Difference between revisions of "OPS535-lab-nfs"

From CDOT Wiki
Jump to: navigation, search
m (Adding instructions to investigation 1)
m (Protected "OPS535-lab-nfs": OER transfer ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
 
(11 intermediate revisions by 2 users not shown)
Line 8: Line 8:
  
 
==Pre-Requisites==
 
==Pre-Requisites==
The pre-lab must be complete so that your virtual machines share access to a private network.
+
:*The pre-lab must be complete so that your virtual machines share access to a private network.
Create a new user on each of your virtual machines using your own Seneca login.
+
:*Create a new user on each of your virtual machines using your own Seneca login.
 +
:*If you don't have the nfs-utils package installed, install it now.
  
 
==Investigation 1: NFS Server Setup==
 
==Investigation 1: NFS Server Setup==
Line 20: Line 21:
 
<li>Study the output and make notes of the first few lines. You should see two lines that end with the word "portmapper". If you don't, there is something wrong with your system, your system will not be able to provide NFS service. Ask for help if this is the case.</li>
 
<li>Study the output and make notes of the first few lines. You should see two lines that end with the word "portmapper". If you don't, there is something wrong with your system, your system will not be able to provide NFS service. Ask for help if this is the case.</li>
 
<li>You should also see a line or two (or even more) that contains the word "nfs". If you don't, NFS is not running. If NFS is not running, you can start up NFS with the command:
 
<li>You should also see a line or two (or even more) that contains the word "nfs". If you don't, NFS is not running. If NFS is not running, you can start up NFS with the command:
   systemctl start nfs-server</li>
+
   <source>systemctl start nfs-server</source></li>
 
<li>Create a directory named "/nfs-pub". Enter the command:
 
<li>Create a directory named "/nfs-pub". Enter the command:
   mkdir /nfs-pub</li>
+
   <source>mkdir /nfs-pub</source></li>
 
<li>Change the file permission on "/nfs-pub" so everyone can read/write/list. Enter the command:
 
<li>Change the file permission on "/nfs-pub" so everyone can read/write/list. Enter the command:
   chmod 777 /nfs-pubDouble check the file permission with the ls -l command.</li>
+
   <source>chmod 777 /nfs-pub</source>
 +
  Make sure to double check that the file permissions have been set correctly.</li>
 
<li>To set the sticky bit on the directory "/nfs-pub" , use the command
 
<li>To set the sticky bit on the directory "/nfs-pub" , use the command
chmod +t /nfs-pub</li>
+
<source>chmod +t /nfs-pub</source></li>
 
<li>Edit your /etc/exports file and insert the following lines:
 
<li>Edit your /etc/exports file and insert the following lines:
  /nfs-pub ip-of-vm1(rw,root_squash)
+
  <source>/nfs-pub ip-of-vm1(rw,root_squash)
/nfs-pub ip-of-vm3(rw,root_squash)
+
/nfs-pub ip-of-vm3(rw,root_squash)</source>
 
"ip-of-vm1" should be replaced by the actual IP address of vm1 (VM1),and "ip-of-vm3" should be replaced by the actual IP address of vm3 (VM3).</li>
 
"ip-of-vm1" should be replaced by the actual IP address of vm1 (VM1),and "ip-of-vm3" should be replaced by the actual IP address of vm3 (VM3).</li>
 
<li>Enter the command
 
<li>Enter the command
exportfs -a
+
<source>exportfs -a</source>
 
to tell your NFS server to re-read the configuration file (/etc/exports) and take the appropriate action, i.e. to export the directory /nfs-pub to the specific host.</li>
 
to tell your NFS server to re-read the configuration file (/etc/exports) and take the appropriate action, i.e. to export the directory /nfs-pub to the specific host.</li>
 
<li>Enter the command
 
<li>Enter the command
showmount -e
+
<source>showmount -e</source>
 
Make notes of the output and consult the man page of showmount to find out the purpose of this command.</li>
 
Make notes of the output and consult the man page of showmount to find out the purpose of this command.</li>
 
<li>Use the command "exit" to leave the super user shell and switch back to the regular user shell.
 
<li>Use the command "exit" to leave the super user shell and switch back to the regular user shell.
 
Enter the command
 
Enter the command
id
+
<source>id</source>
 
to confirm your user id. Write down your user name, user ID and group ID.</li>
 
to confirm your user id. Write down your user name, user ID and group ID.</li>
 
<li>Copy the file /etc/passwd into directory /nfs-pub as passwd.S. Enter the command
 
<li>Copy the file /etc/passwd into directory /nfs-pub as passwd.S. Enter the command
cp /etc/passwd /nfs-pub/passwd.S</li>
+
<source>cp /etc/passwd /nfs-pub/passwd.S</source></li>
 
<li>Finally, confirm the file copying with the "ls -l" command and make notes of the output.</li>
 
<li>Finally, confirm the file copying with the "ls -l" command and make notes of the output.</li>
 
<li>Modify the firewall on your server to allow incoming nfs traffic in your internal zone. Make sure this change persists past reboot.</li>
 
<li>Modify the firewall on your server to allow incoming nfs traffic in your internal zone. Make sure this change persists past reboot.</li>
 +
</ol>
  
 
==Investigation 2: File ownership of new files created on NFS shares==
 
==Investigation 2: File ownership of new files created on NFS shares==
 +
Perform the following steps on VM1 as root:
 +
<ol>
 +
<li>
 +
Enter the command
 +
<source>cat /proc/filesystems</source>
 +
Make notes of the output. You should see a list of file systems supported on your system. If "nfs" is missing from this list, your Linux kernel does not have NFS support compiled in.
 +
However, it is possible that your kernel do support NFS via kernel module. Try the command
 +
<source>modprobe nfs</source>
 +
and make notes of the output from the above command. If it indicates that the nfs module has been loaded successfully, try the '''cat /proc/filesystems''' command again.</li>
 +
<li>Create the directory /nfs-mnt.  We will use this as the mount point for the remote directory.</li>
 +
<li>Use the mount command to attach the remote directory ('''/nfs-pub''' from vm2) into the local mount point ('''/nfs-mnt''')</li>
 +
<li>Use commands like mount or df to check that the mount command executed successfully (that is, that VM2's '''/nfs-pub''' is now being treated as part of the local filesystem).</li>
 +
<li>Confirm that you can access the contents of /nfs-mnt.  They should be identical to VM2's '''/nfs-pub''' (because it IS VM2's '''/nfs-pub''').  Note the owner and the group owner of the file passwd.S.</li>
 +
<li>Still on VM1, copy the file '''/etc/passwd''' into the '''/nfs-mnt''' directory.  Name the copy '''passwd.A.root'''.</li>
 +
<li>Confirm that the file copied correctly.  Again, make note of the owner and group owner of the file.</li>
 +
<li>Switch to being a regular ('''non-root''') user and copy the file '''/etc/passwd''' into the '''/nfs-mnt''' directory again, this time naming the copy '''passwd.A.user'''. Again, make note of the owner and group owner of the file.  Note how it differs from the ownership of the file created as root.</li>
 +
<li>Repeat this investigation on VM3, so that it also has access the shared filesystem.  Replace the A in the copied filenames with B (e.g. passwd.B.root).</li>
 +
</ol>
  
 
==Investigation 3: File creation permission and user name mapping on NFS shares==
 
==Investigation 3: File creation permission and user name mapping on NFS shares==
 +
Create new users on the NFS server (vm2), and clients (vm1 and vm3) to study the user name mapping on NFS shares:
 +
<ol>
 +
<li>On the NFS server create two new users userS, and ops535 with the commands
 +
<source>useradd -u 5001 -m userS
 +
useradd -u 5350 -m ops535</source></li>
 +
<li>On vm1 create two new users userA, and ops535 with the commands
 +
<source>useradd -u 5001 -m userA
 +
useradd -u 5350 -m ops535</source>
 +
and use the "passwd" command to set the passwords for those users</li>.
 +
<li>On vm1 login as userA and copy the password file to '''/nfs-mnt''', naming the copy '''passwd.A.map'''.
 +
Confirm the copying of the file and make notes of the owner and group owner of the file.</li>
 +
<li>Logout from userA and login as ops535. Copy the password file to /nfs-mnt, this time naming it '''passwd.A.ops'''.
 +
Again, make notes of the owner and group owner of the file.</li>
 +
<li>Login to the NFS server, and examine the ownership of the files you just created.  Who is the owner and the group owner of the respective files?</li>
 +
<li>On your nfs-client machine, un-mount the remote directory.
 +
Please note that this must be done by "root" and the directory /nfs-mnt is not being used by any process.</li>
 +
<li>On the NFS server, make the following changes to the /etc/exports file:
 +
change
 +
<source>/nfs-pub ip-of-vm1(rw, root_squash)</source>
 +
to
 +
<source>/nfs-pub ip-of-vm1(rw, no_root_squash)</source>
 +
and re-export the directory.</li>
 +
<li>On the client, re-mount the share directory and repeat step 3 to step 6 under the super user
 +
account "root" and copy the file /etc/group to the share directory /nfs-mnt with the
 +
corresponding file name.</li>
 +
<li>un-mount the remote directory.</li>
 +
<li>On the NFS server, change the "rw" option in the /etc/exports file to "ro" and re-export the
 +
directory.</li>
 +
<li>On the client, re-mount the share directory and repeat step 3 to step 6 under the super user
 +
account "root" and copy the file /etc/hosts to the share directory /nfs-mnt with the corresponding
 +
file name.</li>
 +
<li>Observe how the different settings on the server affected the ownership and permissions of files created on the client side.</li>
 +
<li>Repeat this investigation on vm3, naming the first user userB (instead of userA), and replace the A in any file names with B.  When creating files, try to predict the ownership and permissions of the resulting files.</li>
 +
</ol>
  
 
==Completing the Lab==
 
==Completing the Lab==
Line 63: Line 118:
 
# Did your Linux kernel have NFS support compiled in?
 
# Did your Linux kernel have NFS support compiled in?
 
# What is the full path name of the nfs module file? i.e. where is it on your hard drive?
 
# What is the full path name of the nfs module file? i.e. where is it on your hard drive?
 +
# What is the purpose of the sticky bit?
 +
# Who is the owner of /nfs-mnt/passwd.A.root and /nfs-pub/passwd.A.root?  Are they the same?  Why?
 +
# Who is the owner of the file /nfs-mnt/passwd.A.user and /nfs-pub/passwd.A.user?  Are they the same?  Why?
 +
# Who is the owner of the file /nfs-mnt/passwd.A.map and /nfs-pub/passwd.A.map?  Are they the same?  Why and why not?
 +
# Who is the owner of the file /nfs-mnt/passwd.A.ops and /nfs-pub/passwd.A.ops? Are they the same? Why and why not?
 +
# Who is the owner of /nfs-mnt/group.A.root and /nfs-pub/group.A.root? Are they the same? Why?
 +
# Did the file /nfs-mnt/hosts.A.root get created? Why or why not?

Latest revision as of 14:50, 21 July 2023

OPS535 Lab 2

Purpose

Network File System (NFS) allows you to access files on remote hosts in exactly the same way you would access local files. It was originally created by Sun Microsystem and the implementation on Linux is largely by Rick Sladkey, who wrote the NFS kernel code and large parts of the NFS server. For more information about NFS, please refer to Chapter 14 of the online Network Administrator guide. You should also study chapter 23 of the course text book on NFS for this Lab. Designate vm2 as the NFS server.

Pre-Requisites

  • The pre-lab must be complete so that your virtual machines share access to a private network.
  • Create a new user on each of your virtual machines using your own Seneca login.
  • If you don't have the nfs-utils package installed, install it now.

Investigation 1: NFS Server Setup

Perform the following steps on vm2:

  1. Login to your machine as a regular user and enter the following command su -
  2. Enter the command rpcinfo -p
  3. Study the output and make notes of the first few lines. You should see two lines that end with the word "portmapper". If you don't, there is something wrong with your system, your system will not be able to provide NFS service. Ask for help if this is the case.
  4. You should also see a line or two (or even more) that contains the word "nfs". If you don't, NFS is not running. If NFS is not running, you can start up NFS with the command:
    systemctl start nfs-server
  5. Create a directory named "/nfs-pub". Enter the command:
    mkdir /nfs-pub
  6. Change the file permission on "/nfs-pub" so everyone can read/write/list. Enter the command:
    chmod 777 /nfs-pub
    Make sure to double check that the file permissions have been set correctly.
  7. To set the sticky bit on the directory "/nfs-pub" , use the command
    chmod +t /nfs-pub
  8. Edit your /etc/exports file and insert the following lines:
    /nfs-pub ip-of-vm1(rw,root_squash)
    /nfs-pub ip-of-vm3(rw,root_squash)
    "ip-of-vm1" should be replaced by the actual IP address of vm1 (VM1),and "ip-of-vm3" should be replaced by the actual IP address of vm3 (VM3).
  9. Enter the command
    exportfs -a
    to tell your NFS server to re-read the configuration file (/etc/exports) and take the appropriate action, i.e. to export the directory /nfs-pub to the specific host.
  10. Enter the command
    showmount -e
    Make notes of the output and consult the man page of showmount to find out the purpose of this command.
  11. Use the command "exit" to leave the super user shell and switch back to the regular user shell. Enter the command
    id
    to confirm your user id. Write down your user name, user ID and group ID.
  12. Copy the file /etc/passwd into directory /nfs-pub as passwd.S. Enter the command
    cp /etc/passwd /nfs-pub/passwd.S
  13. Finally, confirm the file copying with the "ls -l" command and make notes of the output.
  14. Modify the firewall on your server to allow incoming nfs traffic in your internal zone. Make sure this change persists past reboot.

Investigation 2: File ownership of new files created on NFS shares

Perform the following steps on VM1 as root:

  1. Enter the command
    cat /proc/filesystems

    Make notes of the output. You should see a list of file systems supported on your system. If "nfs" is missing from this list, your Linux kernel does not have NFS support compiled in. However, it is possible that your kernel do support NFS via kernel module. Try the command

    modprobe nfs
    and make notes of the output from the above command. If it indicates that the nfs module has been loaded successfully, try the cat /proc/filesystems command again.
  2. Create the directory /nfs-mnt. We will use this as the mount point for the remote directory.
  3. Use the mount command to attach the remote directory (/nfs-pub from vm2) into the local mount point (/nfs-mnt)
  4. Use commands like mount or df to check that the mount command executed successfully (that is, that VM2's /nfs-pub is now being treated as part of the local filesystem).
  5. Confirm that you can access the contents of /nfs-mnt. They should be identical to VM2's /nfs-pub (because it IS VM2's /nfs-pub). Note the owner and the group owner of the file passwd.S.
  6. Still on VM1, copy the file /etc/passwd into the /nfs-mnt directory. Name the copy passwd.A.root.
  7. Confirm that the file copied correctly. Again, make note of the owner and group owner of the file.
  8. Switch to being a regular (non-root) user and copy the file /etc/passwd into the /nfs-mnt directory again, this time naming the copy passwd.A.user. Again, make note of the owner and group owner of the file. Note how it differs from the ownership of the file created as root.
  9. Repeat this investigation on VM3, so that it also has access the shared filesystem. Replace the A in the copied filenames with B (e.g. passwd.B.root).

Investigation 3: File creation permission and user name mapping on NFS shares

Create new users on the NFS server (vm2), and clients (vm1 and vm3) to study the user name mapping on NFS shares:

  1. On the NFS server create two new users userS, and ops535 with the commands
    useradd -u 5001 -m userS
    useradd -u 5350 -m ops535
  2. On vm1 create two new users userA, and ops535 with the commands
    useradd -u 5001 -m userA
    useradd -u 5350 -m ops535
    and use the "passwd" command to set the passwords for those users
  3. .
  4. On vm1 login as userA and copy the password file to /nfs-mnt, naming the copy passwd.A.map. Confirm the copying of the file and make notes of the owner and group owner of the file.
  5. Logout from userA and login as ops535. Copy the password file to /nfs-mnt, this time naming it passwd.A.ops. Again, make notes of the owner and group owner of the file.
  6. Login to the NFS server, and examine the ownership of the files you just created. Who is the owner and the group owner of the respective files?
  7. On your nfs-client machine, un-mount the remote directory. Please note that this must be done by "root" and the directory /nfs-mnt is not being used by any process.
  8. On the NFS server, make the following changes to the /etc/exports file: change
    /nfs-pub ip-of-vm1(rw, root_squash)

    to

    /nfs-pub ip-of-vm1(rw, no_root_squash)
    and re-export the directory.
  9. On the client, re-mount the share directory and repeat step 3 to step 6 under the super user account "root" and copy the file /etc/group to the share directory /nfs-mnt with the corresponding file name.
  10. un-mount the remote directory.
  11. On the NFS server, change the "rw" option in the /etc/exports file to "ro" and re-export the directory.
  12. On the client, re-mount the share directory and repeat step 3 to step 6 under the super user account "root" and copy the file /etc/hosts to the share directory /nfs-mnt with the corresponding file name.
  13. Observe how the different settings on the server affected the ownership and permissions of files created on the client side.
  14. Repeat this investigation on vm3, naming the first user userB (instead of userA), and replace the A in any file names with B. When creating files, try to predict the ownership and permissions of the resulting files.

Completing the Lab

You should now have a common part of the filesystem available to all three vms. Files you store there on one machine will be accessible for the other machines too. Note that this should only be available when using your internal, statically assigned addresses. You have also explored how access permissions are used between the machines, and since this service relies on UIDs accessed on each machine, keeping them synchronized between machines becomes vital. In a future lab we will explore a service that will manage that aspect of our networks.

Follow the instructions on blackboard to submit the lab.

Exploration Questions

  1. What is the purpose of the "su -" command?
  2. What is the purpose of the "rpcinfo -p" command?
  3. What information is stored in the /etc/exports file?
  4. What information is provided by the "showmount -e" command?
  5. Did your Linux kernel have NFS support compiled in?
  6. What is the full path name of the nfs module file? i.e. where is it on your hard drive?
  7. What is the purpose of the sticky bit?
  8. Who is the owner of /nfs-mnt/passwd.A.root and /nfs-pub/passwd.A.root? Are they the same? Why?
  9. Who is the owner of the file /nfs-mnt/passwd.A.user and /nfs-pub/passwd.A.user? Are they the same? Why?
  10. Who is the owner of the file /nfs-mnt/passwd.A.map and /nfs-pub/passwd.A.map? Are they the same? Why and why not?
  11. Who is the owner of the file /nfs-mnt/passwd.A.ops and /nfs-pub/passwd.A.ops? Are they the same? Why and why not?
  12. Who is the owner of /nfs-mnt/group.A.root and /nfs-pub/group.A.root? Are they the same? Why?
  13. Did the file /nfs-mnt/hosts.A.root get created? Why or why not?