You are previewing Managing NFS and NIS, 2nd Edition.
O'Reilly logo
Managing NFS and NIS, 2nd Edition

Book Description

A modern computer system that's not part of a network is even more of an anomaly today than it was when we published the first edition of this book in 1991. But however widespread networks have become, managing a network and getting it to perform well can still be a problem. Managing NFS and NIS, in a new edition based on Solaris 8, is a guide to two tools that are absolutely essential to distributed computing environments: the Network Filesystem (NFS) and the Network Information System (formerly called the "yellow pages" or YP). The Network Filesystem, developed by Sun Microsystems, is fundamental to most Unix networks. It lets systems ranging from PCs and Unix workstations to large mainframes access each other's files transparently, and is the standard method for sharing files between different computer systems. As popular as NFS is, it's a "black box" for most users and administrators. Updated for NFS Version 3, Managing NFS and NIS offers detailed access to what's inside, including:

  • How to plan, set up, and debug an NFS network

  • Using the NFS automounter

  • Diskless workstations

  • PC/NFS

  • A new transport protocol for NFS (TCP/IP)

  • New security options (IPSec and Kerberos V5)

  • Diagnostic tools and utilities

  • NFS client and server tuning

NFS isn't really complete without its companion, NIS, a distributed database service for managing the most important administrative files, such as the passwd file and the hosts file. NIS centralizes administration of commonly replicated files, allowing a single change to the database rather than requiring changes on every system on the network. If you are managing a network of Unix systems, or are thinking of setting up a Unix network, you can't afford to overlook this book.

Table of Contents

  1. Managing NFS and NIS, 2nd Edition
  2. Preface
    1. Who this book is for
    2. Versions
    3. Organization
    4. Conventions used in this book
    5. Differences between the first edition and second edition
    6. Comments and questions
    7. Hal's acknowledgments from the first edition
    8. Acknowledgments for the second edition
      1. Hal Stern's acknowledgments
      2. Mike Eisler's acknowledgments
      3. Ricardo Labiaga's acknowledgments
  3. 1. Networking Fundamentals
    1. 1.1. Networking overview
    2. 1.2. Physical and data link layers
      1. 1.2.1. Frames and network interfaces
      2. 1.2.2. Ethernet addresses
    3. 1.3. Network layer
      1. 1.3.1. Datagrams and packets
      2. 1.3.2. IP host addresses
      3. 1.3.3. IPv4 address classes
      4. 1.3.4. Classless IP addressing
      5. 1.3.5. Virtual interfaces
      6. 1.3.6. IP Version 6
        1. 1.3.6.1. IP Version 6 address pools
        2. 1.3.6.2. IP Version 6 loopback address
        3. 1.3.6.3. IP Version 6 unspecified address
    4. 1.4. Transport layer
      1. 1.4.1. TCP and UDP
      2. 1.4.2. Port numbers
    5. 1.5. The session and presentation layers
      1. 1.5.1. The client-server model
      2. 1.5.2. External data representation
      3. 1.5.3. Internet and RPC server configuration
        1. 1.5.3.1. Socket RPC and Transport Independent RPC
  4. 2. Introduction to Directory Services
    1. 2.1. Purpose of directory services
      1. 2.1.1. The hosts database
    2. 2.2. Brief survey of common directory services
      1. 2.2.1. Directory Name Service (DNS)
      2. 2.2.2. Network Information Service (NIS)
      3. 2.2.3. NIS+
      4. 2.2.4. X.500
      5. 2.2.5. Lightweight Directory Access Protocol (LDAP)
      6. 2.2.6. NT Domain
    3. 2.3. Name service switch
    4. 2.4. Which directory service to use
  5. 3. Network Information Service Operation
    1. 3.1. Masters, slaves, and clients
    2. 3.2. Basics of NIS management
      1. 3.2.1. Choosing NIS servers
      2. 3.2.2. Installing the NIS master server
      3. 3.2.3. Installing NIS slave servers
        1. 3.2.3.1. Adding slave servers later
      4. 3.2.4. Enabling NIS on client hosts
    3. 3.3. Files managed under NIS
      1. 3.3.1. Working with the maps
      2. 3.3.2. Netgroups
      3. 3.3.3. Hostname formats in netgroups
      4. 3.3.4. Integrating NIS maps with local files
      5. 3.3.5. Map files
      6. 3.3.6. Map naming
      7. 3.3.7. Map structure
      8. 3.3.8. NIS domains
        1. 3.3.8.1. Internet domains versus NIS domains
      9. 3.3.9. The ypserv daemon
      10. 3.3.10. The ypbind daemon
      11. 3.3.11. NIS server as an NIS client
    4. 3.4. Trace of a key match
  6. 4. System Management Using NIS
    1. 4.1. NIS network design
      1. 4.1.1. Dividing a network into domains
      2. 4.1.2. Domain names
      3. 4.1.3. Number of NIS servers per domain
    2. 4.2. Managing map files
      1. 4.2.1. Map distribution
      2. 4.2.2. Regular map transfers
      3. 4.2.3. Map file dependencies
      4. 4.2.4. Password file updates
      5. 4.2.5. Source code control for map files
      6. 4.2.6. Using alternate map source files
    3. 4.3. Advanced NIS server administration
      1. 4.3.1. Removing an NIS slave server
      2. 4.3.2. Changing NIS master servers
    4. 4.4. Managing multiple domains
  7. 5. Living with Multiple Directory Servers
    1. 5.1. Domain name servers
      1. 5.1.1. DNS versus NIS
      2. 5.1.2. DNS integration with NIS
      3. 5.1.3. NIS and DNS domain names
      4. 5.1.4. Domain aliases
    2. 5.2. Implementation
      1. 5.2.1. Run NIS without DNS on client and server
      2. 5.2.2. Run NIS on client, enable DNS on NIS server
      3. 5.2.3. Run DNS on NIS clients and servers
      4. 5.2.4. Run NIS on client, enable DNS on NIS client
    3. 5.3. Fully qualified and unqualified hostnames
    4. 5.4. Centralized versus distributed management
    5. 5.5. Migrating from NIS to DNS for host naming
    6. 5.6. What next?
  8. 6. System Administration Using the Network File System
    1. 6.1. Setting up NFS
    2. 6.2. Exporting filesystems
      1. 6.2.1. Rules for exporting filesystems
      2. 6.2.2. Exporting options
    3. 6.3. Mounting filesystems
      1. 6.3.1. Using /etc/vfstab
      2. 6.3.2. Using mount
      3. 6.3.3. Mount options
      4. 6.3.4. Backgrounding mounts
      5. 6.3.5. Hard and soft mounts
      6. 6.3.6. Resolving mount problems
    4. 6.4. Symbolic links
      1. 6.4.1. Resolving symbolic links in NFS
      2. 6.4.2. Absolute and relative pathnames
      3. 6.4.3. Mount points, exports, and links
    5. 6.5. Replication
      1. 6.5.1. Properties of replicas
      2. 6.5.2. Rules for mounting replicas
      3. 6.5.3. Managing replicas
      4. 6.5.4. Replicas and the automounter
    6. 6.6. Naming schemes
      1. 6.6.1. Solving the /usr/local puzzle
  9. 7. Network File System Design and Operation
    1. 7.1. Virtual filesystems and virtual nodes
    2. 7.2. NFS protocol and implementation
      1. 7.2.1. NFS RPC procedures
      2. 7.2.2. Statelessness and crash recovery
      3. 7.2.3. Request retransmission
      4. 7.2.4. Preserving Unix filesystem semantics
      5. 7.2.5. Pathnames and filehandles
      6. 7.2.6. NFS Version 3
      7. 7.2.7. NFS over TCP
    3. 7.3. NFS components
      1. 7.3.1. nfsd and NFS server threads
      2. 7.3.2. Client I/O system
      3. 7.3.3. NFS kernel code
    4. 7.4. Caching
      1. 7.4.1. File attribute caching
      2. 7.4.2. Client data caching
      3. 7.4.3. Server-side caching
    5. 7.5. File locking
      1. 7.5.1. Lock and status daemons
      2. 7.5.2. Client lock recovery
      3. 7.5.3. Recreating state information
    6. 7.6. NFS futures
      1. 7.6.1. NFS Version 4
      2. 7.6.2. Security
  10. 8. Diskless Clients
    1. 8.1. NFS support for diskless clients
    2. 8.2. Setting up a diskless client
    3. 8.3. Diskless client boot process
      1. 8.3.1. Reverse ARP requests
      2. 8.3.2. Getting a boot block
      3. 8.3.3. Booting a kernel
      4. 8.3.4. Managing boot parameters
    4. 8.4. Managing client swap space
    5. 8.5. Changing a client's name
    6. 8.6. Troubleshooting
      1. 8.6.1. Missing and inconsistent client information
      2. 8.6.2. Checking boot parameters
      3. 8.6.3. Debugging rarpd and bootparamd
      4. 8.6.4. Missing /usr
    7. 8.7. Configuration options
      1. 8.7.1. Dataless clients
      2. 8.7.2. Swapping on a local disk
    8. 8.8. Brief introduction to JumpStart administration
    9. 8.9. Client/server ratios
  11. 9. The Automounter
    1. 9.1. Automounter maps
      1. 9.1.1. Indirect maps
      2. 9.1.2. Inside the automounter
        1. 9.1.2.1. User-level automounters
        2. 9.1.2.2. The autofs automounter
        3. 9.1.2.3. The enhanced autofs automounter: Browsing indirect maps
      3. 9.1.3. Direct maps
    2. 9.2. Invocation and the master map
      1. 9.2.1. The master map
      2. 9.2.2. Command-line options
        1. 9.2.2.1. Automount command-line options
        2. 9.2.2.2. Automountd command-line options
      3. 9.2.3. The null map
      4. 9.2.4. Tuning timeout values
    3. 9.3. Integration with NIS
      1. 9.3.1. Mixing NIS and files in the same map
      2. 9.3.2. Updating NIS-managed automount maps
    4. 9.4. Key and variable substitutions
      1. 9.4.1. Key substitutions
      2. 9.4.2. Variable substitutions
        1. 9.4.2.1. Builtin variables
    5. 9.5. Advanced map tricks
      1. 9.5.1. Replicated servers
      2. 9.5.2. Hierarchical mounts
        1. 9.5.2.1. The -hosts map
        2. 9.5.2.2. Hierarchical mounts in non -hosts maps
      3. 9.5.3. Conversion of direct maps
      4. 9.5.4. Multiple indirection
      5. 9.5.5. Executable indirect maps
    6. 9.6. Side effects
      1. 9.6.1. Long search paths
      2. 9.6.2. Avoiding automounted filesystems
  12. 10. PC/NFS Clients
    1. 10.1. PC/NFS today
    2. 10.2. Limitations of PC/NFS
      1. 10.2.1. NFS versus SMB (CIFS)
      2. 10.2.2. Why PC/NFS?
    3. 10.3. Configuring PC/NFS
      1. 10.3.1. Server-side PC/NFS configuration
    4. 10.4. Common PC/NFS usage issues
      1. 10.4.1. Mounting filesystems
      2. 10.4.2. Checking file permissions
      3. 10.4.3. Unix to Windows/NT text file conversion
    5. 10.5. Printer services
  13. 11. File Locking
    1. 11.1. What is file locking?
      1. 11.1.1. Exclusive and shared locks
      2. 11.1.2. Record locks
      3. 11.1.3. Mandatory versus advisory locking
      4. 11.1.4. Windows/NT locking scheme
    2. 11.2. NFS and file locking
      1. 11.2.1. The NLM protocol
      2. 11.2.2. NLM recovery
        1. 11.2.2.1. Server crash
        2. 11.2.2.2. Client crash
        3. 11.2.2.3. Network partition
      3. 11.2.3. Mandatory locking and NFS
      4. 11.2.4. NFS and Windows lock semantics
    3. 11.3. Troubleshooting locking problems
      1. 11.3.1. Diagnosing NFS lock hangs
      2. 11.3.2. Examining lock state on NFS/NLM servers
      3. 11.3.3. Clearing lock state
  14. 12. Network Security
    1. 12.1. User-oriented network security
      1. 12.1.1. Trusted hosts and trusted users
      2. 12.1.2. Enabling transparent access
      3. 12.1.3. Using netgroups
    2. 12.2. How secure are NIS and NFS?
    3. 12.3. Password and NIS security
      1. 12.3.1. Managing the root password with NIS
      2. 12.3.2. Making NIS more secure
        1. 12.3.2.1. The secure nets file
      3. 12.3.3. Unknown password entries
    4. 12.4. NFS security
      1. 12.4.1. RPC security
      2. 12.4.2. Superuser mapping
      3. 12.4.3. Unknown user mapping
      4. 12.4.4. Access to filesystems
      5. 12.4.5. Read-only access
      6. 12.4.6. Port monitoring
      7. 12.4.7. Using NFS through firewalls
      8. 12.4.8. Access control lists
        1. 12.4.8.1. ACLs that deny access
        2. 12.4.8.2. ACLs and NFS
        3. 12.4.8.3. Are ACLs worth it?
    5. 12.5. Stronger security for NFS
      1. 12.5.1. Security services
      2. 12.5.2. Brief introduction to cryptography
        1. 12.5.2.1. Symmetric key encryption
        2. 12.5.2.2. Asymmetric key encryption
        3. 12.5.2.3. Public key exchange
        4. 12.5.2.4. One-way hash functions and MACs
      3. 12.5.3. NFS and IPSec
      4. 12.5.4. AUTH_DH: Diffie-Hellman authentication
        1. 12.5.4.1. Old terms: AUTH_DES, secure RPC, and, secure NFS
        2. 12.5.4.2. Diffie-Hellman key exchange
        3. 12.5.4.3. How RPC/DH works
        4. 12.5.4.4. RPC/DH state and NFS statelessness
        5. 12.5.4.5. Enabling NFS/dh
        6. 12.5.4.6. Public and private keys
        7. 12.5.4.7. Creating keys
        8. 12.5.4.8. Establishing a session key
        9. 12.5.4.9. NFS/dh checklist
        10. 12.5.4.10. How secure is RPC/DH?
      5. 12.5.5. RPCSEC_GSS: Generic security services for RPC
        1. 12.5.5.1. Kerberos V5
        2. 12.5.5.2. SEAM: Kerberos V5 for Solaris
        3. 12.5.5.3. Enabling Kerberized NFS
        4. 12.5.5.4. Security and performance
        5. 12.5.5.5. Combining krb5, krb5i, krb5p
        6. 12.5.5.6. IPSec versus krb5i and krb5p
      6. 12.5.6. Planning a transition from NFS/sys to stronger NFS security
      7. 12.5.7. NFS security futures
    6. 12.6. Viruses
  15. 13. Network Diagnostic and Administrative Tools
    1. 13.1. Broadcast addresses
    2. 13.2. MAC and IP layer tools
      1. 13.2.1. ifconfig: interface configuration
        1. 13.2.1.1. Examining interfaces
        2. 13.2.1.2. Initializing an interface
        3. 13.2.1.3. Multiple interfaces
        4. 13.2.1.4. Mismatched host information
      2. 13.2.2. Subnetwork masks
      3. 13.2.3. IP to MAC address mappings
      4. 13.2.4. Using ping to check network connectivity
      5. 13.2.5. Gauging Ethernet interface capacity
    3. 13.3. Remote procedure call tools
      1. 13.3.1. RPC mechanics
        1. 13.3.1.1. Identifying RPC services
        2. 13.3.1.2. RPC portmapper — rpcbind
        3. 13.3.1.3. RPC version numbers
      2. 13.3.2. RPC registration
      3. 13.3.3. Debugging RPC problems
    4. 13.4. NIS tools
      1. 13.4.1. Key lookup
      2. 13.4.2. Displaying and analyzing client bindings
      3. 13.4.3. Other NIS map information
      4. 13.4.4. Setting initial client bindings
      5. 13.4.5. Modifying client bindings
    5. 13.5. Network analyzers
      1. 13.5.1. snoop
      2. 13.5.2. ethereal / tethereal
      3. 13.5.3. Capture filters
      4. 13.5.4. Read filters
  16. 14. NFS Diagnostic Tools
    1. 14.1. NFS administration tools
    2. 14.2. NFS statistics
      1. 14.2.1. I/O statistics
    3. 14.3. snoop
      1. 14.3.1. Useful filters
    4. 14.4. Publicly available diagnostics
      1. 14.4.1. ethereal / tethereal
      2. 14.4.2. Useful filters
      3. 14.4.3. NFSWATCH
      4. 14.4.4. nfsbug
      5. 14.4.5. SATAN
    5. 14.5. Version 2 and Version 3 differences
    6. 14.6. NFS server logging
      1. 14.6.1. NFS server logging mechanics
      2. 14.6.2. Enabling NFS server logging
      3. 14.6.3. NFS server logging configuration
        1. 14.6.3.1. Basic versus extended log format
      4. 14.6.4. The nfslogd daemon
        1. 14.6.4.1. Consolidating file transfer information
      5. 14.6.5. Filehandle to path mapping
      6. 14.6.6. NFS log cycling
      7. 14.6.7. Manipulating NFS log files
      8. 14.6.8. Other configuration parameters
      9. 14.6.9. Disabling NFS server logging
    7. 14.7. Time synchronization
  17. 15. Debugging Network Problems
    1. 15.1. Duplicate ARP replies
    2. 15.2. Renegade NIS server
    3. 15.3. Boot parameter confusion
    4. 15.4. Incorrect directory content caching
    5. 15.5. Incorrect mount point permissions
    6. 15.6. Asynchronous NFS error messages
  18. 16. Server-Side Performance Tuning
    1. 16.1. Characterization of NFS behavior
    2. 16.2. Measuring performance
    3. 16.3. Benchmarking
    4. 16.4. Identifying NFS performance bottlenecks
      1. 16.4.1. Problem areas
      2. 16.4.2. Throughput
        1. 16.4.2.1. NFS writes (NFS Version 2 versus NFS Version 3)
        2. 16.4.2.2. NFS/TCP versus NFS/UDP
      3. 16.4.3. Locating bottlenecks
    5. 16.5. Server tuning
      1. 16.5.1. CPU loading
      2. 16.5.2. NFS server threads
        1. 16.5.2.1. Context switching overhead
        2. 16.5.2.2. Choosing the number of server threads
      3. 16.5.3. Memory usage
      4. 16.5.4. Disk and filesystem throughput
        1. 16.5.4.1. Unix filesystem effects
        2. 16.5.4.2. Disk array caching and Prestoserve
        3. 16.5.4.3. Disk load balancing
      5. 16.5.5. Kernel configuration
      6. 16.5.6. Cross-mounting filesystems
      7. 16.5.7. Multihomed servers
  19. 17. Network Performance Analysis
    1. 17.1. Network congestion and network interfaces
      1. 17.1.1. Local network interface
      2. 17.1.2. Collisions and network saturation
    2. 17.2. Network partitioning hardware
    3. 17.3. Network infrastructure
      1. 17.3.1. Switched networks
      2. 17.3.2. ATM and FDDI networks
    4. 17.4. Impact of partitioning
      1. 17.4.1. NIS in a partitioned network
      2. 17.4.2. Effects on diskless nodes
    5. 17.5. Protocol filtering
  20. 18. Client-Side Performance Tuning
    1. 18.1. Slow server compensation
      1. 18.1.1. Identifying NFS retransmissions
      2. 18.1.2. Timeout period calculation
      3. 18.1.3. Retransmission rate thresholds
      4. 18.1.4. NFS over TCP is your friend
    2. 18.2. Soft mount issues
    3. 18.3. Adjusting for network reliability problems
    4. 18.4. NFS over wide-area networks
    5. 18.5. NFS async thread tuning
    6. 18.6. Attribute caching
    7. 18.7. Mount point constructions
    8. 18.8. Stale filehandles
  21. A. IP Packet Routing
    1. A.1. Routers and their routing tables
    2. A.2. Static routing
  22. B. NFS Problem Diagnosis
    1. B.1. NFS server problems
    2. B.2. NFS client problems
    3. B.3. NFS errno values
  23. C. Tunable Parameters
  24. About the Authors
  25. Colophon
  26. Copyright