Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
|
Configuration directory for NFS |
There is no conf but an exports
located in /etc/exports [root@ns1 /root]# cat /etc/exports /myexport *.sharpe.com(rw) /home *.sharpe.com(rw,no_root_squash) |
|
|
root isn't working on remote nfs share
|
add no_root_squash
**root squash is on by default |
|
|
your on the NFS server. With looking at the exports file, what command will list active exports and their permissons?
|
exportfs -v
|
|
|
Linux command for
Export list for ns1: /home *.acme.com /myexport *.acme.com |
showmount -e ns1
where ns1 is the NFS server by hostname or IP |
|
|
mount an NFS drive on a client to /mount
source is /myexport on ns1 |
mount ns1.mydomain.com:/myexport /mount –t nfs
|
|
|
You're able to mount nfs after installing nfs-utils package but automounting via /etc/fstab is failing.
|
if automounting is required via /etc/fstab then portmap
package and netfs service needs to run as well |
|
|
NFS Configuration files for the SERVER
|
Server
• /etc/exports • /etc/init.d/nfs (default number of NFS mount Servers) |
|
|
NFS Configuration files for the CLIENT
|
/etc/fstab
|
|
|
Captain Picard is using NFS to try and write his captain's log. Picard is on the bridge's computer and his user name is also on the NFS server in engineering. He is getting permisson is denied.
The captain's log's permisson is 770. Picard is both owner and group. |
User ID’s and Group ID’s must exist on both systems and be
consistent (same ID numbers) 9. On NS1 a. Groupadd eng (verify the group ID /etc/groups) b. Groupmod –g 583 eng c. Usermod –g eng test1 (verify the IDs) d. Chmod 664 /myexport/mytextfile 10. ON linux137 a. Alt F2 login as test1 b. Id (to see what is your user, GID and groups are) c. Cd /mount and try to make some changes to the mytextfile i. See if you can make the changes to mytextfile 11. On NS1 as root a. Chown test1 /myexport/mytextfile 12. On Linux137 as test1 a. Cd /mount b. Ls –ail (who owns the file?) c. Groupadd eng (add group on linux137) d. Groupmod –g 583 eng (modify the group ID, same as NS1 machine) e. Usermod –g eng test1 (adding test1 in the eng group) f. Can you edit the file? g. Now give, usermod –u 502 test1 h. Cd /mount i. Ls –ail j. Chmod 777 mytextfile (what happened and why?) k. Id (to see that it has the same user and group ID with ENG group) |
|
|
How does root squash work?
|
User ID and Group Id for Root are mapped to User/Group nobody
|
|
|
What does portmapper do?
|
A server that converts Remote Procedure Call
numbers to DARPA port numbers. It must be running to do RPC’s |
|
|
What port does portmapper use?
|
Listens on UDP/TCP port 111
|
|
|
Name as many RPC Servers (Daemons) as possible
|
– Nlockmgr: File locking service (Port 1024)
– Status: Status monitor for file lock recovery on machine crashes (Port 1025) – Rquotad: User quotas for remote file systems (Port 734) – Mountd: Services mount requests from clients (Port 1028) – Nfs: Provides file system service to the mountd (Port 2049) |
|
|
Not specific to NFS, but mentioned in a lot of NFS documents.
Two files that will allow and restrict domains and subnets |
/etc/hosts.allow
/etc/hosts.deny * Rumour has there is a performance penalty and suggested to stick to firewalls anyways. ** Can use these files to restrict any box, not just NFS. |
|
|
NFS consists of what three entities?
|
– Portmapper
– RPC Servers (NFS Servers) – NFS clients |
|
|
queries the mount daemon on a remote host for information about the state of the NFS server on that machine
|
showmount -e ns1
where ns1 is the NFS server by hostname or IP |
|
|
A file that determines the order of lookups performed when a certain piece of information is requested
|
NSS- Name Service Switch. The /etc/nsswitch.conf
|
|
|
Location of the NIS database files
|
/var/yp/yourdomain.com
|
|
|
NIS Client Configuration Setup
|
Client Configuration
Setup /etc/yp.conf Setup //etc/yp.conf edit to include: domain mynisdomain server ns1 Define NIS domain domainname mynisdomain Start ypbind /sbin/ypbind Note: Before configuring the NIS server the client software must always be started first. |
|
|
NIS Server Configuration Setup
|
Edit ypserv.conf
Start ypserv Create export maps Update maps when changes are made and export them Mount any required file systems |
|
|
How to create or update NIS maps for exporting?
|
[root@ns1 /root]# make -C /var/yp
make: Entering directory `/var/yp' gmake[1]: Entering directory `/var/yp/sharpe.com' Updating netid.byname... gmake[1]: Leaving directory `/var/yp/sharpe.com' make: Leaving directory `/var/yp' [root@ns1 /root]# |
|
|
When would you need to update NIS maps?
|
When you add a user or change something with the NIS schema.
*Rumour has once SSO is installed and running that updating the NIS maps is automatic but that hasn't been the case for me. |
|
|
Give an example of some NIS maps
|
[root@ns1 /root]# ls -l /var/yp/sharpe.com/
total 245 -rw------- 1 root root 12561 Dec 9 17:34 group.bygid -rw------- 1 root root 12584 Dec 9 17:34 group.byname -rw------- 1 root root 12570 Nov 27 17:19 hosts.byaddr -rw------- 1 root root 12728 Nov 27 17:19 hosts.byname -rw------- 1 root root 12791 Nov 18 12:39 mail.aliases -rw------- 1 root root 13286 Dec 9 17:34 netid.byname -rw------- 1 root root 12908 Dec 9 17:34 passwd.byname -rw------- 1 root root 12885 Dec 9 17:34 passwd.byuid -rw------- 1 root root 13614 Nov 18 12:39 protocols.byname -rw------- 1 root root 12908 Nov 18 12:39 protocols.bynumber -rw------- 1 root root 16341 Nov 18 12:39 rpc.byname -rw------- 1 root root 14216 Nov 18 12:39 rpc.bynumber -rw------- 1 root root 29548 Nov 18 12:39 services.byname -rw------- 1 root root 33061 Nov 18 12:39 services.byservicename -rw------- 1 root root 12370 Nov 18 12:39 ypservers |
|
|
Before even creating NIS maps, what command builds the domain subdirectory of /var/yp for the current default domain. Builds a complete set of administrative maps for your system and places them in this directory.
|
ypinit -m (if a MASTER)
ypinit -s NAME_OF_MASTER (for a slave) [root@ns1 yp]# /usr/lib/yp/ypinit -m At this point, we have to construct a list of the hosts which will run NIS servers. ns1.sharpe.com is in the list of NIS server hosts. Please continue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: ns1.sharpe.com next host to add: The current list of NIS servers looks like this: ns1.sharpe.com Is this correct? [y/n: y] y We need some minutes to build the databases... Building /var/yp/sharpe.com/ypservers... Running /var/yp/Makefile... gmake[1]: Entering directory `/var/yp/sharpe.com' Updating passwd.byname... Updating passwd.byuid... Updating group.byname... Updating group.bygid... Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/sharpe.com' |
|
|
Prints out a Network Information Services (NIS) map.
|
ypcat such as ypcat passwd wil cat out passwd.byname
|
|
|
Without using ypcat, query passwd.byname for user test10 on the domain sharpe.com. Only return the result for test10. Grep is not needed.
|
[root@ns1 sysconfig]# ypmatch -d sharpe.com -k test10 passwd
test10 test10:qXrw9jxQAHm6g:507:507::/home/test10:/bin/bash |
|
|
To find out which NIS server a client is bound to
|
ypwhich
|
|
|
Houstan we have a problem and want to know whether NIS or NFS is even running. Besides ps, how best to tell? Hint: They're rpc programs
|
rpcinfo -p
|
|
|
you're trying to get ypbind to work but it's barking about no domain being set nor found.
What things should you check? |
in Redhat check
[root@ns1 sysconfig]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=ns1.sharpe.com NISDOMAIN=sharpe.com run [root@ns1 sysconfig]# domainname sharpe.com just domainname on it's own should reveal domain [root@ns1 sysconfig]# domainname sharpe.com |
|
|
When enabling SSO for Windows we had to disable what daemon on the NIS server?
|
yppasswd
* it works still.. Magic! Why? No idea. |
|
|
A file to secure NIS to allow/deny subnets |
[root@ns1 yp]# cat /var/yp/
Makefile binding nicknames securenets sharpe.com ypservers [root@ns1 yp]# cat /var/yp/securenets # # securenets This file defines the access rights to your NIS server # for NIS clients. This file contains netmask/network # pairs. A clients IP address needs to match with at least # one of those. # # One can use the word "host" instead of a netmask of # 255.255.255.255. Only IP addresses are allowed in this # file, not hostnames. # # Always allow access for localhost 255.0.0.0 127.0.0.0 # This line gives access to everybody. PLEASE ADJUST! 0.0.0.0 0.0.0.0 |
|
|
/etc/nsswitch.conf is empty. Think of some example syntax |
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 |
|
|
NFS Stale File Handle error and solution |
umount -f /the/stale/leaf/point |
