| Skip Navigation Links | |
| Exit Print View | |
|
Managing Network File Systems in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Managing Network File Systems in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
1. Managing Network File Systems (Overview)
2. Network File System Administration (Tasks)
How to Set Up Automatic File-System Sharing
How to Enable NFS Server Logging
How to Mount a File System at Boot Time
How to Mount a File System From the Command Line
How to Mount All File Systems from a Server
How to Use Client-Side Failover
How to Disable Mount Access for One Client
How to Mount an NFS File System Through a Firewall
How to Mount an NFS File System Using an NFS URL
Setting up a DNS Record for a FedFS Server
How to Display Information About File Systems Available for Mounting
How to Select Different Versions of NFS on a Server
How to Select Different Versions of NFS on a Client
How to Use the mount Command to Select Different Versions of NFS on a Client
Administering the Secure NFS System
How to Set Up a Secure NFS Environment With DH Authentication
How to Browse Using an NFS URL
How to Enable WebNFS Access Through a Firewall
Task Overview for Autofs Administration
Task Map for Autofs Administration
Using SMF Parameters to Configure Your Autofs Environment
How to Configure Your Autofs Environment Using SMF Parameters
Administrative Tasks Involving Maps
Avoiding Mount-Point Conflicts
Accessing Non-NFS File Systems
How to Access CD-ROM Applications With Autofs
How to Access PC-DOS Data Diskettes With Autofs
Setting Up a Common View of /home
How to Set Up /home With Multiple Home Directory File Systems
How to Consolidate Project-Related Files Under /ws
How to Set Up Different Architectures to Access a Shared Namespace
How to Support Incompatible Client Operating System Versions
How to Replicate Shared Files Across Several Servers
How to Apply Autofs Security Restrictions
How to Use a Public File Handle With Autofs
How to Use NFS URLs With Autofs
How to Completely Disable Autofs Browsability on a Single NFS Client
How to Disable Autofs Browsability for All Clients
How to Disable Autofs Browsability on a Selected File System
How to Create and Access an NFS Referral
How to Create an Namespace Database (NSDB)
How to Use a Secured Connection to the NSDB
How to Create a FedFS Referral
Strategies for NFS Troubleshooting
NFS Troubleshooting Procedures
How to Check Connectivity on an NFS Client
How to Check the NFS Server Remotely
How to Verify the NFS Service on the Server
Identifying Which Host Is Providing NFS File Service
How to Verify Options Used With the mount Command
Error Messages Generated by automount -v
This section describes some of the most common tasks you might encounter in your own environment. Recommended procedures are included for each scenario to help you configure autofs to best meet your clients' needs.
Note - You can also use parameters in the SMF repository to configure your autofs environment. For task information, refer to Using SMF Parameters to Configure Your Autofs Environment.
The following table provides a description and a pointer to many of the tasks that are related to autofs.
Table 2-5 Task Map for Autofs Administration
|
You can use SMF parameters to configure your autofs environment. Specifically, this facility provides an additional way to configure your autofs commands and autofs daemons. The same specifications you would make on the command line can be made with the sharectl command. You can make your specifications by providing values to keywords.
The following procedure shows you how to use the sharectl command to manage autofs parameters.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
For example, if you want to turn off browsing for all autofs mount points, use the following command:
# sharectl set -p nobrowse=on autofs
The nobrowse keyword is equivalent to the -n option to automountd.
Type the following command:
# svcadm restart system/filesystem/autofs
The following tables describe several of the factors you need to be aware of when administering autofs maps. Your choice of map and name service affect the mechanism that you need to use to make changes to the autofs maps.
The following table describes the types of maps and their uses.
Table 2-6 Types of autofs Maps and Their Uses
|
The following table describes how to make changes to your autofs environment that are based on your name service.
Table 2-7 Map Maintenance
|
The next table tells you when to run the automount command, depending on the modification you have made to the type of map. For example, if you have made an addition or a deletion to a direct map, you need to run the automount command on the local system. By running the command, you make the change effective. However, if you have modified an existing entry, you do not need to run the automount command for the change to become effective.
Table 2-8 When to Run the automount Command
|
The following procedures show you how to update several types of automounter maps.
The specific steps needed to change the map depends on the name service that you are using.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
Notification is required so that the users can also run the automount command as superuser on their own computers. Note that the automount command gathers information from the master map whenever it is run.
The specific steps needed to change the map depends on the name service that you are using.
The specific steps needed to change the map depends on the name service that you are using.
Notification is required so that the users can run the automount command as superuser on their own computers, if necessary.
Note - If you only modify or change the contents of an existing direct map entry, you do not need to run the automount command.
For example, suppose you modify the auto_direct map so that the /usr/src directory is now mounted from a different server. If /usr/src is not mounted at this time, the new entry becomes effective immediately when you try to access /usr/src. If /usr/src is mounted now, you can wait until the auto-unmounting occurs, then access the file.
Note - Use indirect maps whenever possible. Indirect maps are easier to construct and less demanding on the computers' file systems. Also, indirect maps do not occupy as much space in the mount table as direct maps.
If you have a local disk partition that is mounted on /src and you plan to use the autofs service to mount other source directories, you might encounter a problem. If you specify the mount point /src, the NFS service hides the local partition whenever you try to reach it.
You need to mount the partition in some other location, for example, on /export/src. You then need an entry in /etc/vfstab such as the following:
/dev/dsk/d0t3d0s5 /dev/rdsk/c0t3d0s5 /export/src ufs 3 yes -
You also need this entry in auto_src:
terra terra:/export/src
terra is the name of the computer.
Autofs can also mount files other than NFS files. Autofs mounts files on removable media, such as diskettes or CD-ROM.
Instead of mounting a file system from a server, you put the media in the drive and reference the file system from the map. If you plan to access non-NFS file systems and you are using autofs, see the following procedures.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
Add an entry for the CD-ROM file system, which should resemble the following:
hsfs -fstype=hsfs,ro :/dev/sr0
The CD-ROM device that you intend to mount must appear as a name that follows the colon.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
Add an entry for the diskette file system such as the following:
pcfs -fstype=pcfs :/dev/diskette
You can set up the automounter maps in several ways. The following tasks give details about how to customize the automounter maps to provide an easy-to-use directory structure.
The ideal is for all network users to be able to locate their own or anyone's home directory under /home. This view should be common across all computers, whether client or server.
Every Oracle Solaris installation comes with a master map: /etc/auto_master.
# Master map for autofs # +auto_master /net -hosts -nosuid,nobrowse /home auto_home -nobrowse /nfs4 -fedfs -ro,nosuid,nobrowse
A map for auto_home is also installed under /etc.
# Home directory map for autofs # rusty dragon:/export/home/& +auto_home
When a new local user is created, an entry is automatically added to /etc/auto_home. This way, on the server named dragon, the home directory for rusty can be accessed through /export/home/rusty as well as /home/rusty.
Note - Users should not be permitted to run setuid executables from their home directories. Without this restriction, any user could have superuser privileges on any computer.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
If the system has several partitions, install the partitions under separate directories, for example, /export/home1 and /export/home2.
Whenever you create a new user account, type the location of the user's home directory in the auto_home map. Map entries can be simple, for example:
rusty dragon:/export/home1/& gwenda dragon:/export/home1/& charles sundog:/export/home2/& rich dragon:/export/home3/&
Notice the use of the & (ampersand) to substitute the map key. The ampersand is an abbreviation for the second occurrence of rusty in the following example.
rusty dragon:/export/home1/rusty
With the auto_home map in place, users can refer to any home directory (including their own) with the path /home/user. user is their login name and the key in the map. This common view of all home directories is valuable when logging in to another user's computer. Autofs mounts your home directory for you. Similarly, if you run a remote windowing system client on another computer, the client program has the same view of the /home directory.
This common view also extends to the server. Using the previous example, if rusty logs in to the server dragon, autofs there provides direct access to the local disk by loopback-mounting /export/home1/rusty onto /home/rusty.
Users do not need to be aware of the real location of their home directories. If rusty needs more disk space and needs to have his home directory relocated to another server, a simple change is sufficient. You need only change rusty's entry in the auto_home map to reflect the new location. Other users can continue to use the /home/rusty path.
Assume that you are the administrator of a large software development project. You plan to make all project-related files available under a directory that is called /ws. This directory is to be common across all workstations at the site.
/ws auto_ws -nosuid
The auto_ws map determines the contents of the /ws directory.
This option prevents users from running setuid programs that might exist in any workspaces.
The auto_ws map is organized so that each entry describes a subproject. Your first attempt yields a map that resembles the following:
compiler alpha:/export/ws/& windows alpha:/export/ws/& files bravo:/export/ws/& drivers alpha:/export/ws/& man bravo:/export/ws/& tools delta:/export/ws/&
The ampersand (&) at the end of each entry is an abbreviation for the entry key. For instance, the first entry is equivalent to the following:
compiler alpha:/export/ws/compiler
This first attempt provides a map that appears simple, but the map is inadequate. The project organizer decides that the documentation in the man entry should be provided as a subdirectory under each subproject. Also, each subproject requires subdirectories to describe several versions of the software. You must assign each of these subdirectories to an entire disk partition on the server.
Modify the entries in the map as follows:
compiler \
/vers1.0 alpha:/export/ws/&/vers1.0 \
/vers2.0 bravo:/export/ws/&/vers2.0 \
/man bravo:/export/ws/&/man
windows \
/vers1.0 alpha:/export/ws/&/vers1.0 \
/man bravo:/export/ws/&/man
files \
/vers1.0 alpha:/export/ws/&/vers1.0 \
/vers2.0 bravo:/export/ws/&/vers2.0 \
/vers3.0 bravo:/export/ws/&/vers3.0 \
/man bravo:/export/ws/&/man
drivers \
/vers1.0 alpha:/export/ws/&/vers1.0 \
/man bravo:/export/ws/&/man
tools \
/ delta:/export/ws/&Although the map now appears to be much larger, the map still contains only the five entries. Each entry is larger because each entry contains multiple mounts. For instance, a reference to /ws/compiler requires three mounts for the vers1.0, vers2.0, and man directories. The backslash at the end of each line informs autofs that the entry is continued onto the next line. Effectively, the entry is one long line, though line breaks and some indenting have been used to make the entry more readable. The tools directory contains software development tools for all subprojects, so this directory is not subject to the same subdirectory structure. The tools directory continues to be a single mount.
This arrangement provides the administrator with much flexibility. Software projects typically consume substantial amounts of disk space. Through the life of the project, you might be required to relocate and expand various disk partitions. If these changes are reflected in the auto_ws map, the users do not need to be notified, as the directory hierarchy under /ws is not changed.
Because the servers alpha and bravo view the same autofs map, any users who log in to these computers can find the /ws namespace as expected. These users are provided with direct access to local files through loopback mounts instead of NFS mounts.
You need to assemble a shared namespace for local executables, and applications, such as spreadsheet applications and word-processing packages. The clients of this namespace use several different workstation architectures that require different executable formats. Also, some workstations are running different releases of the operating system.
See the Oracle Solaris Administration: Naming and Directory Services.
This name makes the files and directories that belong to this space easily identifiable. For example, if you choose /usr/local as the name, the path /usr/local/bin is obviously a part of this namespace.
Mount this map at /usr/local. Set up the following entry in the NIS auto_master map:
/usr/local auto_local -ro
Notice that the -ro mount option implies that clients cannot write to any files or directories.
Your directory structure resembles the following:
bin aa:/export/local/bin
bin aa:/export/local/bin/$CPU
For SPARC clients – Place executables in /export/local/bin/sparc.
For x86 clients – Place executables in /export/local/bin/i386.
You can combine the autofs OSREL variable with the CPU variable to form a name that determines both CPU type and OS release.
bin aa:/export/local/bin/$CPU$OSREL
For clients that are running version 5.6 of the operating system, export the following file systems:
For SPARC clients – Export /export/local/bin/sparc5.6.
For x86 clients – Place executables in /export/local/bin/i3865.6.
The best way to share replicated file systems that are read-only is to use failover. See Client-Side Failover for a discussion of failover.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
Create the list of all replica servers as a comma-separated list, such as the following:
bin aa,bb,cc,dd:/export/local/bin/$CPU
Autofs chooses the nearest server. If a server has several network interfaces, list each interface. Autofs chooses the nearest interface to the client, avoiding unnecessary routing of NFS traffic.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
/home auto_home -nosuid
The nosuid option prevents users from creating files with the setuid or setgid bit set.
This entry overrides the entry for /home in a generic local /etc/auto_master file. See the previous example. The override happens because the +auto_master reference to the external name service map occurs before the /home entry in the file. If the entries in the auto_home map include mount options, the nosuid option is overwritten. Therefore, either no options should be used in the auto_home map or the nosuid option must be included with each entry.
Note - Do not mount the home directory disk partitions on or under /home on the server.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
/usr/local -ro,public bee:/export/share/local
The public option forces the public handle to be used. If the NFS server does not support a public file handle, the mount fails.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
/usr/local -ro nfs://bee/export/share/local
The service tries to use the public file handle on the NFS server. However, if the server does not support a public file handle, the MOUNT protocol is used.
The default version of /etc/auto_master that is installed has the -nobrowse option added to the entries for /home and /net. In addition, the upgrade procedure adds the -nobrowse option to the /home and /net entries in /etc/auto_master if these entries have not been modified. However, you might have to make these changes manually or to turn off browsability for site-specific autofs mount points after the installation.
You can turn off the browsability feature in several ways. Disable the feature by using a command-line option to the automountd daemon, which completely disables autofs browsability for the client. Or disable browsability for each map entry on all clients by using the autofs maps. You can also disable the feature for each map entry on each client, using local autofs maps if no network-wide namespace is being used.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# sharectl set -p nobrowse=TRUE autofs
# svcadm restart system/filesystem/autofs
To disable browsability for all clients, you must employ a name service such as NIS. Otherwise, you need to manually edit the automounter maps on each client. In this example, the browsability of the /home directory is disabled. You must follow this procedure for each indirect autofs node that needs to be disabled.
/home auto_home -nobrowse
The new behavior becomes effective after you run the automount command on the client systems or after a reboot.
# /usr/sbin/automount
In this example, browsability of the /net directory is disabled. You can use the same procedure for /home or any other autofs mount points.
The config/automount property in the name-service/switch service shows the search order for the automount information.
# svcprop -p config svc:/system/name-service/switch config/value_authorization astring solaris.smf.value.name-service.switch config/printer astring user\ files config/default astring files\ nis config/automount astring files\ nis
The last entry shows that local automount files are searched first and then the NIS service is checked. The config/default entry specifies the search order for all naming information not specifically listed.
For additions to the local files to have precedence over the entries in the namespace, the +auto_master entry must be moved to follow /net:
# Master map for automounter # /net -hosts -nosuid /home auto_home /nfs4 -fedfs -ro,nosuid,nobrowse +auto_master
A standard configuration places the +auto_master entry at the top of the file. This placement prevents any local changes from being used.
/net -hosts -nosuid,nobrowse
The new behavior becomes effective after running the automount command on the client systems or after a reboot.
# /usr/sbin/automount
|