New SA Training Topic 8 File System Access

New SA Training Topic 8: File System Access q Our organization uses a variety of services for accessing files on remote systems q q q WWW FTP CIFS/SMB (Windows to Windows) NFS (Linux to Linux) Samba (Windows to Linux and Linux to Windows

Web n Web administration is determining what files to share and how to manage content. n Our Linux systems use Apache’s httpd Configuration via httpd. conf (and, optionally, other files) n httpd supports only HTTP n

Web (cont. ) n Our Windows systems use Microsoft’s IIS Configuration via MMC n IIS supports several internet protocols § HTTP § FTP § SMTP § NNTP § (and others) n

FTP n Windows n FTP runs as a sub-service to IIS n Configuration via Internet Service Manager (MMC to Internet Information Services) n Linux n FTP runs more independently n Configuration through. conf file (for example, using vsftp and vsftpd. conf) n Avoid anonymous logins unless specifically needed

File systems q The primary problem is how to give a consistent view of the system across multiple hosts. q Any questions on fundamental filesystem issues? (You should be able to perform CRUD at each of these levels. ) Disks q Partitions q File systems q ACLS q File-types q Etc. q

Windows File System Access q Windows network filesystem access q DFS – Combines multiple Windows shares into a single “root” for easy access q Shares – CIFS (SMB) protocol used to allow access to files on one computer from another q. Enabling sharing q. Creating a share q. GUI – Explorer or via MMC q. Command line – net share or rmtshare

Win. File System Access (cont. ) q. Viewing available shares q. GUI – Explorer or via MMC q. Command line – net share or net view q. Connecting to a share q. GUI - Explorer q. Command line – net use

Linux File System Access q Network File System - NFS protocol used to allow file sharing q Enabling NFS q. Nfsd qrequires rpc. mountd, rpc. nfsd, portmap q Creating a share q/etc/exports § /etc/exports lists directories that a server exports to its clients. § Each line in the file specifies a single directory.

Linux File System Access (cont. ) q The syntax of the /etc/exports file is: directory [host 1]([option][, option]) [host 2]([option][, option]) [host 1]([option][, option]) [host 3]([option][, option]) [host 7]([option][, option]) The directory is the full path name of the directory q Option can designate a simple flag such as ro, rw, sync, or root_squash q The server automatically exports these when the NFS server is started q These exported directories can then be mounted by clients q

Linux File System Access (cont. ) /usr/games /home /var/tmp /usr/lib box 1(ro) comp 2(ro) 10. 0. 1. 9(ro) box 2. external. net(rw, no_root_squash) clients *. internal. net(rw) § Entry #1 - /usr/games can be mounted by the systems named box 1, comp 2, and sys 3. (They can read data/run programs, but they can’t write in the directory) § Entry #2 - /home can be mounted by the system box 1 and root access is allowed for the directory § Entry #3 - any client can mount /var/tmp (Note: no access list) § Entry #4 - specifies an access list designated by the netgroup named “clients”. Machines designated as belonging to “clients” can mount the /usr/lib directory from this server; also any host from internal. net can access with read and write permissions

Linux File System Access (cont. ) q Considering the exportation of a parent directory in a tree that includes one or more child directories. q If you mount the parent directory, would you expect to see the child directories? q. In some implementations, you will see the child directories, but with no data beneath them. q. In others, including RH 9, you will see the child directories and data q Use the hide and no_hide options if you want to set the entire sub-tree as hidden or visible

Linux File System Access (cont. ) /usr/sbin/exportfs -a q. Exportfs can also be used to add/remove shares “on the fly” q Viewing available shares q. Showmount –e q Diagnostics on messages set via NFS qnfsstat q Connecting to a share q. Establish local mount point and mount share qmount -t nfs server: /share /mnt/mymntpoint q. Use fstab q. Mounts during system boot q

Linux File System Access (cont. ) q What about users? q. Users are dealt with by assuming that UIDs and GIDs are the same on both the server and the client q. Do you want root on clientbox to be root on serverbox? Do you want user 1 on client box to be user 1 on serverbox? qroot_squash qno_root_squash qall_squash

Samba n SAMBA n Based on SMB (Server Message Block, also known as CIFS) n Server and Client n n Server allows sharing of file system and/or printers with any system that supports SMB (including both Windows and Linux) Client allows for connections to any SMB server Can act as a Windows Domain Controller n Supports network “browsing” n

Samba Our organization uses Samba because of its ability to share files across platforms. It can provide other services as well. q 5 Basic Services qfile sharing (this is our primary concern) qnetwork printing qauthentication and authorization qname resolution qservice announcement (i. e. , Windows browsing).

Samba (cont. ) q Samba includes two core services q smbd q nmbd (for Net. BIOS name resolution) q smb. conf q smbstatus