Linux NFS-HOWTO

Tavis Barr

         tavis dot barr at liu dot edu
       

Nicolai Langfeldt

         janl at linpro.no
       

Seth Vidal

        skvidal at phy dot duke dot edu
      

Tom McNeal

        trmcneal at attbi dot com
      

앐Y - ({)

        nakano@apm.seikei.ac.jp
      

2002-11-16 (original: 2002-08-25)

Revision History                                                       
Revision v3.1          2002-08-25        Revised by: tavis             
Typo in firewalling section in 3.0                                     
Revision v3.0          2002-07-16        Revised by: tavis             
Updates plus additions to performance, security                        

 

Table of Contents
1. O
   
    1.1. @IȂ
    1.2. Ɛ
    1.3. tB[hobN
    1.4. ӎ
   
2. ͂߂
   
    2.1. NFS Ƃ͉?
    2.2.  HOWTO ͉ (ĉł͂Ȃ)
    2.3. OɕKvƂm
    2.4. OɕKvƂȂ\tgEFA: J[lo[W nfs-utils
    2.5. wvڍׂȏ̂肩
   
3. NFS T[o̐ݒ
   
    3.1. T[oݒ̊T
    3.2. ݒt@C̕ҏW
    3.3. T[rXJn
    3.4. NFS 삵Ă邩mF
    3.5. /etc/exports ƂύX
   
4. NFS NCAg̐ݒ
   
    4.1. [g̃fBNg}Eg
    4.2. NFS t@CVXeu[gɃ}Eg
    4.3. }Eg̃IvV
   
5. NFS ̐\œK
   
    5.1. ubNTCYݒ肵ē]xœK
    5.2. pPbgTCYƃlbg[NhCo
    5.3. tOgꂽpPbg̃I[o[t[
    5.4. NFS over TCP
    5.5. ^CAEgƍđ̒l
    5.6. NFSD ̃CX^X̐
    5.7. ̓L[̃
    5.8. NIC ƃnu̎lSVG[V𖳌ɂ
    5.9. NFS ̓Ɣ񓯊
    5.10. T[o̐\ NFS ȊO̕@
   
6. ZLeB NFS
   
    6.1. |[g}bp
    6.2. T[õZLeB: nfsd  mountd
    6.3. NCAg̃ZLeB
    6.4. NFS ƃt@CAEH[ (ipchains  iptables)
    6.5. NFS  SSH gl
    6.6. ܂Ƃ
   
7. guV[g
   
    7.1. }Egt@CVXeŃt@CȂ
    7.2. t@CNGXgnOAANZX҂Ń^CAEg
        
    7.3. t@CVXe}EgłȂ
    7.4. }Eg{[ŁAt@CɃANZX錠܂
        
    7.5. ɑ傫ȃt@C]ƁA NFS T[o CPU 
        ܂āA~܂悤ɂȂĂ܂܂
    7.6. OɊȃG[bZ[Wo
    7.7. ۂ̃p[~bV /etc/exports ̎wƈقȂ
    7.8. ȁAsȐU
    7.9. nfsd NȂ
    7.10. ̃NCAggƃt@C
   
8. Linux  NFS 𑼂 OS Ǝg
   
    8.1. AIX
    8.2. BSD
    8.3. Tru64 Unix
    8.4. HP-UX
    8.5. IRIX
    8.6. Solaris
    8.7. SunOS
   
1. O

1.1. @IȂ

Copyright (c) <2002> by Tavis Barr, Nicolai Langfeldt, Seth Vidal, and
Tom McNeal. This material may be distributed only subject to the terms
and conditions set forth in the Open Publication License, v1.0 or later
(the latest version is presently available at http://
www.opencontent.org/openpub/).

(Ql) Copyright (c) 2002 Travis Barr, Nicolai Langfeldt, Seth Vidal,
and Tom McNeal. ́̕AOpen Publication License v1.0 т
~ (ŐVł http://www.opencontent.org/openpub/ ɂ܂B̓{
 http://www.opensource.jp/openpub/ ɂ܂) ̏Eɏ]
Ĕzzł܂B

|͒앐Ys܂B Copyright (C) 1997-2002 Takeo Nakano. C
ZX͓ Open Publication License v1.0 (IvVȂ) т
ȍ~ɏ]܂B

 

1.2. Ɛ

This document is provided without any guarantees, including
merchantability or fitness for a particular use. The maintainers cannot
be responsible if following instructions in this document leads to
damaged equipment or data, angry neighbors, strange habits, divorce, or
any other calamity.

̒̕񋟂ɂẮApł邩ۂA̖ړIɓK邩
Ȃ܂߁A̕ۏ؂܂B̈̕ȉɂɂ
ċ@f[^Q󂯂Aߏ̐l{AςȕȂĂ
A邱ƂɂȂȂsKƂĂA
̊̕Ǘ҂͉̐ӔCƂł܂B

 

1.3. tB[hobN

͂̕܂܂̂ł͂܂B̕コ邽
̃tB[hobN}܂B 2002 N 2 ̎_ɂẮALinux NFS
z[y[W http://nfs.sourceforge.net łB[OXgEoO
tBbNXEXVɊւĂÂ݂̊̕Ǘ҂ɂẮA
y[W`FbNĂB

 

1.4. ӎ

Linux  NFS ͑̐l̋͂ɂĉ\ɂȂ܂Błl
̐lX͓ɎĂlł傤BIWĩo[W
Olaf Kirch  Alan Cox ɂĊJ܂Bversion 3 T[õR[h
́A Saadia Khan, James Yarbrough, Allen Morris, H.J. Lu ̍Ƃ
ɁANeil Brown SȂ̂ɂ܂ (ގgIWi̍Ǝ҂Ɋ܂
܂)BNCAg̃R[h Olaf Kirch A Trond Myklebust 
XVĂ܂B version 4 ̃bN}l[W Saadia Khan J
B Dave Higgen  H.J. Lu ̓lӂ邱Ƃ̏Ȃd
󂯁AǗێƃoOtBbNXϋɓIɍsAR[hҒʂɓ삷
悤ɂĂ܂B񊴎ӂׂl͂܂܂񂢂܂B

̃̕IWił Nicolai Langfeldt ܂B 2000 N
Tavis Barr  Seth Vidal ɂđ̕A 2.0 J[l
 2.4 J[l̊ԂɊJꂽA Linux p NFS ł̂܂܂ȕύX
f܂B 2002 N 2 ɍēxҏWATom McNeal \Ɋւ
ɂ̒ǉs܂B Thomas Emmel, Neil Brown, Trond
Myklebust, Erez Zadok, Ion Badulescu 炪AlRgƍv
Ă܂B

: |ɍۂẮAJF ML ̊FɂbɂȂ܂Bɂ˂
ƕ䂳ɂ́AŜʂėLvȃRg܂B

 

2. ͂߂

2.1. NFS Ƃ͉?

Network File System (NFS) ́A[g}ṼfBXNp[eBV
[J̃n[hfBXN̂悤Ƀ}Eg\Ƃ邽߂ɊJ܂
B NFS pƁAlbg[NāAV[Xȃt@C
L\ɂȂ܂B

 NFS ̐ݒԈႦƁA]܂ȂlXȂ̃n[hhCu
΂ălbg[NoRŃANZXłĂ܂\܂ (ă
[ǂ܂ꂽAׂẴt@CꂽAVXeɐN邩
܂)BłANFS ̐ݒsȂÃ̕ZL
eB̏͂𒍈ӂĂ悭ǂłB

NFS Ɠl̋@\񋟂VXe͑ɂ܂B Samba (http://
www.samba.org)  Windows NCAgɃt@CT[rX񋟂܂B
ŋ߃I[v\[XɂȂ IBM  Andrew File System (http://
www.transarc.com/Product/EFS/AFS/index.html) t@CL@\񋟂
AɃZLeB␫\コ邽߂̋@\ǉĂ܂B
Coda File System (http://www.coda.cs.cmu.edu/) ́A̕Ă
_ł͂܂J̒iKłAڑꂽNCAgł܂
悤ɐ݌vĂ܂B Andrew File System  Coda File System 
@\̑́A̔ł NFS (Version 4)Ɏ荞܂\ł (http://
www.nfsv4.org)Bɂ NFS ̗_́AnĂ邱ƁAWł
ƁA悭Ă邱ƁÃvbgtH[ŌłɃT|[g
Ă邱ƁAłB

 

2.2.  HOWTO ͉ (ĉł͂Ȃ)

 HOWTO ́ANFS 𐳂Iɐݒ肷邽߂́ASȃXebvo
CXebṽKChƂȂׂMĂ܂B NFS ̐ݒ 2 ̒iK
Ȃ܂BȂ킿T[o̐ݒƃNCAg̐ݒłBɂ
́A̗pr NFS pl̃qgAn[hEFA̐ݒA
ZLeBAguV[gɎQlƂȂ񋟂Ă܂B

 HOWTO  NFS ̒g≺w\Lq̂ł͂܂B̖
Iɂ́AErez Zadok  Linux NFS and Automounter Administration (Sybex,
2001) ǂł傤B܂ NFS ̖{ƂĂ͌ÓTłAłꂽɂ߂
LpȖ{ƂāA Hal Stern  O'Reilly & Associates, Inc.  
Managing NFS and NIS ܂B (: M󂪃IC[Wpo
Ă܂)B NFS ɊւƂƍxŐV̋ZṕA Brent
Callaghan  NFS Illustrated ɏĂ܂ (M󂪁wNFS oCux
ŃAXL[oĂ܂)B

͊̕Sȃt@X}jAڎŵłȂA Linux
NFS ̖cȋ@\̃XgׂĂ܂ނ̂ł܂B̖ړIɂ́A 
nfs(5), exports(5), mount(8), fstab(5), nfsd(8), lockd(8), statd(8), 
rquotad(8), mountd(8) Ȃǂ man y[WǂłB

̕ł PC-NFS ܂B PC-NFS ͌ÂłAWindows }V
ƃt@CLɂ Samba ̂قłB܂ NFS Version 4 ͂
Jł̂ŁA܂B

 

2.3. OɕKvƂm

 HOWTO ǂނɂ́ATCP/IP lbg[NɊւ{IȒmKv
BMȂꍇ Networking-Overview-HOWTO <http://www.linuxdoc.org
/HOWTO/Networking-Overview-HOWTO.html> (JF ɓ{ <http://
www.linux.or.jp/JF/JFdocs/Networking-Overview-HOWTO.html> ܂)
ǂłB

 

2.4. OɕKvƂȂ\tgEFA: J[lo[W nfs-utils

Version 2  NFS  Version 3  NFS Ƃ̈ႢɂĂ͈ȍ~Ő܂
B̂Ƃ́Apׂ̍ȃt@CT[oCXg[ꍇ
NFS Version 3 KvɂȂ邾낤AƂӌ󂯓ĂB
Cyȗprɂ NFS Version 2 łǂł傤B

NFS Version 2 ́AȂ蒷gĂ܂ (ȂƂ 1.2 J[lV
[Y) ÂꂩKvƂꍇ 2.2.18 ȍ~̔ł̃J[l
KvłB

 E Linux  NFS 𑼂 OS  NFS ƍ݂
   
 E NFS zɐM̍t@CbNg
   
 E NFS Version 3 g
   
2.2.14 ȍ~̃J[lɂ́AL̋@\񋟂pb`݂܂B
̂ Linux NFS z[y[W_E[hł܂B 2.2.14
`2.2.17 ̃J[lgĂāA\[XR[h茳ɂȂA NFS
Version 3 T[õT|[gݒIvVɂ邩ǂŁÃp
b`Ă邩ǂ𔻒fł܂BAÂJ[lg
RɂȂ΁ÃoOCĂ킯łAAbvO[
hׂł傤BJ[l 2.2.19 ł́A 2.2.18 ɔׁAbN@\
P_ǉĂ܂B

Version 3 ̋@\pɂ́Anfs-utils pbP[W̏ȂƂo[W
 0.1.6 ƁAmount ̃o[W 2.10m ȍ~KvłB nfs-utils
 mount ͊SɌ݊ۂĂ܂AVłł͑̃ZL
eBoȌCȂĂ܂A NFS ̐ݒJnƂȂA
ŐV nfs-utils  mount pbP[W𗘗pȂ͂Ȃł傤B

2.4 ׂ̂ĂƂȍ~̃J[lɂ́A NFS Version 3 ̋@\ׂĊ܂
Ă܂B

̏ꍇłAŃJ[lrhꍇ́A NFS  NFS version
3 ̃T|[gRpCɑIԕKv܂BWIȃfBXgr
[V̂قƂ (SĂł͂܂) ɂ́A NFS version 3 T|[g
J[ltĂ܂B

2 GB 傫ȃt@Cɂ́A 2.4.x J[l glibc  2.2.x 
KvłB

2.2.18 ȍ~ׂ̂ẴJ[lł́ANCAgł NFS over TCP T
|[gĂ܂B̎̕M_ł̃T[o NFS over TCP łA
2.2.18 ȍ~̃V[Ył̓oOAIȃIvVɂȂĂ܂B
2.4  2.5 J[lւ̃pb` 2.4.17  2.5.6 ̎_oꂵ܂
B̃pb`͈肵ĂƎvĂ܂A_ł͂܂rI
VALprŗpĂ͂Ȃ悤łACXg[ 2.4
J[lɂĂ܂B

L̋@\̂قƂǂJ[lo[W 2.2.18 œꂽ̂ł
ŁA͂̃̕o[Wȍ~Ώۂɂ܂ (2.4.x ܂݂܂)BÂ
J[lgĂꍇ́A͂̕茳 NFS VXe𐳂Lq
̂ł͂Ȃ܂B

̎̕M_ł́ANFS version 4 ͂܂vgR̍肪
΂ŁA͂܂iƂĂ͗pӂłĂ܂Bł̂łł
܂B

 

2.5. wvڍׂȏ̂肩

2000 N 11 ̒iKł́ALinux NFS z[y[W http://
nfs.sourceforge.net ɂ܂B NFS ֌W̃[OXgAnfs-utils
̍ŐVŁA NFS J[lpb`Ȃ NFS ֌W̃pbP[WɂĂ
`FbNĂB

̕ faqAman y[WȂǂňĂȂ⎿₪ꍇ
A nfs [OXg (<nfs@lists.sourceforge.net>) ɃbZ[W
ĂBJ҂⑼̃[UAȂ̖]ł悤A
ȉ̂悤ȏ܂߂悤ɂĂB

 E pĂ nfs-utils ̃o[W
   
 E J[l̃o[WƁAWȊO̊gKpꂽJ[lł
    ͂̏
   
 E pĂ Linux fBXgr[V
   
 E ɊւĂ OS ɂ΁Ão[W
   
̃zXgȂĂlbg[N̐ݒɊւɂȂ
傤B

̓eAL̃}EgGNX|[głȂAƂ̂ł
Ȁ肢܂B

 E /etc/exports t@C̃Rs[
   
 E T[o rpcinfo -p localhost sƂ̏o
   
 E NCAg rpcinfo -p servername sƂ̏o
   
܂ׂĂ̕ǂ݁AĖƈꏏɂSĂ̏𑗂̂A
Xg珕͂𓾂邽߂̍őP̕@łB

nfs(5), exports(5), mount(8), fstab(5), nfsd(8), lockd(8), statd(8), 
rquotad(8), mountd(8) Ȃǂ man y[WĂƂł傤B

 

3. NFS T[o̐ݒ

3.1. T[oݒ̊T

ł̓T[oƃNCAg̗ݒ肷邱Ƃl܂BNCA
gݒ肵āANʂ̐l̃T[o (ႦΕ̃T[oȂ) ɂȂ
ꍇ́A Section 4 ɐiłBANCAgݒ肷
тɁAT[o͂̃NCAg̐ڑ悤CKv
܂ (T[o̐ݒ肪Ɋ댯ȏꍇ)B]ĎŃT[oݒ
ȂꍇłÃZNV͓ǂłقł傤B
ΔF؊֘A̖肪ꍇɂǂ𒲂ׂΗǂ킩ł傤
B

T[o̐ݒ 2 ̃XebvȂ܂B܂ NFS ̐ݒt@C
WA NFS T[rXۂɋN܂B

 

3.2. ݒt@C̕ҏW

NFS T[o̐ݒuɂĕҏWȂ΂ȂȂvȐݒt@C 3
܂B /etc/exports, /etc/hosts.allow, /etc/hosts.deny łB{
̂ƂƁAۂ NFS 𓮍삳ɂ /etc/exports ŗǂ
łAꂾ NFS ͔Ɋ댯ȏԂɒu܂BɁAɉ
ċNXNvgҏWKv邩܂BɂĂ 
Section 3.3.3 ĂB

 

3.2.1. /etc/exports

̃t@Cɂ̓Gg̃XgĂAeGg͋L{
[ƁAꂪǂ̗lɋL邩Lq܂B̃t@Cɂ
ݒIvVׂ̂Ămɂ man y[W (man exports) Kv
܂AɂLqł̐l̗prɂ͑ł傤B

/etc/exports ̃GǵAȉ̂悤Ȍ`ɂȂĂ܂:

 directory machine1(option11,option12) machine2(option21,option22)     

evf̈Ӗ͈ȉ̒ʂł:

directory
   
    LfBNgłB{[ŜłǂłA
    ȂĂ܂܂BfBNgLƁAȉ̂
    ׂẴfBNg (t@CVXeɂ) lɋL
    ܂B
   
machine1 and machine2
   
    ̃fBNgɃANZXNCAg}VłB}V DNS
    AhX܂ IP AhXŎwł܂ (: machine.company.com
    Ƃ 192.168.0.8)B IP AhXgقMSł
    B DNS AhXgKvāA̍ۂɐ}V𔭌ł
    ꍇɂ́A Section 7.3 ĂB
   
optionxx
   
    e}ṼIvṼXgŁÃ}Vǂ̂悤ɃANZXł
    邩Lq܂BdvȃIvV܂:
   
      ro: ̃fBNg͓ǂݏopŋL܂BNCAg
        ͏ނƂ͂ł܂BꂪftHgłB
       
      rw: NCAg}V͓ǂݏoƏݗ̃ANZX
        fBNgɍs܂B
       
      no_root_squash: ftHgł́A root [Uɂt@Cv
        ́AׂăT[oł nobody [UɂĂȂꂽ̂Ƃ
        ܂B (mɌƁAv UID ̃}bv̓T[oɂ
        郆[U "nobody"  UID Ɉˑ܂BNCAĝ̂ł͂
        ܂B) no_root_squash IԂƁANCAg}V root
        ́AT[oVXeł root ƂĂ̓x̃ANZXT[
        õt@CɍsƂɂȂ܂B̓ZLeBɑȉe
        yڂ\܂ANCAgōsǗƂɃGN
        X|[gꂽfBNg܂߂悤ȏꍇɂ́AꂪKv
        ɂȂł傤BK؂ȗRȂ΁ÃIvV͎w肷
        ł͂܂B
       
      no_subtree_check: {[̈ꕔGNX|[gꍇA
        subtree checking ƌĂ΂郋[`ANCAgv
        t@C̃{[̓K؂ȏꏊɂ邩ǂ𒲂ׂ܂
        B{[ŜGNX|[gꍇ́Ã`FbN𖳌
        ĂƓ]ɂȂ܂B
       
      sync: ŐV̔ (version 1.11) A exportfs R}h̓ft
        Hgł async ܂B܂ANFS ݏt@
        CVXeɓniKŁANCAg}Vɏ݂
         (܂Xg[WfoCXւ݂̏) Ɠ`
        B̓ł̓T[ou[gƃf[^\
        A sync w肷΂h܂B sync  async ̓Ɋ
        ڍׂȋc_ Section 5.9 ĂB
       
 2 ̃NCAg}VA slave1  slave2 Aꂼ IP
AhX͂ꂼ 192.168.0.1  192.168.0.2 łƂ܂傤B
̃}VɁAō\tgEFAoCĩfBNgƁAz
[fBNgLƂ܂B̂悤ȏꍇ /etc/exports
͎̂悤ɂȂł傤:

  /usr/local   192.168.0.1(ro) 192.168.0.2(ro)                      
  /home        192.168.0.1(rw) 192.168.0.2(rw)                      
                                                                    


ł /usr/local ̋L slave1 slave2 ƂɓǂݏopƂĂ
Bɂ͎ŊJ\tgEFÂŁA slave1  slave2
ɏ݌^邱ƂɁAꂪ炷ZLeB̃XNz
郁bg͂Ȃł傤Bz[fBNǵAɃ[U
ƂZ[ûł΁Aǂݏ\ŃGNX|[gȂ΂Ȃ
܂B

傫ȃVXegĂꍇɂ́ÃRs[^
[Jlbg[NɂȂĂāA炷ׂĂT[oւ̃ANZX
s킹܂B̃}Vւ̎QƂȒPɍsɂ́A
̕@܂Bŏ̂̂́Albg[Nƃlbg}XNp
AANZX}V͈̔͂w肷@łBႦ 192.168.0.0 
192.168.0.255 ɂ邷ׂẴ}VɃANZXɂ́Â悤ȃG
gpӂ܂:

  /usr/local 192.168.0.0/255.255.255.0(ro)                          
  /home      192.168.0.0/255.255.255.0(rw)                          
                                                                    


lbg}XN̏ڂ쌴ɂĂ Networking-Overview HOWTO <http:
//www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html> (JF ɂ{
 <http://www.linux.or.jp/JF/JFdocs/Networking-Overview-HOWTO.html>)
ĂB܂ init  hosts.allow ̊e man y[WĂ
Ƃł傤B

Ԗڂ̕@́AGg NIS ̃lbgO[vpłB
exports t@CɃlbgO[vw肷ɂ́AlbgO[v̑O
"@" ΗǂłBlbgO[v̏ڂ쌴ɂĂ 
NIS HOWTO <http://www.linuxdoc.org/HOWTO/NIS-HOWTO.html> (JF ɂ{
 <http://www.linux.or.jp/JF/JFdocs/NIS-HOWTO.html>) Ă
B

OԖڂ̕@́AzXg̑ *.foo.com  192.168. ̂悤ȃC
hJ[hg@łB2.2 nJ[lɂ̓ChJ[h̎ɖ肪
̂łA̓J[l 2.2.19 ŏC܂B

̒PsƁAlbgO[v⃍[Jlbg[Nɂ
邷ׂẴ}VSɂ͐MłĂȂꍇɂ́AZLeB̃
XN邱ƂɂȂ܂B

GNX|[głȂ (邢ׂ͂łȂ) eɂāA
ɒӂĂ܂B܂ɁAfBNgGNX|[gƁA
̐efBNgƎqfBNg (t@CVXeɂꍇ)
GNX|[gł܂BGNX|[gKv͂Ȃ͂
BȂȂefBNg /etc/exports ɂ΁At@CVXe
ɂ邻ȉ̃fBNgׂ͂ăGNX|[g邩łB

ɁAFAT  VFAT t@CVXe (MS-DOS  Windows 95/98 ̗̈)
 NFS ŃGNX|[ĝ͂悢lł͂܂B FAT ̓}`[
Ũ}Vŗp邱ƂlĂ܂񂩂AƂTOɊ
삪s܂BɁÃt@CVXẻwVXe
A݌v̗R NFS ̊Ғʂɂ͓삵ȂƂ񍐂Ă܂B

OɁAfoCXt@Ct@ĆA Linux ȊÕNCAgɂ
GNX|[gȂƂ܂Be OS ꂼɊւڍׂ 
Section 8 ĂB

 

3.2.2. /etc/hosts.allow  /etc/hosts.deny

 2 ̃t@ĆAȂ̃}ṼT[rX𗘗pł̂́Albg
[N̂ǂ̃Rs[^Ȃ̂w肷̂łB̃t@C̊es
́AT[rXƃ}V̈ꗗXgЂƂ̃GgɂȂĂ܂B
T[o}Vv󂯂ƁAT[ô͎悤ɓ삵܂:

 E T[o͂܂ hosts.allow 𒲂ׂāÃ}Vt@C̋LqɃ}
    b`邩܂B}b`ꍇ́Ã}ṼANZX͋
    ܂B
   
 E ̃}V hosts.allow ̃GgɃ}b`ȂƂ́AT[o͎
     hosts.deny 𒲂ׁÃNCAg̃t@C̃XgɃ}
    b`邩܂B}b`Ã}ṼANZX͋ۂ
    B
   
 E ̃NCAgǂ̃t@C̃Xgɂ}b`Ȃ΁AA
    NZX͋܂B
   
̃t@CɂANZX́Ainetd ňT[rX (telnet 
FTP Ȃ) łȂA NFS ɂKpł܂B NFS T[rX񋟂f
[ւ̐ڑ𐧌ł̂łB̓T[rXƂɍs܂B

ANZX𐧌ׂŏ̃f[̓|[g}bp (portmapper) łB
̃f[̎d́A{Iɂ͗v悱NCAgɁAVXe
̗lX NFS T[rXւ̐ڑ`邱ƂłB|[g}bpւ̃A
NZX́A NFS oRŃVXe֐N悤Ƃ҂ɑ΂œKȖh
ƂȂ܂BȂȂSF؂ĂȂNCAǵAǂ NFS f[
邩m邷ׂȂłB 2 ̓_ɋC
΂Ȃ܂Bڂ́A|[g}bp𐧌邾ł͏\ł͂Ȃ
ƂƂłBN҂͂Ȃ炩̗RŁÃf[ւ̐ڑ
mĂ邩܂Bڂ́ANIS 𓮂Ăꍇɂ́A|[g
}bp𐧌 NIS ւ̗vƂƂłBʏ NFS
 NIS lɐł傤AꂪɂȂ邱Ƃ͏Ȃł
傤ACɂ͗߂ĂĂB (NFS 𓮍삳ȂA NIS
ɓ삳Ɨǂł傤BNCAg}Vɂ́AGNX|
[gꂽ{[ɂt@C̏L҂m@KvłB
pX[ht@C𓯊@͑ɂ܂B NIS ̐
ɂĂ NIS HOWTO <http://www.linuxdoc.org/HOWTO/NIS-HOWTO.html>
(JF ɂ{ <http://www.linux.or.jp/JF/JFdocs/NIS-HOWTO.html>)
ĂB

ʂɂ́ANFS (܂߂قƂǂ̃C^[lbgT[rX) ւ̃ANZX́A
Kv̂Ȃ IP AhXɑ΂Ă͖IɋۂĂ̂ǂ
傤B

ɂ́A܂̂悤ȃGg /etc/hosts.deny ɒǉ܂:


   portmap:ALL                                                      
                                                                    


nfs-utils 0.2.0 ́Aꂼ̃f[̃ANZXsƂ
AVXełɂł܂BN҂̓|[g}bpł邱
̂ŁA̗pSĂ̂͂悢ƂłBŋߔł nfs-utils p
Ă̂ȂA NFS ֘Ãf[ꂼɂăGgs
Ă܂傤 (̃f[ꂼꉽł邩͎̐߂
B܂͒Pɂ̃Gg hosts.deny ɉĂ):


    lockd:ALL                                                       
    mountd:ALL                                                      
    rquotad:ALL                                                     
    statd:ALL                                                       
                                                                    


Âł nfs-utils gĂꍇłAȂƂ̃Gg
Ė肪N邱Ƃ͂܂ (Pɖ܂)BăAbvO
[hƂɁAVXegu~Ă邩Ȃ킯ł
B /etc/hosts.deny t@C ALL:ALL ƂGgǉI
VXeǗ҂܂BƁÃt@CQƂ邷ׂĂ
T[rX́AIɋꂽzXgȊÕANZXׂċۂ
B͂ƂĂSȓłAVT[rXCXg[ۂ
gǔƂȂ邩܂B̃GguƂYĂ
ƁAȂVT[rXȂ̂AꐶĂ킩Ȃ
܂B

ɃGg hosts.allow ɒǉAANZXzXgw肵
B (L̂悤 hosts.deny ɒǉƁAN NFS ɃANZX
܂B) hosts.allow ̃Gĝ͎悤Ȍ`ł:


    service: host [or network/netmask] , host [or network/netmask]  
                                                                    


 host ̓NCAgɂȂzXg IP AhXłBzXg
DNS 𗘗płVXe܂A DNS ̗p͔悤
߂܂B

ȑOɍs悤ȐݒŁA slave1.foo.com  slave2.foo.com ɃANZX
ꍇl܂傤B̃}V IP AhXꂼ 
192.168.0.1  192.168.0.2 Ƃ܂B̏ꍇ͎̂悤ȃGg /
etc/hosts.allow ɒǉ܂:


   portmap: 192.168.0.1 , 192.168.0.2                               
                                                                    


ŋ߂̔ł nfs-utils ł́A̓eǉ܂傤 (T|[g
ĂȂĂQł):


    lockd: 192.168.0.1 , 192.168.0.2                                
    rquotad: 192.168.0.1 , 192.168.0.2                              
    mountd: 192.168.0.1 , 192.168.0.2                               
    statd: 192.168.0.1 , 192.168.0.2                                
                                                                    


NFS [Jȃlbg[NɂȂ̃}Vɑ΂ē삳
ꍇ́A /etc/hosts.allow ɂulbg[N/lbg}XNv`̃Gg
w肷邱Ƃł܂B͐ /etc/exports ̕Ő
̂ƓłB

 

3.3. T[rXJn

3.3.1. Ȍ

 NFS T[o̐ݒ肪ł܂̂ŁA삳Ă݂܂傤B܂AK
؂ȃpbP[WCXg[܂傤Bvɏ\VJ[lƁA
\Vł nfs-utils pbP[WłB悭Ȃ Section 2.4
܂傤B

āANFS JnOɁATCP/IP lbg[N̋@\̃}VŐ
삵Ă邩mF܂傤B telnet, FTP Ȃǂg΁A炭
TCP lbg[N͂ƓĂƎv܂B

́Aŋ߂ Linux fBXgr[V̂قƂǂł́A NFS N
ē삳ɂ́A}Vu[g邾ł݂܂BƋN
XNvǵAȂ /etc/exports ɑ΂čsݒmāANFS
𐳂NĂ܂BĂ݂ȂASection 3.4 ǂ
A NFS 삵Ă邩ǂׂĂB܂sȂꍇA
}Vu[głȂꍇɂ́A̐߂ǂ߂ NFS T[rXɕKvȃf
[ǂꂩ킩܂BȂ炩̗RŁAɐݒt@CҏW
_ nfsd 삵Ăꍇ́Asݒ𔽉fKv
܂Bsɂ Section 3.5 ĂB

 

3.3.2. |[g}bpN

NFS ̓|[g}bpf[ɈˑĂ܂BO portmap  
rpc.portmap ̂ǂ炩łB͍ŏɋNȂ΂Ȃ܂B
炭uꏊ /sbin ł傤A /usr/sbin ̏ꍇ邩܂
Bŋ߂ Linux fBXgr[V̂قƂǂ́Ãf[u[g
XNvgN܂A NFS ɊւƂn߂Oɂ́Aۂɓ
Ă邩m߂ĂƗǂł傤 (ps aux | grep portmap Ɠ͂
邾ł)B

 

3.3.3. ꂼ̃f[

NFS ̃T[rX́A5 ̃f[ɂď܂: rpc.nfsd ͍Ƃ
啔s܂B rpc.lockd  rpc.statd ̓t@CbN܂B 
rpc.mountd ͐ڑJñ}Egv܂B rpc.quotad ̓GNX|
[gꂽ{[ɂ郆[Ut@CNH[^܂B 2.2.18
ȍ~ł́Alockd  nfsd KvɉČĂяo܂̂ŁA蓮ŋN
Kv͂܂B statd ͕ʂɋNĂKv܂Bŋ߂
Linux fBXgr[V̂قƂǂɂ́Ãf[̋NXN
vg͂łB

̃f[ׂ͂ nfs-utils pbP[WɓĂA /sbin ܂
 /usr/sbin ̂ꂩ̃fBNgɂƎv܂B

gĂfBXgr[V̋NXNvgɂ炪Ȃꍇ́A
̏ɋN悤ݒǉȂ΂Ȃ܂:

rpc.portmap                                 
rpc.mountd, rpc.nfsd                        
rpc.statd, rpc.lockd (KvȂ), rpc.rquotad

nfs-utils pbP[Wɂ́ARedHat  Debian ̋NXNvg̗Ⴊ
Ă܂BȊÕfBXgr[VgĂꍇłA
 RedHat ̃XNvgRs[΂ނƎv܂A

    . ../init.d/functions                                           
                                                                    

Ƃs폜ȂƃG[bZ[W\邩܂B

 

3.4. NFS 삵Ă邩mF

sɂ́A rpcinfo -p R}hpă|[g}bpɖ₢킹A
ǂȃT[rX񋟂Ă邩𒲂ׂ܂B̂悤ȏo͂
łB

    program vers proto   port                                       
    100000    2   tcp    111  portmapper                            
    100000    2   udp    111  portmapper                            
    100011    1   udp    749  rquotad                               
    100011    2   udp    749  rquotad                               
    100005    1   udp    759  mountd                                
    100005    1   tcp    761  mountd                                
    100005    2   udp    764  mountd                                
    100005    2   tcp    766  mountd                                
    100005    3   udp    769  mountd                                
    100005    3   tcp    771  mountd                                
    100003    2   udp   2049  nfs                                   
    100003    3   udp   2049  nfs                                   
    300019    1   tcp    830  amd                                   
    300019    1   udp    831  amd                                   
    100024    1   udp    944  status                                
    100024    1   tcp    946  status                                
    100021    1   udp   1042  nlockmgr                              
    100021    3   udp   1042  nlockmgr                              
    100021    4   udp   1042  nlockmgr                              
    100021    1   tcp   1629  nlockmgr                              
    100021    3   tcp   1629  nlockmgr                              
    100021    4   tcp   1629  nlockmgr                              
                                                                    


ł NFS version 2  3Arpc.statd version 1A network lock manager
(rpc.lockd ̃T[rX) version 1, 3, 4 ܂B܂ NFS  TCP 
g UDP gɂāAʁX̃T[rXƂăXgĂ܂B
Linux VXéA TCP gׂw肳ȂA UDP ftH
gŗp܂B Solaris ̂悤ȑ OS ł́AftHg TCP 
ȂĂ܂B

 portmapper ̍sA nfs ̍sA mountd ̍ŝǂꂩȂ΁A߂
f[NȂKv܂ (łȂ΁ASection
7 guV[gĂ)B

̃T[rX\ĂANFS NCAgpӂāAT[o
̃t@CɃANZX邽߂̏ƂɂȂ܂B

 

3.5. /etc/exports ƂύX

قǂ /etc/exports t@C̕ύXĂэsȂꍇA̕ύX
ɂ͔f܂Bnfsd  /etc/exports t@Cǂݒɂ
A exportfs -ra R}hsȂ΂Ȃ܂B@exportfs R}h
Ȃꍇ́A -HUP tOw肵 nfsd  kill ܂ (ڍ
 kill  man y[WĂ)B

ł܂Ȃꍇ́A hosts.allow 𒲂ׁAVNCAg}
VXgYĂȂmFĂB܂t@CAEH[
肵Ăꍇ́ÃzXgXg`FbNĂ (t@CAEH
[ NFS ̊֌WɂĂ Section 7  Section 6 ƂĂ)B

 

4. NFS NCAg̐ݒ

4.1. [g̃fBNg}Eg

Ƃ͂߂OɁA茳 mount vO\ɐVx`F
bNĂ (Version 3 NFS g 2.10m Kvł)B܂
NCAg}V nfs }EgT|[gĂ邩mFĂ܂
傤 (̃fBXgr[Vł͂ȂĂł傤)B 2.2
ȍ~̃J[l /proc t@CVXeĂꍇ́A/proc/
filesystems ǂŁAnfs Əꂽs邩ĉBȂꍇ
A insmod nfs Ɠ͂Ă݂ĂB NFS W[ƂăRpC
Ă΁A nfs ̍s@̂悤ɓoꂷ邱Ƃł傤B߂
ANFS T|[ggݍ񂾃J[lrh (邢̓_E[h) 
Kv܂Bʏ́ANFS gݍ܂ĂȂJ[lňȉɎ
悤 mount R}hsƁA炩ɂƂ킩悤ȃG[ɂ
܂B

}V NFS NCAgɂɂ́Ã}VŃ|[g}bp𓮂K
v܂B܂ NFS Ńt@CbNgɂ́A rpc.statd  
rpc.lockd ƂANCAgƃT[o̗œKv܂Bŋ
̃fBXgr[V̂قƂǂł́AftHgł̃T[rX
u[gɋN悤ɂȂĂ܂BȂĂȂꍇɂ́A 
Section 3.2 ċN@𒲂ׂĂB

portmap, lockd, statd AT[õ[gfBNg ([
J̃n[hhCuƓ悤) mount R}hgă}Egł
͂łBO߂̗g邱Ƃɂ܂傤: T[o 
master.foo.comAẴT[o /home fBNg slave1.foo.com
}EgƂ܂B̏ꍇȂ΂ȂȂ̂́A 
slave1.foo.com  root ̃vvg玟̂悤ɓ͂邾łB

   # mount master.foo.com:/home /mnt/home                           
                                                                    

 master  /home  slave1  /mnt/home ƂČ͂łB
(̂ƂÃfBNg /mnt/home ͂炩߃}Eg|CgƂ
č쐬ĂƉ肵Ă܂B)

ꂪ܂Ȃꍇ́AguV[g̏ (Section 7) Ă
B

t@CVXeÔ[Jt@CVXȅꍇƑS
ŁA

   # umount /mnt/home                                               
                                                                    

Ɠ͂ OK łB

 

4.2. NFS t@CVXeu[gɃ}Eg

[Jt@CVXeƓ悤ɁA NFS t@CVXeNɃ}
Egł܂Bl /etc/fstab ɒǉ΂̂łBႤ̂́At
@CVXẽ^Cv nfs ɂȂ΂ȂȂƂƁAdump XCb`
 fsck V[PX̎w (Gg̍Ō 2 )  0 ɂȂ΂Ȃ
ȂƁAłBđOq̉X̗Ȃ΁A /etc/fstab ̃Gg͎
̂悤ɂȂ܂B

   # device       mountpoint     fs-type     options      dump fsckorder 
   ...                                                                   
   master.foo.com:/home  /mnt    nfs          rw            0    0       
   ...                                                                   
                                                                         

̃t@C̏ɊĂȂĺAfstab  man y[WĂ
Bamd  autofs ̂悤ȃI[g}E^gĂĺA}EgXg
̑ΉtB[hɁA (Sł͂Ȃɂ) 悭IvV
w肷邱ƂɂȂ܂B

 NFS 삷悤ɂȂ͂łA܂삳ɂ͂܂
XKvłB܂ Section 6 ǂŁA̐ݒ肪\S
mFĂB

 

4.3. }Eg̃IvV

4.3.1. \tg}Egƃn[h}Eg

ꏏɂĂƗǂIvV܂B NFS T[oNb
VƂlbg[NؒfꂽƂɁANCAgǂU镑
w肷̂łB̏Ԃ₩Ɉ̂ NFS ̗ǂƂ
łBT[ȍQɂĂ͓̃[h܂B

soft
   
    t@CANZX̃NGXgɎsƁANFS NCAg͂̃t
    @CANZXvvZXɃG[ʒm܂B̃G[
    vO܂AقƂǂ̓_łB̐ݒ
    ujt@CƃXgf[^̍v݂Ȃ̂ŁA߂ł
    BɃ[̃fBXNɂ͎gׂł͂܂ -- [ɉ
    lF߂ĂȂ΁B
   
hard
   
    NFS }Egꂽt@CVXẽt@CɃANZXĂv
    ÓAT[oNbVƒԂɂȂ܂B
    vZX intr ꏏɎw肵ĂȂꍇ́Af邱Ƃ kill
    邱ƂłȂȂ܂ ("sure kill" gΕ)B NFS T[o
    ƁAvO͂ꂼꉽȂ̂悤ɍĊJ܂B
    炭炪]܂ꍇł傤BSĂ NFS }Egɂ
    A hard,intr p邱Ƃ߂܂B
   
L̗Ⴉ̂΁Afstab ̃Gĝ͎悤ɂȂł傤:

   # device             mountpoint  fs-type    options    dump fsckord 
   ...                                                                 
   master.foo.com:/home  /mnt/home   nfs      rw,hard,intr  0     0    
   ...                                                                 
                                                                       

 

4.3.2. ubNTCYݒ肵ē]xœK

}EgIvV rsize  wsize ́ANCAgƃT[of[^
Ƃ肷Ƃ́Af[^̓]Pʂw肷̂łB

ftHg̒l͑傫/܂BSẮA邢͑
ݒɗLȃTCYAƂ̂͂܂BႦ Linux J[lƃlb
g[NJ[h̑gݍ킹 (͌Â}Vł̘b) ɂẮA܂
傫ȃubN͈܂B傫ȃubN΁A傫ȃTCY
̓]͍ɂȂ܂B

œKȃubNTCY𓾂Ƃ́ANFS ̐\ɏdvȉe^܂B
NFS ̊Ŏgꍇɂ͕K{ƌł傤Bڍׂ Section 5 
ĂB

 

5. NFS ̐\œK

NCAgƃT[o̗ʂA𒍈Ӑ[͂邱ƂA NFS ̐
\œKۂ̍ŏ̃XebvɂȂ܂BÕZNVł́A
ɃNCAg̕ŏdvɂȂ_܂B㔼 (Section 5.3 ȍ~) 
́AT[o̓_c_܂BT[oENCAgł̍ڂ́A݂
ɉeyڂƂȂ킯ł͂܂񂪁AEʂ͂
邽߂ɂ́A 2 𕪂Ăƕ֗Ǝv܂B

\ȃlbg[NeʁA NICASd̐ݒɂďՓ˂炷AX
Cb`nuŃlbg[NXs[hvAƂ悤ȃlbg
[N֘A̐ݒƁANCAgœK邽߂ɍłdvȐݒ
A NFS f[^]̃obt@TCYł傤B mount R}h 
rsize, wsize eIvVŐݒ肵܂B

 

5.1. ubNTCYݒ肵ē]xœK

mount R}h rsize IvV wsize IvV́ANCAg
T[of[^Ƃ肷Ƃ̃f[^̓]Pʂw肷̂łB
ꂼ̃IvVw肳ȂƂ̃ftHgĺAgĂ NFS
̃o[WɂĈقȂ܂BقƂǂ̏ꍇ̃ftHg 4K (4096
oCg) łA 2.2 J[lɂ TCP x[Xł̃}EgA 2.4 J
[lȍ~ł̂}Egł́AT[oftHg̃ubNTCY
w肵܂B

NFS V2 vgR̗_̏ 8K łB V3 vgRł̏̓T[
oɂĈقȂ܂B Linux T[oł̍őubNTCÝAJ[l\
[X ./include/linux/nfsd/const.h ɂJ[l萔 
NFSSVC_MAXBLKSIZE Ō܂܂B 2.4.17 ̎_ł́AJ[l̍őu
bNTCY 8K (8192 oCg) łA 2.4 nɑ΂ NFS over TCP/IP
]pb`ł́AM_ 32K (̃pb`ł 32*1024) 
ubNTCYɂȂĂ܂B

ׂĂ 2.4 nNCAǵA_ōő 32 K ܂ł̃ubN]TC
YT|[gĂA Solaris ̂悤ȑ̃T[o NFS ]ŕW
ƂȂĂ 32K ̃ubN]ANCAgC邱ƂȂp
܂B

ftHg̒l͑傫/܂BSẮA邢͑
ݒɗLȃTCYAƂ̂͂܂BႦ Linux J[lƃlb
g[NJ[h̑gݍ킹 (قƂǂ͌Â}Vł̘b) ɂẮA
܂傫ȃubN͈܂B傫ȃubN΁A傫ȃT
CY̓]͍ɂȂ܂B

sāA삷ōőƂȂ悤 rsize  wsize 肵
傤BݒɂƂ̓]x́Albg[NGĂȂ
΁A̊ȒPȃR}hŒׂ܂Bۂ̌ʂ͏ꍇɂđ
ςĂ܂܂B̍ۂɂ Bonnie, Bonnie++, IOzone
ƂA蕡Gȃx`}[NgƂɂȂ܂B

ŏɎsׂR}h́A16k ̃ubN 16384 Aȃt@C /
dev/zero (ǂݍނ 0 uɁvɓfoĂ܂) }Eg
p[eBVɓ]̂łBǂ̂炢Ԃ邩 time
ő܂傤BNCAg}V玟̂悤ɓ͂܂B

    # time dd if=/dev/zero of=/mnt/home/testfile bs=16k count=16384    

 (oCgf[^) 0 Ŗ߂ꂽA傫 256Mb ̃t@C
ł܂Bʂɂ́AT[oɐςł RAM ̃TCÝAȂƂ 2
{̑傫̃t@Cׂł (fBXNɋ󂫂邩AmF
YȂ!)Bɂ̃t@CANCAg̃ubNz[ (/
dev/null) ɓǂݏo܂B̂悤ɓ͂ĂB

    # time dd if=/mnt/home/testfile of=/dev/null bs=16k                

񂩌JԂāAԂ𕽋ςĂBΏۂ̃t@C
VXe𖈉A}Egă}Eg (NCAgƁA
̓T[oł)ALbV̌ʂׂăNÂYꂸɁB

IA}EgAubNTCY𑝌Ăx}Eg
BTCY 1024 ̔{ɂA܂VXeł̍őubNTCY
͉zȂ悤ɂ܂傤B NFS Version 2 ̍őTCÝA 
NFSSVC_MAXBLKSIZE ł̒`ɂ炸 8K łB Version 3 ́A
Ă 64K ܂ŃT|[g܂BubNTCY 2 {ςĂ
ǂł傤B]Ɋ֘Ap[^ (t@C̃VXeubNT
CYlbg[ÑpPbgTCYȂ) AĂ 2 {ς邩
łBAubNTCY 2 ̙pȊO̒lɂāAǂʂ
[U܂B̏ꍇłAVXẽubNTCYlb
g[NpPbgTCY̐{ɂ͂ȂĂ܂B

傫ȃTCYŃ}EgÃt@CVXe cd Als Ȃ
āAt@CVXe̒邩ׂĂ݂ĉB rsize 
wsize 傫߂ƁAȒ󂪌At@C̐M 100% łȂ
Ȃ܂B悭ƂẮuls ĂׂĂ\ȂAG[b
Z[WoȂvƂuG[bZ[W͏oȂ̂Ƀt@C̓ǂݍ݂
ȂsvȂǂ܂BāA^ rsize/wsize ŃVXe
삵Ă邱Ƃ킩Axx̃eXgĂ݂܂傤
BT[o OS ႤƍœKȃTCYقȂꍇłB

Ō /etc/fstab ҏWāA܂ rsize/wsize ̒l𔽉f̂
YȂ悤ɁB

ʂтȂA^킵肵ꍇɂ́A rsize  wsize 
lωȂAlbg[NƐ^ʖڂɉ͂Kv邩
܂B̏ꍇɂ́Ax`}[N\tggƗǂ܂
B|C^Ă܂B

 E Bonnie http://www.textuality.com/bonnie/
   
 E Bonnie++ http://www.coker.com.au/bonnie++/
   
 E IOzone file system benchmark http://www.iozone.org/
   
 E  NFS x`}[N, SPECsfs97 http://www.spec.org/osg/sfs97/
   
ɂ܂܂ȃt@CTCYA܂܂ IO ` (ǂݏoE
݁AēǂݏoEď݁A_ANZXȂǂȂ) ȂǁAłL
͂āAłȒPȃx`}[ŃA IOzone ̂悤Ɏv܂B
 IOzone ̎s@ƂĂ (ɂ root Kvł)Ae
XgfBNgA}EgEă}EgăLbV֗^
悤ɂAt@CN[YԂ̑eXgɓ悤Ȃł
BłɃT[o foo  /tmp 𐧌ȂŃGNX|[gĂA IOzone 
[JfBNgɃCXg[ς݂łƂƁÂ悤ȃR}
hQɂȂ܂B

    # echo "foo:/tmp /mnt/foo nfs rw,hard,intr,rsize=8192,wsize=8192 0 0" 
    >> /etc/fstab                                                         
    # mkdir /mnt/foo                                                      
    # mount /mnt/foo                                                      
    # ./iozone -a -R -c -U /mnt/foo -f /mnt/foo/testfile > logfile        

x`}[Nɂ͍ő 2`3 Ԃ܂BāAΏۂ 
rsize  wsize ύX邽тɎsKv܂B web TCgɂ
p[^ԗ܂ALŗpIvVɂĂ
ȉŐ܂B

 E -a S[hBt@CTCY 64K  512M ܂łAR[hT
    CY 4K  16M ܂łŃeXg܂B
   
 E -R |[g Excel ̃XvbhV[gŐ܂ (Otɂ
    "surface plot" IvVp̂ǂł傤)B
   
 E -c t@CN[YԂ̃eXgsB NFS version 3 
    commit Ԃ擾܂B
   
 E -U ^ꂽ}Eg|CgeXgƂɃA}Eg/ă}Eg
    ALbVNAB
   
 E -f A}EgpƂ́A}Egꂽt@CVXeɒu
    ꂽeXgt@Cw肷Kv܂B
   
 

5.2. pPbgTCYƃlbg[NhCo

Linux ̃lbg[NJ[hhCȏ͗Dꂽ̂łAɂ́A
rIWIȃJ[ĥ̂܂߁Aɂ߂ďö̂܂B
lbg[NJ[h𒼐ڃeXgāAō̏Ԃœ삳ɂ͂ǂ
ΗǂmĂ̂́A邾̉l邱Ƃƌ܂B

2 ̃}V̊Ԃ ping 肵Ă݂܂傤B̍ -f IvV
 -s IvVp (ڍׂ ping(8) Ă) 傫ȃpPbg
gAʂ̃pPbgXNĂȂAɎԂĂȂ
Ă݂܂傤B̂悤ȏQNĂꍇ́Albg[NJ[
h̐\ɖ肪邩Ǝv܂B

NFS ̓ɓ͂ڂsɂ́A nfsstat R}h
 NFS gUNVANCAg/T[o̓vAlbg[N̓v
ȂǂĂB "-o net" IvVpƁAgUNV
pPbgɑ΂pPbg̉񐔂\܂B UDP gUNV
ōłdvȓv͍đŁA̓pPbgA\Pbg̃obt@
I[o[t[AʓIȃT[ỏߕׁA^CAEgȂǂɂĐ
B NFS ̐\ɔɏdvȉe^̂ŁAӐ[Kv
܂BȂ nfsstat ͂܂JE^[ɃZbg -z IvV
Ă܂BāAx`}[NsOɁA܂ nfsstat J
E^̌ݒlĂKv܂B

lbg[N̖Cɂ́Albg[NJ[h̗pĂpPb
gTCYĐݒ肷Ƃł傤B 2 ̃}V̊Ԃłłp
PbgTCY̍őĺAقƂǂ̏ꍇlbg[N̂ǂ (Ⴆ΃[
^) ɂāAlbg[NJ[ĥ̂菬ȒlɐĂ܂B
TCP ł̓lbg[Nɑ΂ēK؂ȃpPbgTCYIɌ悤
ɂȂĂ܂A UDP ł͒PɃftHg̒lgłB]āA
 UDP  NFS gĂꍇɂ́AK؂ȃpPbgTCY߂邱
͔ɏdvłB

lbg[NpPbgTCỸeXg tracepath R}hɂčs܂
BNCAg}VP tracepath server 2049 Ɠ͂΁A
path MTU \܂B ifconfig  MTU IvVgāAlb
g[NJ[h MTU  path MTU ̒lƓɂApPbgȂ
邩mFĂB MTU ̍Đݒ@̏ڍׂ ifconfig  man y[W
ĂB

 netstat -s g΁AT|[gĂvgRSĂɑ΂Ď
Wꂽv\܂B܂ /proc/net/snmp ΁Ã݂lbg
[N̓󋵂Ɋւ񂪂킩܂Bڍׂ͎̐߂ĂB

 

5.3. tOgꂽpPbg̃I[o[t[

network  MTU (̃lbg[Nł͒ʏ 1500) 傫 rsize  
wsize pƁANFS over UDP gĂꍇɂ IP pPbg̓tO
g܂B IP pPbg̃tOgƍč\́Albg[N
ڑ̗ŁAʂ CPU KvƂ܂BɃpPbg̃tO
gsĂԂł́A UDP pPbg̃tOgȂ炩̗
RŗƂ RPC NGXgŜđȂ΂ȂȂ߁Albg
[N]ƕsɂ܂B RPC đ̑́A^CAEg𑝉
邱ƂɂȂ肩˂A NFS over UDP ̐\ň̌Ƃ
܂B

pPbg͂낢ȗRŐ܂Blbg[Ň`󂪕GƁA
tOǧoHقȂ邩mꂸAT[oł̍č\ɑSĂ
Ȃ܂BJ[lobt@łtOg̐ɂ͏
AzƃpPbg͔j邽߁A NFS T[o̎e\͂
ɂȂ܂B /proc t@CVXeT|[gJ[lł́A /proc
/sys/net/ipv4/ipfrag_high_thresh  /proc/sys/net/ipv4/
ipfrag_low_thresh t@CŊmFł܂B̃tOgpPb
g ipfrag_high_thresh (oCgP) zƁAJ[l͒PɃpPb
g̃tOĝĂ͂߁ATCY̍v ipfrag_low_thresh Ɏw肵
lɂȂ܂Ŏ̂đ܂B

ʂ̃j^[JE^ƂāA /proc/net/snmp t@Cɂ IP:
ReasmFails ܂B̐́AtOg̍č\Ɏs񐔂ł
Bdt@C̍ۂɂ̒l܂ɋ}ɏ㏸ꍇ́A炭
肪Ă܂B

 

5.4. NFS over TCP

V@\ł NFS over TCP ́A 2.4 J[lł 2.5 J[lł
pł܂A܂M_ł̓CXg[̃J[lɂ͓
܂B TCP ̗pɂ́AUDP ɑ΂Ă͂肵_E_܂
B_́AX̑lbg[Nɂ UDP 肸Ɨǂ삷邱
łB TCP gꍇ́ApPbgЂƂƒPɂꂪđA
RPC NGXgŜđ悤ȂƂ͋N܂BăX̑
lbg[Nł͂ǂ\܂B TCP ́Aw̃lbg[
Nxł̃t[̂ŁAlbg[NẍႢ UDP 
܂܂B

TCP p邱Ƃ̌_́A TCP  UDP ̂悤ȃXe[gX̃vgR
ł͂ȂƂłBpPbgM̍ŒɃT[oNbVƁANC
Ag̓nOĂ܂AׂĂ̋LA}EgEă}EgK
v܂B

TCP vgR̓I[o[wbhKvƂ邽߁AzIȃlbg[N
̉ł UDP ɔׂďX\ቺ܂B̃RXg͂܂茵
̂ł͂ȂAӐ[肵ȂƋCtȂꍇł傤B
M̒[[܂ gigabit C[TlbggĂ悤ȏꍇ́Aȃt
[̗p݂Ă݂Ƃ܂Bȃlbg[Nł́A
Ƀlbg[NSd̏ꍇɂ́At[TCY傫ĂՓ˃
[gȂłB

 

5.5. ^CAEgƍđ̒l

mount R}h 2 ̃IvVA timeo  retrans ́ANCAg
pPbgElbg[NׂȂǂɂă^CAEgƂ́A UDP
NGXg̓𐧌䂷̂łB -o timeo IvV͎Ԃ̒
1/10 bPʂŎw肷̂ŁANCAg͂̎ԂzƃT[o
炦ȂƔfANGXgđ悤Ǝ݂܂BftH
g 0.7 błB -o retrans IvV́ANCAg߂
łɋ^CAEg񐔂ŁAz Server not responding 
bZ[W\܂BftHg 3 łBNCAg
bZ[W\ANGXg𑗐M悤Ƃ܂Ã^C
AEg 1 ŁAG[bZ[W\܂BڑAƁANC
Ag͂ӂь retrans ̒lp悤ɂȂA Server OK Ƃ
bZ[W\܂B

łɑʂ̍đNĂ (nfsstat R}h̏o͂Ă)A
邢̓^CAEgEđNƂȂubN]TCY𑝉
ꍇɂ́A̒l𒲐Ƃł傤BK؂Ȓl͊
Ɉˑ܂AقƂǂ̏ꍇł݂͌̃ftHgŖȂ͂ł
B

 

5.6. NFSD ̃CX^X̐

Linux ł OS łAقƂǂ̋NXNvgł́A nfsd ̃CX^
X 8 N܂B NFS ̍ŏ̍ Sun ͂̒loƂČ
Ǎ݂͂Ȃ̒lRs[Ă̂łBǂ̂炢̃vZX
œK߂ǂ͂܂񂪁AgtBbN̑傫T[oł͂
傫Ȓlɂ̂ǂł傤BŒłvZbTЂƂ̃f[
͋NׂŁAvZbT 4  8 Ƃ̖̂ڈ
ɂȂł傤B 2.4 ȍ~̃J[lgĂĺAe nfsd Xbh
ǂ̂炢gĂ邩 /proc/net/rpc/nfsd ŌĂ݂Ƃł傤
B̃t@C th s̍Ō 10 ̐́A蓖ĉ\ȍőlɑ
ep[Ze[Wɂ̃XbhbĂ܂Bŏ 3
̒l傫Ƃ́A nfsd ̃CX^X𑝂₷قǂł傤B
sɂ́Anfsd NƂ̃R}hCIvVŃCX^
X̐^܂B NFS ̋NXNvg (Red Hat Ȃ /etc/rc.d/
init.d/nfs) ł RPCNFSDCOUNT Ŏw肵܂Bڍׂ nfsd(8)  man y[
WĂB

 

5.7. ̓L[̃

2.2  2.4 ̃J[lł́A\Pbg̓̓L[ (̃NGXg
Ƃ) ̃ftHg̃TCYl (rmem_default) ͏A64k 
܂B̃L[͓ǂݍݕׂ傫NCAgŁA܂
ݕׂ̑傫T[oŏdvłBႦ΁AT[o nfsd ̃CX^X
8 点ĂƂ΁AeXɂ͏Ώۂ̃NGXgۑꏊ
8k ȂƂɂȂ܂BɁA\Pbg̏o̓L[ (ݕ
ׂ̑傫ȃNCAgEǂݍݕׂ̑傫ȃT[oŏdv) AftH
g̃TCY (wmem_default) ͏ȂĂ܂B

NFS x`}[N SPECsfs <http://www.spec.org/osg/sfs97/> ̎sʂ
JĂ܂Ał [rw]mem_default  [rw]mem_max
̗ɂƑ傫Ȓlw肵Ă܂B̒ĺAȂƂ 256k
ɂ܂ő₷ƂlׂłBǂݏ̏ĺA(Ⴆ) proc t
@CVXe /proc/sys/net/core/rmem_default  /proc/sys/net/core/
rmem_max pĐݒ肵܂B rmem_default ̒l𑝉ɂ 3 
iK𓥂݂܂Bȍ~Ɏ@͂ƂۂłAƓ
܂ANƂȂ͂łB

 E ̃t@CɏĂTCY𑝉܂:
   
         # echo 262144 > /proc/sys/net/core/rmem_default        
         # echo 262144 > /proc/sys/net/core/rmem_max            
   
 E NFS ċN܂BႦ RedHat VXeȂ玟̂悤ɂ܂B
   
         # /etc/rc.d/init.d/nfs restart                         
   
 E TCY̏lʏ̒lɖ߂ÃJ[lVXe͂g
    悤ɂ܂B
   
         # echo 65536 > /proc/sys/net/core/rmem_default         
         # echo 65536 > /proc/sys/net/core/rmem_max             
   
̍Ō̃Xebv͕sŁA̒l𒷂ԕς܂܂ɂĂ
A}VNbVƂ|[g󂯂Ă܂B

 

5.8. NIC ƃnu̎lSVG[V𖳌ɂ

lbg[NJ[h̒ɂ́A쑬xSdEdقȂnuAXC
b`A|[gȂǂƂ̎lSVG[V܂łAʂ̃RW
EpPbgȂǂɂāA\ɗ򉻂̂܂B 
nfsstat ̏o͂ɑʂ̃pPbgA邢͈ʂɃlbg[
N̐\łȂꍇ́Albg[NxƑS/d̐ݒĂ݂
B\Ȃ 100BaseT Sd̃Tulbgm邱ƂɏW
傤BSdɂ鉼zIȃRẂA NFS over UDP ɂ
傫Ȑ\ቺ̌菜Ă邩łBJ[h̎lSVG
[V@\؂Ƃɂ͒ӂKvłBJ[hڑĂnu
XCb`́Aʂ̕@ (ႦΕ񌟒mȂ) đS/d̐ݒ
߂܂AJ[hɂĂ (ÂnułT|[gĂƂR
) ftHgdɂȂĂ邱Ƃ邩łBhCoT|
[gĂ̂ł΁A 100BaseT SdŃlSVG[V悤J[
hɋ̂őPłB

 

5.9. NFS ̓Ɣ񓯊

nfs-utils  Version 1.11 O exportfs ł́A NFS  Version 2 
Version 3 vgR̂ǂɂĂAftHg̃GNX|[ǵu
 (asynchronous)vōsȂ܂ (Ȃ Version 1.11  CVS c[ɂ
݂܂A 2002 N 1 ̒iKł͂܂pbP[WɂȂĂ܂)B
̃ftHgɂẮAT[o̓NCAg̃NGXgɑ΂A
[J̃t@CVXeɓnƂŕԓ邱Ƃ
Af[^iIȃXg[Wɏ܂邱Ƃ҂Kv͂܂
B̓T[õGNX|[gXg async IvVɂĎʂł
܂B񓯊͐\サ܂AłȂf[^⃁^f[
^LbVɂƂɃT[ou[gƁAf[^\
܂B̃f[^j͎ۂɋN܂ł킩܂B async IvV
w肷ƁApĂvgRɊւ炸AT[o̓NCAg
΂āAf[^ׂ͂ĎۂɉiIȃXg[Wɏ܂ꂽAƉR
łB

u (synchronous)v NFS T|[g鏤piVXe
(Solaris, HP-UX, RS/6000 Ȃ) ̑ŁA܂ŐVł exportfs łft
HgɂȂĂ܂B̓ɂ́ALinux T[õt@CVX
e sync IvVŃGNX|[gKv܂BȂIȃG
NX|[gꍇ́AT[õGNX|[gXgɂ̓IvV\
܂B

 E 2 ̃t@CVXeAXقȂIvVŁANCA
    gɑ΂ăGNX|[g܂B
   
        # /usr/sbin/exportfs -o rw,sync *:/usr/local            
        # /usr/sbin/exportfs -o rw *:/tmp                       
   
 E ƃGNX|[gꂽt@CVXẽp[^͎̂悤ɂ
    ܂B
   
        # /usr/sbin/exportfs -v                                 
        /usr/local *(rw)                                        
        /tmp *(rw,async)                                        
   
J[l /proc t@CVXeT|[g悤ɃRpCꂽ
́A /proc/fs/nfs/exports t@CɂĂׂẴGNX|[gIv
ṼXg\ł܂B

w肷ƁAT[o NFS version 2 ̃NGXgɑ΂āA[
Jt@CVXeׂẴf[^E^f[^fBXNɏނ
œ܂ (܂NCAgɉ܂)B NFS
version 3 ɂẮAT[o͂̒xsƂȂԓsANC
AgɃf[^̏ԂԂāAǂ̃f[^LbVɕێĂׂ
A܂ǂ̃f[^͎̂ĂĂ悢𔻒fł悤ɂ܂B include/
linux/nfs.h  enum ^ϐ nfs3_stable_how ɂ́A3 ̏Ԓl܂
B

 E NFS_UNSTABLE - f[^E^f[^̓T[ỏiIȃXg[W
    commit ĂȂ̂ŁAŃNCAg commit NGXgɂ
    ăT[oۂɃf[^iIȃXg[WɑƂmFł
    ܂ŁANCAgŃLbVĂȂ΂ȂȂB
   
 E NFS_DATA_SYNC - ^f[^͉iIȃXg[WɑĂȂ̂
    ANCAgŃLbVĂȂ΂ȂȂB̏ꍇƓ
    悤ɁA commit sKvB
   
 E NFS_FILE_SYNC - f[^E^f[^LbVĂKv͂ȂB
    ܂ÃNGXg͈̔͂ɑ΂ẮA commit 𑗂KvȂ
    B
   
L̓̒`ɉANCAg (vgRɂ炸) 
IɊSȓs悤Ȏwł܂Bɂ̓t@CI[v
ۂ O_SYNC IvVw肵܂B̏ꍇANCAg
NGXgɑ΂鉞́Af[^ۂɃT[õfBXNɏ܂
܂ōsȂ܂B̓vgRɂ܂ (܂ NFS version 3
ɑ΂ẮAׂẴNGXg NFS_FILE_SYNC NGXgƂȂA
T[oɑ΂ĕK̏ԂԂ悤ɋ߂̂ł)B̏ꍇANFS
version 2  NFS version 3 ̐\͎㓯ɂȂ܂B

AÂftHgł async 삪pĂꍇɂ́A
 NFS o[WɂĂ O_SYNC IvV͑SӖ܂BT
[o͏݂̊҂ƂȂNCAgɉĂ܂ł
B̏ꍇAo[ẄႢɂ鐫\͌܂B

ŌɈꌾBNFS version 3 vgR̃NGXgł́At@CN[
YƂ fsync() ̎ NFS NCAguov commit 
NGXgs܂AɂăT[o͈ȑO݂Ă
Ȃf[^E^f[^fBXNɏނ悤܂B
T[óA sync ɏ]̂ł΁Ȁ݂I܂ŃNC
Agɉ܂B async pĂꍇ́A commit 
{I no-op (sȂȂ) łBȂȂT[o͍ĂуNCA
gɑ΂āAf[^͊ɉiIȃXg[WɑꂽAƉR
łBƃNCAg̓T[of[^iIȃXg[Wɕۑ
ƐMĎ̃LbV̂ĂĂ܂̂ŁA͂͂NCAg
T[of[^j̊댯ɎNƂɂȂ܂B

 

5.10. T[o̐\ NFS ȊO̕@

ʂɁAT[o̐\ƃT[õfBXNANZXx NFS ̐\ɂdv
ȉeyڂ܂BǍDɋ@\t@CT[o̐ݒɑ΂KCh
C񋟂邱Ƃ́A̕ň͈͂zĂ܂A̃q
g񋟂Ăl͂ł傤B

 E RAID AC𗘗płꍇ́A RAID 1/0 pďݑxƏ璷
    x̗mۂ܂傤B RAID 5 pƓǂݍ݂͑Ȃ܂
    A݂݂͂߂ȂƂɂȂ܂B
   
 E W[iOt@CVXep΁AVXeNbV
    ƂɍċNɗv鎞ԂIɒZȂ܂B_ł́A ext3
    <ftp://ftp.uk.linux.org/pub/linux/sct/fs/jfs/>  NFS version 3 
    ꏏɐ삵܂B܂ Reiserfs version 3.6 ȍ~A 2.4.7 
    ~̃J[l NFS version 3 ƈꏏɐ삵܂ (ȑÕJ
    [lɑ΂pb`܂)BO Reiserfs ł́A
     (generation number) ̕ۊǏꏊ inode ɖ߁AT[oċN
    ƂɌms\Ȍ`Ńf[^j󂷂\܂B
   
 E ܂AW[iOt@CVXeɂāAW[i̍XV̓f
    [^ی̂߂ɂ̂ݕKvłAƂ𗘗p΁A\ő
    邱Ƃ\łBႦ ext3 ɎȂA data=journal 
    pāAXV܂ׂăW[iɑ΂čsȂAĂ̌Ńt
    @CVXe{̂ɑ΂čs悤ɂ܂BW[iXVꂽ
    A NFS T[o͈SăNCAgɑ΂鉞𔭍słAC
    t@CVXe̍XV̓T[oɂȂƂɍsȂΗǂ̂łB
   
    W[iOt@CVXẽW[itbVJ[h
    Ȃǂ̕ʂ̃foCXɒuAW[i̍XVɃV[Nsvɂ
    邱Ƃł܂BΉ]҂RXgɂȂ̂ŁA IO
    ̐\Ȃǂł܂B܂ł ext3 ̓W[ĩP[V
    T|[gĂA܂ ReiserFS ߁X () T|[g
    ͂łB ftp://ftp.namesys.com/pub/reiserfsprogs/
    reiserfsprogs-3.x.0k.tar.gz <ftp://ftp.namesys.com/pub/
    reiserfsprogs/reiserfsprogs-3.x.0k.tar.gz> ɂ ReiserFS p̃c[
    pbP[Wɂ́A reiserfstune Ƃc[Ap
    W[ĩP[VsȂ܂Bɂ̓J[lpb
    `KvŁA͂܂ 2002 N 1 ̒iKł͌ɂ̓[X
    ܂B
   
 E automounter (autofs  amd) p΁ANX}Eg (킴Ƃ
    ł) }V̂ǂ炩ƂłAЕ̃n
    OAbv܂Bڍׂ Automount Mini-HOWTO <http://
    www.linuxdoc.org/HOWTO/mini/Automount.html> Ă (JF ɓ
    { <http://www.linux.or.jp/JF/JFdocs/Automount.html> 
    )B
   
 E [J[ɂẮAs RAM (NVRAM) p NFS ANZ[^
    񋟂Ă܂ (Network Appliance, Hewlett Packard Ȃ)B NVRAM
    p΁AiIȃXg[Wւ̃ANZX async pƓ
    ɂ܂ŉł܂B
   
 

6. ZLeB NFS

łZLeB̗ӓ_qׂ܂AłȂ̃TCg
SɈSɂȂ킯ł͂܂BȂɂ̂ATCgSɈS
邱Ƃ͂ł܂B̐߂ǂ߂ NFS ݂̃ZLeBɊւ
m𓾂鏕ɂ͂Ȃł傤AԗIȃKChł͂܂񂵁A
eɕωĂ܂BZLeB֘A̋Zqg
łA HOWTO ̊Ǘ҂ɑĂB

Ȃ̃lbg[NAOƂ̒ʐMs킸 (f)
A̃}VׂĂƃ[UׂĂMłȂA̐߂̓e
Ȃ̖ɂ͗܂B̂悤ȏ󋵂ɂlbg[N͂ǂ
炩ƂƏł傤A NFS ݒ肷lɂ́A̐߂OIɏn
ǂ邱Ƃ߂܂B

NFS ɂāAT[õ[gfBNgɂt@CփANZXł
悤ɂȂ邽߂ɂ́ANCAg 2 ̒iKoȂ΂Ȃ܂B
ŏ̒iK̓}EgANZXłB}EgANZX́AT[oɃA^b`
悤ƂĂNCAg}Vɂčs܂B̒iKł̃ZL
eB /etc/exports t@CE܂B̃t@ĆAL|C
gւ̃ANZX}V̖O܂ IP AhXXg
̂łBNCAg IP AhX̃ANZXXg̃Gĝǂ
Ƀ}b`΁Ã}V̓}Eg܂B͂̂
SAƂ킯ł͂܂BAhX̂ꂽꂽ肷
ƁA}Eg|Cgւ̃ANZXĂ܂܂B̃^Cv́uF
vEɗႦĂ݂܂傤: NȏЉĂƂāA̐l
Ɂuɂ́A̖ÓłvƂDĂ邱Ƃ𗝗R
A̎ȏЉ̓eM悤Ȃ̂łB}V{[}E
gƁÃ}Vœ삵Ă OS ́Ã{[ׂ̂Ẵt@
CɃANZXł邱ƂɂȂ܂ (root ۗLĂt@C͏O
\Bq)B̃{[ rw IvVŃGNX|[gĂ
Ãt@Cւ̏݃ANZX\ƂȂ܂B

Ԗڂ̒iK̓t@CANZXłB̓NCAgɂAʏ
t@CVXẽANZX@\łA NFS Ǝ̂̂ł͂܂
BhCu}EgƁÃt@C̃[Up[~bVEO
[vp[~bVANZX߂邱ƂɂȂ܂B

Ăї: bob ̓T[oŃ[U ID 9999 Ƀ}bvĂƂ܂傤B
{u̓T[oŃ[Û݂ANZXłt@C܂ (chmod 600 
filename Ɠ͂̂Ɠł)B̃t@CۑꂽhCuւ
ANZXANCAg܂B̃NCAgł́A
[U ID 9999 ɂ mary }bvĂ܂B̏ꍇAbob ɂ
ANZXłȂ悤ɂt@Cɑ΂āÃNCAgł̃[U
mary ANZXłĂ܂܂BɈƂɁÃNCAgŒN
X[p[[UɂȂĂ܂ƁA̒N su - username ɂĂ
ȃ[UɂȂĂ܂̂łB NFS ͌Ƃ͌܂B

͐]Iȏ󋵂Ƃ킯ł͂܂B̃NCAgɂ댯
́AT[oɂ̎i{Όy邱Ƃł܂B
PɏЉ܂B

ZLeB͎ɂ͊֌WȂAƂl͂炭ԈႢłB 
Section 6.1 ł̓|[g}bpSɂ@qׁA Section 6.2 ł̓T
[oA Section 6.3 ł̓NCAgSɂ@ꂼ
BŌ Section 6.4 ŁA NFS T[o̐t@CAEH[ݒ
ɂĊȒPɋc_Ǝv܂B

ŌɂA nfs ̃f[ƃNCAgvÔׂĂŐV
ĂƂ͔ɏdvłBŋ߂ɃAiEXꂽ肾玩
ɂ͊֌WȂ낤AƂlĂĺAłɂ̎_ŐNĂ
邩܂B

ŐṼZLeB𓦂Ȃ悤ɂɂ́A bugtraq [OX
gwǂ̂ǂł傤Bwǂ̕@ȂǁAbugtraq Ɋւȅ
 http://www.securityfocus.com/forums/bugtraq/faq.html ɂ܂B

܂ securityfocus.com <http://www.securityfocus.com> ̌GW 
NFS ΁A NFS Ɋ֘AZLeB񍐂ׂ̂Ă邱Ƃ
܂B

CERT ̊IɃ`FbN܂傤B www.cert.org <http://
www.cert.org> ɂ CERT ̃EFuy[WɂȂĂB

 

6.1. |[g}bp

|[g}bp͂ǂ̃T[rXǂ̃|[gœ삵Ă邩̈ꗗۊǂ
BڑĂ}V́AT[rXɃANZXɂ͂ǂ̃|[gɐ
ΗǂÃXgpĒm̂łB

|[g}bṕANO͂Ԃ܂ɂȂ܂A݂ł
̃VXeǗ҂̓ɂ̎łB|[g}bpANFS  NIS ƓA
Mł郍[JGAlbg[N̊O̓ANZXׂł͂
܂BOEɎNȂ΂ȂȂł́AɒӂāA
̃VXeOɊĎȂ΂Ȃ܂B

Linux fBXgr[V́Aׂēɂ͂łĂ܂BŐVɌ
fBXgr[VłASłȂ|[g}bp̗pĂ邱
Ƃ܂BݎgĂ|[g}bpSȂ̂ǂ𒲂ׂ
́A strings(1) pāA|[g}bp /etc/hosts.deny  /etc/
hosts.allow Ƃt@CĂ邩ׂ邱ƂłB|[g}bp
/sbin/portmap ɂ̂łÃR}hŃ`FbNł܂:

     strings /sbin/portmap | grep hosts.                               
                                                                       

Sȃ}Vł́Â悤ȓeo͂͂łB

   /etc/hosts.allow                                                 
   /etc/hosts.deny                                                  
   @(#) hosts_ctl.c 1.4 94/12/28 17:42:27                           
   @(#) hosts_access.c 1.21 97/02/12 02:13:22                       
                                                                    


܂ /etc/hosts.deny ҏW܂B̂悤ȍs܂ނ悤ɂ܂B


   portmap: ALL                                                     
                                                                    


ƂANZXۂ܂B̃N[YԂ

   rpcinfo -p                                                       
                                                                    

sA|[g}bpۂɂ̃t@Cǂ݁A̎wɏ]Ă
𒲂ׂĂ݂ĂB rpcinfo ͉̏o͂oȂ͂ł (邢
G[bZ[Wo܂)B /etc/hosts.allow  /etc/
hosts.deny ̊et@ĆAۑ΂ɔf܂B̃f[
ċNKv͂܂B

|[g}bpׂĕĂ܂̂͏Xɒ[ɉ߂̂ŁA /etc/
hosts.allow ҏWčĂуI[vĂ܂傤B܂Ãt
@Cɉ߂Ȃ΂Ȃ܂B{Iɂ͂̃|[g}bp
ANZXȂ΂ȂȂׂẴ}VXg܂Bʏ Linux V
XeғɂẮAȂ炩̗Rŉ̃ANZXKv
Ȃ}V͔ɏȂ͂łB|[g}bpǗĂ̂ nfsd, 
mountd, ypbind/ypserv, rquotad, lockd (nlockmgr ƕ\܂), statd
(status ƕ\܂) ȂǁA ruptime  rusers ̂悤 "r" n
R}hQłB̂Ȃ炩̏dv̂́A nfsd, mountd, 
ypbind/ypserv яꍇɂĂ rquotad,lockd, statd ł傤B
T[o}VɃANZXKvȃ}Vɂ́AĂKv
܂B܃T[õAhX 192.168.0.254 ŁATulbg 192.168.0.0
ɂȂĂƂ܂BẴTulbĝׂẴ}V̓T[o
ɃANZXKvƂ܂ (̗p̊T_ƂĂ 
Networking-Overview-HOWTO <http://www.linuxdoc.org/HOWTO/
Networking-Overview-HOWTO.html> ĂB{ <http://
www.linux.or.jp/JF/JFdocs/Networking-Overview-HOWTO.html> JF ɂ
)B̏ꍇ

   portmap: 192.168.0.0/255.255.255.0                               
                                                                    

̂悤ȍs /etc/hosts.allow ɏ܂Blbg[Nƃlbg}XN
͂肵Ȃꍇ́A ifconfig R}hg΃lbg}XN킩A 
netstat R}hg΃lbg[N킩܂BႦ΁Ã}V
foCX eth0  ifconfig ƁÂ悤ɂȂ͂łB


   ...                                                                    
   eth0   Link encap:Ethernet  HWaddr 00:60:8C:96:D5:56                   
          inet addr:192.168.0.254  Bcast:192.168.0.255 Mask:255.255.255.0 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1              
          RX packets:360315 errors:0 dropped:0 overruns:0                 
          TX packets:179274 errors:0 dropped:0 overruns:0                 
          Interrupt:10 Base address:0x320                                 
   ...                                                                    
                                                                          

܂ netstat -rn ͎̂悤ɂȂ͂łB

   Kernel routing table                                                           
   Destination     Gateway         Genmask         Flags Metric Ref Use    Iface  
   ...                                                                            
   192.168.0.0     0.0.0.0         255.255.255.0   U     0      0   174412 eth0   
   ...                                                                            
                                                                                  

(lbg[NAhX͍ŏ̗ɂ܂B)

/etc/hosts.deny  /etc/hosts.allow et@CɂẮAꂼ
 man y[WŐĂ܂B [: hosts_access(5) ̏ꍇ
Ǝv܂B]

dv: ̃t@C portmap ̍sɁA IP ԍȊÔ̂Ă͂
܂BzXg̖O͊ԐړIɃ|[g}bpĂяoƂ
AƂ܂zXg̖Oă|[g}bpĂяoAƂ
...

o[W 0.2.0 ȍ~ł́Anfs-utils pbP[W hosts.allow 
hosts.deny ̊et@C𗘗p܂B]Ẵt@Cɂ́A lockd
, statd, mountd, rquotad ̊eGgĂ܂傤Bڍׂȗ 
Section 3.2.2 ĂB

ȏ̍ƂɂāAT[o͂肵肷͂łBć̖AM
NCAg}VŒNǗҌ擾ACӂ NFS NGX
g𑗐M\ƂȂĂ܂悤ȏꍇłB̃ZNVł́A̖
ɊւS΍܂B

 

6.2. T[õZLeB: nfsd  mountd

T[oł́ANCAg root sȂꂽNGXgؐM
悤ɂł܂Bɂ /etc/exports ̎w root_squash IvV
p܂:

   /home slave1(rw,root_squash)                                        
                                                                       

͂̓ftHgłBɂׂAނɂ܂ʎȂA
͏ɗLɂĂׂłBɂɂ no_root_squash IvV
g܂B

root_squash ̏Ԃł́ANCAg UID 0 (root ̃[Uԍ) ̃[
Ut@CɃANZX (read, write, delete) 悤ƂƁAT[o 
UID T[oɂ 'nobody' AJEĝ̂ƒu܂B܂T
[o root ɃANZXύXĂt@Cɑ΂āANC
Ag root ANZXύXsƂłȂȂ̂łB͗
ݒł̂ŁA export SẴt@CVXe root_squash p
ׂłBułNCAg root [U su g΁Ã[U
ɂȂẴ[Ũt@CύXłႤȂłIvƂȂ
͂邩܂B́A܂ɂ̒ʂAꂪ Unix  NFS
̗VȂ̂łBɂ͂ЂƂdvȑʂ܂BdvȃoCit
@ĆAׂ root ̏LɂׂŁA bin Ȃǂ root ȊÕAJE
gɂׂł͂܂BȂȂNCAg root [UANZX
łȂ̂́AT[o root AJEg̃t@CłB 
exports(5)  man y[Wɂ́Aɂ squash (r) IvV
LqĂ܂Bp΁AD (邢͌) NCA
gMȂ悤ɐݒł܂B

TCP ̃|[g 1`1024  root p邽߂ɗ\񂳂Ă (]
"secure ports" ƌĂ΂邱Ƃ܂)A root łȂ[U͂
|[gɃoChł܂B /etc/exports ̃Gg secure IvV
ǉƁANCAg̃|[g 1-1024 痈ڑv݂̂
t悤ɂȂ܂Bƈӂ root [UAU
NFS ʐM|[ggĊJƂh܂B̃IvV̓ft
HgŗLɂȂĂ܂B

 

6.3. NCAg̃ZLeB

6.3.1. nosuid }EgIvV

NCAgł́AT[oMȂ悤ɐݒ肷邱Ƃ\ŁA
̓}Eg̃IvVŎw肵܂BႦ NFS t@CVXe
 suid vO𓮍삳Ȃ悤ɂɂ nosuid IvVg
܂B unix vO̒ɂ (Ⴆ passwd)A "suid" vO
Ă΂̂܂B̓t@Cs郆[U id Ãt@
C̏L҂Ɠɂ̂łBt@C root ̏LŁA suid
ĂƁÃvO root Ƃē삵A root ɂ
ĂȂ (pX[ht@C݂̏Ȃ) ׂčsĂ
܂B nosuid IvVp̂͂悢lłA NFS }Eg
fBXNׂĂɑ΂ApĂBƃT[o root
[Ũt@CVXe suid-root vOANCAg
Ɉʃ[UƂăOCA suid-root vOgăNCA
gł root ɂȂAƂƂłȂȂ܂B noexec Iv
V΁A}Egt@CVXeł̃t@C̎s֎~
邱Ƃł܂Bt@CVXeɂ͎sׂXNvgv
OȂƂ܂܂Ăł傤A nosuid ɔׂ
Ƃ܂pIł͂Ȃł傤B

 

6.3.2. broken_suid }EgIvV

ÂvO (xterm Ȃǂł) ł́A root ͂ǂɂł
\łAƂOɈˑĂ邱Ƃ܂B͐VJ[l
 NFS }Eg̉ł͐܂B̂悤 suid svO
 uid ̕ύXɗpłĂ܂߁A uid }bsOs nfs T[
oł̓ZLeBƂȂ܂B] linux J[l̃ftHg
́A broken_suid ͖ɂȂĂ܂B

܂Ō܂ƁAÂ linux fBXgr[Vł
suid vOgꍇAȂ炩̌Â unix gĂꍇ́A}
Eg̍ۂ mount  broken_suid IvVw肷Kv邩
܂Bŋ߂ unix  linux fBXgr[V xterm 
悤ȃvÓA suid KvƂȂʏ̎st@CɂȂĂ
A setuid svOʂɌĂяo悤ɂȂĂ܂B

̃IvV́AIvṼJɁA rsize  wsize Ȃǂƈꏏ
ɃR}ŋ؂ď܂B

 

6.3.3. |[g}bpArpc.statd, rpc.lockd NCAgňSɂ

NFS ݂̌ (2.2.18 ȍ~) ̎ł́AׂẴt@CbN@\T|
[gĂ܂BăNCAgł́A rpc.statd  rpc.lockd 
sAbN@\𐳂삳Kv܂BāA܂
nfs ̃T[oŌĂ肪Â܂܃NCAgɂĂ͂܂܂B
L̃|[g}bp̐߂xǂŁA|[g}bpSɂ邽߂
ĊmFĂB

 

6.4. NFS ƃt@CAEH[ (ipchains  iptables)

IPchains (2.2.x J[l)  iptables (2.4.x J[l) pƁA
Sł܂Bǂ̃}Vڑł邩̌f[ (
 tcp bp[) s킹̂ł͂ȂAڑ݂̎艺wŋ/
ۂ̂łB̏ꍇAڑ葁iKŁA܂O[oɐؒf
łAU}V邱Ƃł̂łB

Linux ̃t@CAEH[ǂݒ肷邩́A͈̔͂̕傫z
Ă܂Bǎ҂ Firewall-HOWTO <http://www.linuxdoc.org/
HOWTO/Firewall-HOWTO.html> (JF ̓{ <http://www.linux.or.jp/JF/
JFdocs/Firewall-HOWTO.html>)  IPCHAINS-HOWTO <http://www.linuxdoc.org
/HOWTO/IPCHAINS-HOWTO.html> (JF ̓{ <http://www.linux.or.jp/JF/
JFdocs/IPCHAINS-HOWTO.html>) ĂBJ[l 2.4 ȍ~̃[U
́A http://netfilter.samba.org ɂ netfilter/iptables EFuy[W
ɍsĂ݂ĂBł ipchains  netfilter ̓nmĂ
lɂ́A̐߂̓e NFS f[t@CAEH[ɂĂǂ邩
ɂāA̃qg^Ăł傤B

t@CAEH[̐ݒɂď]ׂ[́A܂ׂĂ֎~A
邱ƂłBΈӐ}ȂԈĒʂɂ
܂B

t@CAEH[ NFS f[̎𗝉邽߁Aef[
̃|[ggɂČĂƂɂ܂傤B

f[͋NƁA|[g}bpɊJĂ|[g蓖ĂĂ
悤v܂B|[g}bp͂̃f[̂߂Ƀ|[g擾A
f[|[gݎgĂ邩ǂǐՂ܂B̃zXgv
ZX̃f[ƒʐMKvƂ́A̓|[g}bp
ɐڑɗp|[gԍq˂܂Bă|[g͂ƕ (floating)
ԂɂȂ܂B낢ȃ|[g낢ȃ^C~Oŉ̂
A|[g}bp͏ꍇɂĕʁX̃|[g蓖Ă邩łB̓t
@CAEH[ݒɂƂĂ͖ȖłBf[̏ꏊ킩Ȃ
΁Aǂ̃|[gɃANZXׂmɂ͂킩ȂłB
Ƃǂ̐lɂƂĂ͕ی삳ꂽA邢͊uꂽ LAN ōƂĂ܂
A͂܂傫Ȗɂ͂ȂȂł傤BJlbg[
NɂlɂƂẮA͈łB

J[l 2.4.13 ȍ~ nfs-utils 0.3.3 ȍ~gݍ킹ƁÃ|[g
}bpɂ|[g̕CɂKv͂ȂȂ܂Bł NFS Ɋւ
邷ׂẴf[́A|[guŒv邱Ƃł܂Bf[̂
Ƃǂ͋NɍsVǂ -p IvV󂯕t܂BJ[lN
f[́AJ[l⃂W[IvV܂B
͈ȉŉ܂B

NFS Ńf[^Ls߂̃f[̂́AłɃ|[gɃoC
hĂ܂B portmap ͏ tcp  udp ̃|[g 111 g܂B 
nfsd ͏ tcp  udp ̃|[g 2049 g܂ (J[l 2.4.17
܂ł NFS over TCP ͎IƂ݂ȂĂAp̃}Vł͗p
Ă܂ł)B

̃f[A statd, mountd, lockd, rquotad ́A|[g}bp痘p
ƒm炳ꂽŏ̃|[g𗘗p̂ŁA|[g͂낢ɂȂ܂
B

statd ̃|[gɃoChɂ́A -p portnum IvVp
܂B statd ̃|[gɔɂ́AɋN -o portnum
IvVp܂B

mountd ̃|[gɃoChɂ́A -p portnum IvVp
܂B

Ⴆ statd Ƀ|[g 32765 u[hLXgă|[g 32766 őҋ@
A mountd Ƀ|[g 32767 őҋ@ɂ́Â悤ɓ͂܂B

# statd -p 32765 -o 32766                                              
# mountd -p 32767                                                      

lockd ͕KvɉăJ[lN܂B lockd ɓ̃|[
gőҋ@Eɂ́AJ[lIvV (W[Ƃărh
ꂽꍇ) W[IvVp܂B

[_uW[pĂÃIvV /etc/
modules.conf t@CŎw肷ɂ́Â悤ȍs̃t@Cɒǉ
܂B

options lockd nlm_udpport=32768 nlm_tcpport=32768                      

̎wł́Alockd  udp  tcp ̃|[g 32768 ɂ܂B

[_uW[gȂꍇA lockd W[Ƃărh
ɃJ[lɑgݍ񂾏ꍇ́AI񂾃|[g̓J[l̃u[gɓn
Ȃ΂Ȃ܂B

̂悤ȊɂȂ܂B

 vmlinuz 3 root=/dev/hda1 lockd.udpport=32768 lockd.tcpport=32768      

|[gԍ͓ɂȂĂ܂܂񂪁AȂƕsKvȍ̌
ɂȂĂ܂ł傤B

quota gĂāȀ nfs oRł邽߂ rpc.quotad g
Ăꍇ́At@CAEH[̐ݒ莞ɍlȂ΂Ȃ܂
B rpc.rquotad ɂ 2 ̃\[Xc[܂B 1  nfs-utils
ŊǗĂc[ŁA 1  quota-utils ̃c[łB
͓悤ɂ͓삵܂B nfs-utils ̂̂́A -p Ŏw肷΃f[
|[gɃoChł܂B quota-utils ̂̂͂ł܂B̃f
BXgr[VǂgĂ邩́AfBXgr[V
ɂĂB

ł̋c_̂߂ɁAlbg[N NFS T[o邽߂̃t@CAEH
[̐ݒĂ܂傤B NFS T[o 192.168.0.42 ɂ
ANCAg 192.168.0.45 ݂̂Ƃ܂Bq̗̂悤ɁA statd 
Ă郊NGXgɂĂ̓|[g 32765 ݂̂ɃoChA|[
g 32766 gƂ܂B mountd ̓|[g 32767 ɃoCh܂B 
lockd ̃W[p[^́A 32768 ɃoCh悤ݒ肵܂B
 nfsd ̓|[g 2049 gA|[g}bp̓|[g 111 g܂B

quota ͎gȂƂɂ܂B

IPCHAINS gAȒPȃt@CAEH[ݒ͎̂悤ɂȂ܂B

ipchains -A input -f -j ACCEPT -s 192.168.0.45                         
ipchains -A input -s 192.168.0.45 -d 0/0 32765:32768 -p 6 -j ACCEPT    
ipchains -A input -s 192.168.0.45 -d 0/0 32765:32768 -p 17 -j ACCEPT   
ipchains -A input -s 192.168.0.45 -d 0/0 2049 -p 17 -j ACCEPT          
ipchains -A input -s 192.168.0.45 -d 0/0 2049 -p 6 -j ACCEPT           
ipchains -A input -s 192.168.0.45 -d 0/0 111 -p 6 -j ACCEPT            
ipchains -A input -s 192.168.0.45 -d 0/0 111 -p 17 -j ACCEPT           
ipchains -A input -s 0/0 -d 0/0 -p 6 -j DENY -y -l                     
ipchains -A input -s 0/0 -d 0/0 -p 17 -j DENY -l                       

ݒ netfilter ōsꍇ͎ɂȂ܂B

iptables -A INPUT -f -j ACCEPT -s 192.168.0.45                         
iptables -A INPUT -s 192.168.0.45 -d 0/0 32765:32768 -p 6 -j ACCEPT    
iptables -A INPUT -s 192.168.0.45 -d 0/0 32765:32768 -p 17 -j ACCEPT   
iptables -A INPUT -s 192.168.0.45 -d 0/0 2049 -p 17 -j ACCEPT          
iptables -A INPUT -s 192.168.0.45 -d 0/0 2049 -p 6 -j ACCEPT           
iptables -A INPUT -s 192.168.0.45 -d 0/0 111 -p 6 -j ACCEPT            
iptables -A INPUT -s 192.168.0.45 -d 0/0 111 -p 17 -j ACCEPT           
iptables -A INPUT -s 0/0 -d 0/0 -p 6 -j DENY --syn --log-level 5       
iptables -A INPUT -s 0/0 -d 0/0 -p 17 -j DENY --log-level 5            

ŏ̍sł̓pPbgtOgSĎ󂯕t悤ɂĂ܂ (
擪̃tOg͒ʏ̃pPbĝ悤Ɉ܂)B_Iɂ́A
pPbg͍č\܂ł͒ʉ߂܂񂵁A擪̃pPbgtO
gʉ߂Ȃ΍č\͕s\łBpPbgtOg
pāA}Vߕׂɂ悤ƂU݂܂BtO
gʂ悤ɂȂƁANFS ͐삵܂Bڍׂ Section 7.8
ĂB

̍śAT[oŗp邱Ƃɂ̃|[gꂼւ́ANCA
g̔Cӂ̃|[g̐ڑĂ܂B̐ݒɂāA
 192.158.0.46  NFS T[oɐڑ݂ƂĂÃ}V̓}E
głAȂɂ}Egł邩킩ȂƂɂȂ܂B

Vɓꂽ|[gŒ@\p΁A NFS Lւ̃}Egz
Xg̐͌Ă̒ʂ肸ƊȒPɂȂ܂B NFS ͈Íꂽv
gRł͂܂񂩂Albg[NɂȂĂ΁AN
łgtBbN𓐒Asč\邱Ƃ\łB

 

6.5. NFS  SSH gl

lbg[N NFS gtBbNÍ@̂ЂƂƂāA ssh 
|[gtH[h@\p܂BAȉŌ悤
AT[õ[J[USɐMłȂꍇ́Aɂ͐[Ȍ_
܂B

ŏ̃Xebv́At@C[JzXgɃGNX|[g邱ƂłB
Ⴆ /home p[eBVGNX|[gꍇ́A̍s /etc/
exports ɒǉ܂B

/home   127.0.0.1(rw)                                                  

̃Xebv ssh pă|[gtH[h邱ƂłB ssh g
ƁANCAg̔Cӂ̃|[gACӂ̃}V̔Cӂ̃|[gɃtH[
hł܂BႦΑO߂̂悤ɁAX̃T[o 192.168.0.42 ƂA -p
32767 p mountd |[g 32767 ɌŒ肵Ƃ܂傤B
ANCAg玟̂悤ɓ͂܂B

     # ssh root@192.168.0.42 -L 250:localhost:2049  -f sleep 60m       
     # ssh root@192.168.0.42 -L 251:localhost:32767 -f sleep 60m       

̃R}hgƁANCAg ssh ̓NCAg̃|[g 250 
΂čsȂꂽNGXgtH[hAT[o sshd oRāAT
[õ|[g 2049 ւƃtH[h܂B̍sȂ^CṽtH[
hŁANCAg̃|[g 251 ւ̃NGXgT[o 32767 փtH
[h܂B localhost ̓T[o猩zXgłB܂AtH[h
T[ogɑ΂ĂȂ܂BƂׂ͂ɁA|[gCӂ̕ʂ̃}V
ɃtH[h邱ƂłÃNGXg͊OEɌAT[o
ꂽ̂悤ɍs邱ƂɂȂ܂BāÃNGXg̓T[o
 nfsd ɑ΂āAT[og痈̂悤Ɍ܂BƂŁAN
CAg 1024 ȉ̃|[goChɂ́ÃR}hNCA
g root ƂĎsKv܂Bt@CVXeftHg
 secure IvVŃGNX|[gꍇɂ́AȂ΂Ȃ܂
B

Ȃł́AŌ̃IvV -f sleep 60m pĂƂgb
NsĂ܂B ssh pƁA -L IvVpꍇłA
[g}VŃVFI[v邱ƂɂȂ܂Bł̓|[
gtH[hobNOEhŎsŁAVF̓NCAg
ɖ߂킯łB ssh ɂ́A 60 葱R}hT[
õobNOEhŎsĂ̂łB̓|[gAڑ
܂ 60 ԃtH[h܂BڑƁAڑ؂邩 60 ߂
܂ŁAǂ炩x܂Őڑ͌p܂BL̃R}h́ANCA
g̋NXNvg̃lbg[NʐMJnȍ~ɒuƂł܂B

ɁAt@CVXeNCAgŃ}EgȂ΂Ȃ܂B
sɂ́ANCAgɑ΂ localhost ̃t@CVXe}E
g悤ɁAʏ 2049 Ƃ͈Ⴄ|[gp悤ɁA`܂
B̓I /etc/fstab ̃GgƁÂ悤ɂȂ܂B

  localhost:/home  /mnt/home  nfs  rw,hard,intr,port=250,mountport=251  0 0

܂ŗƁAT[õ[JɃOCłʏ̃[UƁA
ȂɊ댯ɂȂĂ܂̂ł܂B̂悤ȃ[U
ƁAXsĂƂW邷ׂ͈؂ȂA ssh pĎ̃N
CAg}V (ł͍@I root ɂȂ܂) ̓|[gT[o
̃|[g 2049  32767 ɃtH[hł܂B̂悤ɂāAT[o̔C
ӂ̃[ÚAX̃NCAg root ƓŁACӂ̃t@CV
Xe}Egł邱ƂɂȂ܂B [: vɁAT[o
localhost ɑ΂ăGNX|[g邱Ƃ̊댯Ă܂B]

NFS T[oŒʏ̃[UOCĂ炸A̕@g
ꍇłA܂ 2 AxĂƂ܂B܂ЂƂ߁ANCA
gT[oւ̐ڑ sshd oR܂Băt@CAEH[ŁA
|[g 22 (sshd ҋ@|[g) NCAgɑ΂ĊJĂKv
܂BA2049  32767 ̂悤ȑ̃|[gJĂKv
܂Bӂ߁At@CbN삵܂B statd ⃍bN
}l[Wɑ΂āÃ}Egɑ΂郊NGXg̃|[gɍs
Ȃ킹邱Ƃ͂ł܂BāAbNNGXg statd 
localhost  statd ɁA܂莩gɐڑAG[͔Ɏs
܂BC邽߂ɂ́ANFS 傫Ȃ΂Ȃ܂B

IPSec p΁AT[oł̃[JȃZLeB̖𐶂Ȃ
`ŃNCAgƃT[oԂł̃lbg[NʐMÍł܂B
ł͎グ܂B Linux  IPSec p邽߂̏ڍׂɂẮA 
FreeS/WAN <http://www.freeswan.org/> z[y[WĂB

 

6.6. ܂Ƃ

hosts.allow, hosts.deny, root_squash, nosuid, |[g̋@\Ȃǂ|
[g}bp NFS \tgEFAɗp΁A nfs ŒmĂ鑽
oO邱ƂłAȂƂނˈSɂȂƍl邱Ƃ
ł傤Błǂ̂ƂAN҂lbg[NɃANZ
XłĂ܂΁AR}h .forward ɏA /home  /var/
mail  NFS GNX|[gĂ΃[ǂ񂾂łĂ܂܂B
܂RAPGP ̔閧 NFS ɒuĂ͂Ȃ܂BȂƂ
댯邱Ƃ͒mĂׂłB܂m킯łǁB

NFS ƃ|[g}bp͕GȃVXeɂȂĂ̂ŁAVoOA{
IȐ݌vɂX̗pĂɂAȂƂ͎v܂
B܂łV킩ĂāANpĂ邩
BłꂪlƂ̂łB

 

7. guV[g

    ̐߂́ANFS ܂gȂꍇɂǂ΂悢AiK𓥂
    悤Ƃ̂łBʏgu̓NCAg炻̒
    ͂߂̂ŁAffn߂܂B
   
 

7.1. }Egt@CVXeŃt@CȂ

܂ŏɁÃt@CVXeۂɃ}EgĂ̂mF
B@͉ނ܂AԊmȂ̂ /proc/mounts 
ƂłBɂ̓}EgĂt@CVXeƁȀڍׂ
ꗗɂȂĂ܂Bꂪ܂Ȃ (Ⴆ /proc t@CVX
eJ[lɑgݍłȂƂ)Amount -f Ɠ͂Ă݂Ă
 (͏ȂȂ܂)B

t@CVXe}EgĂ悤ȂA炻̏ɕʂ
t@CVXe}EgĂ܂̂܂ (̏ꍇ͗
̃{[A}EgāAă}EgKvł)B邢̓T[o
̃{[̃GNX|[gAۂ̃}Eg̑OɍsĂ܂̂
܂B̏ꍇ NFS ̓}Eg|CgGNX|[gĂ
܂ (̏ꍇ̓T[o NFS ċN܂)B

t@CVXe}EgĂȂ΁A}EgĂ݂ĂB
łȂΏǏ 3 ցB

 

7.2. t@CNGXgnOAANZX҂Ń^CAEg

ʏ킱́ANCAgT[oƒʐMłȂꍇɋN܂BǏ 3
 b ĂB

 

7.3. t@CVXe}EgłȂ

{[}EgłȂꍇ mount oG[́Aق 2 ނ
BꂼɎ܂傤B

 a. failed, reason given by server: Permission denied
   
    ́A{[ւ̃ANZXT[o狑ۂꂽƂɏo郁b
    Z[WłB
   
     i. /etc/exports t@C𒲂ׂāÃ{[GNX|[g
        Ă邩ANCAgANZXĂ邩mF
        ܂傤BႦ΁Aǂݎ̃ANZXȂNCAgA
        ̃{[ ro IvVł͂Ȃ rw IvVŃ}Eg
        悤ƂĂȂł傤B
       
    ii. nfsd ̋Nȍ~ /etc/exports ύXꍇ́Aexportfs R}
        hł NFS ɓ`ł傤B exports mɍēǂݍ
        ݂ɂ́A exportfs -ra R}h͂܂傤B
       
    iii. /proc/fs/nfs/exports t@C𒲂ׁA{[ƃNCAg
        XgĂ邩mF܂傤B (/var/lib/nfs/xtab
        ΁AANeBuȃGNX|[gׂĂɑ΂銮SȃIvV
        ̃Xg܂B) XgɂȂꍇ́AăGNX|
        [gĂ܂BXgɂꍇ́AT[oNCAg
        Ȃ̈Ӑ}ʂɔFĂ邩mF܂傤BႦ΂
        NCAǧÂXg /etc/hosts ɂāAT[o͂
        Ă̂܂B邢̓NCAg̊SȃAh
        XĂȂŁAǑʂhC̕ʂ̃}V
        ȂĂ邩܂BႦ΃NCAgT[o ssh 
        telnet ŃOCĂ݂܂傤B who Ɠ͂ƁA
        ̃OCZbVXgɏo͂ŁAȂ̃NCAg
        }VT[oǂ̂悤ȖOŌĂ邩킩܂B
        ̃}V /etc/exports ̃Ggɏ܂傤BŌɁAT
        [oNCAg ping ANCAgT[o ping
        Ă݂܂傤Bł߂A邢̓pPbgX
        ꍇɂ́A艺w̃lbg[N̖ł傤B
       
    iv. fBNgA̎q̃fBNgƓɃGNX|[g
         (Ⴆ /usr  /usr/local) Ƃ͂ł܂BefBNg
        K؂ȋŃGNX|[g΁ÃTufBNg
        ׂēŃ}Egł܂B
       
 b. RPC: Program Not Registered (or another "RPC" error):
   
    ̓NCAgAT[oŎs NFS młȂƂ
    ӖĂ܂B̗Rl܂B
   
     i. ŏɁANFS ۂɃT[oœ삵Ă邩mF܂傤BT
        [o rpcinfo -p Ɠ͂܂B̂悤ȕ\o͂łB
        
           program vers proto   port                        
            100000    2   tcp    111  portmapper            
            100000    2   udp    111  portmapper            
            100011    1   udp    749  rquotad               
            100011    2   udp    749  rquotad               
            100005    1   udp    759  mountd                
            100005    1   tcp    761  mountd                
            100005    2   udp    764  mountd                
            100005    2   tcp    766  mountd                
            100005    3   udp    769  mountd                
            100005    3   tcp    771  mountd                
            100003    2   udp   2049  nfs                   
            100003    3   udp   2049  nfs                   
            300019    1   tcp    830  amd                   
            300019    1   udp    831  amd                   
            100024    1   udp    944  status                
            100024    1   tcp    946  status                
            100021    1   udp   1042  nlockmgr              
            100021    3   udp   1042  nlockmgr              
            100021    4   udp   1042  nlockmgr              
            100021    1   tcp   1629  nlockmgr              
            100021    3   tcp   1629  nlockmgr              
            100021    4   tcp   1629  nlockmgr              
                                                            
        
        ́ANFS  version 2  3Arpc.statd version 1Albg
        [NbN}l[W (T[rX rpc.lockd) version 1, 3, 4
        쒆ł邱ƂĂ܂B܂ NFS  TCP gĂ
         UDP gĂ邩ɉāAʁX̃T[rXXg\
        ܂B TCP 𖾎IɗvꍇAʏ (ɂł͂
        ܂) UDP ftHgɂȂ܂B
       
        ȂƂ portmapper, nfs, mountd Ȃ΁A NFS ċN
        Ȃ΂Ȃ܂BċNłȂƂ́AǏ 9 ɐi
        B
       
    ii. ɃNCAg璲ׂ܂傤BNCAg rpcinfo -p 
        server Ɠ͂܂B server ɂ̓T[o DNS  IP AhX
        ĂB
       
        Xg\ꂽꍇ́As悤ƂĂ}Eg̃^Cv
        T|[gĂ邩mFĂB Version 3 NFS g
        }Egꍇ́A Version 3 XgĂ邩mF܂
        B NFS over TCP Ń}Egꍇ́Aꂪo^Ă邩
        mFĂ (Linux łȂNCAgł́A TCP ftH
        gɂȂĂ邱Ƃ܂)Bo͂̌Ɋւڂ
        ɂ man rpcinfo ƂĂBp悤ƂĂ}
        Eg̃^CvXgɂȂƂ́Aʂ̃^Cṽ}Eg
        Ă݂ĂB
       
        No Remote Programs Registered ƂG[oƂ́AT[o
         /etc/hosts.allow t@C /etc/hosts.deny t@C𒲂ׂ
        ANCAg̃ANZX{ɋĂ邩mFĂ
        BɁAGg悤ȂA /etc/hosts (邢 DNS
        T[o) mFāANCAg}VXgĂ
        AT[oNCAg ping łĂ邩mFĂ
        BVXẽG[OɉQlɂȂ郁bZ[WoĂȂ
        Ă݂܂傤B /etc/hosts.allow ̃GgԈĂ
        ̔F؂̃G[́Aʏ /var/log/messages ɏo܂AVXe
        O̐ݒɂĂ͕ʂ̃t@C܂B syslog  man
        y[WƁAOݒ̗̏ɂȂł傤BŌɁA
         OS ł 2 ̃}VԂ̌oHΏ̓IłȂƁA𐶂邱
        Ƃ܂BNCAg tracepath [server] Ɠ͂Ao
        ͂ "asymmetric" ƂPꂪoȂƂmFĂB
        ߂ Linux fBXgr[VȂAoHΏ̂łĂ
        ͐Ȃ͂łB
       
        Remote system error - No route to host, ƂG[ɂȂA
         ping ͓͂ꍇɂ́At@CAEH[̋]ɂ
        ̂ł傤B炭T[oA܂̓T[oƃNCAg̊
        ɐݒuĂł낤At@CAEH[𒲂ׂĉB
         ipchains, netfilter, ipfwadm  man y[WA 
        IPChains-HOWTO <http://www.linuxdoc.org/HOWTO/
        IPCHAINS-HOWTO.html> (JF ɂ{ <http://www.linux.or.jp
        /JF/JFdocs/IPCHAINS-HOWTO.html>) Ƃ Firewall-HOWTO <http://
        www.linuxdoc.org/HOWTO/Firewall-HOWTO.html> (JF ɂ{
        <http://www.linux.or.jp/JF/JFdocs/Firewall-HOWTO.html>) 
        ܂B
       
 

7.4. }Eg{[ŁAt@CɃANZX錠܂

2 ̌l܂B

݂̌Ȃꍇ́AT[o /proc/fs/nfs/exports āAGN
X|[gIvVmFĂB̃t@CVXe͓ǂݎ
pɂȂĂȂł傤Bǂݎp̏ꍇ́Aǂݏ[hōăG
NX|[gȂ΂Ȃ܂ (/etc/exports ҏW exportfs
-ra YȂ悤)B܂NCAg /proc/mounts ׁA{[
ǂݏ[hŃ}EgĂ邩mF܂傤 (ǂݎp
}EgĂꍇ́AƓ肵₷G[bZ[Wo
ł傤)BĂ rw IvVtčă}Eg܂傤
B

2 ߂̌́A[Ũ}bsOɊ֌WĂA root ̏ꍇƔ
root ̏ꍇƂŏXقȂ܂B

root łȂƂ́ANCAgƃT[oŃ[UvĂȂ
܂BNCAgƃT[o̗ id [user] sAUID ԍ
ǂmFĂBقȂĂƂ́ANIS, NIS+, rsync ̑
A[U̓ɗpĂVXeɖ肪܂BO[vv
Ă邩mF܂傤B܂AGNX|[g̍ۂ all_squash IvV
w肵ĂȂǂmF܂傤B[UvĂ
́Ã[Uɂ NFS Ƃ͖֌WȁAʓIȌ֘A̖肪
̂Ǝv܂B

root ̎́AGNX|[g̍ۂ no_root_squash IvVtĂȂ
̂ł͂Ȃł傤BT[o /proc/fs/nfs/exports ܂ /var/lib/nfs
/xtab 𒲂ׁAIvVw肳Ă邩mFĂB
ɂ́ANFS T[o root ƂĂ̏݌^̂́Aقǂ̕Kv
Ȃǂlł͂܂ (Linux NFS ftHgł֎~
Ă闝Rł܂)Bڍׂ Section 6 ĂB

root squash pĂꍇ́Â܂܂ɂĂ̂ł傤B
root 擾ĂAt@Cɑ΂錠 nobody ̂̂ƓɂȂ܂
B root ǂ uid Ƀ}bv邩߂Ă̂̓T[oł邱
ƂYȂ悤ɁBftHgł́AT[o /etc/passwd t@C 
nobody Gg UID  GID g܂A/etc/exports t@C 
anonuid IvV anongid IvVg΁AύXł܂B
NCAgƃT[oŁAnobody Ƀ}bv UID ɂȂĂ邩
mFĂ܂傤B

 

7.5. ɑ傫ȃt@C]ƁA NFS T[o CPU Ă
āA~܂悤ɂȂĂ܂܂

 2.2 J[l fsync() R[̖ŁAׂĂ sync-to-disk 
NGXg𓯎ɍsłB]ďݎԂt@CTCY̓
ɂȂĂ܂܂B\ȂA2.4 J[lɂΖ͉܂B
GNX|[g no_wdelay IvVw肷΁AevO͂荂
 o_sync() g悤ɂȂ܂B

 

7.6. OɊȃG[bZ[Wo

 a. ̂悤ȃtH[}bg̃bZ[W:
   
    
     Jan 7 09:15:29 server kernel: fh_verify: mail/guest permission failure, acc=4, error=13    
     Jan 7 09:23:51 server kernel: fh_verify: ekonomi/test permission failure, acc=4, error=13  
                                                                                                
    
   
     NFS  setattr Iy[VA݌̂Ȃt@C
    ɑ΂Ď݂ꂽƂɋN܂B̃bZ[W͖Qł
    B
   
 b. ̂悤ȃbZ[WOɕpɂɌ:
   
    
     kernel: nfs: server server.domain.name not responding, still trying  
     kernel: nfs: task 10754 can't get a request slot                     
     kernel: nfs: server server.domain.name OK                            
                                                                          
    
   
     "can't get a request slot" ƂbZ[ẂANCAg
     RPC R[h^CAEg񌟏o (炭̓lbg[N
    GT[ỏߕׂ̂) ߂ɁAv̒lA
    T[oׂ̕y悤ƂĂ邱ƂĂ܂B̃b
    Z[W̌́A炭͐\߂łB Section 5 Ă݂
    B
   
 c. }EgANCAgŎ̂悤ȃbZ[Wo:
   
    
    nfs warning: mount version older than kernel            
                                                            
    
   
    ͏ĂƂłBmount ̃pbP[W am-utils Abv
    O[hĂ (Ȃ炩̗RŃAbvO[hłȂꍇ
    ARpCȂāAVJ[l̋@\RpCɔF
    悤ɂ邾łA荇͉ł܂)B
   
 d. N/I lockd ̃OɃG[o:
   
    u[gOɎ̂悤ȃbZ[WoĂ̂ł傤:
    
    nfslock: rpc.lockd startup failed                       
                                                            
    
   
    ͖QłBÂo[W rpc.lockd ͎蓮ŋNKv
    ܂BVo[Wł nfsd ɂĎIɋN
    ܂B݂̃ftHg̋NXNvg̑́A܂ lockd 𒼐
    N悤Ƃ܂A͕svȂ̂łB̃bZ[W~߂
    ΁ANXNvgύX OK łB
   
 e. ̂悤ȃbZ[WOɌ:
   
    
    kmem_create: forcing size word alignment - nfs_fh       
                                                            
    
   
    ̓t@Cnh 32 rbg̔{ł͂Ȃ 16 rbgł邱
    Ƃ痈Ă܂B̂߃J[l̋@ƈȂĂ
    łBQłB
   
 

7.7. ۂ̃p[~bV /etc/exports ̎wƈقȂ

/etc/exports ̓Xy[XɔɕqłBႦΈȉ 2 s͓ł͂
܂:

/export/dir hostname(rw,no_root_squash)                                
/export/dir hostname (rw,no_root_squash)                               
                                                                       

́̕Ahostname  /export/dir ΂ rw ANZX^A root 
̋֎~ (root_squash) ͂Ă܂BԖڂ̂́Ahostname  rw 
^ root_squash wAāuzXgv rw ANZX^
A root_squash ͂Ă܂B킩܂?

 

7.8. ȁAsȐU

ls ̂悤ȊȒPȃR}h͓삷邪Aʂ̏]悤ȍƂ
sƃ}Eg|CgbNB

2 ̗Rl܂B

 i. T[oNCAg ipchains gĂAtOgꂽ
    pPbg`FCʂȂ悤ɂĂƁÂ悤ȂƂN
    ܂B[gzXg̃tOg΁AĂы@\
    ͂łB Section 6.4 ĂB
   
ii. }EgIvV rsize  wsize ɁAT[oT|[gĂ
    傫Ȓlw肵Ă̂܂B rsize  wsize  1024
    Ɍ炵āA肪邩ĂBAĂт
    ƁAK؂Ȓlɑ₵ĂĂB
   
 

7.9. nfsd NȂ

/etc/exports 𒲂ׁA root ɑ΂ǂݎ苖邩mFĂ
BoCi𒲂ׁAst@Cł邩mFĂBJ[l NFS
T[õT|[ggݍ܂Ăł傤B̂ł
Ȃ΁AoCiCXg[ȂKv邩܂B

 

7.10. ̃NCAggƃt@C

t@CCĂ 1 bȓɕʂ̏CȂA̍ۂɃTCY
ȂꍇA inode ԍ܂B̂߁A̃t@C
ɕ̃NCAgAIɓǂݏsƁAt@C
邱Ƃ܂B̃oOCɂ́At@CVXe̐[
ύXȂ΂ȂȂ߁A 2.5 ɂۑɂȂĂ܂B

 

8. Linux  NFS 𑼂 OS Ǝg

 OS (Linux ܂) ɂ́Aꂼ NFS ̎ɁAƂ
ႢȂ܂Bꍇ̓vgRBȂAꍇ
͂łZLeBz[c܂܂ł邹AR͂
łB Linux ́AX̒mł́AW[ȃx_ NFS 
ׂĂƐ삵܂BA 2  OS ݂NAɒʐMĂ
ǂmFɂ́Aǉ̍ƂKvɂȂ邱Ƃ܂B̃ZN
Vł͂̍ƂׂĂ܂B

ʓIɌāAJ[l 2.2.18 O Linux }VA Linux ȊO
̃NCAg NFS T[oƂ̂́AS߂ł܂BÂJ[
lł̎́ANCAgƂĂȂȂ삷Ǝv܂B
̃J[lŉ肪NꍇAXłAhoCX́A
܂J[lAbvO[hĖ肪邩Ă݂AłB[U
Ԃ NFS A Linux ȊÕNCAgƂ͂܂܂B

ȍ~ɁALinux W[ OS ƂɎgꍇɒmĂ鎖
Ă܂B

 

8.1. AIX

8.1.1. Linux NCAg AIX T[o

Section 3 ŗpɑΉ /etc/exports t@C̃tH[}bǵA
̂悤ɂȂ܂B

  /usr   slave1.foo.com:slave2.foo.com,access=slave1.foo.com:slave2.foo.com 
  /home  slave1.foo.com:slave2.foo.com,rw=slave1.foo.com:slave2.foo.com     
                                                                            

 

8.1.2. AIX NCAg Linux T[o

AIX  /etc/fstab ł͂Ȃ /etc/filesystems p܂B Section 4 ł
ɑΉGg̃TvĂ܂B

/mnt/home:                                                                    
        dev             = "/home"                                             
        vfs             = nfs                                                 
        nodename        = master.foo.com                                      
        mount           = true                                                
        options         = bg,hard,intr,rsize=1024,wsize=1024,vers=2,proto=udp 
        account         = false                                               
                                                                              

 i. AIX  Version 4.3.2 (炭͂ȑÕo[W) ɑ΂Ă
    At@CVXe insecure IvVŃGNX|[gKv
    ܂BȂ킿 NFS |[g (܂ 1024 ȏ́Aroot ȊO
    ̃[UoChł|[g) őҋ@܂BÂo[W
    AIX ł́A͕KvȂ悤łB
   
ii. AIX ̃NCAǵAftHgł Version 3 NFS over TCP Ń}E
    g܂B Linux T[oT|[gĂȂꍇ́A}Eg
    ̃IvV vers=2  proto=udp w肵Ȃ΂Ȃ܂B
   
iii. /etc/exports Ƀlbg}XNgƁANCAgZbg
    ƂɁAʂ̃NCAg̃}Eg؂Ă܂ꍇ܂B
    ͊ezXgXgΉ܂B
   
iv. AIX 4.3.2  automount ́A炩ɂǂςłB
   
 

8.2. BSD

8.2.1. BSD T[o Linux NCAg

BSD J[l̓ubNTCY傫قǂ삷X
܂B

 

8.2.2. Linux T[o BSD NCAg

BSD ̃o[WɂẮAT[o|[gœ삵ĂKv
܂B̏ꍇ{[GNX|[gƂ insecure IvV
KvɂȂ܂Bڍׂ exports(5)  man y[WB

 

8.3. Tru64 Unix

8.3.1. Tru64 Unix T[o Linux NCAg

ʂ Tru64 Unix T[o Linux NCAgƋɂ߂ėǍDɓ삵܂B
Section 3 ŉXpɑΉ /etc/exports t@C̃tH[}b
ǵÂ悤ɂȂ܂B

                                                                       
/usr         slave1.foo.com:slave2.foo.com \                           
     -access=slave1.foo.com:slave2.foo.com \                           
                                                                       
/home        slave1.foo.com:slave2.foo.com \                           
         -rw=slave1.foo.com:slave2.foo.com \                           
       -root=slave1.foo.com:slave2.foo.com                             
                                                                       

(ōŌ̃Ggɂ root IvV͏Ă邾łB
KvȂΎw肵ȂĂ\܂B)

Tru64 ́A}Egv邽т /etc/exports t@C`FbN
B] exportfs R}hNKv͂܂B Tru64 Unix
̑̃o[Wł́ÃR}h݂͑܂B

 

8.3.2. Linux T[o Tru64 Unix NCAg

̑gݍ킹ɂ͒ӓ_ 2 ܂B܂A Tru64 Unix ̃}Eg
ftHg Version 3 NFS p܂B Linux ̃T[o Version 3 NFS
T|[gĂȂƁA}EgG[ɂȂł傤BɁATru64 Unix
4.x ł́ANFS bNNGXg daemon s܂B] Tru64 Unix
4.x NCAgɃGNX|[g{[ɂ́Aׂ insecure_locks
w肷Kv܂Bڍׂ exports(5)  man y[WB

 

8.4. HP-UX

8.4.1. HP-UX T[o Linux NCAg

HP-UX ł /etc/exports ̃Gg̗܂B

/usr -ro,access=slave1.foo.com:slave2.foo.com                             
/home -rw=slave1.foo.com:slave2.fo.com:root=slave1.foo.com:slave2.foo.com 
                                                                          

(Ō̃Ggł root IvV́AƂĎړIłB
ȂΎw肵ȂĂ\܂B)

 

8.4.2. Linux T[o HP-UX NCAg

HP-UX ̃fBXNXNCAgɑ΂āAfoCXt@C𐳂GN
X|[gɂ́AȂƂJ[l̃o[W 2.2.19 (邢
2.2.18 Ƀpb`𓖂Ă) KvɂȂ܂B܂AHP-UX NCAg
փGNX|[gۂɂ́AK insecure_locks IvVw肷Kv
܂B

 

8.5. IRIX

8.5.1. IRIX T[o Linux NCAg

IRIX ł /etc/exports ̃Gg̗܂B

/usr -ro,access=slave1.foo.com:slave2.foo.com                             
/home -rw=slave1.foo.com:slave2.fo.com:root=slave1.foo.com:slave2.foo.com 
                                                                          

(Ō̃Ggł root IvV́AړIł̂ݗpĂ
܂BȂΎw肵ȂĂ\܂B)

񍐂ɂƁAlinux 2.2 x[X̃VXe nohide IvVpăG
NX|[gƖ肪邻łB 2.4 J[lł͏CĂ
܂BƂ肠ɂ́At@CVXẻ̊KwʁXɃGNX
|[gă}Eg邱ƂłB

J[l 2.4.17 ̎_ł́A݉^p̏Ȗ肪܂݂ĂA
J[l̃AbvO[hKvɂȂ邩܂BLׂƂ
qׂĂ܂B

 E Trond Myklebust  seekdir (܂ dir) J[lpb`YꂸɓK
    pĂĂBŐV (2.4.17 ) ͎̏ꏊɂ܂B
   
    http://www.fys.uio.no/~trondmy/src/2.4.17/linux-2.4.17-seekdir.dif
    <http://www.fys.uio.no/~trondmy/src/2.4.17/
    linux-2.4.17-seekdir.dif>
   
 E IRIX T[óAċN̑Oœ fsid tB[hpƂ͌
    Ȃ߁A}EgĂ IRIX T[oċN Linux NC
    Ag inode number mismatch ƂG[ɂȂ邩܂Bp
    b`͎̏ꏊɂ܂B
   
    http://www.geocrawler.com/lists/3/SourceForge/789/0/7777454/ <http:
    //www.geocrawler.com/lists/3/SourceForge/789/0/7777454/>
   
 E naming version=1 ō쐬ꂽ IRIX XFS t@CVXeGNX|[
    gꂽ̂AS̃t@CێĂ悤ȑ傫ȃfBN
    gǂݏoƂƁA Linux J[l 2.4.9 ȍ~ł͖肪N
    ܂BR͎ URL ɗ^Ă܂B
   
    http://www.geocrawler.com/archives/3/789/2001/9/100/6531172/ <http:
    //www.geocrawler.com/archives/3/789/2001/9/100/6531172/>
   
    naming version ́A(IRIX T[o) ̃R}hp΂킩܂
    B
   
            xfs_growfs -n mount_point                           
                                                                
   
    ɂ́Ãt@CVXẽGNX|[gɍۂ
    A /etc/exports t@C -32bitclients IvVw肵܂B
    Cɂ́At@CVXe 'naming version=2' ɕϊ
    BcOȂAsɂ backup/mkfs/restore B̕@ł
    B
   
    IRIX 6.5.14 (тȍ~)  mkfs_xfs sƁAftHgł 
    naming version=2  XFS t@CVXeł܂B IRIX 6.5.5 
     6.5.13 ̊Ԃł́ÃR}hpĂB
   
            mkfs_xfs -n version=2 device                        
                                                                
   
    IRIX 6.5.5 ȑOł́A naming version=2  XFS t@CVXe̓T
    |[gĂ܂B
   
 

8.5.2. IRIX NCAg Linux T[o

IRIX ̃o[W 6.5.12 ܂łɂ́A Linux }VGNX|[gt@
CVXe}EgƁA肪N܂B}Eg|Cgu
āv܂̂łBȂ킿:

        # mount linux:/disk1 /mnt                                      
        # cd /mnt/xyz/abc                                              
        # pwd                                                          
        /xyz/abc                                                       
                                                                       

 IRIX ̃oOł邱Ƃ킩Ă (SGI bug 815265 - IRIX not
liking file handles of less than 32 bytes)A IRIX 6.5.13 ŏC܂
B IRIX 6.5.13 ɃAbvO[h邱Ƃs\ȏꍇɂ́Aȉ
@łA 32 rbg̃t@Cnhp悤 Linux  
nfsd ɋ܂B

̃pb`܂B̂ƂĂB

 E http://www.geocrawler.com/archives/3/789/2001/8/50/6371896/ <http:/
    /www.geocrawler.com/archives/3/789/2001/8/50/6371896/>
   
 E http://oss.sgi.com/projects/xfs/mail_archive/0110/msg00006.html
    <http://oss.sgi.com/projects/xfs/mail_archive/0110/msg00006.html>
   
 

8.6. Solaris

8.6.1. Solaris T[o

Solaris ̃T[ǒ`́A OS ƏXقȂĂ܂Bݒt@C
ɂ /etc/exports łȂ /etc/dfs/dfstab p܂BGgɂ share
R}hp܂B Section 3 ł̗ɑΉ鏑͎̂悤ɂȂ܂
B

share -o rw=slave1,slave2 -d "Master Usr" /usr                         
                                                                       

ĕҏWɂ́Aexportfs ̑ shareall s܂B

Solaris ̃T[o̓pPbgTCYɔɕqłB Linux NCAg
Solaris T[oƎgꍇɂ́AK}Eg rsize  wsize  32768
ɂĂB

Ō Solaris ɂ root squash ɂďqׂĂ܂B root ̓
[U noone Ƀ}bv܂A̓[U nobody Ƃ͈قȂ܂BN
CAgŃt@C̃p[~bVɊւĖ肪A}bsO
ҒʂɂȂĂ邩AYꂸɃ`FbNĂB

 

8.6.2. Solaris NCAg

Solaris ̃NCAg͒IɎ̂悤ȃbZ[Wo܂B


svc: unknown program 100227 (me 100003)                             
                                                                    


 Solaris ̃NCAgA}Egۂ ACL 擾悤
Ƃ邩ł -  Linux ɂ͂܂B̃bZ[W͖
č\܂B

fBXNX Solaris NCAgɊւẮA 2 قǒӓ_
B܂ /dev/null 𐳂GNX|[gɂ́AȂƂJ[l̃o
[W 2.2.19 łȂ΂Ȃ܂BɁAfBXNX sparc N
CAgł́ApPbgTCYɏ (Ȃ킿 1024 ) Ȃ
΂Ȃ܂BNCAg̓pPbgtɕ׊邱ƂłȂ
łB̓NCAg /etc/bootparams Őݒł܂B

 

8.7. SunOS

SunOS ɂ NFS Version 2 over UDP ܂B

 

8.7.1. SunOS T[o

T[oł́ASunOS  /etc/exports t@C̓`IȌ`p܂B 
Section 3 ł̗͎̂悤ɂȂ܂B

/usr    -access=slave1.foo.com,slave2.foo.com                                 
/home   -rw=slave1.foo.com,slave2.foo.com, root=slave1.foo.com,slave2.foo.com 
                                                                              

łA root IvV͏ړIł̂ݎgĂAȂ
Ύw肵ȂĂ\܂B

 

8.7.2. SunOS NCAg

SunOS  NFS bNNGXgׂ daemon Ƃčs܂B]
SunOS NCAgɃGNX|[g{[ɂ́Aׂ 
insecure_locks w肷Kv܂Bڍׂ exports(5)  man y[
WB

