932
edits
Changes
m
→Investigation 1: NFS Server Setup: - fixing a typo
<li>Study the output and make notes of the first few lines. You should see two lines that end with the word "portmapper". If you don't, there is something wrong with your system, your system will not be able to provide NFS service. Ask for help if this is the case.</li>
<li>You should also see a line or two (or even more) that contains the word "nfs". If you don't, NFS is not running. If NFS is not running, you can start up NFS with the command:
<source>systemctl start nfs-server</source></li>
<li>Create a directory named "/nfs-pub". Enter the command:
<source>mkdir /nfs-pub</source></li>
<li>Change the file permission on "/nfs-pub" so everyone can read/write/list. Enter the command:
<source>chmod 777 /nfs-pubDouble pub</source> Make sure to double check that the file permission with the ls -l commandpermissions have been set correctly.</li>
<li>To set the sticky bit on the directory "/nfs-pub" , use the command
<source>chmod +t /nfs-pub</source></li>
<li>Edit your /etc/exports file and insert the following lines:
<source>/nfs-pub ip-of-vm1(rw,root_squash) /nfs-pub ip-of-vm3(rw,root_squash)</source>
"ip-of-vm1" should be replaced by the actual IP address of vm1 (VM1),and "ip-of-vm3" should be replaced by the actual IP address of vm3 (VM3).</li>
<li>Enter the command
<source>exportfs -a</source>
to tell your NFS server to re-read the configuration file (/etc/exports) and take the appropriate action, i.e. to export the directory /nfs-pub to the specific host.</li>
<li>Enter the command
<source>showmount -e</source>
Make notes of the output and consult the man page of showmount to find out the purpose of this command.</li>
<li>Use the command "exit" to leave the super user shell and switch back to the regular user shell.
Enter the command
<source>id</source>
to confirm your user id. Write down your user name, user ID and group ID.</li>
<li>Copy the file /etc/passwd into directory /nfs-pub as passwd.S. Enter the command
<source>cp /etc/passwd /nfs-pub/passwd.S</source></li>
<li>Finally, confirm the file copying with the "ls -l" command and make notes of the output.</li>
<li>Modify the firewall on your server to allow incoming nfs traffic in your internal zone. Make sure this change persists past reboot.</li>
</ol>
==Investigation 2: File ownership of new files created on NFS shares==
Perform the following steps on VM1 as root:
<ol>
<li>
Enter the command
<source>cat /proc/filesystems</source>
Make notes of the output. You should see a list of file systems supported on your system. If "nfs" is missing from this list, your Linux kernel does not have NFS support compiled in.
However, it is possible that your kernel do support NFS via kernel module. Try the command
<source>modprobe nfs</source>
and make notes of the output from the above command. If it indicates that the nfs module has been loaded successfully, try the '''cat /proc/filesystems''' command again.</li>
<li>Create the directory /nfs-mnt. We will use this as the mount point for the remote directory.</li>
<li>Use the mount command to attach the remote directory ('''/nfs-pub''' from vm2) into the local mount point ('''/nfs-mnt''')</li>
<li>Use commands like mount or df to check that the mount command executed successfully (that is, that VM2's '''/nfs-pub''' is now being treated as part of the local filesystem).</li>
<li>Confirm that you can access the contents of /nfs-mnt. They should be identical to VM2's '''/nfs-pub''' (because it IS VM2's '''/nfs-pub'''). Note the owner and the group owner of the file passwd.S.</li>
<li>Still on VM1, copy the file '''/etc/passwd''' into the '''/nfs-mnt''' directory. Name the copy '''passwd.A.root'''.</li>
<li>Confirm that the file copied correctly. Again, make note of the owner and group owner of the file.</li>
<li>Switch to being a regular ('''non-root''') user and copy the file '''/etc/passwd''' into the '''/nfs-mnt''' directory again, this time naming the copy '''passwd.A.user'''. Again, make note of the owner and group owner of the file. Note how it differs from the ownership of the file created as root.</li>
<li>Repeat this investigation on VM3, so that it also has access the shared filesystem. Replace the A in the copied filenames with B (e.g. passwd.B.root).</li>
</ol>
==Investigation 3: File creation permission and user name mapping on NFS shares==
Create new users on the NFS server (vm2), and clients (vm1 and vm3) to study the user name mapping on NFS shares:
<ol>
<li>On the NFS server create two new users userS, and ops535 with the commands
<source>useradd -u 5001 -m userS
useradd -u 5350 -m ops535</source></li>
<li>On vm1 create two new users userA, and ops535 with the commands
<source>useradd -u 5001 -m userA
useradd -u 5350 -m ops535</source>
and use the "passwd" command to set the passwords for those users</li>.
<li>On vm1 login as userA and copy the password file to '''/nfs-mnt''', naming the copy '''passwd.A.map'''.
Confirm the copying of the file and make notes of the owner and group owner of the file.</li>
<li>Logout from userA and login as ops535. Copy the password file to /nfs-mnt, this time naming it '''passwd.A.ops'''.
Again, make notes of the owner and group owner of the file.</li>
<li>Login to the NFS server, and examine the ownership of the files you just created. Who is the owner and the group owner of the respective files?</li>
<li>On your nfs-client machine, un-mount the remote directory.
Please note that this must be done by "root" and the directory /nfs-mnt is not being used by any process.</li>
<li>On the NFS server, make the following changes to the /etc/exports file:
change
<source>/nfs-pub ip-of-vm1(rw, root_squash)</source>
to
<source>/nfs-pub ip-of-vm1(rw, no_root_squash)</source>
and re-export the directory.</li>
<li>On the client, re-mount the share directory and repeat step 3 to step 6 under the super user
account "root" and copy the file /etc/group to the share directory /nfs-mnt with the
corresponding file name.</li>
<li>un-mount the remote directory.</li>
<li>On the NFS server, change the "rw" option in the /etc/exports file to "ro" and re-export the
directory.</li>
<li>On the client, re-mount the share directory and repeat step 3 to step 6 under the super user
account "root" and copy the file /etc/hosts to the share directory /nfs-mnt with the corresponding
file name.</li>
<li>Observe how the different settings on the server affected the ownership and permissions of files created on the client side.</li>
<li>Repeat this investigation on vm3, naming the first user userB (instead of userA), and replace the A in any file names with B. When creating files, try to predict the ownership and permissions of the resulting files.</li>
</ol>
==Completing the Lab==
# Did your Linux kernel have NFS support compiled in?
# What is the full path name of the nfs module file? i.e. where is it on your hard drive?
# What is the purpose of the sticky bit?
# Who is the owner of /nfs-mnt/passwd.A.root and /nfs-pub/passwd.A.root? Are they the same? Why?
# Who is the owner of the file /nfs-mnt/passwd.A.user and /nfs-pub/passwd.A.user? Are they the same? Why?
# Who is the owner of the file /nfs-mnt/passwd.A.map and /nfs-pub/passwd.A.map? Are they the same? Why and why not?
# Who is the owner of the file /nfs-mnt/passwd.A.ops and /nfs-pub/passwd.A.ops? Are they the same? Why and why not?
# Who is the owner of /nfs-mnt/group.A.root and /nfs-pub/group.A.root? Are they the same? Why?
# Did the file /nfs-mnt/hosts.A.root get created? Why or why not?
