1
00:00:00,000 --> 00:00:17,800
Hey everyone and welcome back. So in this skill right here, what we're going to be focusing

2
00:00:17,800 --> 00:00:26,320
on is something called NFS. This is the network file system. And the real emphasis here is

3
00:00:26,320 --> 00:00:33,520
on that letter N network. This is really what the crux of this topic is all about. Now if you

4
00:00:33,520 --> 00:00:40,399
recall from the previous skill, we happen to talk about SAMBA. Now SAMBA was all about being able

5
00:00:40,399 --> 00:00:46,400
to share out different things such as printers or particular files and folders. And when we talk

6
00:00:46,400 --> 00:00:54,560
about NFS, there is some overlap, some similarity here, and that ultimately we are sharing resources,

7
00:00:54,640 --> 00:01:01,440
but we're not sharing the same things or in the same way as we would via a SAMBA server. So like I

8
00:01:01,440 --> 00:01:08,640
say, SAMBA, we are sharing out printers and folders and files with respect to NFS. What we are

9
00:01:08,640 --> 00:01:15,680
actually sharing is a file system itself. And how are we sharing this? We're sharing it via the

10
00:01:15,680 --> 00:01:22,079
network IE to other computers that we can connect to. So this really is the crucial difference

11
00:01:22,079 --> 00:01:27,200
when talking about NFS. It's actually that file system that is going to be mounted and going to

12
00:01:27,200 --> 00:01:33,920
be shared with other people so that they can use that just like it was a local file system on their

13
00:01:33,920 --> 00:01:40,159
local computer. This would be just like if they happen to have a new partition or a new hard disk,

14
00:01:40,159 --> 00:01:47,759
whatever it may be, on their local drive. However, it has been accessed, like I say again, via the

15
00:01:47,840 --> 00:01:55,520
network. And this really is the crux of what we are talking about here with respect to SAMBA. You

16
00:01:55,520 --> 00:02:00,240
may remember that we could implement particular authentication, meaning that we could share

17
00:02:00,240 --> 00:02:06,719
particular files with particular users or particular folders or printers, whatever it may be. But we

18
00:02:06,719 --> 00:02:13,200
were targeting particular individuals, certain people we wanted to grant access to certain files.

19
00:02:13,280 --> 00:02:18,159
In this case, though, what we're actually going to do is we're going to grant access to

20
00:02:18,159 --> 00:02:25,039
particular servers or to particular clients, i.e. we are no longer targeting individual user

21
00:02:25,039 --> 00:02:31,519
accounts. Instead, we are actually targeting particular machines. So really, if you want to

22
00:02:31,519 --> 00:02:38,239
share a file system with another server, the solution you should be looking at would be NFS.

23
00:02:38,239 --> 00:02:43,120
Now, with respect to NFS, we're going to have to talk about a few things. We're going to be looking

24
00:02:43,200 --> 00:02:50,159
at the actual server configuration. The NFS server would be the one who's actually sharing

25
00:02:50,159 --> 00:02:57,120
the file system. So that is where the file system is locally created. It's on the disk within that

26
00:02:57,120 --> 00:03:04,319
physical server. So if we just have the server here, and the machine which is using or rather

27
00:03:04,319 --> 00:03:10,080
accessing that file system over the network would be a client. So the client is receiving

28
00:03:10,080 --> 00:03:16,640
that file system or accessing it via NFS. So we're going to be looking at the server configuration

29
00:03:16,640 --> 00:03:22,560
within this skill, as well as the basic client configuration. And we'll also have to discuss

30
00:03:22,560 --> 00:03:27,520
how we can actually control permissions here. Because if you recall, with respect to Samba,

31
00:03:27,520 --> 00:03:32,720
we had particular styles of locking down security and access. We would have particular

32
00:03:32,720 --> 00:03:38,800
user names and passwords for particular users. But as we now know, NFS does not work on that

33
00:03:38,800 --> 00:03:46,080
user basis. It's going to be locking down things based on the server or the machine, if you will.

34
00:03:46,080 --> 00:03:51,840
Certain machines we want to grant access to, but perhaps maybe there are other machines that we

35
00:03:51,840 --> 00:03:58,400
want to not grant that access to. So this is something we're going to have to consider absolutely,

36
00:03:58,400 --> 00:04:04,800
and we'll get to that within this skill. But with respect to how NFS actually operates,

37
00:04:04,800 --> 00:04:10,080
we need to know a few basic components. The first thing we want to be aware of is that

38
00:04:10,080 --> 00:04:18,560
NFS is going to use something called RPC. Now all RPC is, it is a protocol that is going to

39
00:04:18,560 --> 00:04:27,040
facilitate some type of communication. Now, RPC actually stands for a remote procedure call.

40
00:04:27,040 --> 00:04:34,319
And this protocol really does shine with respect to client server architectures

41
00:04:34,319 --> 00:04:39,439
in a distributed fashion. So this really is a great fit for the type of solution that we want

42
00:04:39,439 --> 00:04:45,759
to actually implement here, being able to share out particular file systems across different devices

43
00:04:45,759 --> 00:04:52,879
within our network. Now, one thing to note about NFS with respect to the LPIC2 examination

44
00:04:52,879 --> 00:04:58,959
is that NFS does have two relevant versions that we want to be aware of. There is going to be a

45
00:04:58,959 --> 00:05:05,199
version three, which is what we will be looking at a little bit more closely. But we also have

46
00:05:05,199 --> 00:05:11,600
the newer version four, but the LPIC2 exam objectives really just request that we have

47
00:05:11,600 --> 00:05:18,159
an awareness of version four. So more of our time is going to be looking at how version three

48
00:05:18,160 --> 00:05:26,240
actually operates. Now, version three is going to leverage something called RPC Bind or something

49
00:05:26,240 --> 00:05:34,000
called Port Mapper. Now, whether you're using RPC Bind or Port Mapper, RPC Bind being the newer

50
00:05:34,000 --> 00:05:41,520
implementation. So really RPC Bind or Port Mapper is going to be in between the communication of

51
00:05:41,520 --> 00:05:47,520
the server sharing and the client, which is consuming RPC Bind or Port Mapper is going to

52
00:05:47,519 --> 00:05:52,799
handle that communication and the interaction between these two different components. Now,

53
00:05:52,799 --> 00:05:59,439
the reason why this is important is that because we have this intermediary with respect to version

54
00:05:59,439 --> 00:06:06,719
three, i.e. we have Port Mapper or RPC Bind in play, the reason why that is so important is because

55
00:06:06,719 --> 00:06:13,439
this is going to affect or at least can affect access to these particular shares. Because as

56
00:06:13,439 --> 00:06:19,680
we're going to see, you can actually control access to a particular server by specifying the

57
00:06:19,680 --> 00:06:26,480
devices or the devices within a certain network, which are allowed to access these network shares.

58
00:06:26,480 --> 00:06:32,639
And you can do this directly via NFS. And we'll get to see what that looks like in the next nugget.

59
00:06:32,639 --> 00:06:41,120
But we can also control access via TCP wrappers. And this is implemented at the level of either RPC

60
00:06:41,120 --> 00:06:48,079
Bind or Port Mapper. So the point is I'm trying to highlight here is that if we happen to have a

61
00:06:48,079 --> 00:06:54,800
particular clash, i.e. we have our server here with particular permissions, and we have our client

62
00:06:54,800 --> 00:07:01,199
here, which wants to consume these shares to be able to use, because we have this intermediary on

63
00:07:01,199 --> 00:07:08,959
the server, such as Port Mapper, if Port Mapper is implementing strict access controls that actually

64
00:07:09,039 --> 00:07:17,359
prevent the client from connecting, then even if you happen to have relaxed rules on the NFS server,

65
00:07:17,359 --> 00:07:24,240
the controls specified within Port Mapper can still override ultimately and prevent that access.

66
00:07:24,240 --> 00:07:30,079
So basically on your NFS configuration, you could pretty much say anyone can access this server,

67
00:07:30,079 --> 00:07:36,560
but via using TCP wrappers via Port Mapper, you may lock down that access. And in which case,

68
00:07:36,560 --> 00:07:43,360
even though NFS itself is configured to allow absolutely anyone to use this particular share,

69
00:07:43,360 --> 00:07:50,480
the client here can't actually get access due to the TCP wrapper configuration via Port Mapper or

70
00:07:50,480 --> 00:07:57,120
via RPC Bind. So this is something we want to be aware of with respect to version three and

71
00:07:57,120 --> 00:08:03,040
version four. When we're talking about version four, like I say, we don't need to worry about RPC Bind

72
00:08:03,120 --> 00:08:10,800
or Port Mapper. Instead, all of this stuff is ultimately handled natively within NFS

73
00:08:10,800 --> 00:08:17,520
version four. So that means within NFS version four, the security and the access permissions are

74
00:08:17,520 --> 00:08:24,879
handled natively. NFS does this all on its own. Now with respect as to how to specify who can

75
00:08:24,879 --> 00:08:30,960
actually access the NFS share, we're going to see how we can actually configure this. Now the

76
00:08:30,959 --> 00:08:35,679
general syntax is really quite simple. We're going to go into a configuration file, which we'll see

77
00:08:35,679 --> 00:08:42,399
in the very next nugget. We'll specify the share that we want to share out, i.e. the particular

78
00:08:42,399 --> 00:08:48,799
file system. Then we're going to specify who is actually allowed access to that particular share.

79
00:08:48,799 --> 00:08:55,840
And then within brackets, after we specify who is allowed access to the share, we're going to specify

80
00:08:55,840 --> 00:09:02,879
the permissions they actually have, i.e. what can this person who can access this share, what can

81
00:09:02,879 --> 00:09:08,160
they actually do on that share? Can they just read information on that share? Can they actually make

82
00:09:08,160 --> 00:09:14,080
changes? So on and so forth. So that really is the general outline for what we have to look at within

83
00:09:14,080 --> 00:09:20,000
this skill. The very first thing now, which I want to talk about is that NFS server configuration.

84
00:09:20,000 --> 00:09:23,759
And well, that's what we're going to be talking about in the very next nuggets. I hope this has

85
00:09:23,759 --> 00:09:27,039
been informative for you and I'd like to thank you for viewing.