LABORATORIES
`
`
`
`Booking, Exh. 1007, Page 1
`
`Booking, Exh. 1007, Page 1
`
`

`

`
`
`
`UNIX® System V
`NES
`Administration
`
`P TR Prentice Hall
`EnglewoodCliffs, New Jersey 07632
`
`
`: = fPRENTICE HALL. OPEN SYSTEMS LIBRARY Boe
`a
`en
`Booking,Exh. 1007, Page2.
`“
`
`
`
`chereneetennteeOECDaseaane
`
`Edited by
`Debra Herman
`
`
`
`Booking, Exh. 1007, Page 2
`
`

`

`SSReT
` stBbeheensabeNsinwtaaBELENAOSaiinletawCgiBET
`
`Editorial/production supervision: Harriet Tellem
`Coverdesign: Eloise Starkweather
`Manufacturing buyer: Mary E. McCartney
`Acquisitonseditor: Phyllis Eve Bregman
`
`Copyright © 1993 by UNIX System Laboratories
`
`Published by P T R Prentice-Hall, Inc.
`A Simon & Schuster Company
`EnglewoodCliffs, New Jersey 07632
`
`Coverart: The Ow! (Miro). (From Superstock)
`
` LrJUN 5
`
`
`
`
`ciP
`
`
`
`ewaninsetSsSeitendamn8!
`
`sei7acnecrgaa
`aAEEREORAEBk
`
`
`p-
`
`cm.
`
`UNIXSystemVNFSAdministration/DebraHerman,editor
`Includes index.
`ISBN 0-13-016411-9
`1.Operating systems(computers) 2. UNIX System V (Computerfile)
`3, Computer networks. I. Herman, Debra.
`QA76.76.063U5521125 1993
`005.7°13--de20
`
`92-44385
`cre
`
`saN
`Bh"b
`\\2
`4lo
`' eo?
`. nA?
`\
`
`The publisher offers discounts on this book when ordered in bulk quantities. For more information contact:
`
`Corporate Sales Department
`PTR Prentice Hall
`
`113 Sylvan Avenue
`Enlgewood Cliffs, NJ 07632
`
`Phone: 201-592-2863
`Fax; 201-592-2249
`
`All rights reserved. Nopart of this book may be reproduced in any form or by any means,without the permission
`in writing from the publisher.
`
`All product names mentioned herein are the trademarksof their respective owners.
`
`Printed in the United States of America
`10987654321
`
`ISBN 0-13-016411-9
`
`Prentice-Hall International (UK)Limited, London
`Prentice-Hall of Australia Pty. Limited, Sydney
`Prentice-Hall Canada Inc., Toronto
`Prentice-Hall Hispanoamericana, S.A.,
`Prentice-Hall of India Private Limited, New Delhi
`Prentice-Hall ofJapan,Inc., Tokyo
`Simon & Schuster Asia Pte. Ltd., Singapore
`Editor Prentice-Hall do Brasil, Ltda., Rio de Janeiro
`
`.
`
`3
`
`Booking, Exh. 1007, Page 3
`
`Booking, Exh. 1007, Page 3
`
`

`

`Table of Contents
`
`
`
`Preface
`
`Aboutthis Book
`Organization
`Conventions Used
`
`Chapter 1:
`
`Introduction
`
`About NFS
`The NFSFile Sharing Model
`NFS Advantages
`NFS Administration
`
`Chapter 2: Using NFS
`
`Introduction
`Installing NFS
`Starting and Stopping NFS Operation
`Sharing and Unsharing Resources
`Mounting Resources
`Obtaining Information
`
`Chapter 3: Handling NFS Problems
`
`Introduction
`The NFS Daemons
`An Overview of the Mount Process
`Determining Where NFS Service HasFailed
`Fixing Hung Programs
`
`BB.35
`
`_
`
`—_BRoamauwnylyaDPePR
`
`R&BRBRIN
`
`Booking, Exh. 1007, Page 4
`
`Booking, Exh. 1007, Page 4
`
`

`

`AEST”RSELARTERSTPIT
`
`
`
`:
`
`
`
`
`
`SeamscamieaiantalaBinatenkidtrimenicaini2,
`
`Introduction
`How the Automounter Works
`Preparing the Maps
`Invoking the Automounter
`Modifying the Maps
`Updating the MountTable
`Handling Automounter Problems
`
`Chapter 5: The sysadm Interface
`
`Introduction
`Using sysadm
`Setting Up NFS
`Starting and Stopping NFS
`Local Resource Sharing
`Remote Resource Mounting
`
`Chapter 6: Secure NFS
`
`Introduction
`An Overview of Secure RPC
`Administering Secure NFS
`Important Considerations
`
`Chapter 7: The Network Lock Manager
`Introduction
`The Locking Protocol
`The Network Status Monitor
`
`41
`42
`43
`56
`58
`58
`58
`
`63
`
`63
`64
`64
`65
`66
`67
`
`69
`
`69
`70
`79
`78
`
`81
`81
`84
`86
`
`Booking, Exh. 1007, Page 5
`
`Booking, Exh. 1007, Page 5
`
`

`

`Chapter 8: Remote Services
`
`Introduction
`Copying Files Between Machines
`Executing Commands Remotely
`Transferring Files Between Machines
`Logging In to Remote Machines
`Obtaining Information
`
`Chapter 9: The NISService
`
`Introduction
`
`The NIS Environment
`Setting Up the NIS Service
`Administering NIS Maps
`Adding a New NISServer
`Handling NIS Problems
`Turning Off NIS Services
`
`Glossary
`
`Index
`
`SesRzaig
`
`113
`
`113
`
`114
`
`120
`
`135
`
`142
`
`145
`
`152
`
`153
`
`157
`
`Booking, Exh. 1007, Page 6
`
`
`Booking, Exh. 1007, Page 6
`
`

`

`Table of Contents
`
`
`
`ODRLaETESORTRNLTGNREILEfTEAMAAAPMTtAATRIRRRATAEEA:angenearrhpaneeret
`
`Booking, Exh. 1007, Page 7
`
`Booking, Exh. 1007, Page 7
`
`
`
`
`

`

`
`
`I
`
`List of Figures
`
`1-1
`1-2
`
`2-1
`
`3-1
`3-2
`3-3
`3-4
`
`4-1
`4-2
`4-3
`4-4
`4-5
`4-6
`4-7
`4-8
`4-9
`4-10
`4-11
`4-12
`4-13
`
`5-1
`
`5-3
`5-4
`
`6-1
`
`Mounting a Remote Resource
`Selective File Sharing
`
`Sharing Resources on a Regular Basis
`
`Checking mountd Daemons
`Checking nfsd Daemons
`Checking biod Daemons
`Sample rpcinfo
`
`A Symbolic Link from the Requested to Actual Mount Point
`Sample Master Map
`Typical Direct Map
`Typical Indirect Map
`MapEntry Describing Multiple Mounts
`Another Map Entry with Multiple Mounts
`Mapwith Different Options and More than OneServer
`Specifying Subdirectory in Master Map
`Using String Substitutions to Simplify Map Entries
`Substituting Ampersand for Key
`Server Namethe Sameas Key
`Specifying Subdirectory in Master Map
`Using the Asterisk When All Map Entries Have the Same Format
`
`NFS System Setup Screen
`NFS System Control Screen
`Local Resource Sharing ManagementScreen
`Remote Resource Access Management
`
`Locking Service Architecture
`
`
`
`
`
`SBSSBAQRHRCFLGANVSSSRSEGESRSBBGBpw
`
`Booking, Exh. 1007, Page 8
`
`
`
`Booking, Exh. 1007, Page 8
`
`

`

` :
`
`List of Figures
`
`|
`
`i
`:
`
`:
`4
`
`N-
`
`7.
`7.
`7-3
`7.4
`7-5
`7-6
`7-7
`7-8
`7-9
`7-10
`7-11
`7-12
`7-13
`
`8-1
`8-2
`8-3
`8-4
`8-5
`8-6
`8-7
`8-8
`8-9
`8-10
`8-11
`8-12
`8-13
`
`95
`Sample ftp Login
`96
`Setting Up a Machine to Allow Anonymous ftp
`97
`Anonymousftp Session
`98
`Transferring Files with ftp
`99
`Transferring a File with mget and mput
`102
`Sample rlogin Session
`104
`Aborting an rlogin Connection
`105
`Disconnecting an Intermediate rlogin
`105
`Suspending a Remote Connection
`107
`Establishing a Remote Connection with telnet
`108
`Suspending a telnet Connection
`109
`Aborting a telnet Connection
`110
`Example finger Session
`118
`The Relationship Between Master, Slave, and Client Servers
`122
`chkey Session
`123
`auto.master MapFile
`124
`auto.home MapFile
`124
`auto.direct MapFile
`126
`Default Makefile
`129
`Automounter Makefile
`Bringing Master Server to Run Level Allowing NISServices to Run 131
`Building a NIS Mapfrom Standard Input
`138
`Updating NIS Mapswith Shell Scripts
`140
`Output from rpcbind
`149
`Transferring a NIS MapFile
`151
`Output from rpcinfo
`152
`
`2GLASERmkRRTaNoRSNBRAESSOMTT2
`DainaaStlEDTgetaeinanneeSaas
`
`eB2aeaEEET
`
`
`Booking, Exh. 1007, Page 9
`
`Booking, Exh. 1007, Page 9
`
`

`

`
`
`
`
`Introduction
`
`LY About NFS
`
`NESfile sharing is used to make resources on a local system available to
`remote systems and, conversely, to access resources on remote systems froma
`local system. Using NFS,it possible to share individualfiles, file hierarchies,
`andentire file systems across a network.
`
`NESenables machines of different architectures running different operating
`systems to share resources across a network. It has been implemented on
`operating systems ranging from MS-DOSto VMS.
`
`Operation in a heterogeneous environmentis possible because NFS defines
`an abstractfile system model. On each supported operating system, the NFS
`model is mappedinto thelocalfile system semantics. Asa result, normalfile
`system operations, such as read and write, operate in the same waythat they
`operate on thelocal file system.
`
`Q The NFSFile Sharing Model
`
`SystemVfile sharing employsa client/server model. A machine that wishes to
`shareits file systems with other machines on a network acts as a server. Files
`are physically located on and managed by the server machine. A machine
`that wishesto accessfile systems that do notreside on its physical disk acts as
`Booking, Exh. 1007, Page 10
`
`Booking, Exh. 1007, Page 10
`
`

`

`
`
`Introductioneeooo
`
`a client of the server machine. Acting on behalf of its applications, the client
`makesrequests to the server to access data inafile or to perform file manipu-
`lations. If desired, a single machine act as bothaclient and a server, sharing
`its local file systems andaccessing remote file systems.
`
`
`
`
`
`A server can support diskless clients, machines that have no local disks. A
`diskless client relies completely on the server forall its file storage. Sinceit
`hasnofile system to makeavailable, a diskless client can act only asa client—
`neveras a server.
`
`Clients access files on a server by mounting that server’s shared resources,
`Whena client mounts a remote resource, it does not make a copy of the
`resource. Rather, the mounting processusesa series of remote procedurecalls
`(RPC’s) that enabletheclient to access the resource on the server’s disk as ifit
`were on its own disk. This transparencyis the key to the usefulness offile
`sharing. Once mounted, remotefile systems look like localfile systemsfrom a
`user or application perspective.
`
`A servercan offer any directory tree for access over the network. From thecli-
`ent’s point of view, such a directory tree constitutes a file system. Once a
`remote file system is made available for sharing, an authorized client can
`mountthatfile system on any ofits local directories. Once so mounted,the
`remotefile system becomesa shared resource.
`
`Special devicefiles, as well as ordinary files, can be shared over NES. Periph-
`eral devices, such as modems and printers, cannot be shared.
`
`Whena localfile system is mounted on a local mount point, the entire file sys-
`tem, starting at its root is mounted. When mounting a remote resource
`through NBS, it is not necessary to mount theentire file system. You can
`mountany directory orfile in the directory tree, gaining access only to that
`directory orfile and anything beneathit.
`
`In Figure 1-1, Machine A has madeits entire /usr file system available for
`sharing. If Machine B wants access only to those files and subdirectories in
`/usr/man, it can mount /usr/man, rather than /usr. Doingso results in
`nothing above /usr/man on Machine A appearing in Machine B’s directory
`tree.
`
`Booking, Exh. 1007, Page 11
`
`Booking, Exh. 1007, Page 11
`
`

`

`Machine A
`
`Machine B
`
` Figure 1-1:
`
`Remote
`
`esource
`
`Machine A cannotshare both /usr and /usr/manif both resourcesreside on
`the same disk partition. It is necessary to share /usr, allowing each network
`machine to decide whether to mount /usr or /usr/man.To mounta single
`file, it is necessary to mountthefile on a directory. Onceit is mounted,it can-
`not be removed (with rm) or movedto anotherdirectory (with mv). You can
`only unmountit.
`
`Just as clients need not mount an entire file system, servers need not makeall
`their files accessible to network clients. In Figure 1-2, the server makes the
`directory /public/tkit available for sharing. In contrast, the directory
`/public/tkit2 is not shared. When the client mounts /public/tkit on
`its local directory /usr/tools, the remote directory tree appears to be a
`directory tree under /usr/tools. Files in that tree can be accessed as
`thoughthey werelocal. Thefiles in /public/tkit2are not accessible.
`
`Booking, Exh. 1007, Page 12
`
`Booking, Exh. 1007, Page 12
`
`

`

`
`
`Figure 1-2:
`Selective File
`Sharing
`
`Client
`
`
`
`ONote A machine cannotshareafile hierarchy that overlaps onethatis
`
`SeeSTEaAAAgenaiFD
`
`
`already shared.
`
`As an alternative to centra
`lizing resources on a few servers, NFSfiles can be
`shared ina peer-to-peer m.
`anner. When a single computerruns out of capac-
`ity, additional co
`mputers can be added to a configuration. Resources can be
`moved to a new
`computers, while maintaining a consistent user view of the
`directory tree.
`
`QO NFS Advantages
`
`resource server. This is a great benefit to users of small workstations, where
`disk spaceis at a premium.With remote resource access, the user can reach a
`muchlarger program tepertoire than could fit ona private disk:
`
`
`
`Booking, Exh. 1007, Page 13
`
`Booking, Exh. 1007, Page 13
`
`

`

`
`
`
`
`
`Introduction
`
`By having a resource reside physically on a single server, then distributing
`that resource throughout the networkviafile sharing, system administration
`is greatly simplified because
`
`A Fewercopies of programs need to be maintained on the network
`A The problems involved in performing backups for a number of
`machines dispersed over a wide geographical area are reduced. By
`keeping files in a single location, this task becomes comparable to
`backing up a single machine.
`
`Centralizing files on a few file servers not only simplifies administration,it
`helps maintain the consistency of shared data files. When changes are made
`to a shared file, they becomeavailable to all users immediately. Allowing
`multiple machines to use the samefiles keeps storage costs down because
`machines share applications. Database consistencyandreliability is enhanced
`becauseall users read the samesetoffiles.
`
`NFSprovides good recovery prospects whenfile servers fail. NFS servers do
`not keep any state information aboutthe clients accessing them.If a client
`crashes, the server is oblivious to it. If the server crashes, clients can either
`block until the server comesuporreturn an errorafter a time-out.
`
`NFStakes advantage of a network locking facility called the Network Lock
`Manager. The lock manager supports the UNIX System V style of advisory
`and mandatory file and record locking.
`
`NES assumes global UID/GID space and provides an administrator with the
`ability to restrict which machines can access resources; to specify read-only
`access to shared directories; and to unsharea directory, causing client access
`to that directory to fail. For additional security, Secure NFS supports
`encrypted machineanduseridentification along with ID mapping.
`
`Because NESprovides transparentaccess, within limits, NFS allows existing
`applications that do not attempt to use unsupported features to run without
`recompilation.
`
`Release 4.0 standardizes the syntax of administrative commandsto NFS, pro-
`viding a uniforminterface to distributed file systems. Options that handlefile
`system-dependentfunctionality accommodatedifferences, while integrating
`common features. Older forms of commands remain available to provide
`compatibility with previousreleases.
`
`Booking, Exh. 1007, Page 14
`
`Booking, Exh. 1007, Page 14
`
`

`

`
`
`
`
`6 IntroductiontnUCTION
`
`
`
`
`
`NFS is built on top of the Remote Procedure Call (RPC) facility, which
`requires the User Datagram Protocol (UDP) transport. UDP is a protocol in
`the TCP/IP protocol family.
`
`QO) NFS Administration
`
`Theresponsibilities of an NES administrator depend onsite requirements and
`therole of the administered machine on the network.
`
`If you are responsiblefor all the machines on yourlocal network,you are very
`likely be responsible for installing the software on every machine and deter-
`mining the role of each machine on the network. This mean deciding which
`machines,if any, should be dedicated servers, which should act as both serv-
`ers andclients, and which should be clients only.
`
`If yoursite has a network administrator, and you are the administrator of a
`client-only machine, you most likely have responsibility only for mounting
`and unmounting remote resources on that machine.
`
`Onceinitial NFS setup has taken place, maintaining a machineinvolves the
`following tasks:
`
`Starting and stopping NFS operation.
`Sharing and unsharingresources.
`Mounting and unmounting resources.
`
`>>>p> Modifying administrative files to update the lists of resources a
`
`machine shares and/or mounts automatically.
`>>
`Checkingthestatusof the network.
`Diagnosing andfixing NFS-related problemsastheyarise.
`A Setting up maps to use the optional automatic mounting facility,
`called the automounter.
`A Setting up the optionalsecurity features provided by Secure NFS.
`
`Booking, Exh. 1007, Page 15
`
`Booking, Exh. 1007, Page 15
`
`

`

`
`
`
`
`Using NFS
`
`Q) Introduction
`
`This chapter providesbasic information regarding NFS operation. More spe-
`cifically, it discusses each of the following tasks:
`
`Installing NFS.
`Starting and stopping NFS operation.
`
`Sharing and unsharing resources.
`
`>r>prpp> Obtaining information about mounted or shared resources.
`
`Mounting resources.
`
`Q) Installing NFS
`
`The Network File System software is packaged on floppy diskettes or car-
`tridge tape and distributed with UNIX System V Release 4.0.If all the soft-
`ware in Release 4.0, NFSis installed on your system, NFSis already on your
`system.If not, you mustinstall the following SystemVutilities before install-
`ing NFS:
`
`Booking, Exh. 1007, Page 16
`
`Booking, Exh. 1007, Page 16
`
`

`

`
`
`
`Using NES
`UsingNES
`
`>>>>D>
`
`Remote Procedure Call (RPC) Utilities
`
`Network Support Utilities (NSU)
`
`Network Support Utilities
`Distributed File System Administration utilities (DFS) (optional).
`TCP/IP utilities.
`
`Instructions forinstalling these utilities, as well as NFS, appearin the System
`V Release 4.0 Release Notes.
`
`U Starting and Stopping NFS Operation
`
`NFS automatically becomes operational whenever your system enters run
`level 3. This can happen in one of two ways. NFSoperation can bestarted by
`entering the init commandat the commandline. Alternatively, NFS can be
`started automatically each time you reboot your system. If you set up auto-
`matic sharing and mounting, a predetermined set of resources is shared
`and/or mounted wheneveryou start NFS operation.
`
`To start NFS from the commandline, type
`
`init 3
`sh /etc/init.d/nfs start
`
`To stop NES operation, exit run level 3. When you do so, any the resources
`shared or mounted are automatically unshared or unmounted.
`
`To stop NFS from the commandline, type
`
`sh /etc/init.d/nfs stop
`
`Booking, Exh. 1007, Page 17
`
`1 ii
`
`sii
`
`
`
`copeametBo:
`
`aH
`
`s
`to
`ri
`Ai
`ix
`24i
`
`i
`
`Booking, Exh. 1007, Page 17
`
`

`

`QO Sharing and Unsharing Resources
`
`This section describes how to share resources by using NFS.It explains how
`to make a resource available for sharing with client machines and, when
`desired, how to stop sharing that resource.
`
`The sharing and unsharingof resources can be controlled from the command
`line. Such an approach is appropriate for resources that are used intermit-
`tently or temporarily. Sharing from the commandlineis described in the next
`section. Sharing of resources can also be done automatically. This approach
`works best for resources needed on a regular basis. For additional informa-
`tion, see “Automatic Sharing” on page 15. A third possibility, sharing
`resources as-needed,is discussed in “The Automounter” on page 39.
`
`Sharing and Unsharing Resources
`
`The share and shareall commands makeit possible to share resources.
`share makes a single resource available for sharing, shareall makes a
`group of resources available. The unshare and unshareall commands
`makeit possible to end the sharing of one or more resources.
`
`The share Command
`
`The share command makesresources available for sharing. Use shareat
`the command line when you want to share a resource for a brief period of
`time or when a resourceis needed for sharing on an irregular basis.
`
`The share commandis located in /usr/sbin andhas the form:
`
`share [-F nfs]
`
`[-o specific-options]
`
`[-d description] pathname
`
`where
`
`-F nfs
`
`-o specific-options
`
`indicates that the resource should be shared through
`NES.
`is a comma-separated list of options that regulates
`howthe resourceis shared.
`
`Booking, Exh. 1007, Page 18
`
`Booking, Exh. 1007, Page 18
`
`

`

`
`
`
`
`10 Using NFSSCsingNFS
`
`
`
`~d description
`
`pathname
`
`is a comment that describes the resource to be
`shared.
`
`is the full name of the resource to be shared, starting
`at root (/).
`
`If NFSis the only file sharing packageinstalled on your machine, nfs is the
`default, and the -F option can be omitted.
`
`The Specific Options For share
`
`Thespecific options that can follow the -o flag are as follows:
`
`ro
`
`anon=uid
`
`shares the resource read/write to all clients, except
`those specified under ro=.
`shares the resource read-only to all clients, except
`those specified under rw=.
`ro=client[ :client]“ shares the resource read-only to the listed clients
`(overriding rw for those clients only).
`rw=client [ :client]* shares the resource read/write to the listed clients
`(overriding rofor thoseclients only).
`specifies a new useridentifier, uid, for “anonymous”
`users whenaccessing the resource. By default, anon-
`ymous users are mapped to username nobody,
`which has the user identifiers (UID) UID_NOBODY.
`User nobody hasordinary user privileges, not supe-
`ruserprivileges.
`root=host [ : host ]* allows a user from the specified host or hosts whose
`UID is 0 to access the resource as root; root users
`from all other hosts become anon.If this option is
`not specified, no user from any hostis granted access
`to the resource asroot.
`
`secure
`
`¢ Note
`
`shares a resource, with additional user authentica-
`tion required. See “Secure NFS” on page 67.
`An asterisk (*) indicates an item that can be repeated zero or more
`times. See “Conventions Used” on page xi.
`
`Booking, Exh. 1007, Page 19
`
`Booking, Exh. 1007, Page 19
`
`

`

`only (ro) without arguments as these are mutually exclusive choices. For the
`same reason, you cannotspecify the sameclient in the rw= list and the ro=
`list. If no read/write option is specified, the default is read/write forall cli-
`ents.
`
`Whenusing the option root=to grantroot access to other hosts, be aware of
`that fact that such a choice has far reaching security implications. Asa result,
`use this option with extreme caution. See “Accessing Shared Resources as
`Superuser” on page 16 for additional information.
`
`In choosing specific options, you cannot specify both read/write (rw) and
`read-only (ro) without arguments, as these are mutually exclusive choices.
`For the same reason, you cannotspecify the sameclient in the rw= list and the
`ro= list. If no read/write option is specified, then the default is read/write
`forall clients.
`
`Whenusing the option root = to grant access to other hosts, be aware of the
`fact that such a choice has far-reaching security implications. As a result, use
`this option with extreme caution. See “Accessing Shared Resources as Supe-
`ruser” on page 16 for additional information.
`
`Arguments that accept a client or hostlist (ro=, rw=, and root= ) are guar-
`anteed to work over the user datagram protocol (UDP), but may not work
`over other transport providers.
`
`the description is stored in the server’s
`If you choose the -d option,
`sharetabfile. Clients will not see the description displayed when they use
`the dfshares commandtolist that server’s shared resources.
`
`The following set of examplesillustrate the use of the share command.
`
`The command:
`
`share -F nfs /usr
`
`shares the resource /usr with all of an issuing server’s clients. Since no
`choice wasspecified, this resourceis shared read/write by default.
`
`Booking, Exh. 1007, Page 20
`
`Booking, Exh. 1007, Page 20
`
`

`

`
`
`Using NESOesingNFS
`
`To limit the client yogi read-only access to the resource /usr, enter
`
`share -F nfs -o rw,
`
`ro=yogi /usr
`
`Asthe rw option specifies, all other clients have read/write access.
`
`To give the clients bul lwinkle and rocky read/write access while limiting
`otherclients to read-only access to /usr, enter
`
`share -F nfs -o ro, rw=bullwinkle:rocky /usr
`
`In the next example, the -F NFS option is omitted as the system is assumed
`to be NFS only. This lengthy commandline is broken into several lines. A
`backslash (\) at the end of each line indicates thatit is continued on the next
`line. The exampleillustrates the use of the -d option to describetheintentof a
`share command:
`
`rw=bullwinkle:rocky \
`share -o ro,
`-~d “limit write access to rocky & bullwinkle’” \
`/usr
`
`The shareall Command
`
`The shareal1 command makesavailablea set of resources. To use the com-
`mand,createafile that lists the resources you wantto share. Eachfile entry
`consists of a single share command, each command having the syntax
`described in the previoussection. Thatis, entries take the form
`
`share [-F nfs]
`
`[-o specific_options]
`
`[-d description] [pathname]
`
`Oncethis file is created, it becomes the inputfile to the shareal1 command.
`If no inputfile is specified, shareall uses the /etc/dfs/dfstabfile by
`default.
`
`Booking, Exh. 1007, Page 21
`
`Booking, Exh. 1007, Page 21
`
`

`

`If a hyphen (-) is entered in the place of specifying an inputfile, the system
`accepts standard input, allowing you to enter a number of share commands
`in succession. Onceall desired commandshavebeen entered, they can be exe-
`cuted all at once by pressing Ctrl-D. This is an alternative to entering one
`share command, waiting for the system to execute that command and
`return your prompt, then entering another command,and soon.
`
`The shareall commandhas the form
`
`shareall
`
`[-F nfs]
`
`[-
`
`|
`
`file]
`
`where
`
`-F nfs
`
`-
`
`file
`
`indicates that resources should be shared over NFS;
`If NFS is the only file sharing package you have
`installed, you can omit the -F nfs option.
`indicates that the commandshould accept standard
`input.
`is the nameofthe file you created to be your input
`file.
`
`To share the same set of resources onafairly regular basis, without sharing
`them automatically, you can create an inputfile that contains a sequence of
`share commands.Thatfile might looks likethis:
`
`#cat misc
`share -F nfs -o ro,rw=art.dept
`share -F nfs /usr/man
`
`share -F nfs -o rw,ro=antelope,root=ocelot:rhino /local
`
`/export/graphics
`
`Resources ona
`Regular Basis
`
`To share the resourceslisted in the file misc, type
`
`shareall misc
`
`Booking, Exh. 1007, Page 22
`
`Booking, Exh. 1007, Page 22
`
`

`

`
`
`
`
`
`
`
`
`14
`
`Using NES
`
`In this case, the -F nfs option is omitted from the shareall command,
`althoughit is included in the individual share commandsin theinputfile.It
`might prove more convenient to change the commandissued to
`
`shareall -F nfs misc
`
`In this case you can omit the individual references to NFS in each share com-
`mand. If your system uses only NFS, the -F option can be omitted in both
`places.
`
`The unshare Command
`
`Resources that are shared either explicitly or automatically can be made
`unavailable for sharing at any time by means of the command unshare.
`
`unshareislocated in /usr/sbin and hasthefollowing syntax:
`
`unshare [
`
`-F nfs ] pathname
`
`where
`
`-F nfs
`pathname
`
`indicatesthat it is a resource to be unshared.
`is the full name of the shared resource, beginning
`with root (/).
`
`To stop sharing the directory /usr, enter the command
`
`unshare -F nfs /usr
`
`Booking, Exh. 1007, Page 23
`
`Booking, Exh. 1007, Page 23
`
`

`

`The unshareall Command
`
`To stop sharing all the NFS resources currently shared on your system, use
`the unshareall command,located in /usr/sbin. If NFS is the only dis-
`tributed file system installed on your system, enter
`
`unshareall
`
`If more than one distributed file system is installed, include the -F nfs
`option,as follows:
`
`unshareall -F nfs
`
`Automatic Sharing
`
`Automatic sharing makesit easy to share the sameset of resources on a regu-
`lar basis. In the case of a server that supports diskless clients, automatic shar-
`ing makestheclient machines’root directories available atall times.
`
`Automatic sharing is controlled by the information found in the dfstabfile,
`located in /etc/dfs. The dfstabfile lists all the resources that a server is
`makingavailable for sharing and controls which clients can access each of
`these resources. By editing the informationin thisfile, resources can be added
`or deleted and the way sharing is done can be modified. The dfstabfile can
`be modified with any text editor. The next time the machine enters run level
`3, the system will read the updated dfstab file and use the informationit
`contains to determine whichresourcesare to be shared.
`
`Each line in the dfstabfile consists of a share command—the same com-
`mand you might enter at the commandline to share a resource explicitly.
`Whenusedto share a resource over NES, share hasthefollowing syntax:
`
`share [-F nfs]
`
`[-o specific-options]
`
`[-d description] pathname
`
`Booking, Exh. 1007, Page 24
`
`Booking, Exh. 1007, Page 24
`
`

`

`
`
`wosing
`
`where
`
`-F nfs
`
`indicates that the resource is to be shared through
`NES.
`
`-© specific-options
`
`is a comma-separatedlist of options that regulates
`how the resource is shared.
`
`-d description
`
`pathname
`
`is a comment
`shared.
`
`that describes the resource to be
`
`is the full nameof the resource to be shared, starting
`at root (/).
`
`If only onedistributed file system packageis installed, nfs is the default, and
`the -F option can be omitted.
`
`The specific options that can follow the -o flag are the sameas thoseavailable
`for the share command.See “The share Command”on page 9.
`
`If the -d option is used, the description is stored in your sharetabfile.It is
`not, however, displayedfor clients when they use the dfshares commandto
`list the resources shared on the system. dfshares is discussed in “Display-
`ing Shared Local Resources” on page 25.
`
`Accessing Shared Resources as Superuser
`
`.
`
` |
`
`‘
`
`5
`
`Oo
`
`
`
`Under NFS,a server shares the resources it owns so that clients can mount
`them. Nevertheless, users who becomesthe superuserat a client machineare
`denied access to mounted remote resources they would beable to see under
`their own UID.Thisrestriction ensures that in becoming superuser, users do
`notgain accessto files they would not ordinarily be able to see. When a user
`logged in as root Tequests access to a remote file shared through NES, that
`UIDis changedfrom0to thatof the username nobody . User nobodyhasthe
`sameaccess rights as the public for a givenfile. For example,if the public has
`execute butnotread or write permissionfora file, then user nobodycan only
`executethatfile.
`
`Booking, Exh. 1007, Page 25
`
`Booking, Exh. 1007, Page 25
`
`

`

`access to that resource by editing the file /etc/dfs/dfstab on the server,
`or by specifying the appropriate options at the commandline.
`
`For example, to allow the machine samba, but no other machine, superuser
`access to the shared directory /usr/src, enter the following command in
`the file /etc/dfs/dfstabor at the commandline:
`
`share -F nfs -o root=samba /usr/src
`
`To allow more than oneclient root access, you mustspecify a list. Here, the
`machines samba, mambo, and jazz all are given root access to the directory
`/usr/sre,
`
`share -F nfs -o root=samba:mambo:jazz /usr/sre
`
`To give all client processes with UID 0,thatis. those logged in as root supe-
`ruser access to /usr/src, enter
`
`-share -F nfs -o anon=0 /usr/src
`
`anonis short for “anonymous.” By default, anonymousrequests inherit the
`UID of username nobody. NFSservers label as anonymous any request
`from a root user (someone whose currenteffective user UID is 0) not in the
`list following the root= option in the share command. The command
`shown aboveoverrides the default behavior by telling the kernel to use the
`value 0 for anonymousrequests. Asa result, all root users retain their UID of
`0.
`
`For example,to allow usersor processeson clients sneezy and grumpy with
`an effective UID of 0 to access /usr with superuser permission, enter
`
`share -F nfs -o root=sneezy:grumpy /usr
`
`Booking, Exh. 1007, Page 26
`
`Booking, Exh. 1007, Page 26
`
`

`

`
`
`18
`Using NFS
`
`
`
`
`
`
`
`To permit root access on /usr by any user or process whoseuserID is 0, enter
`
`share -F nfs -o anon=0 /usr
`
`V Warnin'&
`
`Resources shouldbeshared in this way only if you are ina
`trusting environment.
`
`O) Mounting Resources
`
`Once a resource has been shared on a server using NFS, that resource can be
`accessed from any client of that server, providedtheclient takes the steps nec-
`essary to mountthe resource. Mounting can be done automatically when NFS
`operation begins on theclient (when the client enters run level 3) or explicitly
`(by using the commandline during a work session). If you regularly need to
`mountcertain remote resources,it is best to set up automatic mounting when
`you first set up NFS operation.
`
`Mounting and Unmounting Resources
`
`An NFSshared resource can be explicitly mounted or unmounted at any time,
`using the mount and umount commands, respectively.
`
`The mount Command
`
`Clients can mount a remote resource, provided the resource is shared and
`located on a server that can be reached over the network. You mustbe super-
`user to use the mount command.
`
`NES supports two types of mounts—hard mounts and soft mounts.In the
`case of a hard mount, an NFS request affecting any part of the mounted
`resourceis issued repeatedly until the requestis satisfied. When a soft mount
`cannotbesatisfied, an NFS request returns an error, then quits.
`
`Booking, Exh. 1007, Page 27
`
`Booking, Exh. 1007, Page 27
`
`

`

`mountpoint for the remote resource. As with a local mount, if you mounta
`remote resource on an existing directory that containsfiles and sub-directo-
`ries, the contents of the directory are obscured.
`
`The mount commandhasthe form
`
`mount
`
`[-F nfs]
`
`[-o specific-options]
`
`resource mountpoint
`
`where
`
`-F nfs
`
`-o specific-options
`
`resource
`
`is the type of mount to perform—in this case, an
`NFS mount. If the -F option is not specified, but
`resource or mountpoint
`is, mount
`looks
`in
`/etc/vfstab for the corresponding entry and
`mounts the resource according to the file system
`type specification there.
`
`is a list of options specific to NFS mounts. Someof
`the options are described below. The full set of
`options is described in “The Specific Options For
`share” on page 10.
`
`