CH 22 & 24 NFS and DFS review Flashcards
NFS
- Network File System - file and directory sharing mechanism native to Unix and Linux
- Concept similar to Microsoft Windows file sharing. (while concept similar, there are distinct differences in the implementation)
- Allows users to attach a remote file system (disk) and work with it as if it were a local drive.
Mechanics of NFS
- NFS uses client-server architecture.
a. Server - Device that is allowing others to use its disk space.
b. Client - device that is consuming the disk space offered by the server.
c. Sharing is enabled by adding a line indicating the directory to be share in /etc/exports on the server, which allows access by clients.
Example: if you listed the entry of /home/ssv2 192.168.1.100/25(rw) in the file /etc/exports, you would share /home/ssv2 as read-write on the subnet 192.168.100.0/24
Entries in the file include:
a. Directory - directory path you want to share.
b. Client - client IP address or DNS hostname you want to share it with.
c. Options - options for the connection (read/write, read-only, root_squash)
Remote Procedure Call (RPC)
- Communication using NFS is done using the Remote Procedure Call (RPC) protocol.
a. RPCs are responsible for handling requests between client and server.
b. RPC provides a standard mechanism for any RPC client to contact a server.
c. Allows the client to determine to which service the call should be directed. - Services must be registered on the server in order to be able to communicate via RPC.
Security Considerations for NFS
- NFS is not considered to be a very secure protocol.
a. Precautions must be taken to ensure that users of the client don’t gain root permissions.
b. The root_squash option can be used to control permissions to the share, but care must be used in setting up initial permissions if non-root users will be accessing via client connections.
c. If root_squash isn’t specified (or no_root_squash is specified), then root of the client machine will have the same level of access as the server’s root account.
Enabling NFS
- Almost all major Linux distros natively support NFS.
- The issue isn’t implementing NFS, but setting up RPC.
- Based on the distro, here are ways of setting up RPC access.
a. Fedora - $yum install rpcbind
b. Ubuntu - $apt-get install portmap
c. These programs handle the RPC registrations
Components of NFS
NFS relies on various processes/components to perform the client/server communication.
- rpc.nfsd - main component of the NFS - it is the server daemon. Works in conjunction with the Linux kernel to load or unload the NFS module when necessary.
- rpc.statd - sends notifications to NFS clients whenever the NFS service is restarted after a non-graceful shutdown. Provides status information to rpc.lockd when queried.
- rpc.rqoutad - supplies the interface between NFS and the system quota manager. Users connected via NFS are held to the same quota restrictions as if they were working directly on the server.
- rpc.mountd - performs permission checking during the mount request process.
- rpc.lockd - allows clients to issue file locks on the server. Handles lock recovery on NFS startup after a non-graceful shutdown.
- rpc.idmapd - provides mappings of users and groups between the server and client.
- rpc.gssd/rpc.svcgssd - provides authentication and advanced security resources.
Configuring NFS server
Setting up a NFS server is a two-part process.
- First step is set up the criteria in the /etc/exports file.
- Second step is to start the NFS processes that read the /etc/exports file.
Configuring NFS clients
Configuring NFS client under Linux is easy - it does not require any additional software.
- Only need the mount command. There are two types of mount.
a. Soft - if a request fails, the NFS client will report an error to the process on the client requesting access (response depends on how program is developed)
b. Hard - if a request fails, the program accessing the file via NFS will hang until connection is re-established or manually killed.
Distributed File System (DFS)
- Distributed File System (DFS) - provide a mechanism to allow for a unified view of file system resources located on different servers.
- Essentially, file system resources can be divided, shared, or distributed in a logical or physical manner across a network.
- DFS works on the concept of replication - copying the same data between different nodes across a WAN.
DFS Terminology
Brick
Brick - a physical server/system whose local storage resource is contributing to the overall storage capacity of the DFS.
DFS Terminology
Metadata
Metadata - refers to all other characteristics of data except the actual data themselves.
DFS Terminology
Fault Tolerance
Fault tolerance - the amount of transparent and continued access to shared resources of DFS in the event of some sort of failure.
DFS Terminology
Replication
Replication - process of the duplication of the contents of one file system onto another location.
DFS Terminology
POSIX compliance
POSIX compliance - Portable Operating System Interface for UNIX is an IEEE standard that dicates how UNIX/Linux file metadata (such as permissions and timestamps) are preserved and updated via the DFS.
DFS Implementations
There are multiple DFS implementations
- GlusterFS
- Luster
- MooseFS
- Microsoft DSF (MS-DFS) - while it cannot be set up via Linux, Linux clients can be configured to support MS-DFS.
- OpenAFS
- XtreemFS