summaryrefslogtreecommitdiff
path: root/misc/slackbook/html/network-configuration-nfs.html
diff options
context:
space:
mode:
Diffstat (limited to 'misc/slackbook/html/network-configuration-nfs.html')
-rw-r--r--misc/slackbook/html/network-configuration-nfs.html308
1 files changed, 0 insertions, 308 deletions
diff --git a/misc/slackbook/html/network-configuration-nfs.html b/misc/slackbook/html/network-configuration-nfs.html
deleted file mode 100644
index ca6138d8..00000000
--- a/misc/slackbook/html/network-configuration-nfs.html
+++ /dev/null
@@ -1,308 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="generator" content="HTML Tidy, see www.w3.org" />
-<title>Network File Systems</title>
-<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
-<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
-<link rel="UP" title="Network Configuration" href="network-configuration.html" />
-<link rel="PREVIOUS" title="Wireless" href="network-configuration-wireless.html" />
-<link rel="NEXT" title="X Configuration" href="x-window-system.html" />
-<link rel="STYLESHEET" type="text/css" href="docbook.css" />
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-</head>
-<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
-alink="#0000FF">
-<div class="NAVHEADER">
-<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<th colspan="3" align="center">Slackware Linux Essentials</th>
-</tr>
-
-<tr>
-<td width="10%" align="left" valign="bottom"><a
-href="network-configuration-wireless.html" accesskey="P">Prev</a></td>
-<td width="80%" align="center" valign="bottom">Chapter 5 Network Configuration</td>
-<td width="10%" align="right" valign="bottom"><a href="x-window-system.html"
-accesskey="N">Next</a></td>
-</tr>
-</table>
-
-<hr align="LEFT" width="100%" />
-</div>
-
-<div class="SECT1">
-<h1 class="SECT1"><a id="NETWORK-CONFIGURATION-NFS" name="NETWORK-CONFIGURATION-NFS">5.6
-Network File Systems</a></h1>
-
-<p>At this point, you should have a working TCP/IP connection to your network. You should
-be able to ping other computers on your internal network and, if you have configured an
-appropriate gateway, you should also be able to ping computers on the Internet itself. As
-we know, the whole point in bringing a computer onto a network is to access information.
-While some people might bring a computer up on a network just for the fun of it, most
-people wish to be able to share files and printers. They wish to be able to access
-documents on the Internet or play an online game. Having TCP/IP installed and functional
-on your new Slackware system is a means to that end, but with just TCP/IP installed,
-functionality will be very rudimentary. To share files, we will have to transfer them
-back and forth using either FTP or SCP. We cannot browse files on our new Slackware
-computer from the Network Neighborhood or My Network Places icons on Windows computers.
-We'd like to be able to access files on other Unix machines seamlessly.</p>
-
-<p>Ideally, we'd like to be able to use a <span class="emphasis"><i
-class="EMPHASIS">network file system</i></span> to allow us transparent access to our
-files on other computers. The programs that we use to interact with information stored on
-our computers really do not need to know on what computer a given file is stored; they
-just need to know that it exists and how to get to it. It is then the responsibility of
-the operating system to manage access to that file through the available file systems and
-network file systems. The two most commonly used network file systems are SMB (as
-implemented by Samba) and NFS.</p>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="NETWORK-CONFIGURATION-NSF-SMB"
-name="NETWORK-CONFIGURATION-NSF-SMB">5.6.1 SMB/Samba/CIFS</a></h2>
-
-<p>SMB (for Server Message Block) is a descendant of the older NetBIOS protocol that was
-initially used by IBM in their LAN Manager product. Microsoft has always been fairly
-interested in NetBIOS and it's successors (NetBEUI, SMB and CIFS). The Samba project has
-existed since 1991, when it was originally written to link an IBM PC running NetBIOS with
-a Unix server. These days, SMB is the preferred method for sharing file and print
-services over a network for virtually the entire civilized world because Windows supports
-it.</p>
-
-<p>Samba's configuration file is <tt class="FILENAME">/etc/samba/smb.conf</tt>; one of
-the most well commented and documented configuration files you will find anywhere. Sample
-shares have been setup for you to view and modify for your needs. If you need even
-tighter control the man page for smb.conf is indispensable. Since Samba is documented so
-well in the places I've mentioned above, we will not rewrite the documentation here. We
-will, however, quickly cover the basics.</p>
-
-<p><tt class="FILENAME">smb.conf</tt> is broken down into multiple sections: one section
-per share, and a global section for setting options that are to be used everywhere. Some
-options are only valid in the global section; some are only valid outside the global
-section. Remember that the global section can be over-ridden by any other section. Refer
-to the man pages for more information.</p>
-
-<p>You will most likely wish to edit your <tt class="FILENAME">smb.conf</tt> file to
-reflect the network settings in your LAN. I would suggest modifying the items listed
-below:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-[global]
-# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
-workgroup = MYGROUP
-</pre>
-</td>
-</tr>
-</table>
-
-<p>Change the workgroup name to reflect the workgroup or domain name that you are using
-locally.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-# server string is the equivalent of the NT Description field
-server string = Samba Server
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This will be the name of your Slackware computer displayed in the Network Neighborhood
-(or My Network Places) folder.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-# Security mode. Most people will want user level security. See
-# security_level.txt for details. NOTE: To get the behaviour of
-# Samba-1.9.18, you'll need to use "security = share".
-security = user
-</pre>
-</td>
-</tr>
-</table>
-
-<p>You'll almost certainly wish to implement user level security on your Slackware
-system.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-# You may wish to use password encryption. Please read
-# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
-# documentation.
-# Do not enable this option unless you have read those documents
-encrypt passwords = yes
-</pre>
-</td>
-</tr>
-</table>
-
-<p>If encrypt passwords is not enabled, you will not be able to use Samba with NT4.0,
-Win2k, WinXP, and Win2003. Earlier Windows operating systems did not require encryption
-to share files.</p>
-
-<p>SMB is an authenticated protocol, meaning you must supply a correct username and
-password in order to use this service. We tell the samba server what usernames and
-passwords are valid with the <tt class="COMMAND">smbpasswd</tt> command. <tt
-class="COMMAND">smbpasswd</tt> takes a couple of common switches to tell it to either add
-traditional users, or add machine users (SMB requires that you add the computers' NETBIOS
-names as machine users, restricting what computers one can authenticate from).</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-Adding a user to the <tt class="FILENAME">/etc/samba/private/smbpasswd</tt> file.
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">smbpasswd -a user</kbd>
-Adding a machine name to the /etc/samba/private/smbpasswd file.
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">smbpasswd -a -m machine</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>It's important to note that a given username or machine name must already exist in the
-<tt class="FILENAME">/etc/passwd</tt> file. You can accomplish this simply with the <tt
-class="COMMAND">adduser</tt> command. Note that when using the <tt
-class="COMMAND">adduser</tt> command to add a machine name one must append a dollar sign
-(&#8220;<var class="LITERAL">$</var>&#8221;) to the machine name. This should <span
-class="emphasis"><i class="EMPHASIS">not</i></span> however, be done with <tt
-class="COMMAND">smbpasswd</tt>. <tt class="COMMAND">smbpasswd</tt> appends the dollar
-sign on its own. Failing to mangle the machine name this way with <tt
-class="COMMAND">adduser</tt> will result in an error when adding the machine name to
-samba.</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">adduser machine$</kbd>
-</pre>
-</td>
-</tr>
-</table>
-</div>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="NETWORK-CONFIGURATION-NFS-NFS"
-name="NETWORK-CONFIGURATION-NFS-NFS">5.6.2 Network File System (NFS)</a></h2>
-
-<p>NFS (or Network File System) was originally written by Sun for their Solaris
-implementation of Unix. While it is significantly easier to get up and running when
-compared to SMB, it is also significantly less secure. The primary insecurity in NFS is
-that it is easy to spoof user and group id's from one machine to another. NFS is an
-unauthenticated protocol. Future versions of the NFS protocol are being devised that
-enhance security, but these are not common at the time of this writing.</p>
-
-<p>NFS configuration is governed by the <tt class="FILENAME">/etc/exports</tt> file. When
-you load the default <tt class="FILENAME">/etc/exports</tt> file into an editor, you'll
-see a blank file with a two line comment on top. We'll need to add a line to the exports
-file for each directory that we wish to export, with a listing of client workstations
-that will be allowed to access that file. For instance, if we wished to export directory
-<tt class="FILENAME">/home/foo</tt> to workstation Bar, we would simply add the line:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-/home/foo Bar(rw)
-</pre>
-</td>
-</tr>
-</table>
-
-<p>to our <tt class="FILENAME">/etc/exports</tt>. Below, you'll find the example from the
-man page for the <tt class="FILENAME">exports</tt> file:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-# sample /etc/exports file
-/ master(rw) trusty(rw,no_root_squash)
-/projects proj*.local.domain(rw)
-/usr *.local.domain(ro) @trusted(rw)
-/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
-/pub (ro,insecure,all_squash)
-</pre>
-</td>
-</tr>
-</table>
-
-<p>As you can see, there are various options available, but most should be fairly clear
-from this example.</p>
-
-<p>NFS works under the assumption that a given user on one machine in a network has the
-same user ID on all machines across the network. When an attempt is made to read or write
-from a NFS client to an NFS server, a UID is passed as part of the read/write request.
-This UID is treated the same as if the read/write request originated on the local
-machine. As you can see, if one could arbitrarily specify a given UID when accessing
-resources on a remote system, Bad Things (tm) could and would happen. As a partial hedge
-against this, each directory is mounted with the <var class="OPTION">root_squash</var>
-option. This maps the UID for any user claiming to be root to a different UID, thus
-preventing root access to the files or folders in the exported directory. <var
-class="OPTION">root_squash</var> seems to be enabled by default as a security measure,
-but the authors recommend specifying it anyway in your <tt
-class="FILENAME">/etc/exports</tt> file.</p>
-
-<p>You can also export a directory directly from the command line on the server by using
-the <tt class="COMMAND">exportfs</tt> command as follows:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd
-class="USERINPUT">exportfs -o rw,no_root_squash Bar:/home/foo</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This line exports the <tt class="FILENAME">/home/foo</tt> directory to the computer
-&#8220;<tt class="HOSTID">Bar</tt>&#8221; and grants <tt class="HOSTID">Bar</tt>
-read/write access. Additionally, the NFS server will not invoke <var
-class="OPTION">root_squash</var>, which means any user on Bar with a UID of
-&#8220;0&#8221; (root's UID) will have the same privileges as root on the server. The
-syntax does look strange (usually when a directory is specified in <var
-class="LITERAL">computer:/directory/file</var> syntax, you are referring to a file in a
-directory on a given computer).</p>
-
-<p>You'll find more information on the man page for the exports file.</p>
-</div>
-</div>
-
-<div class="NAVFOOTER">
-<hr align="LEFT" width="100%" />
-<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<td width="33%" align="left" valign="top"><a href="network-configuration-wireless.html"
-accesskey="P">Prev</a></td>
-<td width="34%" align="center" valign="top"><a href="index.html"
-accesskey="H">Home</a></td>
-<td width="33%" align="right" valign="top"><a href="x-window-system.html"
-accesskey="N">Next</a></td>
-</tr>
-
-<tr>
-<td width="33%" align="left" valign="top">Wireless</td>
-<td width="34%" align="center" valign="top"><a href="network-configuration.html"
-accesskey="U">Up</a></td>
-<td width="33%" align="right" valign="top">X Configuration</td>
-</tr>
-</table>
-</div>
-</body>
-</html>
-