemons to reread the
/etc/exports file and update their internal tables.
</P>

<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
TIP
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
It is considered good convention to place all the directories you want to export in the
/export hierarchy. This makes their intent clear and self-documenting. If you need
the directory to also exist elsewhere in the directory tree, use symbolic links. For example,
if your server is exporting its /usr/local hierarchy, you should place the directory in 
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>


<P><CENTER>
<a href="0278-0280.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0284-0286.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>