MySQL, Java, JSP, Servlet, Tomcat and Jboss Web Hosting Blog

724 Part V . Running Servers Manually Mounting an NFS File System If you know that the directory from a computer on your network has been exported (that is, made available for mounting), you can mount that directory manually using the mount command. This is a good way to make sure that it is available and working before you set it up to mount permanently. Here is an example of mounting the /tmp directory from a computer named maple on your local computer: # mkdir /mnt/maple # mount maple:/tmp /mnt/maple The first command (mkdir) creates the mount point directory (/mnt is a common place to put temporarily mounted disks and NFS file systems). The mount command identifies the remote computer and shared file system separated by a colon (maple:/tmp), and the local mount point directory (/mnt/maple) follows. If the mount fails, make sure the NFS service is running on the server and that the server s firewall rules don t deny access to the service. From the server, type ps ax | nfsd to see a list of nfsd server processes. If you don t see the list, try to start your NFS daemons as described in the previous section. To view your firewall rules, type iptables -L (see Chapter 17 for a description of firewalls). By default, the nfsd daemon listens for NFS requests on port number 2049. Your firewall must accept udp requests on ports 2049 (nfs) and 111 (rpc). To ensure that the mount occurred, type mount. This command lists all mounted disks and NFS file systems. Here is an example of the mount command and its output (with file systems not pertinent to this discussion edited out): # mount /dev/hda3 on / type ext3 (rw) … … … maple:/tmp on /mnt/maple type nfs (rw,addr=10.0.0.11) The output from the mount command shows the mounted disk partitions, special file systems, and NFS file systems. The first output line shows the hard disk (/dev/ hda3), mounted on the root file system (/), with read/write permission (rw), with a file system type of ext3 (the standard Linux file system type). The just-mounted NFS file system is the /tmp directory from maple (maple:/tmp). It is mounted on /mnt/ maple and its mount type is nfs. The file system was mounted read/write (rw), and the IP address of maple is 10.0.0.11 (addr=10.0.0.11). This is a simple example of using mount with NFS. The mount is temporary and is not remounted when you reboot your computer. You can also add options for NFS mounts: Note
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

Chapter 27 . Running a File Servers 723 Starting the nfs Daemons If NFS has been disabled on your system (or is not active by default), you need to start the service. Different Linux distributions have different ways of turning on the NFS service, as you saw in the Getting NFS section earlier in the chapter. This section explores how the service is turned on in Fedora Core and other Red Hat Linux systems. In Fedora, you can use the chkconfig command to turn on the NFS service so that your files are exported and the nfsd daemons are running when your system boots. There are two startup scripts you want to turn on for the service to work properly. The NFS service exports file systems (from /etc/exports) and starts the nfsd daemon that listens for service requests. The nfslock service starts the lockd daemon, which helps allow file locking to prevent multiple simultaneous use of critical files over the network. To turn on the NFS service, type the following as root user: # chkconfig nfs on # chkconfig nfslock on The next time you start your computer, the NFS service will start automatically, and your exported directories will be available. If you want to start the service immediately, without waiting for a reboot, type the following: # /etc/init.d/nfs start # /etc/init.d/nfslock start The NFS service should now be running and ready to share directories with other computers on your network. Using NFS File Systems After a server exports a directory over the network using NFS, a client computer connects that directory to its own file system using the mount command. That s the same command used to mount file systems from local hard disks, CDs, and floppies, but with slightly different options. mount can automatically mount NFS directories added to the /etc/fstab file, just as it does with local disks. NFS directories can also be added to the /etc/fstab file in such a way that they are not automatically mounted (so you can mount them manually when you choose). With a noauto option, an NFS directory listed in /etc/ fstab is inactive until the mount command is used, after the system is up and running, to mount the file system.
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

722 Part V . Running Servers . User mapping If a user has login accounts for a set of computers (and has the same ID), NFS, by default, maps that ID. This means that if the user named mike (UID 110) on maple has an account on pine (mike, UID 110), he can use his own remotely mounted files on either computer from either computer. If a client user who is not set up on the server creates a file on the mounted NFS directory, the file is assigned to the remote client s UID and GID. (An ls -l on the server shows the UID of the owner.) Use the map_static option to identify a file that contains user mappings. The exports man page describes the map_static option, which enables you to create a file that contains new ID mappings so that you can remap client IDs into different IDs on the server. Exporting the Shared File Systems After you have added entries to your /etc/exports file, run the exportfs command to have those directories exported (made available to other computers on the network). Reboot your computer or restart the NFS service, and the exportfs command runs automatically to export your directories. If you want to export them immediately, run exportfs from the command line (as root). It s a good idea to run the exportfs command after you change the exports file. If any errors are in the file, exportfs identifies them for you. Here s an example of the exportfs command: # /usr/sbin/exportfs -a -v exporting maple:/pub exporting spruce:/pub exporting maple:/home exporting spruce:/home exporting *:/mnt/win The -a option indicates that all directories listed in /etc/exports should be exported. The -v option says to print verbose output. In this example, the /pub and /home directories from the local server are immediately available for mounting by those client computers that are named (maple and spruce). The /mnt/win directory is available to all client computers. Running the exportfs command temporarily makes your exported NFS directories available. To have your NFS directories available on an ongoing basis (that is, every time your system reboots), you need to set your nfs startup scripts to run at boot time. This is described in the next section. Tip Tip
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.

Chapter 27 . Running a File Servers 721 Access Options in /etc/exports You don t have to just give away your files and directories when you export a directory with NFS. In the options part of each entry in /etc/exports, you can add options that allow or limit access by setting read/write permission. These options, which are passed to NFS, are as follows: . ro Client can mount this exported file system read-only. The default is to mount the file system read/write. . rw Explicitly asks that a shared directory be shared with read/write permissions. (If the client chooses, it can still mount the directory read-only.) User Mapping Options in /etc/exports In addition to options that define how permissions are handled generally, you can use options to set the permissions that specific users have to NFS shared file systems. One method that simplifies this process is to have each user with multiple user accounts have the same username and UID on each machine. This makes it easier to map users so that they have the same permissions on a mounted file system that they do on files stored on their local hard disks. If that method is not convenient, user IDs can be mapped in many other ways. Here are some methods of setting user permissions and the /etc/exports option that you use for each method: . root user The client s root user is generally mapped into the nfsnobody username (UID 65534). This prevents a client computer s root user from being able to change all files and directories in the shared file system. If you want the client s root user to have root permission on the server, use the no_root_ squash option. There may be other administrative users, in addition to root, that you want to squash. I recommend squashing UIDs 0 99 as follows: squash_uids=0 99. . nfsnobody user/group By using nfsnobody username and group name, you essentially create a user/group with permissions that do not allow access to files that belong to any real users on the server, unless those users open permission to everyone. However, files created by the nfsnobody user or group are available to anyone assigned as the nfsnobody user or group. To set all remote users to the nfsnobody user/group, use the all_squash option. The nfsnobody user is assigned to UIDs and GIDs of 65534 to prevent the ID from running into a valid user or group ID. Using anonuid or anongid options, you can change the nfsnobody user or group, respectively. For example, anonuid=175 sets all anonymous users to UID 175, and anongid=300 sets the GID to 300. (Only the number is displayed when you list file permission unless you add entries with names to /etc/password and /etc/group for the new UIDs and GIDs.) Tip
We highly recommend you visit web and email hosting services if you need stable and cheap web hosting platform for your web applications.

720 Part V . Running Servers These are just examples; you can share any directories that you choose, including the entire file system (/). Of course, there are security implications of sharing the whole file system or sensitive parts of it (such as /etc). Security options that you can add to your /etc/exports file are described throughout the sections that follow. Host Names in /etc/exports You can indicate in the/etc/exports file which host computers can have access to your shared directory. If you want to associate multiple host names or IP addresses with a particular shared directory, be sure to have a space before each host name. However, add no spaces between a host name and its options. For example: /usr/local maple(rw) spruce(ro,root_squash) Notice that there is a space after (rw) but none after maple. Here are ways to identify hosts: . Individual host Enter one or more TCP/IP host names or IP addresses. If the host is in your local domain, you can simply indicate the host name. Otherwise, use the full host.domain format. These are valid ways to indicate individual host computers: maple maple.handsonhistory.com 10.0.0.11 . IP network Allow access to all hosts from a particular network address by indicating a network number and its netmask, separated by a slash (/). Here are valid ways to designate network numbers: 10.0.0.0/255.0.0.0 172.16.0.0/255.255.0.0 192.168.18.0/255.255.255.0 . TCP/IP domain Using wildcards, you can include all or some host computers from a particular domain level. Here are some valid uses of the asterisk and question mark wildcards: *.handsonhistory.com *craft.handsonhistory.com ???.handsonhistory.com The first example matches all hosts in the handsonhistory.com domain. The second example matches woodcraft, basketcraft, or any other host names ending in craft in the handsonhistory.com domain. The final example matches any three-letter host names in the domain. Using an asterisk doesn t match subdomains. For example, *.handsonhistory .com would not cause the host name mallard.duck.handsonhistory.com to be included in the access list. . NIS groups You can allow access to hosts contained in an NIS group. To indicate an NIS group, precede the group name with an at (@) sign (for example, @group). Note
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

Chapter 27 . Running a File Servers 719 Remember that when you share a directory, you are sharing all files and subdirectories below that directory as well (by default). So, you need to be sure that you want to share everything in that directory structure. There are still ways to restrict access within that directory structure, and those are discussed later in this chapter. Configuring the /etc/exports File To make a directory from your Linux system available to other systems, you need to export that directory. Exporting is done on a permanent basis by adding information about an exported directory to the /etc/exports file. The format of the /etc/exports file is Directory Host(Options) # Comments where Directory is the name of the directory that you want to share, and Host indicates the host computer to which the sharing of this directory is restricted. Options can include a variety of options to define the security measures attached to the shared directory for the host. (You can repeat Host/Option pairs.) Comments are any optional comments you want to add (following the # sign). As root user, you can use any text editor to configure /etc/exports to modify shared directory entries or add new ones. Here s an example of an /etc/exports file: /cal *.linuxtoys.net(rw) # Company events /pub (ro,insecure,all_squash) # Public dir /home maple(rw,squash uids=0-99) spruce(rw,squash uids=0-99) The /cal entry represents a directory that contains information about events related to the company. It is made accessible to everyone with accounts to any computers in the company s domain (*.linuxtoys.net). Users can write files to the directory as well as read them (indicated by the rw option). The comment (# Company events) simply serves to remind you of what the directory contains. The /pub entry represents a public directory. It allows any computer and user to read files from the directory (indicated by the ro option) but not to write files. The insecure option enables any computer, even one that doesn t use a secure NFS port, to access the directory. The all_squash option causes all users (UIDs) and groups (GIDs) to be mapped to the nfsnobody user, giving them minimal permission to files and directories. The /home entry enables a set of users to have the same /home directory on different computers. Say, for example, that you are sharing /home from a computer named oak. The computers named maple and spruce could each mount that directory on their own /home directories. If you gave all users the same username/UIDs on all machines, you could have the same /home/user directory available for each user, regardless of which computer they are logged into. The uids=0 99 is used to exclude any administrative login from another computer from changing any files in the shared directory.
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

718 Part V . Running Servers Getting NFS While nearly every Linux system supports NFS client and server features, NFS is not always installed by default. You ll need different packages for different Linux systems to install NFS. Here are some examples: . Fedora Core and other Red Hat Linux systems You need to install the nfsutils package to use Fedora as an NFS server. There is also a graphical NFS Configuration tool that requires you to install the system-config-nfs package. NFS client features are in the base operating system. To turn on the nfs service, type the following: # service nfs start # chkconfig nfs on . Debian To act as an NFS client, the nfs-common and portmap packages are required; for an NFS server, the nfs-kernel-server package must be added. The following apt-get command line (if you are connected to the Internet) installs them all. Then, after you add an exported file system to the /etc/exports file (as described later), you can start the nfs-common and nfs-kernel-server scripts, as shown here: # apt-get install nfs-common portmap nfs-kernel-server # /etc/init.d/nfs-kernel-server start # /etc/init.d/nfs-common start . Gentoo With Gentoo, NFS file system and NFS server support must be configured into the kernel to use NFS server features. Installing the nfs-utils package (emerge nfs-utils) should get the required packages. To start the service, run rc-update and start the service immediately: # emerge nfs-utils # rc-update add portmap default # rc-update add nfs default # /etc/init.d/nfs start The commands (mount, exportfs, and so on) and files (/etc/exports, /etc/ fstab, and so on) for actually configuring NFS are the same on every Linux system I ve encountered. So once you have NFS installed and running, just follow the instructions in this chapter to start using NFS. Sharing NFS File Systems To share an NFS file system from your Linux system, you need to export it from the server system. Exporting is done in Linux by adding entries into the /etc/exports file. Each entry identifies a directory in your local file system that you want to share with other computers. The entry also identifies the other computers that can share the resource (or opens it to all computers) and includes other options that reflect permissions associated with the directory.
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

Chapter 27 . Running a File Servers 717 Figure 27-1: NFS can make selected file systems available to other computers. In this example, a computer named oak makes its /apps/bin directory available to clients on the network (pine, maple, and spruce) by adding an entry to the /etc/exports file. The client computer (pine) sees that the resource is available and mounts the resource on its local file system at the mount point /oak/apps, after which any files, directories, or subdirectories from /apps/bin on oak are available to users on pine (given proper permissions). Although it is often used as a file server (or other type of server), Linux is a generalpurpose operating system, so any Linux system can share file systems (export) as a server or use another computer s file systems (mount) as a client. Contrast this with dedicated file servers, such as NetWare, which can only share files with client computers (such as Windows workstations) and never act as a client. A file system is usually a structure of files and directories that exists on a single device (such as a hard disk partition or CD-ROM). A Linux file system refers to the entire directory structure (which may include file systems from several disks or NFS resources), beginning from root (/) on a single computer. A shared directory in NFS may represent all or part of a computer s file system, which can be attached (from the shared directory down the directory tree) to another computer s file system. Note /etc/exports File /apps/bin pine(rw), maple(rw), spruce(rw) OAK # mount oak:/apps/bin/oak/apps PINE / / apps/ bin/ file1 file2 file3 oak/ apps/
We recommend high quality webhost to host and run your jsp application: christian web host services.

716 Part V . Running Servers Setting Up an NFS File Server Instead of representing storage devices as drive letters (A, B, C, and so on), as they are in Microsoft operating systems, Linux systems connect file systems from multiple hard disks, floppy disks, CD-ROMs, and other local devices invisibly to form a single Linux file system. The Network File System (NFS) facility enables you to extend your Linux file system in the same way, to connect file systems on other computers to your local directory structure. An NFS file server provides an easy way to share large amounts of data among the users and computers in an organization. An administrator of a Linux system that is configured to share its file systems using NFS has to perform the following tasks to set up NFS: 1. Set up the network. If a LAN or other network link is already connecting the computers on which you want to use NFS, you already have the network you need. 2. Choose what to share on the server. Decide which file systems on your Linux NFS server to make available to other computers. You can choose any point in the file system and make all files and directories below that point accessible to other computers. 3. Set up security on the server. You can use several different security features to suit the level of security with which you are comfortable. Mount-level security lets you restrict the computers that can mount a resource and, for those allowed to mount it, lets you specify whether it can be mounted read/write or read-only. With user-level security, you map users from the client systems to users on the NFS server so that they can rely on standard Linux read/write/ execute permissions, file ownership, and group permissions to access and protect files. Linux systems that support Security Enhanced Linux (SELinux), such as Fedora and Red Hat Enterprise Linux, offer another means of offering or restricting shared NFS files and directories. 4. Mount the file system on the client. Each client computer that is allowed access to the server s NFS shared file system can mount it anywhere the client chooses. For example, you may mount a file system from a computer called maple on the /mnt/maple directory in your local file system. After it is mounted, you can view the contents of that directory by typing ls /mnt/maple. Then you can use the cd command below the /mnt/maple mount point to see the files and directories it contains. Figure 27-1 illustrates a Linux file server using NFS to share (export) a file system and a client computer mounting the file system to make it available to its local users.
Please visit Domain Name Hosting services for high quality webhost to host and run your jsp applications.

Running a File Server Most networked computers are on the network in the first place so that users can share information. Some users need to collectively edit documents for a project, share access to spreadsheets and forms used in the daily operation of a company, or perform any number of similar file-sharing activities. It also can be efficient for groups of people on a computer network to share common applications and directories of information needed to do their jobs. By far the best way to accomplish the centralized sharing of data is through a file server. A centralized file server can be backed up, preserving all stored data in one fell swoop. It can focus on the tasks of getting files to end users, rather than running user applications that can use client resources. And a centralized file server can be used to control access to information security settings can dictate who can access what. Linux systems include support for each of the most common file server protocols in use today. Among the most common file server types in use today are the Network File System (NFS), which has always been the file-sharing protocol of choice for Linux and other UNIX systems, and Samba (SMB protocol), which is often used by networks with many Windows and OS/2 computers. This chapter describes how to set up file servers and clients associated with NFS and Samba. When selecting file services to provide, keep in mind that less is more. If your clients and servers support multiplefile access capabilities (both NFS and SMB, for example), pick the service that lends itself to making the task less complicated. In many cases, NFS is supported by clients and servers regardless of the operating system that they use. It s rare that you would need to enable more than one of the file services discussed in this chapter. Tip 2C H A7P7T E R . . . . In This Chapter Setting up an NFS file server in Linux . . . .
Please visit Domain Name Hosting services for high quality webhost to host and run your jsp applications.