AIX/HP-UX Interoperability Guide (continued)
[Last Chapter: 11. NIS]
You can stop and start most NFS daemons either by using SRC commands or by using SMIT, which ultimately calls SRC commands. The exceptions are rpc.rexd, rpc.ruserd, rpc.rwalld, and rpc.rsprayd, which are started by inetd. The following subsystems are part of the nfs group: nfsd, biod, rpc.lockd, rpc.statd, and rpc.mountd.
To start the nfs group, type:
# startsrc -g nfs
This starts all of the daemons of the nfs group as well as the appropriate number of each. For nfsd and biod the default number of daemons is eight. To change these defaults, you must do one of the following:
# chnfs -n4 -b4
# chssys -s biod -a6
The chnfs command stops currently running nfsds and biods, updates the ODM database to reflect the new defaults (in this case four daemons each), and then restarts the daemons using SRC commands. The chssys command changes the cmdargs descriptor in a subsystem definition, in this case the biod subsystem. Therefore anytime you run the following command:
# startsrc -s biod
the value of the -a parameter is used to determine the number of biods to start, in this case six. You can start any subsystem with the startsrc -s command or stop one with the stopsrc -s command. For example:
# startsrc -s rpc.lockd
# stopsrc -s rpc.mountd
The file that controls the NFS (and NIS for that matter) daemons on startup is /etc/rc.nfs. To disable NFS upon bootup, either remove the line containing that file name from the /etc/inittab file or run the smit rmnfs command and select restart in the STOP NFS now, system restart or both field. To enable NFS upon bootup it is best to use the smit mknfs command because it is easy to make a syntax error trying to edit /etc/inittab by hand.
Note that /etc/rc.nfs controls the startup of both NFS and NIS. If you want to disable NIS but not NFS you can comment out the appropriate lines in /etc/rc.nfs or run smit rmypserv or smit rmypclient. Do not remove the rcnfs line in /etc/inittab if you want only to disable NIS.
To configure an NFS server in AIX, all you do is create an /etc/exports file and then run smit mknfs. You can use a text editor to create /etc/exports or you can do the following:
Add a Directory to Exports List
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * PATHNAME of directory to export [] / * MODE to export directory read-write + HOSTNAME list. If exported read-mostly [] Anonymous UID [-2] HOSTS allowed root access [] HOSTS & NETGROUPS allowed client access [] Use SECURE option? no + * EXPORT directory now, system restart or both both + PATHNAME of Exports file if using HA-NFS []
The required entries are PATHNAME of directory to export, MODE to export directory, and EXPORT directory now, system restart or both. Fill in these parameters and press Enter. SMIT will create or update the /etc/exports file and then run the exportfs -a command. The other parameters are optional and can be determined by consulting the exports man page. Run the smit chnfs command.
To start the NFS daemons,
Start NFS
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * START NFS now, on system restart or both both +
Pressing Enter at this point starts all the daemons of the nfs group and puts an entry in the /etc/inittab file to make the changes permanent.
You can use the same procedure as above, run smit mknfs to start the NFS daemons-and in the case of an NFS client the biods are the only ones you might want-or you can simply start making NFS mounts from a server by doing the following:
Add a File System for Mounting
Type or select values in entry fields. Press Enter AFTER making all desired changes. [Entry Fields] * PATHNAME of mount point [] / * PATHNAME of remote directory [] * HOST where remote directory resides [] Mount type NAME [] * Use SECURE mount option? no + * MOUNT now, add entry to /etc/filesystems or both? now + * /etc/filesystems entry will mount the directory no + on system RESTART. * MODE for this NFS file system read-write + * ATTEMPT mount in foreground or background background + NUMBER of times to attempt mount [] # Buffer SIZE for read [] # Buffer SIZE for writes [] # NFS TIMEOUT. In tenths of a second [] # Internet port NUMBER for server [] # * Mount file system soft or hard hard + Allow keyboard INTERRUPTS on hard mounts? yes + Minimum TIME, in seconds, for holding [3] # attribute cache after file modification Maximum TIME, in seconds, for holding [60] # attribute cache after file modification Minimum TIME, in seconds, for holding [30] # attribute cache after directory modification Maximum TIME, in seconds, for holding [60] # attribute cache after directory modification Minimum & Maximum TIME, in seconds, for [] # holding attribute cache after any modification The Maximum NUMBER of biod daemons allowed [6] # to work on this file system * Allow execution of SUID and sgid programs yes + in this file system? * Allow DEVICE access via this mount? yes + * Server supports long DEVICE NUMBERS? yes +
The required entries are denoted by the asterisk (*), are fairly obvious, and have default values which you will in most cases prefer. However, a couple entries need some additional explanation. For MOUNT now, add entry to /etc/filesystems or both? the default value is now. If you accept the default, SMIT will make the mount, but the mount will be in effect only until system restart or until you explicitly unmount the file system with the umount command. Selecting the value of both will not only result in the mount but also an entry in the /etc/filesystems file.
As explained in the chapter on disks and file systems, /etc/filesystems is AIX's equivalent to HP-UX's /etc/checklist file, which determines which file systems are mounted on bootup. Both files will mount networked file systems as well as local ones; the only difference is their format. If, for example, you mounted the file system /doc from the machine elmo and had an entry for that mount in /etc/filesystems, that entry would look something like:
/doc: dev = "/doc" vfs = nfs nodename = elmo mount = false options = bg,hard,intr account = false
This example also illustrates the other entry in the mknfsmnt screen which needs a little explanation: /etc/filesystems entry will mount the directory on system RESTART. The default value is no, which results in a mount=false line in /etc/filesystems, like in the one above. This means that the remote file system will not be mounted by default upon system restart. If the line reads mount=true, then the system will attempt to make the NFS mount upon system restart. If it cannot because the server is unavailable, then additional mount requests will occur in the background (options=bg denotes this). In some cases it is better to have the mount parameter be false. If, for example, you have several mounts from the same server and it is down, the boot process will not be bogged down by attempting to make remote mounts for each networked file system, in which case it might be better to have an /etc/rc.local file to complete the mounts once everything else is up and running.
For additional information on the options available in making NFS mounts, see the mount, mknfsmnt, and filesystems man pages.
Remove an entry from the /etc/exports file:
Change an exported file system:
Remove an NFS mount:
# smit rmnfsmnt
The basic configuration steps are listed below and detailed in the sections that follow.
Configure the systems for NFS if you have not already done so.
The master map is usually created as /etc/auto.master and then made into the NIS map auto.master. By default, automount tries to get master map information from the NIS map auto.master. If a local master map file is specified on the command line, automount reads it before reading the NIS auto.master map.
The format of the auto.master file is:
DirectoryPath AutomountMapName
where:
Automount maps are usually named auto.xxx, where xxx is the name of the map. The name does not have to correspond to any mount points, but it is recommended that the map name correspond to the directory contents (for example, auto.man for man pages).
As with all NIS maps, names must be 10 characters or less if you have file systems that do not allow file names longer than 14 characters. This is because NIS adds four-character suffixes (.dir and .pag) to the map name.
The format of the map entries is:
key [-mount options] server:directory
where:
Automount recognizes special characters in direct and indirect maps to be used for substitutions and to escape other characters. They are:
& | can substitute key values into the directory path names |
* | is recognized as a catch all entry (a wildcard). It is the last or only entry in a map. It matches all keys and provides a value for the & substitutions that may exist in the right-hand side of a map. For example: * -ro,intr server:/users/& |
+ mapname | The contents of another map can be included within the current map. If mapname is a directory with no slashes, automount interprets it as an NIS map. If the directory has slashes then automount looks for a local map with that name. |
Automount maps can be local files or administered as NIS maps. By default, automount tries to read master map information from the NIS map auto.master. Automount also reads master map information from a local file if you specify one on the command line.
The master map can contain NIS map names for the indirect and direct maps instead of file names. To specify an NIS map, preface the map name with a plus (+).
To create an NIS map, edit the /var/yp/Makefile: [10]
auto.master.time: $(DIR)/auto.master -@if [ -f $(DIR)/auto.master ]; then \ $(MAKEDBM) $(DIR)/auto.master $(YPDBDIR)/$(DOM)/auto.master; \ touch auto.master.time; \ if [ ! $(NOPUSH) ]; then \ $(YPPUSH) auto.master; \ echo "pushed auto.master"; \ else \ : ; \ fi \ else \ echo "couldn't find $(DIR)/auto.master"; \ fi
# cd /var/yp
# make auto.master
The full pathname in AIX is /usr/sbin/automount. The options found in the automount man page are the same as those for the HP-UX version. You can also start automount by typing the smit mkautomnt command. If you want to start automount on bootup, the best place to put it is at the end of the /etc/rc.nfs file, something you will have to do manually since SMIT doesn't do it for you.
Automount is normally started and stopped only when the machine is rebooted. To shut down automount gracefully during system operation, take the following steps:
CAUTION: No other automount daemon should be started until the first has successfully cleaned up and exited. If a second automount daemon is started when the first is in its shutdown process, the second daemon will start its shutdown process. This means that there will now be four automount daemons: the first, the second, and their children. These daemons will not exit until all the mount directories they are serving have been unmounted.
Do not send the SIGKILL signal (kill -9, kill -KILL) to the automount daemon. This will cause any processes accessing mount directories served by automount to hang. The file hierarchies mounted by automount under /tmp_mnt will still be accessible.
At the SAM Main window, highlight Networking/Communications and activate the OPEN button.
This task lets you allow or deny access to specific RPC services (servers). When you perform this task, you are editing the /usr/adm/inetd.sec file. The information you need to complete this task is the remote system names to which you are allowing or denying access.
To perform this task:
You must be superuser to create an NFS server. To create an NFS server, complete the following steps. These steps are described in detail in the sections that follow.
The /etc/netnfsrc file activates the NFS daemons and servers. To define the node as an NFS server, set the NFS_SERVER variable to any digit other than zero. Set START_MOUNTD to any digit other than 0. mountd can be started from netnfsrc on inetd. If mountd has an entry in inetd.conf the START_MOUNTD should be 0. If the node is also a client, you may want to set the NFS_CLIENT variable to any digit other than zero now. If the node is also a server for PC-NFS requests, set the PCNFS_SERVER variable to any digit other than zero.
Client Only
|
NFS_CLIENT=1
NFS_SERVER=0
|
Server Only
|
NFS_CLIENT=0
NFS_SERVER=1
START_MOUNTD=1
|
Both Client and Server
|
NFS_CLIENT=1
NFS_SERVER=1
START_MOUNTD=1
|
Neither Client nor Server
|
NFS_CLIENT=0
NFS_SERVER=0
|
PC-NFS Server
|
PCNFS_SERVER=1
START_MOUNTD=1
|
You can refer directly to the comments for editing instructions and for descriptions of each activity executed by /etc/netnfsrc:
#!/bin/sh ## Configured using SAM by root on Tue Jul 18 14:41:23 1995 ## @(#)netnfsrc: $Revision: 1.51.109.9 $ $Date: 92/08/18 13:48:27 $ # netnfsrc -- NFS startup file ## # Depending on the configuration parameters you set within, # this script sets up some or all of the following: # NIS specific: # domainname -- the NIS domain name # # and starts up some or all of the following programs: # portmap -- RPC (program_#,version) -> port_# mapper # nfsd -- NFS daemons # biod -- async BIO daemons # pcnfsd -- PC-NFS daemon # NIS specific: # ypbind -- NIS client process (all NIS nodes) # ypserv -- NIS server process (NIS server only) # yppasswdd -- NIS password daemon (NIS master server only) ## # NFS_CLIENT -- 1 if this node is an NFS client, 0 if not # NFS_SERVER -- 1 if this node is an NFS server, 0 if not # Note: it is possible for one host to be a client, a server, both # NFS_SERVER -- 1 if this node is an NFS server, 0 if not # Note: it is possible for one host to be a client, a server, both # or neither! This system is an NFS client if you will be # NFS mounting remote file systems; this system is a server # if you will be exporting file systems to remote hosts. # See Also: nfsd(1M), mount(1M). ## NFS_CLIENT=1 NFS_SERVER=1 ## # START_MOUNTD -- 1 if this script should start rpc.mountd. # 0 if /etc/inetd.conf has an entry for mountd. # Note: rpc.mountd should be started from netnfsrc. However, it # can be started from either netnfsrc or inetd, and # MUST only be configured in one place. ## START_MOUNTD=1 ## . . . ## #PCNFS_SERVER -- 1 if this node is a server for PC-NFS requests. # This variable controls the startup of the # pcnfsd(1M) server. See Also: pcnfsd(1M). ## PCNFS_SERVER=0
To activate the RPC services, remove all # comment marks from /etc/inetd.conf lines beginning with #rpc. After editing /etc/inetd.conf, you must reconfigure inetd by entering:
/etc/inetd -c
The inetd security facility works only when the inetd executes a server. For the RPC services that do not exit after each service request, inetd provides a security check only for the first request. Successive requests bypass the inetd and are subject only to the security checking performed by the individual RPC services. However, you can make the inetd perform a security check for every RPC request by doing both of the following steps:
NOTE: Adding the -e option makes the RPC server respond slower since it has to restart for each request.
Suppose /etc/inetd.conf contains the following:
rpc dgram udp wait root /usr/etc/rpc.mountd 100005 1 rpc.mountd -e
The rpc.mountd program is the server for the mount command and reads /etc/exports to see what the available directories or files are and to whom they are exported. It also keeps a list of all mounted directories or files. The -e option forces inetd to perform a security check for rpc.mountd on every request.
NFS operates under the assumption you have a friendly network; meaning, you can trust all users attached to your network. Since this assumption may not apply to everyone, refer to the following sections to improve your file security.
The /usr/adm/inetd.sec configuration file is provided in the ARPA Services product. It is not solely for NFS access. This file allows you to determine:
On the first line in /usr/adm/inetd.sec, enter the maximum number of simultaneous remote services to be started by inetd as shown in the following example:
MAXNUM number
If you do not specify a MAXNUM value, the default is 1000.
Each entry in /usr/adm/inetd.sec has the following format (enter either allow or deny):
service_name allow/deny host_specifier(s)
Where:
service_name | Name of a valid service (include RPC services) with an entry in /etc/inetd.conf/etc/inetd.conf
For RPC services, service_name is the name of the service that matches its program number in /etc/rpc. This entry must have a corresponding entry in /etc/inetd.conf/etc/inetd.conf which contains the -e option. Specify only one service per entry. If an entry in /usr/adm/inetd.conf specifies the service name and nothing else, inetd allows all hosts to attempt access. |
allow/deny | The allow entry instructs inetd to approve the host or network for access to the specified service.
The deny entry instructs inetd to disapprove the host or network for access to the specified service. |
host_specifier(s) | Name of a host or a network listed in /etc/hosts/etc/hosts or /etc/networks, or an internet address in the standard internet notation.
You can specify more than one host or network by separating each host_specifier with a blank or tab. You can use the asterisk (*) or dash (-) in any field of a network or host address. You cannot use aliases. |
The /etc/netgroup file enables you to define a specific network-wide group of nodes as a netgroup. You can then limit directory access by exporting directories or files (via /etc/exports and exportfs) to the netgroups defined. The system uses /etc/netgroup to verify host names whenever clients perform remote mounts.
You make the directories or files and their access restrictions, if any, available by your entries in the server's /etc/exports file. When you boot up the NFS server, the /etc/netnfsrc file will automatically run the exportfs daemon, which looks up /etc/exports and makes the directories or files available for NFS clients to access. You can export and unexport directories or files after the server is up or change access permissions of the exported directory by using the exportfs command. The exportfs command can be run at any time by the superuser to alter the list or characteristics of exported directories and filenames. For details on constructing the /etc/exports file, see the man page on exports(4). Also refer to exportfs(1M).
After you finish the configuration procedure, execute /etc/netnfsrc or reboot the system to activate the daemons and servers. The rebooting process does not unmount any of the server's directories or files that were remotely mounted by other network nodes. However, these nodes will not be able to access any of the server's files until the server is operating again.
The basic configuration steps are listed below and detailed in the sections that follow.
Configure the systems for NFS if you have not already done so. This task includes adding NFS to the kernel and editing /etc/netnfsrc. On the servers, edit /etc/exports.
The master map contains the names of the indirect and direct maps. It also contains the names of common mount directories for indirect maps. You do not need a master map if you pass all the map information to automount in the command line.
The master map is usually created as /etc/auto.master and then made into the NIS map auto.master. By default, automount tries to get master map information from the NIS map auto.master. If a local master map file is specified on the command line, automount reads it before reading the NIS auto.master map.
The format for indirect map entries in the master maps is:
mount directory indirect map [-mount options]
The format for direct map entries in the master map is:
/- direct map [-mount options]
where:
-hosts | Indicates the hosts map. The name of the remote host is used as the subdirectory name under the mount directory. |
-password | Indicates the password map |
-null | Cancels a previous map for the indicated mount directory. For example, if you use this in a local master map, it cancels the entry in the NIS auto.master map. |
Automount maps are usually named auto.xxx, where xxx is the name of the map. The name does not have to correspond to any mount points, but it is recommended that the map name correspond to the directory contents (for example, auto.man for man pages).
As with all NIS maps, names must be 10 characters or less if you have file systems that do not allow file names longer than 14 characters. This is because NIS adds four-character suffixes (.dir and .pag) to the map name.
By convention, maps are usually created under /etc/autoconfig or /etc. If you use NIS to administer the maps, you should create the source files under the ypmake (1m) source directory; the default ypmake source directory is /etc.
Each indirect map has a mount directory associated with it that is controlled by automount. The mount directory contains symbolic links to the actual mount points under /tmp_mnt. The mount directory is specified on the automount command line or in the master map.
The format of the indirect map entries is:
key [-mount options] server:directory
where:
Automount recognizes special characters in direct and indirect maps to be used for substitutions and to escape other characters. They are:
& | can substitute key values into the directory path names |
* | is recognized as a catch-all entry (a wildcard). It is the last or only entry in a map. It matches all keys and provides a value for the & substitutions that may exist in the right-hand side of a map. For example: * -ro,intr server:/users/& |
+ mapname | The contents of another map can be included within the current map. If mapname is a directory with no slashes, automount interprets it as an NIS map. If the directory has slashes then automount looks for a local map with that name. |
Direct maps can contain any number of unrelated mount points. No common mount directory is maintained.
The format of the direct map entries is:
key [-mount options] server:directory
where:
The special characters listed above are also valid for direct maps.
Automount maps can be local files or administered as NIS maps. By default, automount tries to read master map information from the NIS map auto.master. Automount also reads master map information from a local file if you specify one on the command line.
The master map can contain NIS map names for the indirect and direct maps instead of file names. To specify an NIS map, preface the map name with a plus (+).
To create NIS maps, edit the /usr/etc/yp/ypmake shell script as shown below. In the following text, assume that you want to create NIS maps for auto.master and a direct map called auto.xxxx. Within the scripts, auto_master and auto_direct are used for local variable names to avoid regular expression evaluation, but the map and file names are auto.master and auto.direct.
Under the function section, add the following blocks for auto.master and auto.xxxx:
auto_master() { grep -v "^[ ]*#" $1 | grep -v "^[ ]*$" | \ awk 'BEGIN { OFS="\t"; } { print $1, $2, $3 }' | \ $MAKEDBM - $MAPDIR/auto.master } auto_xxxx() { grep -v "^[ ]*#" $1 | grep -v "^[ ]*$" | \ awk 'BEGIN { OFS="\t"; } { print $1, $2, $3 }' | \} $MAKEDBM - $MAPDIR/auto.xxxx }
In the block
for ARG in $*; do case "$ARG" in
add an entry for auto.master and auto.xxxx before the "*)" in the case statement as follows:
auto_master ) if [ `expr "$MAPS" : ".* auto.master.*"` -eq 0 ]; then MAPS="$MAPS auto.master" fi;; auto_xxxx ) if [ `expr "$MAPS" : ".* auto.xxxx.*"` -eq 0 ]; then MAPS="$MAPS auto.xxxx" fi;;
In the definition for
MAPS=${MAPS:-'passwd groups hosts ...
add an entry for auto_master and auto_xxxx.
In the block
for MAP in $MAPS; do case $MAP in
add an entry for auto.master and auto.xxxx as follows:
auto_master) build $DIR/auto.master auto.master ;; auto_xxxx) build $DIR/auto.xxxx auto.xxxx;;
You should also modify /usr/etc/yp/ypinit on the master server. Add auto.master and auto.xxxx to the list of MASTER_MAPS.
Automount is started by executing /usr/etc/automount at boot time. It is executed by default from the /etc/netnfsrc2 file. You can specify map information on the command line. Any map information you specify is read before information in the NIS map auto.master and takes precedence over the NIS map. See automount(1m) for specific command line options.
Automount is normally started and stopped only when the machine is rebooted. To shut down automount gracefully during system operation, take the following steps:
WARNING: No other automount daemon should be started until the first has successfully cleaned up and exited. If a second automount daemon is started when the first is in its shutdown process, the second daemon will start its shutdown process. This means that there will now be four automount daemons: the first, the second, and their children. These daemons will not exit until all the mount directories they are serving have been unmounted
Do not send the SIGKILL signal (kill -9, kill -KILL) to the automount daemon. This will cause any processes accessing mount directories served by automount to hang. The file hierarchies mounted by automount under /tmp_mnt will still be accessible.
NFS, originally a Sun product, works mostly the same in both AIX and HP-UX. However, some of the details differ, as always. AIX controls NFS daemons through the System Resource Controller (SRC) while HP-UX allows for direct commands. Both operating systems' system management tools (SMIT and SAM) support NFS configuration, which in most cases is the preferred way to go. Automatic NFS mounts on bootup are controlled by /etc/filesystems (AIX) and /etc/checklist (HP-UX). Though the format of each file differs, the principle in each is the same.
Both systems support automount, though you have to configure it manually on each. The biggest difference in the automount area is its integration with NIS. Otherwise, NFS has the same "look and feel" across AIX and HP-UX platforms. Both platforms export file systems listed in /etc/exports via the exportfs command. Both systems have nfsds, biods, rpc.mountd, rpc.lockd, and rpc.statd. Since NFS uses the External Data Representation (XDR) protocol, there is no problem in data representation across the two systems.
Footnotes:
[10]: Taken from NIS Automounter, InfoExplorer
Provide feedback to: alan_roberts@hp.com