Network File System Peter DSouza

Download Report

Transcript Network File System Peter DSouza 

Network File System
Peter DSouza
NFS
 Allows machines to mount a disk partition
on a remote machine as if it were a local
drive
 Other systems similar to NFS –
 AFS
 CODA
Setting up NFS server
 Configuration files
 /etc/exports (required)
 /etc/hosts.allow (optional)
 /etc/hosts.deny (optional)
Setting up NFS server(Contd.)
 /etc/exports
directory machine1(option11,option12)
machine2(option21,option22)
eg. /usr/local
192.168.0.1(ro) 192.168.0.2(ro)
/home
192.168.0.1(rw) 192.168.0.2(rw)
 /etc/hosts.allow
service: host [or network/netmask] , host [or
network/netmask]
eg. portmap: 192.168.0.1 , 192.168.0.2
 /etc/hosts.deny
portmap:ALL
lockd:ALL
mountd:ALL
….
Setting up NFS server(Contd.)
 Starting and stopping NFS
/sbin/service nfs start
/sbin/service nfs stop
/sbin/service nfs reload
 Reloading /etc/exports
exportfs -ra
Setting up NFS client
 Using mount command
mount server:directory/directory mount_point
eg. mount master.foo.com:/home /mnt/home
 Using /etc/fstab
device
eg. master.foo.com:/home
mount /pub
mntpt fs-type options dump fsckorder
/pub
nfs
rw
0
0
Setting up NFS client(Contd.)
 Using autofs
auto.master
/misc /etc/auto.misc --timeout 60
auto.misc
myproject -rw,soft,intr,rsize=8192,wsize=8192
penguin.host.net:/project52
/sbin/service autofs restart
Optimizing NFS performance
 Setting Block Size to Optimize Transfer
Speeds
 Modify rsize and wsize values to control size of
chunks of data between server and client
 Default – 4096
 Packet size and network drivers
 Important when NFS is used over UDP
 Number of instances of NFSD
 typically 8 instances
 Increase number of instances to match traffic
Optimizing NFS performance
(Contd).
 Memory limits on Input Queue
 Increase to at least 256k, restart nfsd, then restore
memory limits
echo 262144 > /proc/sys/net/core/rmem_default
 Overflow of fragmented packages
 Turning Off Autonegotiation of NICs and
Hubs
Security and NFS
 Mount access
 Achieved by client machine
 Provided in /etc/exports file
 File access
 Function of normal file system access controls
 After mounting, user and group permissions of files
take control
 Entries in /etc/hosts.allow and
/etc/hosts.deny
Security and NFS (Contd)
 Server security : nfsd and mountd
 Use root_squash in /etc/exports
/home slave1(rw,root_squash)
 Client security
 nosuid
 broken_suid mount option
 Securing portmapper, rpc.statd and rpc.lockd on client