The computers that make their file systems, or directories, and other resources available for remote access are called servers. The act of making file systems available is called exporting. The computers and their processes that use server resources are considered clients. After a client mounts a file system that a server exports, the client can access the individual server files (access to exported directories can be restricted to specific clients).
The major services provided by NFS are:
|
Table 1. NFS services
|
|
|
Service
|
Description
|
|
Mount service
|
Mounts from the /usr/sbin/rpc.mountd daemon on the server and the /usr/sbin/mount command on the client. This service
is only available on NFS version 2 and version 3.
|
|
Remote File access
|
Accesses from the /usr/sbin/nfsd daemon on the server and the /usr/sbin/biod daemon on the
client.
|
|
Remote execution service
|
Executes from the /usr/sbin/rpc.rexd daemon on the server and the /usr/bin/on command on the client.
|
|
Remote System Statistics service
|
Compiles from the /usr/sbin/rpc.rstatd daemon on the server and the /usr/bin/rup command on the client.
|
|
Remote User Listing service
|
Lists from the /usr/lib/netsvc/rusers/rpc.rusersd daemon on the
server and the /usr/bin/rusers command on the client.
|
|
Boot Parameters service
|
Provides startup parameters to Sun Operating System diskless
clients from the /usr/sbin/rpc.bootparamd daemon on the server.
|
|
Remote Wall service
|
Protects from the /usr/lib/netsvc/rwall/rpc.rwalld daemon on the
server and the /usr/sbin/rwall command on the client.
|
|
Spray service
|
Sends a one-way stream of Remote Procedure Call (RPC) packets
from the /usr/lib/netsvc/spray/rpc.sprayd daemon on the
server and the /usr/sbin/spray command on the client.
|
|
PC authentication service
|
Provides a user authentication service for PC-NFS from the /usr/sbin/rpc.pcnfsd daemon on the server.
|
|
Enhanced security service
|
Provides access on both the client and server to more advanced
security services, such as Kerberos 5. The /usr/sbin/gssd daemon provides NFS with access to
security services provided by the Network Authentication Service. The Network
Authentication Service and the Cryptographic Library filesets (krb5.client.rte, krb5.server.rte,
and modcrypt.base) must be installed. These
filesets can be installed from the AIX® Expansion Pack.
|
|
Identity translation service
|
Performs translation between security principals, NFS version 4
identity strings, and their corresponding numeric system IDs. In addition,
mapping of identity information from foreign NFS version 4 domains is
provided. These services are provided by the /usr/sbin/nfsrgyd daemon.
|
Note: A
computer can be both an NFS server and an NFS client simultaneously.
NFS version 2
and 3 servers are stateless,
meaning that the server does not retain any transaction information about its
clients. A single NFS transaction corresponds to a single, complete file
operation. NFS requires that the client remember any information needed for
later NFS use.An NFS version 4 server is stateful because of the file open and file locking operations defined in the NFS version 4 protocol.
Types of
NFS mounts
There are three types of NFS mounts: predefined, explicit, and
automatic.Predefined mounts are specified in the /etc/filesystems file. Each stanza (or entry) in this file defines the characteristics of a mount. Data such as the host name, remote path, local path, and any mount options are listed in this stanza. Predefined mounts are used when certain mounts are always required for proper operation of a client.
Explicit mounts serve the needs of the root user. Explicit mounts are usually done for short periods of time when there is a requirement for occasional unplanned mounts. Explicit mounts can also be used if a mount is required for special tasks and that mount is not generally available on the NFS client. These mounts are usually fully qualified on the command line by using the mount command with all needed information. Explicit mounts do not require updating the /etc/filesystems file. File systems mounted explicitly remain mounted unless explicitly unmounted with the umount command or until the system is restarted.
Automatic mounts are controlled by the automount command, which causes the AutoFS kernel extension to monitor specified directories for activity. If a program or user attempts to access a directory that is not currently mounted, then AutoFS intercepts the request, arranges for the mount of the file system, then services the request.
Mounting
NFS
Exportfs –va (to reexport all the fs)
Examples
1. To export all directories in the /etc/exports file, enter:
exportfs -a
2. To export one directory from the /etc/exports file, enter:
exportfs /home/notes
In this example, the /home/notes directory is exported.
For this command to work, the /home/notes directory must be specified
in the /etc/exports
file.
3. To unexport a directory, enter:
exportfs -u /home/notes
In this example, the /home/notes directory is unexported.
4. To display the name of the directory currently being exported,
enter:
exportfs -v
5. To export a directory that is not specified in the /etc/exports file,
enter:
exportfs -i /home/zeus
In this example, the /home/zeus directory is exported without restrictions.
6. To export a directory and give netgroup members permission to
access this directory, enter:
exportfs access=cowboys:oilers /home/notes -o
In this example, the /home/notes directory is exported and permits users of cowboys and oilers host machines to have access.
7. To export a directory with different options from the /etc/exports file,
enter:
exportfs -i -o root=zorro:silver /directory
In this example, the /directory directory is exported and allows root user access to zorro and silver host machines, regardless of
the access permissions specified in the /etc/exports
file.
8. To export the /common/docs
directory with write permissions to clients using Kerberos authentication, but
read-only permissions to clients using UNIX authentication, add the following
text to the /etc/exports
file:
/common/docs -sec=krb5,rw,sec=sys,ro
Then enter exportfs /common/docs to perform the export.
9. To create a referral at /usr/info to the /usr/info directory on host infoserver, add the following line to /etc/exports and
then export /usr/info:
10./usr/info -vers=4,refer=/usr/info@infoserver
11. To specify replicas for the /common/info
directory at hosts backup1 and backup2, add the following line to /etc/exports and
then export /common/info:
12./common/info -vers=4,replicas=/common/info@backup1:/common/info@backup2,<other options>
13. To export the /common/docs
directory with both version 3 and version 4, enter the following command:
exportfs -V 3:4 /common/docs
14. To export all of the version 4 entries in the /etc/exports file,
enter the following command:
exportfs -a -V 4
15. To unexport the
/common/docs directory only for version 3, enter the following
command:
exportfs -u -V 3 /common/docs
16. To unexport all of the version 3 entries in the /etc/xtab file,
enter the following command:
exportfs -ua -V 3
17. To specify referrals for the /common/docs directory at hosts named s1, s2 and s3 and scatter them fully, add the following line to the /etc/exports file
and then export the /common/docs
directory:
/common/docs -vers=4,refer=/common/docs@s1:/common/docs@s2:/common/docs@s3,scatter=full
18. To specify replicas for the
/common/docs directory at hosts named s1, s2, s3 and s4 and scatter them partially
(the first fail over server is s1 for all
combinations), add the following line to the /etc/exports file and then export the /common/docs
directory:
19./common/docs -vers=4,noauto,replicas=/common/docs@s1:/common/docs@s2:/common/docs@s3:/common/docs@s4,
scatter=partial
Files
|
Lists the directories that the server can export.
|
|
|
Lists currently exported directories.
|
|
|
Contains an entry for each host on the network.
|
|
|
Contains information about each user group on the network.
|
|
|
Contains the startup script for the NFS and NIS daemons.
|
No comments:
Post a Comment