1
00:00:00,000 --> 00:00:16,920
Hey everyone and welcome back. Now in the previous nugget we had just introduced the

2
00:00:16,920 --> 00:00:24,519
concept of NFS, we learned how it was different although maybe similar to SAMBA, in that we

3
00:00:24,519 --> 00:00:29,600
can ultimately share resources but what we're going to be focusing on is actually sharing

4
00:00:29,600 --> 00:00:34,719
file systems and we understood that within this architecture we would have to configure

5
00:00:34,719 --> 00:00:40,000
an NFS server. That is exactly what we're going to be focusing on in this nugget right

6
00:00:40,000 --> 00:00:44,520
here. So with that said let's roll up our sleeves and dig in then share with. So what

7
00:00:44,520 --> 00:00:50,520
I will do here is I will clear my screen right now and the very first thing which I am going

8
00:00:50,520 --> 00:00:55,400
to do is I am going to install a particular package. Now this package here I'm going to

9
00:00:55,399 --> 00:01:02,759
say sudo and I will say apt install and I will say nfs- and I was going to say server

10
00:01:02,759 --> 00:01:08,799
it's not server it's hyphen kernel hyphen server. I'm getting myself confused here.

11
00:01:08,799 --> 00:01:14,799
If I hit enter and I type in my password right here all I'll do is say yes and hit enter and

12
00:01:14,799 --> 00:01:20,759
the installation should now begin. Okay so as we can see here everything has installed

13
00:01:20,760 --> 00:01:25,640
correctly. Now that we have this the very first thing which I want to draw your attention

14
00:01:25,640 --> 00:01:31,920
to and if I just clear my screen right now the very first thing is going to be in the

15
00:01:31,920 --> 00:01:38,160
etsy directory there is going to be a file called exports. This is going to be the main

16
00:01:38,160 --> 00:01:45,920
configuration file for NFS. As per usual with respect to the LPIC2 examination remembering

17
00:01:45,920 --> 00:01:51,040
this location is certainly going to serve you well. Really within this configuration

18
00:01:51,040 --> 00:01:56,280
file this is where we are going to specify what it is we want to share and who we want

19
00:01:56,280 --> 00:02:02,159
to grant access to this share as well as like I say the permissions of what that particular

20
00:02:02,159 --> 00:02:09,039
client can do with that particular share. All of that specified within this etsy export

21
00:02:09,039 --> 00:02:15,879
file right here and in fact I've just caught myself that should be etsy exports with an

22
00:02:15,879 --> 00:02:21,419
s on the end so really just remember that there almost made that mistake myself. So

23
00:02:21,419 --> 00:02:27,319
check this out then if I clear my screen once again and I go into my etsy directory I do

24
00:02:27,319 --> 00:02:33,919
an LS and I grant for exp. We can see we have indeed this file right here within the etsy

25
00:02:33,919 --> 00:02:39,719
directory so let's go in and edit this file so we'll go into the etsy directory and open

26
00:02:39,719 --> 00:02:46,159
exports. Now we can see here this is going to be the access control list for file systems

27
00:02:46,159 --> 00:02:52,239
which may actually be exported when you're using NFS ultimately dictating what our NFS

28
00:02:52,239 --> 00:02:57,879
clients can actually have access to. So remember as I mentioned what we want to do here is

29
00:02:57,879 --> 00:03:03,000
we want to specify what it is you want to share who we want to share that with and then

30
00:03:03,039 --> 00:03:08,960
in the brackets we want to specify the rules for that share i.e. what that person can actually

31
00:03:08,960 --> 00:03:15,680
do with that share. Now with respect to what we can actually specify within this configuration

32
00:03:15,680 --> 00:03:20,759
file there are a few different things. We can specify a particular hostname of a device

33
00:03:20,759 --> 00:03:25,920
i.e. we had a particular hostname on our network we wanted to grant access to we could actually

34
00:03:25,920 --> 00:03:30,960
use that hostname and grant that particular access. We could also specify something let's

35
00:03:31,000 --> 00:03:37,320
say the domain i.e. the particular domain name for a group of devices maybe we've got a domain

36
00:03:37,320 --> 00:03:43,840
such as CBTNuggets.com and we want to grant access to all machines within that domain we could

37
00:03:43,840 --> 00:03:50,319
specify that domain within this configuration file or alternatively if we so wish we could specify

38
00:03:50,319 --> 00:03:59,520
a particular network say for example we want to allow everyone within 192.168.1.0 slash 24 we

39
00:03:59,560 --> 00:04:05,840
wanted to grant them particular access we could do so and within here we can also specify should

40
00:04:05,840 --> 00:04:13,800
the share be ro i.e. should that share be read only meaning that the people can read the information

41
00:04:13,800 --> 00:04:20,040
that we're sharing but they cannot create new files nor can they modify existing files or

42
00:04:20,040 --> 00:04:27,960
alternatively you guessed that we could specify rw access read and write access meaning that we can

43
00:04:28,000 --> 00:04:34,759
read and we can also create and modify files. Now we can also specify if we want to sync our

44
00:04:34,759 --> 00:04:40,759
changes this means that whatever changes happen to be made within the share they are going to be

45
00:04:40,759 --> 00:04:47,039
synced and written to the hard disk without any delay at all they're going to happen immediately

46
00:04:47,039 --> 00:04:54,599
so those changes get synced quickly however we can specify a sync which means that changes to a

47
00:04:54,680 --> 00:05:01,960
file system will not be made immediately instead those changes will be held in RAM now the advantage

48
00:05:01,960 --> 00:05:06,520
here is that this is going to give you better performance it's going to be less taxing on the

49
00:05:06,520 --> 00:05:12,040
machine to be writing and reading data from the disk just by holding it in memory the issue as you

50
00:05:12,040 --> 00:05:19,080
can probably imagine is that when you hold data within RAM that data happens to be volatile i.e.

51
00:05:19,159 --> 00:05:25,800
if the machine happened to crash and not correctly shut down or save the information which was held

52
00:05:25,800 --> 00:05:33,000
in RAM can ultimately be wiped meaning that those changes can be lost this is a trade-off that we

53
00:05:33,000 --> 00:05:38,439
have to consider do we want to have our changes be synced and immediately written to disk or do we

54
00:05:38,439 --> 00:05:44,680
want to prefer the performance boost which may be valuable if we happen to have a large distributed

55
00:05:44,680 --> 00:05:51,000
network all accessing a particular share maybe we want to aim for performance but run the risk of

56
00:05:51,000 --> 00:05:57,639
potentially losing that data or losing some of that data whilst it is temporarily held in RAM

57
00:05:57,639 --> 00:06:03,639
these are different options that we can consider now one big option we really want to be aware of

58
00:06:03,639 --> 00:06:08,600
and we'll get to see this in a little bit more detail a little bit later on but ultimately we

59
00:06:08,600 --> 00:06:14,920
have this problem here imagine we have our server here okay and then we have a client machine all

60
00:06:14,920 --> 00:06:21,400
the way over here now as you know on your machine you're going to have a default root user this is

61
00:06:21,400 --> 00:06:29,000
the super user who can do absolutely everything to that particular machine and likewise on the server

62
00:06:29,000 --> 00:06:36,520
we're going to have that default root user too think about this when this server here is sharing

63
00:06:36,519 --> 00:06:41,639
out a particular file system let's just maybe say within the mount directory we've got a file

64
00:06:41,639 --> 00:06:49,240
system called i don't know fs1 whatever it may be doesn't actually matter this file system fs1 is going

65
00:06:49,240 --> 00:06:55,799
to be transparently available on this machine right here it's going to appear like it actually exists

66
00:06:55,799 --> 00:07:03,079
on the client even though it's been reached over the network now we know we have this root user here

67
00:07:03,079 --> 00:07:10,439
on this machine now the question is the files within this particular directory here actually

68
00:07:10,439 --> 00:07:17,879
physically exist on this machine where we have another root user now the question is do we want

69
00:07:17,879 --> 00:07:25,479
this root user to have the exact same level of access and control as the actual root user on the

70
00:07:25,479 --> 00:07:31,399
server now typically most people want to say no most people will pretty much say that okay we have

71
00:07:31,399 --> 00:07:39,399
a root user on this machine here but we don't want to just transfer that ability of total power

72
00:07:39,399 --> 00:07:45,560
to be able to execute within that share on the local system we want to have the root user on the

73
00:07:45,560 --> 00:07:51,799
server itself still maintain that control in which case we actually have two different options here

74
00:07:51,799 --> 00:07:57,799
and these are options again that we specify within this particular file those options happen to be

75
00:07:57,879 --> 00:08:06,759
the first one is something called root squash so really if you do not want the remote root user

76
00:08:06,759 --> 00:08:13,080
to have the same access as the root user within the local server you actually want to configure

77
00:08:13,080 --> 00:08:19,560
this option i like to try to remember this as we are squashing the ability of the

78
00:08:19,560 --> 00:08:26,360
remote client root user from being able to have total access however if we actually do want to

79
00:08:26,360 --> 00:08:33,080
synchronize these root users i.e. we want the root user and the clients to be able to act with the

80
00:08:33,080 --> 00:08:39,639
same type of authority as the local root account on the server itself we can synchronize these

81
00:08:39,639 --> 00:08:47,159
root accounts so to speak and we can do so by specifying the option no underscore root underscore

82
00:08:47,159 --> 00:08:54,680
squash so we can either squash the ability of the remote root user on the client or we can say we

83
00:08:54,679 --> 00:09:00,679
do not want to squash that ability we can give them full access and full control all of these

84
00:09:00,679 --> 00:09:06,919
options that we've seen here again specified within this file right here so with that said

85
00:09:06,919 --> 00:09:13,479
let's actually create our own little share and begin using nfs then so what i will do here is i'm

86
00:09:13,479 --> 00:09:19,240
going to create a share and i'll just call this my share again you know me never ever in danger of

87
00:09:19,240 --> 00:09:27,159
being creative so so what i will do is i will move on over and what i now want to specify is who can

88
00:09:27,159 --> 00:09:35,879
actually have access so what i can do here is i could say 192 168 maybe 0.100 let's say this was

89
00:09:35,879 --> 00:09:41,960
a particular machine on the network and i wanted to allow access to that particular machine so what

90
00:09:41,960 --> 00:09:49,080
i could do here is within brackets i could specify my permission so i could say that machine is allowed

91
00:09:49,080 --> 00:09:55,639
to have read only access and when that machine connects i want to implement the root squash option

92
00:09:55,639 --> 00:10:02,440
i.e the root user of that machine will not be able to execute within this particular directory as if

93
00:10:02,440 --> 00:10:08,280
it was the root user of the local machine where the physical data actually resides let me just close

94
00:10:08,280 --> 00:10:15,560
that space here so that is one way we could specify some information now let's say we wanted to add

95
00:10:15,559 --> 00:10:22,759
additional information so right now we have rules for this particular host right here remember we

96
00:10:22,759 --> 00:10:28,759
can specify a host but we can also specify as we discussed other things such as a particular network

97
00:10:28,759 --> 00:10:38,199
so let's maybe say i wanted to say 192 168 50.0 slash 24 anyone on this network they are also going

98
00:10:38,199 --> 00:10:44,359
to get access but people on that network are going to get read write access so they can actually make

99
00:10:44,360 --> 00:10:51,159
changes not only that but also can specify in this case here we'll say no root squash i.e the root

100
00:10:51,159 --> 00:10:56,360
users will be able to operate like they were the root user on the local server and again as we can

101
00:10:56,360 --> 00:11:02,440
see here the format as i specify this is the share this is who is allowed to access the share

102
00:11:02,440 --> 00:11:09,000
and under what conditions can they access that share again who can access and what conditions

103
00:11:09,000 --> 00:11:15,000
they have access to this share now one thing to say here is that this is not the only way we can

104
00:11:15,000 --> 00:11:21,480
specify particular access we can actually access or allow access by using things such as wildcards

105
00:11:21,480 --> 00:11:27,720
so what i could even do here is i could just specify a star for example in fact let me just

106
00:11:27,720 --> 00:11:35,639
not mash the keypad and just do a star and within here i can say rw and root squash for example so

107
00:11:35,639 --> 00:11:41,720
all i am actually saying here is that anyone who tries to access this particular share i'm going

108
00:11:41,720 --> 00:11:48,679
to allow it and i'm going to allow them to do so with read write access but invoke the root squash

109
00:11:48,679 --> 00:11:53,960
option so understand we can specify hosts we can specify networks we can even use wildcards lots

110
00:11:53,960 --> 00:12:01,000
of flexibility right here but for now what i will do here is i will allow access to anyone within the

111
00:12:01,000 --> 00:12:09,159
192 1680.0 network which is my own network with a slash 24 and i'll grant access to my share so i

112
00:12:09,159 --> 00:12:14,679
actually have to be able to create this so i'll save this and exit out and just like we saw with

113
00:12:14,679 --> 00:12:19,559
respect to our samba configuration let's go back to the home directory in fact i'll go into the root

114
00:12:19,559 --> 00:12:25,639
directory because that's what it's going to be i'll say sudo mkdir and i will create my share type in

115
00:12:25,639 --> 00:12:32,759
my password right here to an ls-l we can now see my share let's actually grant the full permission

116
00:12:32,759 --> 00:12:38,759
so we'll say all the sevens on my share so now what i want to do is i want to start up this server

117
00:12:38,759 --> 00:12:45,799
i will say sudo system ctl and i will start the nfs kernel hyphen server and i will now say sudo

118
00:12:45,799 --> 00:12:54,039
system ctl status of the nfs kernel server we can now see that this is active now what i want to show

119
00:12:54,039 --> 00:12:59,000
you is a very very important command this is a command we absolutely want to be remembering for

120
00:12:59,000 --> 00:13:05,959
the purposes of the examination and this is the export fs command what this is going to do is going

121
00:13:05,959 --> 00:13:13,559
to allow us to see what the server actually is sharing so if i say man export fs we can see here

122
00:13:13,559 --> 00:13:21,719
this is going to maintain a table of the exported nfs file systems so if i scroll on down we can see

123
00:13:21,720 --> 00:13:27,639
these different options we have available to us notice here that if i use the dash a flag we're

124
00:13:27,639 --> 00:13:35,800
going to either export or unexport all the directories we can use the dash o option to specify a list

125
00:13:35,800 --> 00:13:43,000
of export options we can actually choose to ignore the contents of our exports file but one i want

126
00:13:43,000 --> 00:13:48,759
to really look at is this dash r flag this is going to allow me to reread ultimately what is

127
00:13:48,840 --> 00:13:55,000
within the contents of the xa exports file ie the changes we just made we can reread them in

128
00:13:55,000 --> 00:14:01,559
and then they should be shared out so if i say sudo exports fs we don't actually see anything right

129
00:14:01,559 --> 00:14:09,240
now but if i reread that file in and use dash r the file has now been read in we now see we actually

130
00:14:09,240 --> 00:14:15,319
have a configuration for my share the share that we just created okay and we're actually granting

131
00:14:15,320 --> 00:14:22,360
access to this particular network so if i rerun this command we can now see indeed

132
00:14:22,360 --> 00:14:28,760
that this particular share is accessible to this particular network or devices within

133
00:14:28,760 --> 00:14:35,160
that particular network similarly what i could also say is sudo show mounts and use dash e to

134
00:14:35,160 --> 00:14:40,520
show my exports and then i can specify my own ip address so in fact let me just double check my

135
00:14:40,519 --> 00:14:49,399
ip address right here happens to be 192 1680.44 so i'll say sudo show mount dash e on my address

136
00:14:49,399 --> 00:14:56,600
0.44 and we can actually see here the export list for this particular server here is the share and

137
00:14:56,600 --> 00:15:01,639
here is who is allowed to access that share this particular network now another command we want to

138
00:15:01,639 --> 00:15:09,879
be aware of is the nfs stat command so if i go in and do man nfs stat we can see here this is going

139
00:15:09,879 --> 00:15:15,559
to allow us to see nfs statistics and we can see here we have different options we can do dash s

140
00:15:15,559 --> 00:15:22,439
to see only server side stats or dash c to see client side stats and a whole bunch of other

141
00:15:22,439 --> 00:15:28,840
options say for example the dash m option or dash dash mounts ie this will print information about

142
00:15:28,840 --> 00:15:35,480
every one of those mounted nfs file systems or as we can see dash r to see the rpc statistics this

143
00:15:35,480 --> 00:15:41,560
is the remote procedure call which is facilitating this communication and there are more options to

144
00:15:41,560 --> 00:15:48,519
see yet again so if i say sudo nfs stat dash s we can see server stats again nothing has actually

145
00:15:48,519 --> 00:15:54,440
been happening or dash c we do not have any client statistics but understand that when we happen to

146
00:15:54,440 --> 00:16:00,519
be using this particular feature i.e we are getting particular calls to the server these

147
00:16:00,519 --> 00:16:06,600
values will increment and then when we happen to have actual clients making these requests we can

148
00:16:06,600 --> 00:16:12,039
actually query these particular client statistics as of right now we do not have any clients in

149
00:16:12,039 --> 00:16:18,360
action so for now that is our basic configuration for our nfs server like i say we do not have any

150
00:16:18,360 --> 00:16:22,679
client configuration up and running quite just yet that is what we're going to be looking at in the

151
00:16:22,679 --> 00:16:27,799
very next nuggets i hope this has been informative for you and i'd like to thank you for viewing

152
00:16:30,519 --> 00:16:31,740
you