\chapter{Shared File Systems} \label{cha:shared-file-systems} {\mns \subsection{Objectives} \label{sec:objectives-shared-filesystems} After completing this chapter you should be able to: \begin{itemize} \item Understand basic remote file and print sharing \item Appreciate the pros and cons of Samba and NFS \item Install Samba and NFS servers \item Configure basic Samba and NFS services \item Access remote resources using SMB and NFS \end{itemize} \section{NFS (Network File System)} \label{sec:nfs} \begin{itemize} \item NFS developed by Sun Microsystems (early 80's) \item Native method for file sharing between Unix/Linux systems \item Stateless protocol \begin{itemize} \item Means server keeps no state \item Renders server crashes `easily recoverable' \end{itemize} \item Should be compatible with all Unix-like systems \item Best in trusted environment, not highly secure \item Best where all user/group IDs are same \item Often used with {\kwd Network Information Services} (NIS) to synchronise user/group IDs \end{itemize} \section{NFS Basics \ldots continued} \begin{itemize} \item Systems are clients, servers or both \item Clients {\em import} shared filesystems \item Servers {\em export} shared filesystems \item Servers easy to implement via network daemons \item Clients require kernel modifications \item Linux systems normally work as both already \item NFS is NOT Unix/Linux specific (e.g. PC-NFS) \end{itemize} \section{Exporting File Systems} \label{sec:nfs-exporting} \begin{itemize} \item Exporting handled by daemons {\pgn rpc.nfsd} and {\pgn mountd} \item Must be running for NFS export to work \item Exported file systems listed in {\fn /etc/exports}, format is: {\sco fsname hostname(flags) [hostname(flags)]} \item Example: {\sco /tmp *.blah.co.uk(ro)} Exports {\fn /tmp} to all systems belonging to domain read-only~\footnote{For full detail on flags use {\uin man exports}} \item Important flags: \begin{itemize} \item {\uin ro} (read only) \item {\uin rw} (read/write) \item {\uin all\_{}squash} (map all uid/gid to something) \item {\uin anonuid} (specify user ID to map to) \item {\uin anongid} (specify group ID to map to) \end{itemize} \item After changing {\fn /etc/exports}, restart NFS \begin{verbatim} exportfs -av \end{verbatim} or \begin{verbatim} killall -HUP rpc.nfsd killall -HUP mount \end{verbatim} or \begin{verbatim} /etc/rc.d/init.d/nfs restart \end{verbatim} \end{itemize} % Nick: TODO: This has now spilled over two pages. Reduce vertical % space so it fits in one. \section{Viewing exports} \label{sec:nfs-view-exports} \begin{itemize} \item Use showmount: \begin{verbatim} $ showmount -e $ showmount -e hostname \end{verbatim} {\myss \begin{verbatim} Export list for landlord.gbdirect.co.uk: /usr/local/gbdirect/cvsroot roti.gbdirect.co.uk /home/adamg roti.gbdirect.co.uk /home/andylong along2.gbdirect.co.uk /home/mikeb kebab.gbdirect.co.uk /mnt/cdrom \end{verbatim}} \item {\cmdn NFS} uses a {\cmdn portmapper} to handle requests \item This must be running (and you must have access to it) to use {\cmdn NFS} \item Check that {\fn hosts.allow} contains an entry to permit you access, e.g. \begin{itemize} \item {\sco portmap: ALL}\\ or \item {\sco portmap: my.ip.network.} \end{itemize} \end{itemize} \section{Importing File Systems} \label{sec:nfs-import-fs} \begin{itemize} \item Mount a remotely exported directory \item Usually have to be superuser\\ {\myss {\sco \$ mount hostname:/sharename /local/directory} } \item If successful, the export named {\fn /sharename} on host {\usb hostname} is mounted on your \emph{mountpoint} {\fn /local/directory} \item Files accessed just as if local \item Remote host must be exporting the directory \item You must have access permission \item Your local mountpoint must exist \item Exactly like mounting a device \end{itemize} \section{Samba} \begin{itemize} \item Implementation of {\kwd Server Message Block} protocol (SMB) \begin{itemize} \item Core of Microsoft's file and print sharing \item Now {\em `re-invented'} as {\kwd CIFS} \end{itemize} \item Developed in Australia by Andrew Tridgell et al \item Info, sources, distributions at {\url www.samba.org} \item High performance -- competitive with NT \item Server is purely application code \begin{itemize} \item Not part of the OS \end{itemize} \item Provides some clients \begin{itemize} \item {\cmdn smbfs} requires OS support \item Client module {\cmdn smbfs} not part of Samba \end{itemize} \end{itemize} \section{Samba --- Availability} \label{sec:samba-availability} \providecommand*{\bs}{\texttt{\char '134}\allowbreak} % Backslash `\' \begin{itemize} \item Samba is provided packaged with all large Linux distributions \item PDC support for Windows 2000 clients is new, currently only with version 2.2 and is available from CVS \item Samba 2.2 is currently \emph{alpha} quality software \begin{itemize} \item will have reached production quality by your graduation \end{itemize} \item Nick Urbanik \texttt{} has packaged the current Samba 2.2 into an RPM, ready for installation into Red Hat 7. \item Currently available from \url{CSAlinux:/var/ftp/pub/samba}, \url{http://CSAlinux.tycm.vtc.edu.hk/ftp/samba/}, \url{ftp://CSAlinux.tycm.vtc.edu.hk/ftp/pub/samba/}, \mbox{\texttt{\bs\bs CSALINUX\bs pub\bs samba}} \item Expect further updates. I will improve the RPM to work as a PDC with minimum cutomisation required. \end{itemize} \section{Samba Documentation} \label{sec:samba-docs} \begin{itemize} \item The book \emph{Using Samba} is distributed free with Samba (or buy for HK\$315) \item Documentation about using Samba as a PDC is currently available from \url{http://us1.samba.org/samba/docs/samba-pdc-faq.html} and \url{http://us1.samba.org/samba/docs/samba-pdc-howto.html}. \item Latest docs are available from \url{http://us1.samba.org/samba/docs/} \item The documentation for the {\pgn Samba} configuration file is important: \begin{verbatim} $ man smb.conf \end{verbatim}%$ \end{itemize} \section{Samba Installation} \begin{itemize} \item Will vary --- may come preinstalled, may come as RPMs or similar \item Key components are {\pgn nmbd} and {\pgn smbd} \begin{itemize} \item {\pgn nmbd} is the name services daemon; mostly fit-and-forget \item {\pgn smbd} is the samba server; listens for connections and then forks one copy per client \end{itemize} \item Other tools \& utilities exist, e.g. {\pgn smbclient} \item Configuration file is {\fn /etc/samba/smb.conf} \item Comes with the {\kwd Samba Web Administration Tool} ({\pgn swat}); listens on port 901 \item To install Nick's RPMs, do: \begin{verbatim} $ sudo mount CSAlinux:/var/ftp/pub /mnt $ cd /mnt/samba $ sudo rpm -Uhv samba*.i386.rpm \end{verbatim}%$ \end{itemize} \section{Samba Basics} \begin{itemize} \item Most likely started as {\kwd daemons} in {\kwd init scripts} \item Can be run-on-demand via {\pgn inetd}, but unlikely \begin{itemize} \item Gives poor performance \end{itemize} \item Exclusively uses {\kwd TCP/IP}. Microsoft clients need to be configured for it --- they may use {\kwd NETBEUI} \item Permits: \begin{itemize} \item full file sharing, browsing and domain controller services \item full access to printers \item extensive customising \end{itemize} \end{itemize} \section{Access to Files and Printers} \begin{itemize} \item Linux and Win/NT access controls don't match \item Various options can be set \item Attempts to match logged-on Windows Username to Linux user names and passwords \item Modern versions use encrypted passwords --- takes some setting up (see documentation) \item Has concept of `guest' users --- may map to `nobody' on Linux \item Take a look in your {\fn smb.conf} file and read {\uin man smb.conf} \end{itemize} \section{Testing Samba} \begin{itemize} \item Use {\cmdn smbclient} (see screen dump below) \item May need to provide a password \item Check {\fn DIAGNOSIS.TXT} from distribution (usually installed at {\fn /usr/share/doc/samba-2.$x$.$x$}) if you have problems {\large \begin{verbatim} $ smbclient -L localhost Added interface ip=192.168.0.129 bcast=192.168.0.255 nmask=255.255.255.0 Password: Domain=[GBDIRECT] OS=[Unix] Server=[Samba 2.0.3] Sharename Type Comment -------- --- ------- www Disk WWW files software Disk Installable Software tmp Disk Temporary file space admin Disk GBdirect admin files printers Printer All Printers IPC$ IPC IPC Service (Samba Server) okirmt Printer txtdj Printer djrmt Printer fax Printer Server Comment -------- ------- LANDLORD Samba Server Workgroup Master -------- ------- GBDIRECT LANDLORD WORKGROUP KEBAB \end{verbatim} } \end{itemize} \section{Smbclient} \begin{itemize} \item Numerous options: {\Large \begin{verbatim} smbclient servicename [password] [-s smb.conf] [-B IP addr] [-O socket options][- R name resolve order] [-M Net-BIOS name] [-i scope] [-N] [-n NetBIOS name] [-d debu- glevel] [-P] [-p port] [-l log basename] [-h] [-I dest IP][-E] [-U username] [-L NetBIOS name] [-t terminal code][-m max protocol] [-W workgroup] [-TIXFqgbNan] [-Ddirectory] [-c command string] \end{verbatim} } \item Example: {\Large \begin{verbatim} $ smbclient //landlord/admin Added interface ip=192.168.0.129 bcast=192.168.0.255 nmask=255.255.255.0 Password: xxxxx Domain=[GBDIRECT] OS=[Unix] Server=[Samba 2.0.3] smb: \> ls q3.dir 85 Tue Jun 29 13:01:44 1999 actwin2 D 0 Sun Mar 7 22:01:28 1999 courses D 0 Wed May 12 10:02:20 1999 cvs D 0 Mon Mar 22 12:36:13 1999 domreg D 0 Tue Sep 1 10:14:12 1998 finance D 0 Thu Jul 1 12:33:49 1999 informat D 0 Wed Jun 23 09:56:34 1999 julie D 0 Fri Jul 2 10:06:43 1999 ............. etc ........... \end{verbatim} } \end{itemize}%$ %% FIXME We need two or three foils on smb.conf, not just this drivel. LW \section{Samba configuration File} \label{sec:smb.conf-intro} \begin{itemize} \item Three sections to {\fn smb.conf} \begin{itemize} \item global \item directories \item printers, if enabled, will export the printers known in {\fn /etc/printcap} \end{itemize} %\item Far too much detail to go into here \item Lots of help in the book \emph{Using Samba}, on line with installation. \begin{itemize} \item With Red Hat 7, and Nick's RPM, it is available under {\fn /usr/share/swat/using\_samba/} \end{itemize} \item Lots of other documentation comes with Samba: \begin{itemize} \item Usually under {\fn /usr/share/doc/samba-versionnumber}, e.g. {\fn /usr/share/doc/samba-2.2.2} \end{itemize} \item Read the man pages \item Via the web \item and others \end{itemize} \section{Samba Configuration Example} \label{sec:smb.config-pdc-example} \begin{itemize} \item This is an example {\fn /etc/samba/smb.conf}, suitable for use with Nick's Samba RPM: {\myss \begin{verbatim} [global] security = user status = yes workgroup = { Your domain name here } wins server = { ip of a wins server if you have one } encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat domain admin group = @smbadm add user script = /usr/sbin/useradd -n -g machines -c Machine -d /dev/null -s /bin/false %m$ share modes=no os level=65 [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false locking = no [netlogon] path = /var/samba/netlogon writeable = no guest ok = no \end{verbatim}} \end{itemize} \section{Directories for Samba as a PDC} \label{sec:samba-pdc-directories} \begin{itemize} \item Need some directories to hold user profiles and login scripts \begin{itemize} \item match the above configuration \end{itemize} \begin{verbatim} $ sudo mkdir -p /var/samba/netlogon/scripts $ sudo chown -R root.root /var/samba/netlogon $ sudo chmod -R 755 /var/samba/netlogon \end{verbatim}%$ \end{itemize} \section{Testing Samba} \label{sec:testing-samba} \begin{itemize} \item Use {\pgn testparm} and {\pgn smbstatus} \begin{itemize} \item {\pgn testparm} is used before starting Samba to check that {\fn smb.conf} is ok \item {\pgn smbstatus} reports status of Samba, all connected clients and file share modes \end{itemize} \end{itemize} \subsection{Notes on Testing Samba} \label{sec:notes-on-testing-samba} \begin{itemize} % Nick: this seems inconsistent with section ``Samba''. \item Note that Samba is a server implementation \item Has ftp-like {\cmdn smbclient}, but file share access is provided the kernel. \item Cannot be used by Linux to {\em import} shared files, only export them \item Some Linuxes have import facilities too --- but requires kernel support ({\fn smbfs} module) \end{itemize} \section{Exercises} \label{sec:shared-fs-exs} {\normalsize \begin{enumerate} \item{\em NFS} \begin{enumerate} \item Set up your local host so you can use {\pgn showmount} to show exported directories. \item Find other hosts on your network which list exports. \item Set up your host to export {\fn /tmp} \item Go to some other system and mount the exported {\fn /tmp} \item Play with file access on the mountpoint!, e.g. Try accessing files you normally wouldn't have access to, creating files and seeing what the ownership and permissions are on the local copy. \end{enumerate} \item {\em Samba} \begin{enumerate} \item Locate the file DIAGNOSIS.txt \item Read through it, then carefully work through {\em all} of its instructions to check your Samba installation. \item Run {\pgn testparm} on your current {\fn smb.conf}, pipe the output through {\pgn less} to see the results. \item Run {\pgn smbstatus} and explain to your neighbour what the results mean. \item Set up a share so that your {\fn /etc} directory is exported read-only and test it with {\pgn smbclient}. \item Figure out how to export users' home directories and get a colleague to test your work. \end{enumerate} \end{enumerate} } % end normalsize for exercises \section{Solutions} \label{sec:shared-fs-sols} %% FIXME: We could do with better solutions {\normalsize \begin{enumerate} \item {\em NFS} \begin{enumerate} \item You should ensure that the {\pgn portmap} and {\pgn nfs} services are running before using {\pgn showmount} \item You can give {\pgn showmount} a hostname to query, e.g. \begin{verbatim} $ /usr/sbin/showmount -e somehost Export list for somehost: /home/adamg roti.gbdirect.co.uk /home/lee rafters.gbdirect.co.uk /backup /home/james oakleigh.gbdirect.co.uk /mnt/cdrom \end{verbatim}%$ \item You should add the following to {\fn /etc/exports}: \begin{verbatim} /tmp *(ro) \end{verbatim} \item - \item - \end{enumerate} \item {\em Samba} \begin{enumerate} \item The file should be in {\fn /usr/share/doc/samba-x.xx/docs/textdocs} \item You should carry out all the test given to reach a working samba system \item Check that your {\fn smb.conf} is correct \item Check the various smb manpages ({\fn smb.conf}, {\pgn smbd}, {\pgn smbstatus} to see what the output means \item You should add the following to your {\fn smb.conf}, and restart samba with {\fn /etc/rc.d/init.d/smb restart}: \begin{verbatim} [etcshare] path = /etc comment = Shared etc directory writeable = no browseable = yes \end{verbatim} \pagebreak \item You should ensure that the {\kwd homes} share is uncommented in {\fn smb.conf}, and restart samba if necessary. You can test this by using: {\myts \begin{verbatim} $ smbclient '\\localhost\username' added interface ip=192.168.0.135 bcast=192.168.0.255 nmask=255.255.255.0 Password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.0.6] smb: \> dir .muttrc H 1387 Thu Jan 27 11:45:21 2000 .addressbook.lu H 2285 Mon Jan 24 14:37:29 2000 .procmailrc H 38 Mon Jan 24 18:11:04 2000 .newsrc.eld H 1151 Tue Jan 25 13:24:44 2000 .mail_aliases H 56 Thu Jan 27 16:52:13 2000 Desktop D 0 Tue Feb 8 15:48:40 2000 .opera DH 0 Thu Jan 27 12:53:23 2000 .balsarc H 1391 Wed Feb 9 14:27:36 2000 .mozilla DH 0 Wed Feb 9 10:27:15 2000 ltculogo.gif 8202 Wed Feb 9 11:49:06 2000 LANDLORD D 0 Wed Feb 16 14:49:16 2000 nltculogo.xcf 53886 Wed Feb 9 12:54:53 2000 nltculogo.gif 8398 Wed Feb 9 13:09:16 2000 \end{verbatim}}%$ \end{enumerate} \end{enumerate} } } % end {\mns from chapter start \label{endofchapter-shared-file-systems} %%% Local Variables: %%% mode: latex %%% TeX-master: "planet_basic_0_masterfile" %%% End: