Lecture 34

More on NIS

Netgroups

A netgroup is a collection of triples of form (hostname, username, domain_name).

Netgroups are used to augment the information provided in other maps and files. For example, you can create subsets of users who have various permissions.

Netgroups are intended to be matched against like patterns. A blank entry in a netgroup is a wildcard, and a - entry indicates a field that can take no value in a match.

Usually only user names or host names are used, but not both. Examples:

trusted-hosts (elgin,,), (schlitz,,)
trusted-users (,jnw,), (,bw1,)
dangerous-users (,cl0,), (,bwall,)
special-users trusted-users, dangerous-users

How do we use NFS with local system files?

The plus-sign (+) is the NIS magic token used in config files to append to maps. If you want to append the NIS group map to the group file, you place the following entry at the end of the group file:

+:*:*

The asterisks keep this entry from introducing a new group named + just in case NIS service is not running.

In the password file, you might see something like this:

root:!:0:1:Operator:/:/bin/sh
daemon:!:1:1:::
sys:!:2:2::/:/bin/sh
bin:!:3:3::/bin:
uucp:!:4:8::/var/spool/uucppublic:
+:!:0:0:::

This is the simplest form of password file appending. It adds all NIS passwd map info to the client password file.

Other possibilities include:

```
+user1:!:
+user2:!:
```
This adds the entries for the specified users
```
+user1:!:0:0:Local GECOS Information:::
```
All fields except GECOS would be gotten from the NIS map.
```
+@trusted-users
```
This adds the NIS fields for all users in the trusted-users netgroup to the password file. Any hostnames appearing in the netgroup entries have no meaning whatsoever.
```
-billy:!
-@dangerous-users
```
This will cause NIS to avoid adding the user billy from any map whose inclusion follows and also avoid adding any of the users in the netgroup dangerous-users. Beware! You can make mistakes like this:
```
+@trusted-users
-billy:!:
```
If billy is in the trusted-users netgroup, he gets added.
Rule of thumb: always process deletions before additions! (Always process denys before allows.)

(/etc/netsvc.conf)

NFS

NFS clients uses the following daemons:

biod
for block operations, read-ahead, and write-behind performance optimizations. Multiple instances run (arg is number of instances) so that client can hhave multiple NFS requests being processed simultaneously.
rcp.lockd and rpc.statd handle file locking and lock recovery for the client. Numerous reported problems involving NFS file locking.

NFS server daemmons (in addition to the client ones):

nfsd handles NFS file requests. Multiple copies of this run so the daemon can handle multiple requests at one time.
rpc.mountd handles client requests to mount a file system.

NFS file system mount control: /etc/exports tells which filesystems the server will allow clients to mount via NFS Filesystem export rules:

Any local filesystem or subtree of a filesystem can be exported.
No subdirectory of an exported filesystem can be exported unless it is on a separate physical device.
No parent directory of an exported filesystem can be exported unless it is on a separate physical device.

Options (comma sep in /etc/exports):

rw=host:host
ro
access=host:host
anon=host:host
root=host:host
secure