Slackware Linux Essentials
Prev	Chapter 5 Network Configuration	Next

5.6 +Network File Systems

+ +

At this point, you should have a working TCP/IP connection to your network. You should +be able to ping other computers on your internal network and, if you have configured an +appropriate gateway, you should also be able to ping computers on the Internet itself. As +we know, the whole point in bringing a computer onto a network is to access information. +While some people might bring a computer up on a network just for the fun of it, most +people wish to be able to share files and printers. They wish to be able to access +documents on the Internet or play an online game. Having TCP/IP installed and functional +on your new Slackware system is a means to that end, but with just TCP/IP installed, +functionality will be very rudimentary. To share files, we will have to transfer them +back and forth using either FTP or SCP. We cannot browse files on our new Slackware +computer from the Network Neighborhood or My Network Places icons on Windows computers. +We'd like to be able to access files on other Unix machines seamlessly.

+ +

Ideally, we'd like to be able to use a network file system to allow us transparent access to our +files on other computers. The programs that we use to interact with information stored on +our computers really do not need to know on what computer a given file is stored; they +just need to know that it exists and how to get to it. It is then the responsibility of +the operating system to manage access to that file through the available file systems and +network file systems. The two most commonly used network file systems are SMB (as +implemented by Samba) and NFS.

+ +

5.6.1 SMB/Samba/CIFS

+ +

SMB (for Server Message Block) is a descendant of the older NetBIOS protocol that was +initially used by IBM in their LAN Manager product. Microsoft has always been fairly +interested in NetBIOS and it's successors (NetBEUI, SMB and CIFS). The Samba project has +existed since 1991, when it was originally written to link an IBM PC running NetBIOS with +a Unix server. These days, SMB is the preferred method for sharing file and print +services over a network for virtually the entire civilized world because Windows supports +it.

+ +

Samba's configuration file is /etc/samba/smb.conf; one of +the most well commented and documented configuration files you will find anywhere. Sample +shares have been setup for you to view and modify for your needs. If you need even +tighter control the man page for smb.conf is indispensable. Since Samba is documented so +well in the places I've mentioned above, we will not rewrite the documentation here. We +will, however, quickly cover the basics.

+ +

smb.conf is broken down into multiple sections: one section +per share, and a global section for setting options that are to be used everywhere. Some +options are only valid in the global section; some are only valid outside the global +section. Remember that the global section can be over-ridden by any other section. Refer +to the man pages for more information.

+ +

You will most likely wish to edit your smb.conf file to +reflect the network settings in your LAN. I would suggest modifying the items listed +below:

+ + + + + +

+[global]
+# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
+workgroup = MYGROUP
+

+ +

Change the workgroup name to reflect the workgroup or domain name that you are using +locally.

+ + + + + +

+# server string is the equivalent of the NT Description field
+server string = Samba Server
+

+ +

This will be the name of your Slackware computer displayed in the Network Neighborhood +(or My Network Places) folder.

+ + + + + +

+# Security mode. Most people will want user level security. See
+# security_level.txt for details. NOTE: To get the behaviour of
+# Samba-1.9.18, you'll need to use "security = share".
+security = user
+

+ +

You'll almost certainly wish to implement user level security on your Slackware +system.

+ + + + + +

+# You may wish to use password encryption. Please read
+# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
+# documentation.
+# Do not enable this option unless you have read those documents
+encrypt passwords = yes
+

+ +

If encrypt passwords is not enabled, you will not be able to use Samba with NT4.0, +Win2k, WinXP, and Win2003. Earlier Windows operating systems did not require encryption +to share files.

+ +

SMB is an authenticated protocol, meaning you must supply a correct username and +password in order to use this service. We tell the samba server what usernames and +passwords are valid with the smbpasswd command. smbpasswd takes a couple of common switches to tell it to either add +traditional users, or add machine users (SMB requires that you add the computers' NETBIOS +names as machine users, restricting what computers one can authenticate from).

+ + + + + +

+Adding a user to the /etc/samba/private/smbpasswd file.
+# smbpasswd -a user
+Adding a machine name to the /etc/samba/private/smbpasswd file.
+# smbpasswd -a -m machine
+

+ +

It's important to note that a given username or machine name must already exist in the +/etc/passwd file. You can accomplish this simply with the adduser command. Note that when using the adduser command to add a machine name one must append a dollar sign +(“$”) to the machine name. This should not however, be done with smbpasswd. smbpasswd appends the dollar +sign on its own. Failing to mangle the machine name this way with adduser will result in an error when adding the machine name to +samba.

+ + + + + +

+# adduser machine$
+

+ +

5.6.2 Network File System (NFS)

+ +

NFS (or Network File System) was originally written by Sun for their Solaris +implementation of Unix. While it is significantly easier to get up and running when +compared to SMB, it is also significantly less secure. The primary insecurity in NFS is +that it is easy to spoof user and group id's from one machine to another. NFS is an +unauthenticated protocol. Future versions of the NFS protocol are being devised that +enhance security, but these are not common at the time of this writing.

+ +

NFS configuration is governed by the /etc/exports file. When +you load the default /etc/exports file into an editor, you'll +see a blank file with a two line comment on top. We'll need to add a line to the exports +file for each directory that we wish to export, with a listing of client workstations +that will be allowed to access that file. For instance, if we wished to export directory +/home/foo to workstation Bar, we would simply add the line:

+ + + + + +

+/home/foo Bar(rw)
+

+ +

to our /etc/exports. Below, you'll find the example from the +man page for the exports file:

+ + + + + +

+# sample /etc/exports file
+/               master(rw) trusty(rw,no_root_squash)
+/projects       proj*.local.domain(rw)
+/usr            *.local.domain(ro) @trusted(rw)
+/home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
+/pub            (ro,insecure,all_squash)
+

+ +

As you can see, there are various options available, but most should be fairly clear +from this example.

+ +

NFS works under the assumption that a given user on one machine in a network has the +same user ID on all machines across the network. When an attempt is made to read or write +from a NFS client to an NFS server, a UID is passed as part of the read/write request. +This UID is treated the same as if the read/write request originated on the local +machine. As you can see, if one could arbitrarily specify a given UID when accessing +resources on a remote system, Bad Things (tm) could and would happen. As a partial hedge +against this, each directory is mounted with the root_squash +option. This maps the UID for any user claiming to be root to a different UID, thus +preventing root access to the files or folders in the exported directory. root_squash seems to be enabled by default as a security measure, +but the authors recommend specifying it anyway in your /etc/exports file.

+ +

You can also export a directory directly from the command line on the server by using +the exportfs command as follows:

+ + + + + +

+# exportfs -o rw,no_root_squash Bar:/home/foo
+

+ +

This line exports the /home/foo directory to the computer +“Bar” and grants Bar +read/write access. Additionally, the NFS server will not invoke root_squash, which means any user on Bar with a UID of +“0” (root's UID) will have the same privileges as root on the server. The +syntax does look strange (usually when a directory is specified in computer:/directory/file syntax, you are referring to a file in a +directory on a given computer).

+ +

You'll find more information on the man page for the exports file.

Prev	Home	Next
Wireless	Up	X Configuration