CIT 470: Advanced Network and System Administration. Topics. Filesystems and Namespaces. Filesystems

Similar documents
Advanced Network and System Administration

NFS Version 4 17/06/05. Thimo Langbehn

File systems and Filesystem quota

4. Note: This example has NFS version 3, but other settings such as NFS version 4 may also work better in some environments.

CSE 265: System and Network Administration

OPS535. NFS Servers and Clients. Advanced TCP/IP Network Administration. Raymond Chan Seneca College of Applied Technology

Introduction to the Network File System (NFS)

Introduction to the Network File System (NFS)

NFS Design Goals. Network File System - NFS

Embedded System Design

Chapter 6. Linux File System

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission

Filesystem Hierarchy and Permissions

Motivation. Operating Systems. File Systems. Outline. Files: The User s Point of View. File System Concepts. Solution? Files!

The Network File System

Frequently asked questions from the previous class survey

The Network File System

16 More File-Sharing Services

Filesystem Hierarchy and Permissions

ECE 598 Advanced Operating Systems Lecture 19

Outline. Computer Center, CS, NCTU. Interfaces Geometry Add new disks RAID. Appendix SCSI & SAS

Disks, Filesystems 1

Computer System Design and Administration

Lab #9: Configuring A Linux File Server

File System Consistency. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Take Command Starting Share Files with NFS

Outline. Computer Center, CS, NCTU. Interfaces Geometry Add new disks RAID. Appendix SCSI & SAS

Operating Systems Design 16. Networking: Remote File Systems

COS 318: Operating Systems. Journaling, NFS and WAFL

Configuring NFSv4 on SUSE Linux Enterprise 10

File System Consistency

W4118 Operating Systems. Instructor: Junfeng Yang

Outline. Computer Center, CS, NCTU. q Interfaces q Geometry q Add new disks. q RAID

Distributed Systems. Distributed File Systems. Paul Krzyzanowski

Distributed File Systems: Design Comparisons

Pluggable Authentication Module (2) directory. /etc/pam.d. config files with sections. auth authentication functions

Linux System Administration, level 1. Lecture 4: Partitioning and Filesystems Part II: Tools & Methods

SIOS Protection Suite for Linux NFS Recovery Kit v Administration Guide

Linux Files and the File System

VIRTUAL FILE SYSTEM AND FILE SYSTEM CONCEPTS Operating Systems Design Euiseong Seo

File Systems. What do we need to know?

FS Consistency & Journaling

NFS with Linux: Current and Future Efforts. Chuck Lever, Network Appliance, Inc Steve Dickson, Red Hat Red Hat Summit 2006

RHCSA BOOT CAMP. Filesystem Administration

Da-Wei Chang CSIE.NCKU. Professor Hao-Ren Ke, National Chiao Tung University Professor Hsung-Pin Chang, National Chung Hsing University

Filesystem Hierarchy Operating systems I800 Edmund Laugasson

RHCE BOOT CAMP. Filesystem Administration. Wednesday, November 28, 12

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

CIT 470: Advanced Network and System Administration. Topics. Workstation Management. Workstations

Disks, Filesystems Todd Kelley CST8177 Todd Kelley 1

Disks, Filesystems, Booting Todd Kelley CST8177 Todd Kelley 1

dcache NFSv4.1 Tigran Mkrtchyan Zeuthen, dcache NFSv4.1 Tigran Mkrtchyan 4/13/12 Page 1

Exam Actual. Higher Quality. Better Service! QUESTION & ANSWER

FORTINET DOCUMENT LIBRARY FORTINET VIDEO GUIDE FORTINET BLOG CUSTOMER SERVICE & SUPPORT FORTIGATE COOKBOOK FORTINET TRAINING SERVICES

ECE 598 Advanced Operating Systems Lecture 18

Filesystem. Disclaimer: some slides are adopted from book authors slides with permission 1

NFSv4.1 Plan for a Smooth Migration

LiLo Crash Recovery. 1.0 Preparation Tips. 2.0 Quick Steps to recovery

Advanced Operating Systems

Network File System Andrew File System NetWare Core Protocol Server Message Block Common Internet File System

Chapter 11: File System Implementation. Objectives

Case study: ext2 FS 1

Distributed File Systems. CS432: Distributed Systems Spring 2017

File systems: management 1

How To Resize ext3 Partitions Without Losing Data

RH202. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs) Exam.

Outline. Operating Systems. File Systems. File System Concepts. Example: Unix open() Files: The User s Point of View

Chapter 11: Implementing File Systems

Advanced UNIX File Systems. Berkley Fast File System, Logging File System, Virtual File Systems

"Charting the Course... MOC B: Linux System Administration. Course Summary

SA3 E7 Advanced Linux System Administration III Internet Network Services and Security

Project #4: Implementing NFS

SMB. / / 80-. /,,,, /scalability/ mainframe. / . ",,!. # $ " fail sharing,,. % ,,. " 90-, 12, /.! database.! /DBMS/.

CSE 265: System and Network Administration

Case study: ext2 FS 1

Lecture 2: The file system

Manage Directories and Files in Linux. Objectives. Understand the Filesystem Hierarchy Standard (FHS)

B. The configuration will deny access to /var/web/dirl/private.html, but it will allow access to /var/web/dirl/subdir2/private.html, for example.

File System Implementation

Solaris 9 Mount Cdrom Manually

Computer Center, CS, NCTU. Outline. Interfaces Geometry Add new disks. Installation procedure Filesystem check Add a disk RAID GEOM

Advanced Operating Systems

Course 55187B Linux System Administration

UNIX File Systems. How UNIX Organizes and Accesses Files on Disk

ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017

Exam LFCS/Course 55187B Linux System Administration

Operating Systems, Fall

Clustered Data ONTAP NFS Best Practice and Implementation Guide

File System Hierarchy Standard (FHS)

CS370 Operating Systems

An Overview of Security in the FreeBSD Kernel. Brought to you by. Dr. Marshall Kirk McKusick

Dell Fluid File System Version 6.0 Support Matrix

mode uid gid atime ctime mtime size block count reference count direct blocks (12) single indirect double indirect triple indirect mode uid gid atime

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

The CephFS Gateways Samba and NFS-Ganesha. David Disseldorp Supriti Singh

Linux Filesystems Ext2, Ext3. Nafisa Kazi

Frequently asked questions from the previous class survey

Linux Administration

File System: Interface and Implmentation

File System. yihshih

Transcription:

CIT 470: Advanced Network and System Administration Filesystems Slide #1 Topics 1. Filesystems and Namespaces 2. Filesystem Types 3. Inodes and Superblocks 4. Network Filesystems Slide #2 Filesystems and Namespaces 1

Filesystems A filesystem is a method for storing and organizing documents. Most filesystems offer a hierarchical tree structure of folders within folders. Some filesystems are flat, with no folders. Some filesystems work like a database, where files are identified by metadata, such as creator or user-created tags. Slide #4 Kernel Storage Layers Slide #5 Filesystem Tree Structure / bin boot tmp usr var ls grub bin lib X11R6 vmlinuz menu.lst less zip bin lib xclock xterm Slide #6 2

UNIX has One Namespace A single tree-structured namespace which Provides a single way to identify files by name Contains multiple filesystems: /dev files represent hardware devices /media/cdrom ISO9660 optical media filesystem /proc in-memory representation of kernel data that are added to the namespace with the mount command: mount /dev/devname /fs/location Slide #7 Namespace contains many fs Slide #8 Filesystem Types 3

Filesystem Types by Media Disk Filesystems Filesystems designed to store files to a fixed or removable permanent storage device. examples: ext4fs, FAT, ISO9660, NTFS Solid State Filesystems Wear leveling: re-arrange block usage to avoid writing too many times to any one block on flash. In-Memory Filesystems Filesystems that represent kernel data structures, e.g. procfs, devfs. Network Filesystems Filesystems where file access operations are performed using network operations to contact a server where the data is stored on a disk or other physical medium. 10 Common Disk-based Filesystems Extended Filesystems ext2: first full featured UNIX fs for Linux in 1993 Recommended use: USB + other solid state drives. ext3: + journaling; 2TB max file size; 16TB max vol ext4: faster version of ext3 with larger max file + vol size Microsoft Filesystems FAT: inefficient disk usage, slow, 8+3 filenames 4GB maximum file size in 32-bit FAT NTFS: modern filesystem, many versions Supports long + old 8+3 filenames for compatibility 11 Inodes and Superblocks 4

Ext Filesystem Structure Slide #13 Superblocks and Block Groups 14 Inode Block Addressing Slide #15 5

Journaling Filesystems Problem: writing to file involves many disk writes 1. Modify inode to change file size 2. (potentially) Add new data block to used block map 3. (potentially) Add pointer to new data block 4. Write to new data block Journaling filesystems perform writes by: 1. Write blocks to journal. 2. Wait for write to be committed to journal. 3. Write blocks to filesystem. 4. Discard blocks from journal. 16 Creating a Filesystem Select a disk partition to create filesystem on fdisk l /dev/sda will list partitions on 1 st disk fdisk l /dev/sdb will list partitions on 2 nd disk, Run mke2fs v /dev/sda2 Creates ext2 filesystem on 2 nd partition of 1 st disk Wipes any data already existing on that filesystem Add a j option to create an ext3 journaling fs. 17 Mounting a Filesystem 1. Create a mountpoint mkdir -p /stor/video 2. Mount filesystem on chosen directory mount -t ext3 /dev/sda2 /stor/video 3. Use filesystem 4. Unmount filesystem when done umount /dev/sda2 Happens automatically at reboot or shutdown 18 6

Automatic Mounting Filesystems in /etc/fstab are mounted on boot. Use mount to see current mounted filesystems. # /etc/fstab: static file system information. # # <device> <mnt pt> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/sda1 / ext3 defaults 0 1 /dev/sda2 none swap sw 0 0 /dev/sda3 /home ext3 defaults 0 1 /dev/sdb1 /backup ext3 defaults 0 0 19 Checking Filesystem Integrity fsck utility performs consistency checks Are used blocks actually used? Do inodes point to any unused blocks? Are used inodes pointed to by directory entries? and repairs inconsistencies if Sysadmin enters y in interactive mode. Sysadmin uses -y argument to do all repairs. Run fsck with unmounted partition as arg: fsck y /dev/sda2 20 Access Control Read--You can read the file with cat, more, etc. Write--You can modify the file with vi, Execute--You can run the file if it s a program. 21 7

POSIX ACLs Specify individual groups and users. Basic ACL user/group refers to owner. POSIX ACLs allow specifying users + groups. To add/modify permissions for a user: setfacl m u:username:rw- filename To add/modify permissions for a group: setfacl m g:groupname:rwfilename 22 File Attributes Attributes extend file permissions: a: append-only (only root can set) i: immutable (read-only, only root can set) s: safe-delete (overwrite, not supported yet) Use lsattr to view attributes. Most files do not have any attributes set. Use chattr to set attributes. chattr +i /boot/vmlinuz* 23 Use filesystem to transparently share files. Examples: NFSv3 CIFS AFS NFSv4 Network Filesystems 8

NFS v3 Network File System Transparent, behaves like a regular UNIX filesystem. Uses UNIX UIDs,GIDs,perms but can work on Win. Since NFS is stateless, file locking and recovery are handled by rpc.lockd and rpc.statd daemons. Security Server only lets certain IP addresses mount filesystems. Client UIDs have same permissions on server as client. Client root UID is mapped to nobody, but Root can su to any client UID to access any file. Slide #25 How NFS Works http://www.cs.ucla.edu/~kohler/class/05f-osp/notes/lec18.html Slide #26 CIFS Microsoft Network Filesystem Derived from 1980s IBM SMB net filesystem. Originally ran over NetBIOS, not TCP/IP. \\svr\share\path Universal Naming Convention Auth: NTLM (insecure), NTLMv2, Kerberos Implementation MS Windows-centric (filenames, ACLs, EOLs) Samba: UNIX client and server software. Slide #27 9

AFS Distributed filesystem Global namespace: /afs/abc.com/vol_home1 Servers provide one or more volumes. Volume replication with RO copies on other svrs. Cells are administrative domains within AFS. Cells contain multiple servers. Each server provides multiple volumes. Security Kerberos authentication ACLs with user-controlled groups Slide #28 NFSv4 New model of NFS Only one protocol (no separate mount,lock,etc.) Global namespace. Security (ACLs, Kerberos, encryption) Cross platform + internationalized. Better caching via delegation of files to clients. Slide #29 Using NFSv3 Client 1. Start portmap 2. 3. 4. 5. Mount filesystems. Server 1. Start portmap 2. Start NFS services. 3. Configure exports. 4. Export filesystems. Slide #30 10

NFSv3 Services portmap RPC service for Linux portmap nfs NFS file server processes. rpc.mountd rpc.rquotad nfsd nfslock Optional file locking service. rpc.statd Slide #31 NFSv3 Processes rpc.mountd Handles client mount requests. rpc.nfsd NFS server processes. rpc.lockd Process for optional nfslock service. rpc.statd Handles server crashes for nfslock. rpc.rquotad Quotas for remote users. Slide #32 > rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 32774 nlockmgr 100021 1 tcp 34437 nlockmgr 100011 1 udp 819 rquotad 100011 2 udp 819 rquotad 100011 1 tcp 822 rquotad 100011 2 tcp 822 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100005 2 udp 836 mountd 100005 2 tcp 839 mountd 100005 3 udp 836 mountd 100005 3 tcp 839 mountd rpcinfo Slide #33 11

NFSv4 Processes nfsd NFSv4 server processes. Handles mounts. rpc.idmapd Maps NFSv4 names (user@domain) and local UIDs and GIDs. Uses /etc/idmapd.conf. rpc.svcgssd Server transport Kerberos auth. rpc.gssd Client transport Kerberos auth. Slide #34 NFSv3 Server Configuration 1. Configure /etc/exports List filesystems to be exported. Specify export options (ro, rw, etc.) Specify hosts/networks to export to. 2. Export filesystems. exportfs 3. Start NFS server (if not already started) service portmap start service nfs start Slide #35 /etc/exports Format: directory hosts(options) Options ro, rw Read-only, read-write. async Server replies before write. sync Save before reply (default) all_squash Map all users to anon UID/GID. root_squash Map root to anon UID (default) no_root_squash Don t map root (insecure.) anon{uid,gid} Set anonymous UID, GID. Examples: /home *.example.com(rw,sync) /backups 192.168.1.0/24(ro,all_squash) /ex/limited foo.example.com Slide #36 12

Client Configuration Manual mounting mount -t <nfs-type> -o <options> server:/remote/export /local/directory Mounting via /etc/fstab server:/remote/export /local/directory <nfs-type> <options> 0 0 NFS Type is either nfs or nfs4. Slide #37 Mount Options hard or soft Error handling hard: NFS requests will uninterruptible wait until server back. soft: NFS requests will timeout and report failure. intr NFS requests can be interrupted if server unreachable. nfsvers=2,3 NFS protocol version (not 4) noexec Prevents execution of binaries. nosuid Disables setuid for security. rsize,wsize=# NFS data block size (default 8192) sec=mode NFS security type. sys uses local UIDs and GIDs. krb5 uses Kerberos5 authentication. krb5i uses Kerberos5 authentication + integrity checking krb5p uses Kerberos5 auth + integrity checking + encryption. tcp, udp Specifies protocol to use for mount. Slide #38 Automounter Manages NFS mounts Automounter maps vs /etc/fstab. Mounts filesystems only when needed: Makes administering many filesystems easier. Improves startup speed. Provides uniform namespaces. Ex: mounts /home/home7 as /home on login. /etc/auto.master points to maps /home /etc/auto.home Maps describe mounts * -fstype=nfs4,soft,intr,nosuid server:/home Slide #39 13

Security Limit which hosts have access to filesystems. Specify hosts in /etc/exports. Use iptables to limit which hosts can use NFS. Limit mount options Default to ro unless writes are necessary. Disable suid and execution unless needed. Map root to nobody. Block NFS at network firewalls. Block all protocols, not just port 2049. Use NFSv4 with Kerberos auth + encryption. Slide #40 Performance Measuring performance nfsstat /proc/net/rpc/nfsd Optimizations Increase the block size. Problem: fragments? Set the async option on mounts. Faster network card. Faster disk array. NVRAM cache on array to save NFS writes. Slide #41 References 1. Michael D. Bauer, Linux Server Security, 2 nd edition, O Reilly, 2005. 2. Mike Eisler, Ricardo Labiaga, Hal Stern, Managing NFS and NIS, 2 nd edition, O Reilly, 2001. 3. Aeleen Frisch, Essential System Administration, 3 rd edition, O Reilly, 2002. 4. Evi Nemeth et al, UNIX System Administration Handbook, 3 rd edition, Prentice Hall, 2001. 5. NFS HOWTO, http://nfs.sourceforge.net/nfs-howto 6. RedHat, Red Hat Enterprise Linux 4 System Administration Guide, http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/sysadminguide/, 2005. 7. RedHat, Red Hat Enterprise Linux 4 Reference Guide, http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/refguide/ch-nfs.html, 2005. Slide #42 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback