20.4 Objective 4: Properly Manage the NFS, SMB, and NMB Daemons

Networked file and printer sharing is among the fundamental services offered by Linux and other operating systems. For years, the standard file sharing protocol for Unix has been the Network File System (NFS). Originally developed by Sun Microsystems, NFS has been implemented on many operating systems and is available in both commercial and free software implementations.

20.4.1 NFS

Any Linux system may act as both an NFS server and an NFS client. Clients use mount to attach remote filesystems from NFS servers to their local filesystem. Once mounted, the directory hierarchy mounted on the client appears to users as a local filesystem.

20.4.1.1 Exporting (sharing) local filesystems using NFS

To share a part of your system's filesystem, you must add a specification to /etc/exports. Each line in this file describes a shared filesystem resource. The format of the file is:

directory   system(options) system(options) ...

directory is a local filesystem directory, such as /home. Each of the space-separated systems describes clients by name or address, and the associated options control access. If the system name is omitted, no restriction is placed on which clients can connect. Typical options are:

ro

Export with read-only attribute.

rw

Export with read/write attribute, the default.

no_root_squash

Allow access by GID 0, root.

noaccess

Prohibit access below the named directory. This has the effect of pruning parts of other shared directories, perhaps for specific systems.

Example 20-3 shows three shared directories from an /etc/exports file.

Example 20-3. Sample /etc/exports File

/               orion(rw,no_root_squash)
/usr            *.mydomain.com(ro) orion(rw)
/pub            (ro,insecure,all_squash)
/pub/private    factory*.mydomain.com(noaccess)

In this example, the entire filesystem (/) is shared with the system orion in read/write mode, and root access is accepted. The /usr directory is shared as read-only (ro) to all systems in mydomain.com and read/write (rw) to orion. The /pub directory is shared as read-only (ro) to any system, but factory*.mydomain.com systems cannot look into /pub/private because the noaccess option is used.

In order for new or revised entries to be incorporated in the NFS configuration, NFS daemons must be reconfigured or restarted (see Section 20.4.1.3 later).

On the Exam Detailed configuration of NFS exports is beyond the scope LPIC Level 1 exams, but you must understand the contents of /etc/exports and how to incorporate them into a running system.

20.4.1.2 Mounting remote NFS filesystems

Mounting an NFS volume requires the use of a local mount point, a directory in the filesystem over which the remote directory hierarchy will be placed. Once the directory exists, mount is used to create the NFS connection from the local client to the remote server. The syntax is similar to that used for local filesystems, with the addition of the NFS server name or address. For example, if server1 is offering its /home directory via NFS, it could be mounted locally as follows:

# mkdir /mnt/server1
# mount -t nfs server1:/home /mnt/server1

In this example, the mount command uses the -t option to specify mount type nfs. The second argument specifies the data source by concatenating the name of the NFS server (server1) with its exported directory (/home). The final argument is the directory name that will serve as the local mount point (/mnt/server1). After successfully mounting, /mnt/server1 appears to be a local filesystem.

This configuration could be incorporated into /etc/fstab for automated mounting at boot time with a line like this:

server1:/home   /mnt/server1   nfs  defaults  0  0

In this example, defaults indicates that the filesystem should be mounted using the default options (see the manpage for mount for defaults). The two zeros indicate that the filesystem should not be backed up using dump and that it should not have a filesystem check at boot time.

20.4.1.3 Starting and stopping NFS

NFS consists of multiple daemons, which are typically managed through the runlevel system and the series of scripts and links in /etc/rc.d. See Chapter 5, Objective 2," for details on starting and stopping services such as the NFS family.

20.4.2 Samba and the SMB and NMB Daemons

Another extremely popular sharing mechanism is that used on Microsoft and IBM systems, called Server Message Block (SMB). It is implemented as free software as a suite of programs collectively known as Samba, which runs on a variety of operating systems including Linux. Samba consists of two daemons:

smbd

This daemon handles file and printer sharing, as well as authentication.

nmbd

This daemon implements the Windows Internet Name Service (WINS), which maps Windows system names to IP addresses.

On the Exam It is the goal of the Samba team to eventually implement all of the services found on Windows servers, including Windows NT/2000 Domain Controller functionality. The LPI exam deliberately avoids specifics in this area, leaving only basic Samba configuration for the test.

20.4.2.1 Getting started

Your Linux distribution probably came with a recent version of Samba. If you already have Samba installed, setting up a basic configuration is easy. To check whether Samba is already installed on your system, issue the following command on the command line:

# smbd -h

If Samba is installed on your system, you should see a message similar to:

Usage: smbd [-D] [-p port] [-d debuglevel] [-l log basename]
  [-s services file]
Version 2.0.3
    -D                become a daemon
    -p port           listen on the specified port
    -d debuglevel     set the debuglevel
    -l log basename.  Basename for log/debug files
    -s services file. Filename of services file
    -P                passive only
    -a                append to log file (default)
    -o                overwrite log file, don't append
    -i scope          NetBIOS scope to use (default none)

If not, you can get source or binary distributions for Samba from http://www.samba.org/.

To begin using Samba, you must create its configuration file, smb.conf. Depending on how you acquired Samba, the default location for this file may be /etc or /usr/local/samba. A basic smb.conf set up is shown in Example 20-4.

Example 20-4. Sample /etc/smb.conf File

[global]
workgroup = HOME
server string = LINUX
encrypt passwords = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY
printcap name = /etc/printcap
dns proxy = No
socket address = 192.168.1.30
wins support = no
wins server = 192.168.1.202
hosts allow = 192.168.1. 127.

[myshare]
path = /home/myshare
guest ok = yes
comment = My Shared Data
writeable = yes

[homes]
   comment = Home Directories
   browseable = no
   writable = yes

[printers]
   comment = All Printers
   printing = BSD
   print command = /usr/bin/lpr -r  %s
   path = /var/spool/samba
   guest ok = yes
   printable = yes

This example configuration allows Samba to participate in an SMB workgroup called HOME with a system name of LINUX. Hosts on the private network 192.168.1 as well as the loopback network (127.) are allowed to access shared resources. The default sections of Samba's /etc/smb.conf file are as follows:

[global]

The global section defines items applying to the entire system, such as the workgroup and system names.

[homes]

A section that defines users' home directories to be shared.

[printers]

This section shares all of the printers located in /etc/printcap (provided that a BSD-style printer setup is in use).

Samba also has the following custom share section:

[myshare]

This defines a shared directory myshare. The name myshare will appear as shared resources to clients. Users' home directories do not need to be explicitly shared if [homes] is used.

To use Samba, only the workgroup, server string, and a shared service such as [myshare] need to be configured.

See Samba's manpage for more detailed information on the smb.conf file.

20.4.2.2 WINS and browsing

Windows networks allow users to view available shared resources through browsing, a process by which one machine acts as a browser and is updated with information from other machines on the network.^[3] Client machines can then obtain lists of resources on the entire network from that single browser machine. Samba's nmbd daemon implements WINS. To use Samba as a WINS client, you can specify the address of the WINS server on your network using the wins server directive, as shown in Example 20-2. Samba can also act as a WINS server itself, although this is beyond the scope of the LPIC Level 1 exams.

^[3] This browser has nothing to do with a web browser such as Netscape Navigator. Instead, it is a service of the operating system, or in the case of Samba, nmbd.

20.4.2.3 Using SWAT

Samba v2.0 and later comes with a web-based configuration tool called the Samba Web Administration Tool, or SWAT. To use swat with inetd, use a line similar to this in /etc/inetd.conf:

swat   stream  tcp  nowait.400    root /usr/sbin/swat swat

On the Exam You should be generally familiar with the smb.conf file and with the concepts of shared directories, shared printers, WINS, and SWAT. You don't need to worry about creating custom Samba configurations for Exam 102.

You can also run the swat daemon manually. In either case, you must list its port, 901, in /etc/services. Once swat is configured, you can point your browser to http://localhost:901 and log in using the root password; swat offers a convenient series of forms that you can fill in using the browser to configure Samba. When you commit changes, the smb.conf file is updated for your system.