Open System Services NFS Overview HP Part Number: 424864-004 Published: February 2013 Edition: J06.03 and subsequent J-series RVUs, H06.03 and subsequent H-series RVUs, G06.00 and subsequent G-series RVUs, D48.
© Copyright 2010, 2011, 2012, 2013 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Warranty The information contained herein is subject to change without notice.
Contents About This Document.....................................................................................4 Supported Release Version Updates (RVUs)..................................................................................4 Intended Audience....................................................................................................................4 New and Changed Information in the 424864-004 Edition............................................................
About This Document This manual discusses remote file access using the NonStop Open System Services (OSS) Network File System (NFS). The manual includes only information specific to the server side of NFS operations. Instructions for making requests at the client system are not included. Audiences for this manual include NFS client system users and those who want to evaluate the compatibility of OSS NFS with other NFS implementations. Supported Release Version Updates (RVUs) This manual supports J06.
Document Organization “Introduction to NFS for Open System Services” (page 9) Provides a general description of OSS NFS and OSS file storage on a NonStop system. It also shows by example how files are mounted on UNIX systems and on NonStop systems through OSS NFS. “Security Mechanisms” (page 15) Describes the security mechanisms used by OSS NFS. “Troubleshooting for Client Users” (page 19) Provides information about troubleshooting NFS client problems.
TERM [\system-name.]$terminal-name INT[ERRUPTS] A group of items enclosed in brackets is a list from which you can choose one item or none. The items in the list can be arranged either vertically, with aligned brackets on each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces A group of items enclosed in braces is a list from which you are required to choose one item.
Line Spacing If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example: ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]… Related Information You should consider the manuals provided with your NFS client software and your operating system as the basic source of instructions.
RFC # Description 1034 Domain Concepts and Facilities 1035 Domain Names Implementation and Specification RFCs can be obtained from DS.INTERNIC.NET by using File Transfer Protocol (FTP), Wide Area Information Servers (WAIS), or electronic mail. Through FTP, RFCs are stored as rfc/rfcnnnn.txt or rfc/rfcnnnn.ps, where nnnn is the RFC number. Log in as anonymous and provide your e-mail address as the password. Through WAIS, you can use either your local WAIS client or TELNET to get to DS.INTERNIC.
1 Introduction to NFS for Open System Services The Network File System (NFS) for Open System Services (OSS) is a network file server compatible with the Network File System, version 2, protocol of Sun Microsystems, Inc. OSS NFS allows you to create and access files stored on NonStop systems by issuing commands at your PC or workstation.
Pathnames To specify a file in the current OSS, DOS, or UNIX directory, you provide the name of a file. To specify a file in some other directory, you specify a pathname either from the current directory or from a parent or root directory. You first mount the portion of the OSS NFS file hierarchy you want to use by specifying one of the mount points (directory pathnames) provided by the system manager.
Figure 1 Example of UNIX Locally Mounted Hierarchy First you create and mount the root directory. After you create the /etc and /usr directories, you can mount the subtrees for these directories. Finally, you create the /usr/lib directory and mount its subtree of files. In addition to performing local mounts, you can perform remote mounts of directories locally mounted on some other system on the network.
Figure 2 Example of Remote Mount The files and directories in the /usr/lib/src directory are now accessible on UNIX sysone (through NFS) in the /usr/src directory. NOTE: The OSS NFS directories and files you can access remotely from your NFS client are managed by servers created by a system manager.
Figure 3 OSS NFS Example The system manager uses the following SCF commands to create the servers and perform the local mounts: ADD SERVER ROOT, MNTPOINT "/", ... ADD SERVER SD1, MNTPOINT "/usr", ... ADD SERVER SD2, MNTPOINT "/usr/lib", ... START SERVER SD0 START SERVER SD1 START SERVER SD2 The ADD SERVER command creates the servers. The START SERVER command is comparable to a UNIX mount command; it performs the local mount of the subtree managed by the server.
on a UNIX host, the user need only log on to that host. UNIX and NFS take care of authentication and coordinate requests on behalf of the user. On PCs there is no concept of a logon. The PC must supply user authentication information to the NFS server. The user authentication information is validated and obtained through the (PC)NFS Daemon (PCNFSD) server. Printing Using PCNFSD PCNFSD also provides printing services.
2 Security Mechanisms OSS NFS provides several levels of security to protect its file systems: At the highest level, the system manager can control which client hosts (systems running NFS client software) can access subtrees of the OSS NFS file hierarchy. The system manager can specify the pathname of a directory with a list of client hosts whose users are allowed to mount the directory on their local system. This level of security is called export control.
user ID and group ID. The mapped user ID is used to enforce security while client systems access files stored in your OSS NFS server. NOTE: OSS NFS has no mechanism for associating a specific system with a user ID (or group ID). If a user on one system has the same user ID as a user on another system, both users are granted the same access privileges when requesting services from an OSS NFS server. That is, the USER object corresponding to the user ID applies to both users.
NOTE: It is not possible, from an NFS client, to set either the SUID or SGID attributes through OSS NFS. These attributes can be set only by using an OSS process. The following security considerations are important because the NFS protocol does not include open operations on files: • The owner of a file can always access the file, regardless of the permission settings. • NFS execute access implicitly grants NFS read access.
3. 4. 5. If NULL-ALIAS-OK is TRUE, the NFS nobody client user ID (-2) is looked for in the list of OSS NFS users as in Step 1. If the nobody user is not found, the request is rejected with an access violation (NFSERR_ACCESS). Either the NFS client user ID is present in the list of OSS NFS users or the nobody client user ID is present.
A Troubleshooting for Client Users Before You Begin Before you issue requests for OSS NFS services: 1. Ask your system manager to register your user ID and group ID on the OSS NFS subsystem. 2. If you want to access files in an existing OSS NFS file system, ask the system manager for the pathnames of the directories you are allowed to mount on your local system. Troubleshooting Client Problems Table 2 contains information about recovering from errors NFS client users might encounter.
Table 2 Troubleshooting for Client Users (continued) Client Indicates Probable Causes and Possible Corrections 7. You attempted to access a file on a NonStop server that is in a restricted-access fileset, and you do not have the appropriate privilege to access that file. 8. You attempted to write to an object that has one or more file privileges. Invalid Password 1. The user name or password specified by the client system is not valid.
B NFS Protocol Description This appendix describes the NFS layered architecture and network services. There are many similarities between the NFS services and the services offered by conventional file systems that you are familiar with. The Network File System has, in fact, become an unofficial industry-standard remote file system, because it offers all essential file-system features without relying on any specific implementation platform.
procedure’s results. Once the reply message is received, the results of the procedure are extracted, and the caller process resumes execution. Figure 5 (page 22) shows the flow of control in the RPC model. Figure 5 RPC Control Flow On the server side, the server process is dormant awaiting the arrival of a call message. When one arrives, the server process extracts the procedure’s parameters, computes the results, sends a reply message, and then awaits the next call message.
External Data Representation (XDR) The external data representation (XDR), defined by RFC 1014, is a standard for the description and encoding of data. It provides a common way to represent a set of data types over a network. The NFS Protocol Specification is written using the XDR data description language. The representation of all XDR data types requires a multiple of four bytes (or 32 bits) of data. The bytes are numbered 0 through n-1.
Variable-Length array Variable-length arrays of homogeneous elements are encoded as the element count n (an unsigned integer), followed by the encoding of each of the array’s elements, starting with element 0 and progressing through element n-1. Structure The components of a structure are encoded in the order of their declaration in the structure. Void An XDR void is a 0-byte quantity. Voids are useful for describing operations that take no data as input or output.
Basic Data Types The following XDR definitions are basic structures and types used in other structures by the “Server Procedures” (page 26). stat The stat() type is returned with every procedure’s results. A value of NFS_OK indicates that the procedure call finished successfully and the results are valid. The other values indicate some kind of error occurred on the server side during the execution of the procedure. The following error values are derived from UNIX error numbers: 1 = NFSERR_PERM Not owner.
Server Procedures The NFS protocol definition is given as a set of procedures with arguments and results defined using the RPC language. All of the procedures in the NFS protocol are assumed to be synchronous. When a procedure returns to the client, the client can assume that the operation has finished and that any data associated with the request is now in stable storage.
Mount Protocol The mount protocol is separate from, but related to, the NFS protocol. It provides operating-system-specific services to get the Network File System started: looking up server pathnames, validating user identity, and checking access permissions. Clients use the mount protocol to get the first file handle, which allows them access to a remote fileset.
Index Symbols M (PC)NFS Daemon See PCNFSD, 27 mkdir command, 11 mkdir command, UNIX, 10 mount command, UNIX, 10 Mount commands SCF, 13 UNIX, 10 Mount protocol, 27 Mounting directories, 10 A access control lists (ACLs) access from NFS V2 clients, 15 Version 3 catalog filesets, 17 Access, file, 16 ADD command, SCF, 13 C Classes, user, 16 Client, NFS, 9 Configuring servers, 12 D dir command, DOS, 10 Directories creating, 11 mounting, 10 names, 10 structure, 12 Disk files OSS, 9 Disk Operating System (DOS
Remote mounts, 11, 13 Remote Procedure Call (RPC), 21 Restricted-access filesets, 15 RPC, 21 S SCF see Subsystem Control Facility (SCF) Security, 15 mapping between OSS and NFS, 17 NFS files, 16 OSS files, 17 SEEPPROTECTED attribute security considerations, 17 Servers adding and starting, 13 configuring, 12 NFS, 9 START command, SCF, 13 Subsystem Control Facility (SCF) ADD command, 13 START command, 13 to configure servers, 12 T TCP/IP, 9 Transmission Control Protocol/Internet Protocol (TCP/IP), 9 Trouble
