Linux NFS-HOWTO

Tavis Barr

         tavis@mahler.econ.columbia.edu
       

Nicolai Langfeldt

         janl@linpro.no
       

Seth Vidal

        skvidal@phy.duke.edu
      

앐Y - ({)

        nakano@apm.seikei.ac.jp
      

2002-01-26 (original 2000-12-28)



Table of Contents
1. O
   
    1.1. @IȂ
    1.2. Ɛ
    1.3. tB[hobN
    1.4. ӎ
   
2. ͂߂
   
    2.1. NFS Ƃ͉?
    2.2.  HOWTO ͉ (ĉł͂Ȃ)
    2.3. OɕKvƂm
    2.4. OɕKvƂȂ\tgEFA: J[lo[W nfs-utils
    2.5. wvڍׂȏ̂肩
   
3. NFS T[o̐ݒ
   
    3.1. T[oݒ̊T
    3.2. ݒt@C̕ҏW
       
        3.2.1. /etc/exports
        3.2.2. /etc/hosts.allow  /etc/hosts.deny
       
    3.3. T[rXJn
       
        3.3.1. Ȍ
        3.3.2. |[g}bpN
        3.3.3. ꂼ̃f[
       
    3.4. NFS 삵Ă邩mF
    3.5. Ƃ /etc/exports ύX
   
4. NFS NCAg̐ݒ
   
    4.1. [g̃fBNg}Eg
    4.2. NFS t@CVXeu[gɃ}Eg
    4.3. }Eg̃IvV
       
        4.3.1. \tg}Egƃn[h}Eg
        4.3.2. ubNTCYݒ肵ē]xœK
       
5. NFS ̐\œK
   
    5.1. ubNTCYݒœ]xœK
    5.2. pPbgTCYƃlbg[NhCo
    5.3. NFSD ̃CX^X̐
    5.4. ̓L[̃
    5.5. tOgꂽpPbg̃I[o[t[
    5.6. NIC ƃnu̎lSVG[V𖳌ɂ
    5.7. T[o̐\ NFS ȊO̕@
   
6. ZLeB NFS
   
    6.1. |[g}bp
    6.2. T[õZLeB: nfsd  mountd
    6.3. NCAg̃ZLeB
       
        6.3.1. nosuid }EgIvV
        6.3.2. broken_suid }EgIvV
        6.3.3. |[g}bpArpc.statd, rpc.lockd NCAgňS
            ɂ
       
    6.4. NFS ƃt@CAEH[ (ipchains  iptables)
    6.5. ܂Ƃ
   
7. guV[g
   
    7.1. }Egt@CVXeŃt@CȂ
    7.2. t@CNGXgnOAANZX҂Ń^CAEg
        
    7.3. t@CVXe}EgłȂ
    7.4. }Eg{[ŁAt@CɃANZX錠܂
        
    7.5. ɑ傫ȃt@C]ƁA NFS T[o CPU 
        ܂āA~܂悤ɂȂĂ܂܂
    7.6. OɊȃG[bZ[Wo
    7.7. ۂ̃p[~bV /etc/exports ̎wƈقȂ
    7.8. ȁAsȐU
    7.9. nfsd NȂ
   
8. Linux  NFS 𑼂 OS Ǝg
   
    8.1. AIX
       
        8.1.1. Linux NCAg AIX T[o
        8.1.2. AIX NCAg Linux T[o
       
    8.2. BSD
       
        8.2.1. BSD T[o Linux NCAg
        8.2.2. Linux T[o BSD NCAg
       
    8.3. Compaq Tru64 Unix
       
        8.3.1. Tru64 Unix T[o Linux NCAg
        8.3.2. Linux T[o Tru64 Unix NCAg
       
    8.4. HP-UX
       
        8.4.1. HP-UX T[o Linux NCAg
        8.4.2. Linux T[o HP-UX NCAg
       
    8.5. IRIX
       
        8.5.1. IRIX T[o Linux NCAg
        8.5.2. IRIX NCAg Linux T[o
       
    8.6. Solaris
       
        8.6.1. Solaris T[o
        8.6.2. Solaris NCAg
       
    8.7. SunOS
       
        8.7.1. SunOS T[o
        8.7.2. SunOS NCAg
       
1. O

1.1. @IȂ

Copyright (c) <2001> by Tavis Barr, Nicolai Langfeldt, and Seth Vidal.
This material may be distributed only subject to the terms and
conditions set forth in the Open Publication License, v1.0 or later
(the latest version is presently available at http://
www.opencontent.org/openpub/).

̒̕쌠 Copyright (c) 2001 Travis Barr, Nicolai Langfeldt,
Seth Vidal ɂ܂B́̕AOpen Publication License v1.0 
ȍ~ (ŐVł http://www.opencontent.org/openpub/ ɂ܂B
{ http://www.opensource.jp/openpub/ ɂ܂) ̏E
]΍Ĕzzł܂B

|͒앐Ys܂B Copyright (C) 1997-2001 Takeo Nakano. C
ZX͓ Open Publication License v1.0 (IvVȂ) т
ȍ~ɏ]܂B



1.2. Ɛ

This document is provided without any guarantees, including
merchantability or fitness for a particular use. The maintainers cannot
be responsible if following instructions in this document leads to
damaged equipment or data, angry neighbors, strange habits, divorce, or
any other calamity.

̒̕񋟂ɂẮApł邩ۂA̖ړIɓK邩
Ȃ܂߁A̕ۏ؂܂B̈̕ȉɂɂ
ċ@f[^Q󂯂Aߏ̐l{AȏK
܂A邱ƂɂȂȂsKƂĂ
Å̕Ǘ҂͉̐ӔCƂł܂B



1.3. tB[hobN

͂̕܂܂̂ł͂܂B̕コ邽
̃tB[hobN}܂B 2000 N 10 ̎_ɂẮALinux NFS
z[y[W http://nfs.sourceforge.net łB[OXgEoO
tBbNXEXVɊւĂÂ݂̊̕Ǘ҂ɂẮA
y[W`FbNĂB



1.4. ӎ

Linux  NFS ͑̐l̋͂ɂĉ\ɂȂ܂Błl
̐lX͓ɎĂlł傤BIWĩo[W
Olaf Kirch  Alan Cox ɂĊJ܂Bversion 3 T[õR[h
́A Saadia Khan, James Yarbrough, Allen Morris, H.J. Lu ̍Ƃ
ɁANeil Brown SȂ̂ɂ܂ (ގgIWi̍Ǝ҂Ɋ܂
܂)BNCAg̃R[h Olaf Kirch A Trond Myklebust 
XVĂ܂B version 4 ̃bN}l[W Saadia Khan J
B Dave Higgen  H.J. Lu ̓lӂ邱Ƃ̏Ȃd
󂯁AǗێƃoOtBbNXϋɓIɍsAR[hҒʂɓ삷
悤ɂĂ܂B񊴎ӂׂl͂܂܂񂢂܂B

̃̕IWił Nicolai Langfeldt ܂B 2000 N
Tavis Barr  Seth Vidal ɂđ̕A 2.0 J[l
 2.4 J[l̊ԂɊJꂽA Linux p NFS ł̂܂܂ȕύX
f܂B Thomas Emmel, Neil Brown, Trond Myklebust, Erez Zadok,
Ion Badulescu 炪AlRgƍv񂹂Ă܂B

: |ɍۂẮAJF ML ̊FɂbɂȂ܂Bɂ˂
ƕ䂳ɂ́AŜʂėLvȃRg܂B



2. ͂߂

2.1. NFS Ƃ͉?

Network File System (NFS) ́A[g}ṼfBXNp[eBV
[J̃n[hfBXN̂悤Ƀ}Egł悤ɂ̂łB NFS
pƁAlbg[NāAV[Xȃt@CL
\ɂȂ܂B

 NFS ̐ݒԈႦƁA]܂ȂlXȂ̃n[hhCu
΂ălbg[NoRŃANZXłĂ܂\܂ (ă
[ǂ܂ꂽAׂẴt@CꂽAVXeɐN邩
܂)BłANFS ̐ݒsȂÃ̕ZL
eB̏͂𒍈ӂĂ悭ǂłB

NFS Ɠl̋@\񋟂VXe͑ɂ܂B Samba  Windows
NCAgɃt@CT[rX񋟂܂Bŋ߃I[v\[XɂȂ
IBM  Andrew File System (http://www.transarc.com/Product/EFS/AFS/
index.html) t@CL@\񋟂AɃZLeB␫\
邽߂̋@\ǉĂ܂B Coda File System (http://
www.coda.cs.cmu.edu/) ́A̕Ă鎞_ł͂܂J̒iK
AڑꂽNCAgł܂삷悤ɐ݌vĂ
B Andrew File System  Coda File System ̋@\̑́A̔ł
NFS (Version 4)Ɏ荞܂\ł (http://www.nfsv4.org)Bɂ
 NFS ̗_́AnĂ邱ƁAWł邱ƁA悭Ă邱
ƁÃvbgtH[ŌłɃT|[gĂ邱ƁAłB



2.2.  HOWTO ͉ (ĉł͂Ȃ)

 HOWTO ́ANFS 𐳂Iɐݒ肷邽߂́ASȃXebvo
CXebṽKChƂȂׂMĂ܂B NFS ̐ݒ 2 ̒iK
Ȃ܂BȂ킿T[o̐ݒƃNCAg̐ݒłBɂ
́A̗pr NFS pl̃qgAn[hEFA̐ݒA
ZLeBAguV[gɎQlɂȂ񋟂Ă܂B

 HOWTO  NFS ̒g≺w\Lq̂ł͂܂B̖
Iɂ́AHal Stern  O'Reilly & Associates, Inc.  Managing NFS
and NIS ł傤 (ł̖M󂪃AXL[oĂ܂)B̖{͂
ȂÔ̂łANFS ̍\̂قƂǂ͕ςĂ܂񂵁A̖{
͂ꂪɖɐĂ܂B NFS ɊւƂƍx
ŐV̋ZṕA Brent Callaghan  NFS Illustrated ɏĂ܂
(M󂪁wNFS oCuxƂŃAXL[oĂ܂)B

͊̕Sȃt@X}jAڎŵłȂA Linux
NFS ̖cȋ@\̃XgׂĂ܂ނ̂ł܂B̖ړIɂ́A 
nfs(5), exports(5), mount(8), fstab(5), nfsd(8), lockd(8), statd(8), 
rquotad(8), mountd(8) Ȃǂ man y[WǂłB

̕ PC-NFS ܂B͌ÂłAPC ƃt@CL
ɂ Samba ̂قłB܂ NFS Version 4 ͂܂Jł̂ŁA
܂B



2.3. OɕKvƂm

 HOWTO ǂނɂ́ATCP/IP lbg[NɊւ{IȒmKv
BMȂꍇ Networking-Overview-HOWTO <http://www.linuxdoc.org
/HOWTO/Networking-Overview-HOWTO.html> ({ <http://
www.linux.or.jp/JF/JFdocs/Networking-Overview-HOWTO.html> JF ɂ
) ǂłB



2.4. OɕKvƂȂ\tgEFA: J[lo[W nfs-utils

Version 2  NFS  Version 3  NFS Ƃ̈ႢɂĂ͈ȍ~Ő܂
B̂Ƃ́Apׂ̍ȃt@CT[oCXg[ꍇ
NFS Version 3 KvɂȂ邾낤AƒĂĂ܂BCyȗpr
 NFS Version 2 łǂł傤B

NFS Version 2 ́AȂ蒷gĂ܂ (ȂƂ 1.2 J[lV
[Y) ÂꂩKvƂꍇ 2.2.18 ȍ~̔ł̃J[l
KvłB

 E Linux  NFS 𑼂 OS  NFS ƍ݂
   
 E NFS zɐM̍t@CbNg
   
 E NFS Version 3 g
   
2.2.14 ȍ~̃J[lɂ́AL̋@\񋟂pb`݂܂B
̂ Linux NFS z[y[W_E[hł܂B 2.2.14
`2.2.17 ̃J[lgĂāA\[XR[h茳ɂȂA NFS
Version 3 T[õT|[gݒIvVɂ邩ǂŁÃp
b`Ă邩ǂ𔻒fł܂BAÂJ[lg
RɂȂ΁ÃoOCĂ킯łAAbvO[
hׂł傤B

Version 3 ̋@\pɂ́Anfs-utils pbP[W̏ȂƂo[W
 0.1.6 ƁAmount ̃o[W 2.10m ȍ~KvłB nfs-utils
 mount ͊SɌ݊ۂĂ܂AVłł͑̃ZL
eBoȌCȂĂ܂A NFS ̐ݒn߂ȂAŐV
nfs-utils  mount pbP[W𗘗pȂ͂Ȃł傤B

2.4 ׂ̂ĂƂȍ~̃J[lɂ́A NFS Version 3 ̋@\ׂĊ܂
Ă܂B

2.2.18 ȍ~ׂ̂ẴJ[lł́ANCAgł NFS over TCP T
|[gĂ܂B̎̕M_ł́AT[o NFS over TCP 
2.2 V[Y̌ ( 2.4 J[lł͂܂) ɂ݂A܂
iKŁAoOƎv܂B

L̋@\̔ɑJ[lo[W 2.2.18 œꂽ̂ł
̂ŁA͂̃̕o[Wȍ~ (2.4.x ܂݂܂) Ώۂɂ܂B
ÂJ[lgĂꍇ́A͂̕茳 NFS VXe𐳂
Lq̂ł͂Ȃ܂B

̎̕M_ł́ANFS version 4 ͂܂vgR̊JiKȂ̂
Ał͏qׂ܂B



2.5. wvڍׂȏ̂肩

2000 N 11 ̒iKł́ALinux NFS z[y[W http://
nfs.sourceforge.net ɂ܂B NFS ֌W̃[OXgAnfs-utils
̍ŐVŁA NFS J[lpb`Ȃ NFS ֌W̃pbP[WɂĂ
`FbNĂB

nfs(5), exports(5), mount(8), fstab(5), nfsd(8), lockd(8), statd(8), 
rquotad(8), mountd(8) Ȃǂ man y[WĂƂł傤B



3. NFS T[o̐ݒ

3.1. T[oݒ̊T

ł̓T[oƃNCAg̗ݒ肷邱Ƃl܂BNCA
gݒ肵āANʂ̐l̃T[o (ႦΕ̃T[oȂ) ɂȂ
ꍇ́A Section 4 ɐiłBANCAgݒ肷
тɁAT[o͂̃NCAg̐ڑ悤ɏCKv
܂ (T[o̐ݒ肪ɕsSȏꍇ)B]ĎŃT[o
ݒ肵ȂꍇłÃZNV͓ǂłقł傤B
ΔF؊֘A̖肪ꍇɂǂ𒲂ׂΗǂ킩ł傤
B

T[o̐ݒ 2 ̃XebvȂ܂B܂ NFS ̐ݒt@C
WA NFS T[rXۂɋN܂B



3.2. ݒt@C̕ҏW

NFS T[o̐ݒuɂĕҏWȂ΂ȂȂvȐݒt@C 3
܂B /etc/exports, /etc/hosts.allow, /etc/hosts.deny łB{
̂ƂƁAۂ NFS 𓮍삳ɂ /etc/exports ŗǂ
łAꂾ NFS ͔Ɋ댯ȏԂ̂܂܂ɂȂ܂BɁA
ɉċNXNvgҏWKv邩܂Bɂ
 Section 3.3.3 ĂB



3.2.1. /etc/exports

̃t@Cɂ̓Gg̃XgĂAeGg͋L{
[ƁAꂪǂ̗lɋL邩Lq܂B̃t@Cɂ
ݒIvVׂ̂Ămɂ man y[W (man exports) Kv
܂AɂLqł̐l̗prɂ͑ł傤B

/etc/exports ̃GǵAȉ̂悤Ȍ`ɂȂĂ܂:

 directory machine1(option11,option12) machine2(option21,option22)     

evf̈Ӗ͈ȉ̒ʂł:

directory
   
    LfBNgłB{[ŜłǂłA
    ȂĂ܂܂BfBNgLƁAȉ̂
    ׂẴfBNg (t@CVXeɂ) lɋL
    ܂B
   
machine1 and machine2
   
    ̃fBNgɃANZXNCAg}VłB}V IP
    AhX܂ DNS AhXŎwł܂ (: machine.company.com
    Ƃ 192.168.0.8)B IP AhXgقMSł
    B
   
optionxx
   
    e}ṼIvṼXgŁÃ}Vǂ̂悤ɃANZXł
    邩Lq܂BdvȃIvV܂:
   
      ro: ̃fBNg͓ǂݏopŋL܂BNCAg
        ͏ނƂ͂ł܂BꂪftHgłB
       
      rw: NCAg}V͓ǂݏoƏݗ̃ANZX
        fBNgɍs܂B
       
      no_root_squash: ftHgł́A root [Uɂt@Cv
        ́AׂăT[oł nobody [UɂĂȂꂽ̂Ƃ
        ܂B (mɌƁAv UID ̃}bv̓T[oɂ
        郆[U "nobody"  UID Ɉˑ܂BNCAĝ̂ł͂
        ܂B) no_root_squash IԂƁANCAg}V root
        ́AT[oVXeł root ƂĂ̓x̃ANZXT[
        õt@CɍsƂɂȂ܂B̓ZLeBɑȉe
        yڂ\܂ANCAgōsǗƂɃGN
        X|[gꂽfBNg܂߂悤ȏꍇɂ́AꂪKv
        ɂȂł傤BK؂ȗRȂ΁ÃIvV͎w肷
        ł͂܂B
       
      no_subtree_check: {[̈ꕔGNX|[gꍇA
        subtree checking ƌĂ΂郋[`ANCAgv
        t@C̃{[̓K؂ȏꏊɂ邩ǂ𒲂ׂ܂
        B{[ŜGNX|[gꍇ́Ã`FbN𖳌
        ĂƓ]ɂȂ܂B
       
      sync: ftHgł́A Version 2  NFS T[óAT[oł̃t
        @CVXeւ̏ݏIƁANCAg}V
        t@C݂I|m点܂B̏ꍇAt@
        CVXe̓fBXN sync ĂȂĂ悭Aɂ̓N
        CAg sync() R[𔭍sĂ͕̎ς܂B]
        ăftHg̓ł́AT[oċNƃt@C
        ܂B̃IvVƁANFS ݑ
        邽тɁAfBXNւ sync Iɍs܂B
        Ə݂̎ԂȂxȂ܂A NFS Version 2
        MKvƂŗpꍇɂ͕KvƂȂ邱Ƃ
        傤BVersion 3  NFS ɂ commit 삪ANCA
        gŗp΁AT[oŎۂɃfBXN sync s킹邱
        ł܂B
       
 2 ̃NCAg}VA slave1  slave2 Aꂼ IP
AhX͂ꂼ 192.168.0.1  192.168.0.2 łƂ܂傤B
̃}VɁAō\tgEFAoCĩfBNgƁAz
[fBNgLƂ܂B̂悤ȏꍇ /etc/exports
͎̂悤ɂȂł傤:

  /usr/local   192.168.0.1(ro) 192.168.0.2(ro)                      
  /home        192.168.0.1(rw) 192.168.0.2(rw)                      
                                                                    


ł /usr/local ̋L slave1 slave2 ƂɓǂݏopƂĂ
Bɂ͎ŊJ\tgEFÂŁA slave1  slave2
ɏ݌^邱ƂɁAꂪ炷ZLeB̃XNz
郁bg͂Ȃł傤Bz[fBNǵAɃ[U
ƂZ[ûł΁Aǂݏ\ŃGNX|[gȂ΂Ȃ
܂B

傫ȃVXegĂꍇɂ́ÃRs[^
[Jlbg[NɂȂĂāA炷ׂĂT[oւ̃ANZX
s킹܂B̃}Vւ̎QƂȒPɍsɂ́A
̕@܂Bŏ̂̂́Albg[Nƃlbg}XNp
AANZX}V͈̔͂w肷@łBႦ 192.168.0.0 
192.168.0.255 ɂ邷ׂẴ}VɃANZXɂ́Â悤ȃG
gpӂ܂:

  /usr/local 192.168.0.0/255.255.255.0(ro)                          
  /home      192.168.0.0/255.255.255.0(rw)                          
                                                                    


lbg}XN̏ڂ쌴ɂĂ Networking-Overview HOWTO <http:
//www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html> (JF ɂ{
 <http://www.linux.or.jp/JF/JFdocs/Networking-Overview-HOWTO.html>)
ĂB܂ init  hosts.allow ̊e man y[WĂ
Ƃł傤B

Ԗڂ̕@́AGg NIS ̃lbgO[vpłB
exports t@CɃlbgO[vw肷ɂ́AlbgO[v̑O
"@" ΗǂłBlbgO[v̏ڂ쌴ɂĂ 
NIS HOWTO <http://www.linuxdoc.org/HOWTO/NIS-HOWTO.html> (JF ɂ{
 <http://www.linux.or.jp/JF/JFdocs/NIS-HOWTO.html>) Ă
B

OԖڂ̕@́AzXg̑ *.foo.com  192.168. ̂悤ȃC
hJ[hg@łB

̒PsƁAlbgO[v⃍[Jlbg[Nɂ
邷ׂẴ}VSɂ͐MłĂȂꍇɂ́AZLeB̃
XN邱ƂɂȂ܂B

GNX|[głȂ (邢ׂ͂łȂ) eɂāA
ɒӂĂ܂B܂ɁAfBNgGNX|[gƁA
̐efBNgƎqfBNg (t@CVXeɂꍇ)
GNX|[gł܂BGNX|[gKv͂Ȃ͂
BȂȂefBNg /etc/exports ɂ΁At@CVXe
ɂ邻ȉ̃fBNgׂ͂ăGNX|[g邩łB

ɁAFAT  VFAT t@CVXe (MS-DOS  Windows 95/98 ̗̈)
 NFS ŃGNX|[ĝ͂悢lł͂܂B FAT ̓}`[
Ũ}Vŗp邱ƂlĂ܂񂩂AƂTOɊ
삪s܂BɁÃt@CVXẻwVXe
A݌v̗R NFS ̊Ғʂɂ͓삵ȂƂ񍐂Ă܂B

OɁAfoCXt@Ct@ĆA Linux ȊÕNCAgɂ
GNX|[gȂƂ܂Be OS ꂼɊւڍׂ 
Section 8 ĂB



3.2.2. /etc/hosts.allow  /etc/hosts.deny

 2 ̃t@ĆAlbg[N̂ǂ̃Rs[^Ȃ̃}V
̃T[rX𗘗pł邩w肷̂łB̃t@C̊eśAT[
rXƃ}V̈ꗗXgGgɂȂĂ܂BT[o}V
v󂯂ƁAT[ô͎悤ɓ삵܂:

 E T[o͂܂ hosts.allow 𒲂ׂāÃ}Vt@C̋LqɃ}
    b`邩܂B}b`ꍇ́Ã}ṼANZX
    ܂B
   
 E ̃}V hosts.allow ̃GgɃ}b`ȂƂ́AT[o͎
     hosts.deny 𒲂ׁÃNCAg̃t@C̃XgɃ}
    b`邩܂B}b`Ã}ṼANZX͋ۂ
    B
   
 E ̃NCAgǂ̃t@C̃Xgɂ}b`Ȃ΁AA
    NZX͋܂B
   
̃t@CɂANZX́A inetd ňT[rX (telnet 
FTP Ȃ) łȂA NFS ɂKpł܂B NFS T[rX񋟂f
[ւ̐ڑ𐧌ł̂łB̓T[rXƂɍs܂B

ANZX𐧌ׂŏ̃f[̓|[g}bp (portmapper) łB
̃f[̎d́A{Iɂ͗v悱NCAgɁAVXe
̗lX NFS T[rXւ̐ڑ`邱ƂłB|[g}bpւ̃A
NZX́A NFS oRŃVXe֐N悤Ƃ҂ɑ΂œKȖh
ƂȂ܂BȂȂSF؂ĂȂNCAǵAǂ NFS f[
邩m邷ׂȂłB 2 ̓_ɋC
΂Ȃ܂Bڂ́A|[g}bp𐧌邾ł͏\ł͂Ȃ
ƂƂłBN҂͂Ȃ炩̗RŁÃf[ւ̐ڑ
mĂ邩܂Bڂ́ANIS 𓮂Ăꍇɂ́A|[g
}bp𐧌 NIS ւ̗vƂƂłBʏ NFS
 NIS lɐł傤AꂪɂȂ邱Ƃ͏Ȃł
傤ACɂ͗߂ĂĂB (NFS 𓮍삳ȂA NIS
ɓ삳Ɨǂł傤BNCAg}Vɂ́AGNX|
[gꂽ{[ɂt@C̏L҂m@KvłB
pX[ht@C𓯊@͑ɂ܂B NIS ̐
ɂĂ NIS HOWTO <http://www.linuxdoc.org/HOWTO/NIS-HOWTO.html>
(JF ɂ{ <http://www.linux.or.jp/JF/JFdocs/NIS-HOWTO.html>)
ĂB

ʂɂ́ANFS (܂߂قƂǂ̃C^[lbgT[rX) ւ̃ANZX́A
Kv̂ȂzXgɑ΂Ă͖IɋۂĂ̂ǂł傤
B

ɂ́A܂̂悤ȃGg /etc/hosts.deny ɒǉ܂:


   portmap:ALL                                                      
                                                                    


nfs-utils 0.2.0 ́Aꂼ̃f[̃ANZXsƂ
AVXełɂł܂BN҂̓|[g}bpł邱
̂ŁA̗pSĂ̂͂悢lł傤Bŋ߂̔ł
nfs-utils pĂ̂ȂANFS f[ꂼɂăGg
sǉĂ܂傤 (̃f[ꂼꉽł邩͎
߂ĂB܂͒Pɂ̃Gg hosts.deny ɉĂ
):


    lockd:ALL                                                       
    mountd:ALL                                                      
    rquotad:ALL                                                     
    statd:ALL                                                       
                                                                    


Âł nfs-utils gĂꍇłAȂƂ̃Gg
Ė肪N邱Ƃ͂܂ (Pɖ܂)BăAbvO
[hƂɁAVXegu~Ă邩Ȃ킯ł
B /etc/hosts.deny t@C ALL:ALL ƂGgǉI
VXeǗ҂܂BƁÃt@CQƂ邷ׂĂ
T[rX́AIɋꂽzXgȊÕANZXׂċۂ
B͂SȓłAVT[rXCXg[ۂɃg
ǔƂȂ邩܂B̃GguƂYĂ
ƁAȂVT[rXȂ̂AꐶĂ킩ȂȂ邩
܂B

ɃGg hosts.allow ɒǉAANZXzXgw肵
B (L̂悤 hosts.deny ɒǉƁAN NFS ɃANZX
܂B) hosts.allow ̃Gĝ͎悤Ȍ`ł:


    service: host [or network/netmask] , host [or network/netmask]  
                                                                    


 host ̓NCAgɂȂzXg IP AhXłBzXg
DNS 𗘗płVXe܂A DNS ̗p͔悤
߂܂B

ȑOɍs悤ȐݒŁA slave1.foo.com  slave2.foo.com ɃANZX
ꍇl܂傤B̃}V IP AhXꂼ 
192.168.0.1  192.168.0.2 Ƃ܂B̏ꍇ͎̂悤ȃGg /
etc/hosts.allow ɒǉ܂:


   portmap: 192.168.0.1 , 192.168.0.2                               
                                                                    


ŋ߂̔ł nfs-utils ł́A̓eǉ܂傤 (T|[g
ĂȂĂQł):


    lockd: 192.168.0.1 , 192.168.0.2                                
    rquotad: 192.168.0.1 , 192.168.0.2                              
    mountd: 192.168.0.1 , 192.168.0.2                               
    statd: 192.168.0.1 , 192.168.0.2                                
                                                                    


NFS [Jȃlbg[NɂȂ̃}Vɑ΂ē삳
ꍇ́A /etc/hosts.allow ɂulbg[N/lbg}XNv`̃Gg
w肷邱Ƃł܂B͐ /etc/exports ̕Ő
̂ƓłB



3.3. T[rXJn

3.3.1. Ȍ

 NFS T[o̐ݒ肪ł܂̂ŁA삳Ă݂܂傤B܂AK
؂ȃpbP[WCXg[܂傤Bvɏ\VJ[lƁA
\Vł nfs-utils pbP[WłB悭Ȃ Section 2.4
܂傤B

āANFS JnOɁATCP/IP lbg[N̋@\̃}VŐ
삵Ă邩mF܂傤B telnet, FTP Ȃǂg΁A炭
TCP lbg[N͂ƓĂƎv܂B

́Aŋ߂ Linux fBXgr[V̂قƂǂł́A NFS N
ē삳ɂ́A}Vu[g邾ł݂܂BƋN
XNvǵAȂ /etc/exports ɑ΂čsݒmāANFS
𐳂NĂ܂BĂ݂ȂASection 3.4 ǂ
A NFS 삵Ă邩ǂׂĂB܂sȂꍇA
}Vu[głȂꍇɂ́A̐߂ǂ߂ NFS T[rXɕKvȃf
[ǂꂩ킩܂BȂ炩̗RŁAɐݒt@CҏW
_ nfsd 삵Ăꍇ́Asݒ𔽉fKv
܂Bsɂ Section 3.5 ĂB



3.3.2. |[g}bpN

NFS ̓|[g}bpf[ɈˑĂ܂BO portmap  
rpc.portmap ̂ǂ炩łB͍ŏɋNȂ΂Ȃ܂B
炭uꏊ /sbin ł傤A /usr/sbin ̏ꍇ邩܂
Bŋ߂ Linux fBXgr[V̂قƂǂ́Ãf[u[g
XNvgN܂A NFS ɊւƂn߂Oɂ́Aۂɓ
Ă邩m߂ĂƗǂł傤 (ps aux | grep portmap Ɠ͂
邾ł)B



3.3.3. ꂼ̃f[

NFS ̃T[rX́A5 ̃f[ɂď܂: rpc.nfsd ͍Ƃ
啔s܂B rpc.lockd  rpc.statd ̓t@CbLO
B rpc.mountd ͍ŏ̃}Egv܂B rpc.quotad ̓GNX|
[gꂽ{[ɂ郆[Ut@CNH[^܂B 2.2.18
ȍ~ł́Alockd  nfsd KvɉČĂяo܂̂ŁA蓮ŋN
Kv͂܂Bstatd ͕ʂɋNĂKv܂Bŋ߂
Linux fBXgr[V̂قƂǂɂ́Ãf[̋NXN
vg͂łB

̃f[ׂ͂ nfs-utils pbP[WɓĂA /sbin ܂
 /usr/sbin ̂ꂩ̃fBNgɂƎv܂B

gĂfBXgr[V̋NXNvgɂ炪Ȃꍇ́A
̏ɋN悤ݒǉȂ΂Ȃ܂:

rpc.portmap                                 
rpc.mountd, rpc.nfsd                        
rpc.statd, rpc.lockd (KvȂ), rpc.rquotad

nfs-utils pbP[Wɂ́ARedHat  Debian ̋NXNvg̗Ⴊ
Ă܂BȊÕfBXgr[VgĂꍇłA
 RedHat ̃XNvgRs[΂ނƎv܂A

    . ../init.d/functions                                           
                                                                    

Ƃs폜ȂƃG[bZ[W\邩܂B



3.4. NFS 삵Ă邩mF

sɂ́A rpcinfo -p R}hpă|[g}bpɖ₢킹A
ǂȃT[rX񋟂Ă邩𒲂ׂ܂B̂悤ȏo͂
łB

    program vers proto   port                                       
    100000    2   tcp    111  portmapper                            
    100000    2   udp    111  portmapper                            
    100011    1   udp    749  rquotad                               
    100011    2   udp    749  rquotad                               
    100005    1   udp    759  mountd                                
    100005    1   tcp    761  mountd                                
    100005    2   udp    764  mountd                                
    100005    2   tcp    766  mountd                                
    100005    3   udp    769  mountd                                
    100005    3   tcp    771  mountd                                
    100003    2   udp   2049  nfs                                   
    100003    3   udp   2049  nfs                                   
    300019    1   tcp    830  amd                                   
    300019    1   udp    831  amd                                   
    100024    1   udp    944  status                                
    100024    1   tcp    946  status                                
    100021    1   udp   1042  nlockmgr                              
    100021    3   udp   1042  nlockmgr                              
    100021    4   udp   1042  nlockmgr                              
    100021    1   tcp   1629  nlockmgr                              
    100021    3   tcp   1629  nlockmgr                              
    100021    4   tcp   1629  nlockmgr                              
                                                                    


ł NFS version 2  3Arpc.statd version 1A network lock manager
(rpc.lockd ̃T[rX) version 1, 3, 4 ܂B܂ NFS  TCP 
g UDP gɂāAʁX̃T[rXƂăXgĂ܂B
Linux VXéA TCP gׂw肳ȂA UDP ftH
gŗp܂B Solaris ̂悤ȑ OS ł́AftHg TCP 
ȂĂ܂B

 "portmapper" ̍sA"nfs" ̍sA"mountd" ̍ŝǂꂩȂ΁A
ăf[NȂKv܂ (łȂ΁A
Section 7 guV[gĂ)B

̃T[rX\ĂANFS NCAgpӂāAT[o
̃t@CɃANZX邽߂̏ƂɂȂ܂B



3.5. Ƃ /etc/exports ύX

O̒iKɖ߂āA /etc/exports t@CύXꍇA̕ύX͂
ɂ͔f܂Bnfsd  /etc/exports t@Cǂݒɂ́A
exportfs -ra R}hsȂ΂Ȃ܂B@exportfs R}h
Ȃꍇ́A -HUP tOw肵 nfsd  kill ܂ (ڍׂ
kill  man y[WĂ)B

ł܂Ȃꍇ́A hosts.allow 𒲂ׁAVNCAg}
ṼXgYĂȂmFĂB܂t@CAEH[
肵Ăꍇ́ÃzXgXg`FbNĂ (t@CAEH
[ NFS ̊֌WɂĂ Section 7 Ă)B



4. NFS NCAg̐ݒ

4.1. [g̃fBNg}Eg

Ƃ͂߂OɁA茳 mount vO\ɐVx`F
bNĂ (Version 3 NFS g 2.10m Kvł)B܂
NCAg}V nfs }EgT|[gĂ邩mFĂ܂
傤 (̃fBXgr[Vł͂ȂĂł傤)B 2.2
ȍ~̃J[l /proc t@CVXeĂꍇ́A/proc/
filesystems ǂŁAnfs Əꂽs邩ĉBȂꍇ
ANFS T|[ggݍ񂾃J[lrh (邢̓_E[h) 
Kv܂B

}V NFS NCAgɂɂ́Ã}VŃ|[g}bp𓮂K
v܂B܂ NFS t@CbLOgɂ́A rpc.statd 
rpc.lockd ƂANCAgƃT[o̗œKv܂Bŋ
̃fBXgr[V̂قƂǂł́AftHgł̃T[rX
u[gɋN悤ɂȂĂ܂BȂĂȂꍇɂ́A 
Section 3.2 ċN@𒲂ׂĂB

|[g}bpAlockdAstatd AT[õ[gfBNg
([J̃n[hhCuƓ悤) mount R}hgă}Eg
͂łBO߂̗g邱Ƃɂ܂傤: T[o 
master.foo.comAẴT[o /home fBNg slave1.foo.com
}EgƂ܂B̏ꍇȂ΂ȂȂ̂́A 
slave1.foo.com  root ̃vvg玟̂悤ɓ͂邾łB

   # mount master.foo.com:/home /mnt/home                           
                                                                    

 master  /home  slave1  /mnt/home ƂČ͂łB

ꂪ܂Ȃꍇ́AguV[g̏ (Section 7) Ă
B

t@CVXeÔ[J̃t@CVXȅꍇƑS
ŁA

   # umount /mnt/home                                               
                                                                    

Ɠ͂ OK łB



4.2. NFS t@CVXeu[gɃ}Eg

[Jt@CVXeƓ悤ɁA NFS t@CVXeNɃ}
Egł܂Bl /etc/fstab ɒǉ΂̂łBႤ̂́At
@CVXẽ^Cv nfs ɂȂ΂ȂȂƂƁAdump XCb`
 fsck V[PX̎w (Gg̍Ō 2 )  0 ɂȂ΂Ȃ
ȂƁAłBđOq̉X̗Ȃ΁A /etc/fstab ̃Gg͎
̂悤ɂȂ܂B

   # device       mountpoint     fs-type     options      dump fsckorder 
   ...                                                                   
   master.foo.com:/home  /mnt    nfs          rw            0    0       
   ...                                                                   
                                                                         

̃t@C̏ɊĂȂĺAfstab  man y[WĂ
Bamd  autofs ̂悤ȃI[g}E^gĂĺA}EgXg
̑ΉtB[hɁA (Sł͂Ȃɂ) 悭IvV
w肷邱ƂɂȂ܂B

 NFS 삷悤ɂȂ͂łA܂삳ɂ͂܂
XKvłB܂ Section 6 ǂŁA̐ݒ肪\S
mFĂB



4.3. }Eg̃IvV

4.3.1. \tg}Egƃn[h}Eg

ꏏɂĂƗǂIvV܂B NFS T[oNb
VƂlbg[NؒfꂽƂɁANCAgǂU镑
w肷̂łB̏Ԃ₩Ɉ̂ NFS ̗ǂƂ
łBT[ȍQɂĂ͓̃[h܂B

soft
   
    t@CANZX̃NGXgɎsƁANFS NCAg͂̃t
    @CANZXvvZXɃG[ʒm܂B̃G[
    vO܂AقƂǂ̓_łB̐ݒ
    ujt@CƃXgf[^̍v݂Ȃ̂ŁA߂ł
    BɃ[̃fBXNɂ͎gׂł͂܂ -- [ɉ
    lF߂ĂȂ΁B
   
hard
   
    NFS }Egꂽt@CVXẽt@CɃANZXĂv
    ÓAT[oNbVƒԂɂȂ܂B
    vZX intr ꏏɎw肵ĂȂꍇ́Af邱Ƃ kill
    邱ƂłȂȂ܂ ("sure kill" gΕ)B NFS T[o
    ƁAvO͂ꂼꉽȂ̂悤ɍĊJ܂B
    炭炪]܂ꍇł傤BX́ASĂ NFS }E
    g hard,intr p邱Ƃ߂܂B
   
L̗Ⴉ̂΁Afstab ̃Gĝ͎悤ɂȂł傤:

   # device             mountpoint  fs-type    options    dump fsckord 
   ...                                                                 
   master.foo.com:/home  /mnt/home   nfs      rw,hard,intr  0     0    
   ...                                                                 
                                                                       



4.3.2. ubNTCYݒ肵ē]xœK

}EgIvV rsize  wsize ́ANCAgƃT[of[^
Ƃ肷Ƃ́Af[^̓]Pʂw肷̂łB

ftHg̒l͑傫/܂BSẮA邢͑
ݒɗLȃTCYAƂ̂͂܂BႦ Linux J[lƃlb
g[NJ[h̑gݍ킹ɂĂ (قƂǂ͌Â}Vł̘b)A
傫ȃubN͈܂B傫ȃubN΁A傫ȃTC
Y̓]͍ɂȂ܂B

ubNTCYœKlɂƂ́ANFS ̐\̏dvȗvfłB NFS 
̌Ŏgꍇɂ͕K{ƌł傤Bڍׂ Section 5
ĂB



5. NFS ̐\œK

lbg[Nݒ𐳂ƁA NFS ̐\͉{シ邱Ƃ
 (]x 10 {AƂ̂Ƃ܂)B̂łdv
̂́A mount  rsize IvV wsize IvVłBȍ~Ɏ
vfÃn[hEFAgĂlɂ͌ʂ邩܂B



5.1. ubNTCYݒœ]xœK

mount  rsize IvV wsize IvV́ANCAgƃT[o
f[^Ƃ肷Ƃ̃f[^̓]Pʂw肷̂łBꂼ
̃IvVw肳ȂƂ̃ftHgĺAgĂ NFS ̃o[W
ɂĈقȂ܂BقƂǂ̏ꍇ̃ftHg 4096 oCgł
A 2.2 J[lɂ TCP x[Xł̃}EgA 2.4 J[lȍ~ł
}Egł́AT[oftHg̃ubNTCYw肵܂B

ftHg̒l͑傫/܂BSẮA邢͑
ݒɗLȃTCYAƂ̂͂܂BႦ Linux J[lƃlb
g[NJ[h̑gݍ킹ɂĂ (قƂǂ͌Â}Vł̘b)A
傫ȃubN͈܂B傫ȃubN΁A傫ȃTC
Y̓]͍ɂȂ܂B

łł́AsāAőɂȂ悤 rsize  wsize 肷
qׂ邱Ƃɂ܂BݒɂƂ̓]x́A
̊ȒPȃR}hŒׂ܂B

ŏɎsׂR}h́A16k ̃ubN 16384 At@C /
dev/zero (ǂݍނ 0 uɁvɓfoĂ܂) }Eg
p[eBVɓ]̂łBǂ̂炢Ԃ邩 time
ő܂傤BāANCAg}V玟̂悤ɓ͂܂B

    # time dd if=/dev/zero of=/mnt/home/testfile bs=16k count=16384 
                                                                    


 (oCgf[^) 0 Ŗ߂ꂽA傫 256Mb ̃t@C
ł܂Bʂɂ́AT[oɐςł RAM ̃TCY̏ȂƂ 2
{̑傫̃t@CׂłB (fBXNɋ󂫂邩Am
FYȂ!)Bɂ̃t@CANCAg̃ubNz[ (/
dev/null) ɓǂݏo܂B̂悤ɓ͂ĂB

    # time dd if=/mnt/home/testfile of=/dev/null bs=16k             
                                                                    


񂩌JԂāAԂ𕽋ςĂBΏۂ̃t@C
VXe𖈉A}Egă}Eg (NCAgƁA
̓T[oł)ALbV̌ʂׂăNÂYꂸɁB

IA}EgAubNTCY傫菬肵
x}EgĂB NFS version 2 ̍őTCY 8192 oCg
Ȃ̂ŁA傫Ȃقǂł傤 ( Version 3 Ȃ
32768 ܂ŎĂ݂܂傤)Bl 2 ̙pŕς̂Ǝv܂B
]Ɋ֘Ap[^ (t@C̃VXeubNTCYlbg[
ÑpPbgTCYȂ) AĂ 2 {ς邩łBA
ubNTCY 2 ̙pȊO̒lɂāAǂʂ𓾂[U
B̏ꍇłAVXẽubNTCYlbg[NpPbg
TCY̐{ɂ͂ȂĂ܂B

傫ȃTCYŃ}EgÃt@CVXe cd Als Ȃ
āAt@CVXe̒邩ׂĂ݂ĉB rsize 
wsize 傫߂ƁAȒ󂪌At@C̐M 100% łȂ
Ȃ܂B悭ƂẮuls ĂׂĂ\ȂAG[b
Z[WoȂvƂuG[bZ[W͏oȂ̂Ƀt@C̓ǂݍ݂
ȂsvȂǂ܂BāA^ rsize/wsize ŃVXe
삵Ă邱Ƃ킩Axx̃eXgĂ݂܂傤
BT[o OS ႤƍœKȃTCYقȂꍇłB]ɂ
A SunOS  Solaris ̏ꍇ 4096 ɔׂĂƑ肷邻
łB

Ō /etc/fstab ҏWāA܂ rsize/wsize ̒l𔽉f̂
YȂ悤ɁB



5.2. pPbgTCYƃlbg[NhCo

Linux ɂ͂܂ô悭Ȃlbg[NhCo[ (rILȃJ
[ĥ̂܂߂) ݂܂B

2 ̃}V̊Ԃ ping 肵Ă݂܂傤B̍ ping  -f I
vV -s IvVp (ڍׂ man ping Ă) 傫
ȃpPbggApPbgXNĂȂAvCɎԂ
ĂȂĂ݂܂傤B̂悤ȏQNĂꍇ́Albg
[NJ[h̐\ɖ肪邩Ǝv܂B

̂悤ȖCɂ́Albg[NJ[h̗pĂpPbgT
CYĐݒ肷Ƃł傤B 2 ̃}V̊ԂłłpPb
gTCY̍őĺAقƂǂ̏ꍇlbg[N̂ǂ (Ⴆ΃[^)
ɂāAlbg[NJ[ĥ̂菬ȒlɐĂ܂B TCP
ł̓lbg[Nɑ΂ēK؂ȃpPbgTCYIɌ悤ɂ
Ă܂A UDP ł͒PɃftHg̒lgłB]āA
UDP  NFS gĂꍇɂ́AK؂ȃpPbgTCY߂邱Ƃ͔
ɏdvłB

lbg[NpPbgTCỸeXǵA tracepath R}hɂčs
BNCAg}VAP tracepath [server] 2049 Ɠ͂΁A
ԉ path MTU \܂B ifconfig  MTU IvVg
āAlbg[NJ[h MTU  path MTU ̒lƓɂ܂BăpP
bgȂȂ邩mFĂB MTU ̍Đݒ@̏ڍׂ 
ifconfig  man y[WĂB



5.3. NFSD ̃CX^X̐

Linux ł OS łAقƂǂ̋NXNvgł́A nfsd ̃CX^
X 8 N܂B NFS ̍ŏ̂ Sun ͂̒lo猈
Ǎ݂͂Ȃ̒lRs[Ă̂łBǂ̂炢̃vZX
œK߂ǂ͂܂񂪁AgtBbN̑傫T[oł͂
傫Ȓlɂ̂ǂł傤B 2.4 ȍ~̃J[lgĂĺA
e nfs Xbhǂ̂炢gĂ邩 /proc/net/rpc/nfsd ŌĂ
Ƃł傤B̃t@C th s̍Ō 10 ̐́ÃX
bhA蓖ĉ\ȍőĺÃp[Ze[W̏Ԃɂb
Ă܂Bŏ 3 ̒l傫Ƃ́A nfsd ̃CX^X𑝂
قǂł傤Bsɂ́A nfsd NƂ̃R}h
CIvVŃCX^X̐^܂Bڍׂ nfsd  man y[W
ĂB



5.4. ̓L[̃

2.2  2.4 ̃J[lł́A\Pbg̓̓L[ (̗v҂Ƃ
) ̃ftHg̑傫͏A 64k ɉ߂܂B܂Anfsd ̃C
X^X 8 点ĂƂ΁AeXɂ͏Ώۂ̗vۑ
ꏊ 8k ȂƂɂȂ܂B

nfsd ɑ΂ẮÃTCYȂƂ 256k ɂ܂ő₷Ƃl
łB̏l proc t@CVXe /proc/sys/net/core/
rmem_default  /proc/sys/net/core/rmem_max pĐݒ肵܂B
ɂ 3 ̃Xebv𓥂݂܂Bȍ~Ɏ@͂Ƃۂ
AƓ삵܂ANƂȂ͂łB

 a. ̃t@CɏĂTCY𑝉܂:
   
       echo 262144 > /proc/sys/net/core/rmem_default            
       echo 262144 > /proc/sys/net/core/rmem_max                
                                                                
   
 b. nfsd ċN܂BႦ RedHat Ȃ /etc/rc.d/init.d/nfsd
    restart Ɠ͂܂B
   
 c. TCY̏lʏ̒lɖ߂ÃJ[lVXe͂g
    悤ɂ܂B
   
                                                                
         echo 65536 > /proc/sys/net/core/rmem_default           
         echo 65536 > /proc/sys/net/core/rmem_max               
                                                                
   
    ̍Ō̃XebvYȂ悤ɁB̒l𒷂ς܂܂ɂ
    ƁA}VNbVƂ|[g󂯂Ă܂B
   


5.5. tOgꂽpPbg̃I[o[t[

NFS vgR̓tOgꂽ UDP pPbgp܂BJ[l
́AsSȃpPbg̃tOg܂ŕۑĂ̏l
AzƃpPbg (̒f) ͎̂Ăn߂邱ƂɂȂ܂B
/proc t@CVXeT|[g 2.2 J[lł́At@C /proc/
sys/net/ipv4/ipfrag_high_thresh  /proc/sys/net/ipv4/ipfrag_low_thresh
ҏW΁A̒lwł܂B

҂̃pPbg̒fЂ ipfrag_high_thresh Ɏw肵l (oCgP)
zƁAJ[l͒PɃpPbg̒fЂ̂Ă͂߁ATCY̍v 
ipfrag_low_thresh Ɏw肵l (2.2 J[lł̃ftHg 256K) ɂ
܂Ŏ̂đ܂B͊O̓pPbgX̂悤ɌA
臒lɒBƁAT[o̐\͑傫򉻂܂B

j^@̈́At@C /proc/net/snmp  IP: ReasmFails
tB[hɒڂ邱ƂłBdt@C̍ۂɂ̒l܂ɋ}
ɏ㏸ꍇ́A炭肪Ă܂B ipfrag_high_thresh  
ipfrag_low_thresh ɁA(ftHgȊO) ǂ̗lȒlw肷Ɨǂ̂
́A܂񍐂܂B̒lŗǂԂꂽꍇ́A{
̃eiJ`[ɒm点ĂB



5.6. NIC ƃnu̎lSVG[V𖳌ɂ

lbg[NJ[h̒ɂ́AnuXCb`Ƃ̎lSVG[V
܂łAȏǏN̂܂B܂AnuŕʁX̃|[g
قȂXs[hœĂƁApPbgX邱Ƃ܂Bl
bg[N̑xƑSd̐ݒK؂ɂĂĂB



5.7. T[o̐\ NFS ȊO̕@

܂@\t@CT[o̐ݒ@ɊւʓIȃKChC
邱Ƃ́A{̖ړI͊OĂ܂BA̕@
ЉĂlƎv܂B܂ARAID 5 gƓǂݏo͑
܂݂͒xȂ܂BxƏ璷̗Kvȏꍇ RAID 1
/0 ̗pl܂傤BɁAW[iOt@CVXep
AVXeNbVƂ̍ċNԂɌ܂B{
M_ł́ANFS version 3 ƈꏏɂƓ삷W[iOt@
CVXe ext3 (ftp://ftp.uk.linux.org/pub/linux/sct/fs/jfs/) 
łA񂷂ɏ󋵂͕ςł傤B Reiserfs <http://
www.namesys.com> ́A2.4 J[lł NFS version 3 ƂɎg
ł ( 2.2 J[lł͂߂ł)BŌɁAI[g}E^
(autofs  amd) gƁANX}Eg (킴Ƃłł) 
}V̂ǂ炩ƂłAЕ̃nOAbv
Bڍׂ Automount Mini-HOWTO <http://www.linuxdoc.org/HOWTO/mini/
Automount.html> ({ <http://www.linux.or.jp/JF/JFdocs/
Automount.html> JF ɂ܂) ĂB



6. ZLeB NFS

łqׂZLeB̗ӓ_́AȂ̃TCgSɈ
SɂĂ킯ł͂܂BȂɂ̂ATCgSɈSɂ
Ƃ͂ł܂B̐߂̓éA NFS ݂̃ZLeBɊւm
^Ă܂AԗIȃKChł͂܂񂵁A̓eɕ
Ă܂BZLeB֘A̋ZqgłA
HOWTO ̊Ǘ҂ɑĂB

Ȃ̃lbg[NAOƂ̒ʐMs킸 (f)
A̃}VׂĂƃ[UׂĂMłȂA̐߂̓e
Ȃ̖ɂ͗܂B̂悤ȏ󋵂ɂlbg[N͂ǂ
炩ƂƏł傤A NFS ݒ肷lɂ́A̐߂OIɏn
ǂ邱Ƃ߂܂B

NFS ɂANZXɂ 2 ̎ (iK) ܂Bŏ̒iK̓}E
gANZXłB}EgANZX́AT[oɃA^b`悤ƂĂ
NCAg}Vɂčs܂B̒iKł̃ZLeB /etc/
exports t@CE܂B̃t@ĆAL|Cgւ̃ANZX
}V̖O܂ ip AhXXĝłBNCA
g ip AhX̃ANZXXg̃GĝǂꂩɃ}b`
Ã}V̓}Eg܂B͂̂SAƂ킯
͂܂BAhX̂ꂽꂽ肷ƁA}Eg|C
gւ̃ANZXĂ܂܂B̃^Cv́uF؁vEɗႦ
Ă݂܂傤: NȏЉĂƂāA̐lɁuɂ́A
̖O ... łvƂDĂ邱Ƃ𗝗RɁA̎ȏЉ
eM悤Ȃ̂łB

Ԗڂ̒iK̓t@CANZXłB͒ʏ̃t@CVXeɂ
ANZX̋@\łA NFS Ǝ̂̂ł͂܂BhCu}
EgƁÃt@C̃[Up[~bVEO[vp[~b
VANZX߂邱ƂɂȂ܂B

Ăї: bob ̓T[oŃ[U ID 9999 Ƀ}bvĂƂ܂傤B
{u̓T[oŃ[Û݂ANZXłt@C (8 i 0600) 
܂B̃t@CۑꂽhCuւ̃ANZXANCAg
܂B̃NCAgł́A[U ID 9999 ɂ mary }b
vĂ܂B̏ꍇAbob ɂANZXłȂ悤ɂt
@Cɑ΂āÃNCAgł̃[U mary ANZXłĂ܂
܂BɈƂɁÃNCAgŒN root ɂȂĂ܂
A̒N su - [username] ɂĂǂȃ[UɂȂĂ܂̂ł
B NFS ͌Ƃ͌܂B

͐]Iȏ󋵂Ƃ킯ł͂܂B̃NCAgɂ댯
́AT[oɂ̎i{Όy邱Ƃł܂B
PɏЉ܂B

ZLeB͎ɂ͊֌WȂAƂl͂炭ԈႢłB 
Section 6.1 ł̓|[g}bpSɂ@qׁA Section 6.2 ł̓T
[oA Section 6.3 ł̓NCAgSɂ@ꂼ
BŌ Section 6.4 ŁA NFS T[o̐t@CAEH[ݒ
ɂĊȒPɋc_Ǝv܂B

ŌɂA nfs ̃f[ƃNCAgvÔׂĂŐV
ĂƂ͔ɏdvłBŋ߂ɃAiEXꂽ肾玩
ɂ͊֌WȂ낤AƂlĂĺAłɂ̎_ŐNĂ
邩܂B

ŐṼZLeB𓦂Ȃ悤ɂɂ́A bugtraq [OX
gwǂ̂ǂł傤Bwǂ̕@ȂǁAbugtraq Ɋւȅ
 http://www.securityfocus.com/forums/bugtraq/faq.html ɂ܂B

܂ securityfocus.com <http://www.securityfocus.com> ̌GW 
NFS ΁A NFS Ɋ֘AZLeB񍐂ׂ̂Ă邱Ƃ
܂B

CERT ̊IɃ`FbN܂傤B www.cert.org <http://
www.cert.org> ɂ CERT ̃EFuy[WɂȂĂB



6.1. |[g}bp

|[g}bp͂ǂ̃T[rXǂ̃|[gœ삵Ă邩̈ꗗۊǂ
BڑĂ}V́AT[rXɃANZXɂ͂ǂ̃|[gɐ
ΗǂÃXgpĒm̂łB

|[g}bṕANO͂Ԃ܂ɂȂ܂A݂ł
̃VXeǗ҂̓ɂ̎łB|[g}bpANFS  NIS ƓA
Mł郍[JGAlbg[N̊O̓ANZXׂł͂
܂BOEɎNȂ΂ȂȂł́AɒӂāA
̃VXeOɊĎȂ΂Ȃ܂B

Linux fBXgr[V́Aׂēɂ͂łĂ܂BŐVɌ
fBXgr[VłASłȂ|[g}bp̗pĂ邱
Ƃ܂BݎgĂ|[g}bpSȂ̂ǂ𒲂ׂ
́A strings(1) pāA|[g}bp /etc/hosts.deny  /etc/
hosts.allow Ƃt@CĂ邩ׂ邱ƂłB|[g}bp
/sbin/portmap ɂ̂łÃR}hŃ`FbNł܂:

     strings /sbin/portmap | grep hosts.                               
                                                                       

Sȃ}Vł́Â悤ȓeo͂͂łB

   /etc/hosts.allow                                                 
   /etc/hosts.deny                                                  
   @(#) hosts_ctl.c 1.4 94/12/28 17:42:27                           
   @(#) hosts_access.c 1.21 97/02/12 02:13:22                       
                                                                    


܂ /etc/hosts.deny ҏW܂B̂悤ȍs܂ނ悤ɂ܂B


   portmap: ALL                                                     
                                                                    


ƂANZXۂ܂B̃N[YԂ

   rpcinfo -p                                                       
                                                                    

sA|[g}bpۂɂ̃t@Cǂ݁A̎wɏ]Ă
𒲂ׂĂ݂ĂB rpcinfo ͉̏o͂oȂ͂ł (邢
G[bZ[Wo܂)B /etc/hosts.allow  /etc/
hosts.deny ̊et@ĆAۑ΂ɔf܂B̃f[
ċNKv͂܂B

|[g}bpׂĕĂ܂̂͏Xɒ[ɉ߂̂ŁA /etc/
hosts.allow ҏWčĂуI[vĂ܂傤B܂Ãt
@Cɉ߂Ȃ΂Ȃ܂B{Iɂ͂̃|[g}bp
ANZXȂ΂ȂȂׂẴ}VXg܂Bʏ Linux V
XeғɂẮAȂ炩̗Rŉ̃ANZXKv
Ȃ}V͔ɏȂ͂łB|[g}bpǗĂ̂ nfsd, 
mountd, ypbind/ypserv, pcnfsd ȂǁA ruptime  rusers ̂悤
"r" nR}hQłB̂Ȃ炩̏dv̂́A nfsd, mountd
, ypbind/ypserv т炭 pcnfsd łBT[o}VɃANZX
Kvȃ}Vɂ́AĂKv܂B܃T[õA
hX 192.168.0.254 ŁATulbg 192.168.0.0 ɂȂĂƂ
܂BẴTulbĝׂẴ}V̓T[oɃANZXKv
Ƃ܂ (̗p Networking-Overview-HOWTO <http://
www.linuxdoc.org/HOWTO/Networking-Overview-HOWTO.html> ŐĂ
BKv̂͂Ă: { <http://
www.linux.or.jp/JF/JFdocs/Networking-Overview-HOWTO.html> JF ɂ
)B̏ꍇ

   portmap: 192.168.0.0/255.255.255.0                               
                                                                    

̂悤ȍs /etc/hosts.allow ɏ܂B route ɗ^lbg
[NAhXA ifconfig ɗ^Tulbg}XNƓłB
}Vł̃foCX eth0 ւ ifconfig ͎̂悤ɂȂĂ͂łB


   ...                                                                    
   eth0   Link encap:Ethernet  HWaddr 00:60:8C:96:D5:56                   
          inet addr:192.168.0.254  Bcast:192.168.0.255 Mask:255.255.255.0 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1              
          RX packets:360315 errors:0 dropped:0 overruns:0                 
          TX packets:179274 errors:0 dropped:0 overruns:0                 
          Interrupt:10 Base address:0x320                                 
   ...                                                                    
                                                                          

܂ netstat -rn ͎̂悤ɂȂ͂łB

   Kernel routing table                                                           
   Destination     Gateway         Genmask         Flags Metric Ref Use    Iface  
   ...                                                                            
   192.168.0.0     0.0.0.0         255.255.255.0   U     0      0   174412 eth0   
   ...                                                                            
                                                                                  

(lbg[NAhX͍ŏ̗ɂ܂B)

/etc/hosts.deny  /etc/hosts.allow et@CɂẮAꂼ
 man y[WŐĂ܂B [: hosts_access(5) ̏ꍇ
Ǝv܂B]

dv: ̃t@C portmap ̍sɁA IP ԍȊÔ̂Ă͂
܂BzXg̖O͊ԐړIɃ|[g}bpĂяoƂ
AƂ܂zXg̖Oă|[g}bpĂяoAƂ
...

o[W 0.2.0 ȍ~ł́Anfs-utils pbP[W hosts.allow 
hosts.deny ̊et@C𗘗p܂B]Ẵt@Cɂ́A lockd
, statd, mountd, rquotad ̊eGgĂ܂傤B

ȏ̍ƂɂāAT[o͂肵肷͂łBc̖ (
@!) M}V root j (邢͂̃}V MS-DOS Ńu
[g)A̓łāASȃ|[gCӂ̃[UɂȂ肷܂
NGXg𑗂Ă悤ȏꍇłB



6.2. T[õZLeB: nfsd  mountd

T[oł̓NCAg root AJEgMȂ悤Ȑݒ肪ł
Bɂ /etc/exports ̎w root_squash IvVp܂:

   /home slave1(rw,root_squash)                                        
                                                                       

͂̓ftHgłBɂׂނɂ܂ʎȂA
͏ɗLɂĂׂłBɂɂ no_root_squash IvV
g܂B

root_squash ̏Ԃł́ANCAg UID 0 (root ̃[Uԍ) ̃[
Ut@CɃANZX (read, write, delete) 悤ƂƁAT[o 
UID T[oɂ 'nobody' AJEĝ̂ƒu܂B܂T
[o root ɃANZXύXĂt@Cɑ΂āANC
Ag root ANZXύXsƂłȂȂ̂łB͗
ݒł̂ŁA export SẴt@CVXe root_squash p
ׂłBułNCAg root [U su g΁Ã[U
ɂȂẴ[Ũt@CύXłႤȂłIvƂȂ
͂邩܂B́A܂ɂ̒ʂAꂪ Unix  NFS
̗VȂ̂łBɂ͂ЂƂdvȑʂ܂BdvȃoCit
@ĆAׂ root ̏LɂׂŁA bin Ȃǂ root ȊÕAJE
gɂׂł͂܂BȂȂNCAg root [UANZX
łȂ̂́AT[o root AJEg̃t@CłB 
exports(5)  man y[Wɂ́Aɂ squash (r) IvV
LqĂ܂Bp΁AD (邢͌) NCA
gMȂ悤ɐݒł܂B

TCP ̃|[g 1`1024  root p邽߂ɗ\񂳂Ă (]
"secure ports" ƌĂ΂邱Ƃ܂)A root łȂ[U͂
|[gɃoChł܂B /etc/exports ̃Gg secure IvV
ǉƁA1024 ȉ̃|[gœ삷悤ɂȂ܂Bƈӂ
 root [UAU NFS ʐM 1024 ȏ̃|[ggĊJ
Ƃh܂B̃IvV̓ftHgŗLɂȂĂ܂B



6.3. NCAg̃ZLeB

6.3.1. nosuid }EgIvV

NCAgł́AT[oMȂ悤ɐݒ肷邱Ƃ\ŁA
̓}Eg̃IvVŎw肵܂BႦ NFS t@CVXe
 suid vO𓮍삳Ȃ悤ɂɂ nosuid IvVg
܂B unix vO̒ɂ (Ⴆ passwd)A "suid" vO
Ă΂̂܂B̓t@Cs郆[U id Ãt@
C̏L҂Ɠɂ̂łBt@C root ̏LŁA suid
ĂƁÃvO root Ƃē삵A root ɂ
ĂȂ (pX[ht@C݂̏Ȃ) ׂčsĂ
܂B nosuid IvVp̂͂悢lłA NFS }Eg
fBXNׂĂɑ΂ApĂBƃT[o root
[Ũt@CVXe suid-root vOANCAg
Ɉʃ[UƂăOCA suid-root vOgăNCA
gł root ɂȂAƂƂłȂȂ܂B noexec Iv
V΁A}Egt@CVXeł̃t@C̎s֎~
邱Ƃł܂B nosuid ɔׂƂ܂pIł͂Ȃ
ł傤Bt@CVXeɂ͏ȂƂsׂXNvgvO
܂܂Ăł傤B



6.3.2. broken_suid }EgIvV

ÂvO (xterm Ȃǂł) ł́A root ͂ǂɂł
\łAƂOɈˑĂ邱Ƃ܂B͐VJ[l
 NFS }Eg̉ł͐܂B̂悤 suid svO
́A uid }bsOs nfs T[oł́A uid ύX̂ɗp
Ă܂߁AZLeBƂȂ܂B] linux J[l̃f
tHgł́A broken_suid ͖ɂȂĂ܂B

܂Ō܂ƁAÂ linux fBXgr[Vł
suid vOgꍇAȂ炩̌Â unix gĂꍇ́A}
Eg̍ۂ mount  broken_suid IvVw肷Kv邩
܂Bŋ߂ unix  linux fBXgr[V xterm 
悤ȃvÓA suid KvƂȂʏ̎st@CɂȂĂ
A setuid svOʂɌĂяo悤ɂȂĂ܂B

̃IvV́AIvṼJɁA rsize  wsize ȂǂƂ
ɃR}ŋ؂ď܂B



6.3.3. |[g}bpArpc.statd, rpc.lockd NCAgňSɂ

nfs ݂̌ (2.2.18 ȍ~) ̎ł́At@CbLÔׂĂ̋@\
T|[gĂ܂BȂ킿bN@\𐳂삳ɂ́AN
CAg rpc.statd  rpc.lockd sKv܂B]āA
܂ nfs ̃T[oŌĂ肪Â܂܃NCAgɂĂ͂܂
܂BL̃|[g}bp̐߂xǂŁA|[g}bpSɂ
߂̏ĊmFĂB



6.4. NFS ƃt@CAEH[ (ipchains  iptables)

IPchains (2.2.x J[l)  iptables (2.4.x J[l) pƁA
Sł܂BNڑł邩̌f[ (邢͂
ꍇ tcp bp[) s킹̂ł͂ȂAڑ݂̎艺wŋ/
ۂ̂łB̏ꍇAڑ葁iKŁA܂O[oɐ
fłAU}V邱Ƃł̂łB

Linux ̃t@CAEH[ǂݒ肷邩́A͈̔͂̕傫z
Ă܂Bǎ҂ Firewall-HOWTO  IPCHAINS-HOWTO <http://
www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html> Ă ({
<http://www.linux.or.jp/JF/JFdocs/IPCHAINS-HOWTO.html> JF ɂ܂)
BJ[l 2.4 ȍ~̃[ÚA http://netfilter.samba.org ɂ
netfilter/iptables EFuy[WɂĂ݂Ăł ipchains 
netfilter ̓nmĂlɂ́At@CAEH[ NFS ǂݒ
邩ɊւāA̐߂̓e͂̃qg^Ăł傤B

t@CAEH[̐ݒɂď]ׂ[́A܂ׂĂ֎~A
邱ƂłBΈӐ}ȂԈĒʂɂ
܂B

lׂ|[g͈ȉ̒ʂ:

 a. |[g}bp 111 (tcp  udp) łB
   
 b. nfsd  2049 ŁATCP ̂Ƃ UDP ̂Ƃ܂B NFS over TCP
    ̓T[oł͂܂iKȂ̂ŁAT[oł͂ق UDP ł傤A
    NCAgł TCP ̗p͂Ȃ肵Ă܂B
   
 c. mountd, lockd, statd ͂܂ (ꂪ|[g}
    bpKvȗpł) - ꂪ̌ɂȂ܂B
    ͊{I 2 ̂܂B
   
     i. قڂׂẴ|[gǂłA IP ɂĂ͑啔
        |[g𖾎IɊJB
       
    ii. ̃[eBeB̍ŋ߂̃o[Wł́A "-p" IvV
        ɂē̃|[g𗘗pł悤ɂȂĂ܂B̎g
        Ăo[WT|[gĂ邩ǂ man y[WĂ
        B΁A NFS NCAg}V̂̃|[g
        ւ̃ANZX݂̂A[Jlbg[Nłׂ̂
        ̃|[g͍ǂ悤ɂł܂B
       
O҂̗̕pꍇ́AIPCHAINS ł͎̂悤ɂȂ܂B

  ipchains -A input -f -j ACCEPT                                                             
  ipchains -A input -s trusted.net.here/trusted.netmask -d host.ip/255.255.255.255 -j ACCEPT 
  ipchains -A input -s 0/0 -d 0/0 -p 6 -j DENY -y -l                                         
  ipchains -A input -s 0/0 -d 0/0 -p 17 -j DENY -l                                           
                                                                                             

ݒ iptables (2.4 ł̃t@CAEH[c[) ōsƎ̂悤
Ȃ܂B

                                                                       
  iptables -A INPUT -f -j ACCEPT                                       
  iptables -A INPUT -s trusted.net.here/trusted.netmask -d \           
      host.ip/255.255.255.255 -j ACCEPT                                
  iptables -A INPUT -s 0/0 -d 0/0 -p 6 -j DENY --syn --log-level 5     
  iptables -A INPUT -s 0/0 -d 0/0 -p 17 -j DENY --log-level 5          
                                                                       

ŏ̍sׂ͂ẴpPbgtOg (ŏ̃pPbg
tOgB͒ʏ̃pPbgƓɈ܂) Ƃ
܂B_Iɂ͍č\܂ŃpPbgʂ邱Ƃ͂ȂA܂ŏ̃t
Ogʂ܂ōč\͍s܂BpPbgtOg
pāA}Vׂ̕悤ȍU͉\ɂȂĂ܂܂B
 NFS ̓tOgʂȂƐ삵܂Bڍׂ Section 7
ĂB

 3 śA[Jlbg[N͐M邪AȊOׂ͂ċۂ
L^悤ɂĂ܂B͖ؖڂׂ̍Ȃ΂炵ݒƂ킯
͂ȂłAڍׂȃ[ݒ͂ł̋c_͈̔͂zĂ܂B

^[Aiȃ[ݒlɁA񌹂
Ă܂B statd, rquotad, mountd, lockd ړ邲Ƃ (蓾邱
Ƃł) t@CAEH[̃[Đݒ肷邱Ƃ߂ꍇ́A nfs N
CAg̃tOgʂ悤ɃT[oݒ肷Kv܂
BȂƁAtOg̋ۂɊւāAɕsvcȕ񍐂J[l
󂯂邱ƂɂȂ܂B̃bZ[Wł́ANCAg̃|[g
65535 T[õ|[g 65535 ւ̃pPbgۂꂽAƌ͂ł
BtOg΂̖͉ł܂B



6.5. ܂Ƃ

hosts.allow, hosts.deny, root_squash, nosuid, |[g̋@\Ȃǂ|
[g}bp nfs \tgEFAɗp΁A nfs ŒmĂ鑽
oO邱ƂłAȂƂނˈSɂȂƍl邱Ƃ
ł傤Błǂ̂ƂAN҂lbg[NɃANZ
XłĂ܂΁AR}h .forward ɏA /home  /var/
mail  NFS GNX|[gĂ΃[ǂ񂾂łĂ܂܂B
܂RAPGP ̔閧 nfs ɒuĂ͂Ȃ܂BȂƂ
댯邱Ƃ͒mĂׂłB܂m킯łǁB

NFS ƃ|[g}bp͕GȃVXeɂȂĂ̂ŁAVoOA{
IȐ݌vɂX̗pĂɂAȂƂ͎v܂
B܂łV킩ĂāANpĂ邩
BłꂪlƂ̂łB



7. guV[g

    ̐߂́ANFS ܂gȂꍇɂǂ΂悢AiK𓥂
    悤Ƃ̂łBʏgu̓NCAg炻̒
    ͂߂̂ŁAffn߂܂B
   


7.1. }Egt@CVXeŃt@CȂ

܂ŏɁÃt@CVXeۂɃ}EgĂ̂mF
B@͉ނ܂AԊmȂ̂ /proc/mounts 
ƂłBɂ̓}EgĂt@CVXeƁȀڍׂ
ꗗɂȂĂ܂Bꂪ܂Ȃ (Ⴆ /proc t@CVX
eJ[lɑgݍłȂƂ)Amount -f Ɠ͂Ă݂Ă
 (͏ȂȂ܂)B

t@CVXe}EgĂ悤ȂA炻̏ɕʂ
t@CVXe}EgĂ܂̂܂ (̏ꍇ͗
̃{[A}EgāAă}EgKvł)B邢̓T[o
̃{[̃GNX|[gAۂ̃}Eg̑OɍsĂ܂̂
܂B̏ꍇ NFS ̓}Eg|CgGNX|[gĂ
܂ (̏ꍇ̓T[o NFS ċN܂)B

t@CVXe}EgĂȂ΁A}EgĂ݂ĂB
łȂΏǏ 3 ցB



7.2. t@CNGXgnOAANZX҂Ń^CAEg

ʏ킱́ANCAgT[oƒʐMłȂꍇɋN܂BǏ 3
 b ĂB



7.3. t@CVXe}EgłȂ

{[}EgłȂꍇ mount oG[́Aق 2 ɂ
܂BꂼꏇɎ܂傤B

 a. failed, reason given by server: Permission denied
   
    ́A{[ւ̃ANZXT[o狑ۂꂽƂɏo郁b
    Z[WłB
   
     i. /etc/exports t@C𒲂ׂāÃ{[GNX|[g
        Ă邩ANCAgANZXĂ邩mF
        ܂傤BႦ΁Aǂݎ̃ANZXȂNCAgA
        ̃{[ ro IvVł͂Ȃ rw IvVŃ}Eg
        悤ƂĂȂł傤B
       
    ii. nfsd ̋Nȍ~ /etc/exports ύXꍇ́Aexportfs R}
        hł NFS ɓ`ł傤B exports mɍēǂݍ
        ݂ɂ́A exportfs -ra R}h͂܂傤B
       
    iii. /proc/fs/nfs/exports t@C𒲂ׁA{[ƃNCAg
        XgĂ邩mF܂傤B (/var/lib/nfs/xtab
        ΁AANeBuȃGNX|[gׂĂɑ΂銮SȃIvV
        ̃Xg܂B) XgɂȂꍇ́AăGNX|
        [gĂ܂BXgɂꍇ́AT[oNCAg
        Ȃ̈Ӑ}ʂɔFĂ邩mF܂傤BႦ΂
        NCAǧÂXg /etc/hosts ɂāAT[o͂
        Ă̂܂B邢̓NCAg̊SȃAh
        XĂȂŁAǑʂhC̕ʂ̃}V
        ȂĂ邩܂BT[oNCAg ping ł
        ANCAgT[oւ ping łĂ݂܂傤Bꂪ
        ܂ȂApPbgXꍇɂ́A艺w̃l
        bg[N̖ł傤B
       
 b. RPC: Program Not Registered (or another "RPC" error):
   
    ̓NCAgAT[oŎs NFS młȂƂ
    ӖĂ܂B̗Rl܂B
   
     i. ŏɁANFS ۂɃT[oœ삵Ă邩mF܂傤BT
        [o rpcinfo -p Ɠ͂܂B̂悤ȕ\o͂łB
        
           program vers proto   port                        
            100000    2   tcp    111  portmapper            
            100000    2   udp    111  portmapper            
            100011    1   udp    749  rquotad               
            100011    2   udp    749  rquotad               
            100005    1   udp    759  mountd                
            100005    1   tcp    761  mountd                
            100005    2   udp    764  mountd                
            100005    2   tcp    766  mountd                
            100005    3   udp    769  mountd                
            100005    3   tcp    771  mountd                
            100003    2   udp   2049  nfs                   
            100003    3   udp   2049  nfs                   
            300019    1   tcp    830  amd                   
            300019    1   udp    831  amd                   
            100024    1   udp    944  status                
            100024    1   tcp    946  status                
            100021    1   udp   1042  nlockmgr              
            100021    3   udp   1042  nlockmgr              
            100021    4   udp   1042  nlockmgr              
            100021    1   tcp   1629  nlockmgr              
            100021    3   tcp   1629  nlockmgr              
            100021    4   tcp   1629  nlockmgr              
                                                            
        
        ́ANFS  version 2  3Arpc.statd version 1Albg
        [NbN}l[W (T[rX rpc.lockd) version 1, 3, 4
        쒆ł邱ƂĂ܂B܂ NFS  TCP gĂ
         UDP gĂ邩ɉāAʁX̃T[rXXg\
        ܂B TCP 𖾎IɗvꍇAʏ (ɂł͂
        ܂) UDP ftHgɂȂ܂B
       
        ȂƂ|[g}bpAnfs, mountd Ȃ΁A NFS ċN
        Ȃ΂Ȃ܂BċNłȂƂ́AǏ 9 ɐi
        B
       
    ii. ɃNCAg璲ׂ܂傤BNCAg rpcinfo -p
        [server] Ɠ͂܂B [server] ɂ̓T[o DNS  IP Ah
        XĂB
       
        Xg\ꂽꍇ́As悤ƂĂ}Eg̃^Cv
        T|[gĂ邩mFĂB Version 3 NFS g
        }Egꍇ́A Version 3 XgĂ邩mF܂
        B NFS over TCP Ń}Egꍇ́Aꂪo^Ă邩
        mFĂ (Linux łȂNCAgł́A TCP ftH
        gɂȂĂ邱Ƃ܂)Bo͂̌Ɋւڂ
         rpcinfo  man y[WĂBp悤ƂĂ
        }Eg̃^CvXgɂȂƂ́Aʂ̃^Cṽ}Eg
        Ă݂ĂB
       
        No Remote Programs Registered ƂG[oƂ́AT[o
         /etc/hosts.allow t@C /etc/hosts.deny t@C𒲂ׂ
        ANCAg̃ANZX{ɋĂ邩mFĂ
        BɁAGg悤ȂA /etc/hosts (邢 DNS
        T[o) mFāANCAg}VXgĂ
        AT[oNCAg ping łĂ邩mFĂ
        BVXẽG[OɉQlɂȂ郁bZ[WoĂȂ
        Ă݂܂傤B /etc/hosts.allow ̃GgԈĂ
        ̔F؂̃G[́Aʏ /var/log/messages ɏo܂AVXe
        O̐ݒɂĂ͕ʂ̃t@C܂B syslog  man
        y[WƁAOݒ̗̏ɂȂł傤BŌɁA
         OS ł 2 ̃}VԂ̌oHΏ̓IłȂƁA𐶂邱
        Ƃ܂BNCAg tracepath [server] Ɠ͂Ao
        ͂ "asymmetric" ƂPꂪoȂƂmFĂB
        ߂ Linux fBXgr[VȂAoHΏ̂łĂ
        ͐Ȃ͂łB
       
        Remote system error - No route to host ƂG[ɂȂA
         ping ͓͂ꍇɂ́At@CAEH[̋]ɂȂ
        ̂ł傤B炭T[oA܂̓T[oƃNCAg̊Ԃ
        ݒuĂł낤At@CAEH[𒲂ׂĉB 
        ipchains, netfilter, ipfwadm  man y[WA IPChains-HOWTO
        <http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html> (JF ɂ
        { <http://www.linux.or.jp/JF/JFdocs/IPCHAINS-HOWTO.html>
        ) Ƃ Firewall-HOWTO <http://www.linuxdoc.org/HOWTO/
        Firewall-HOWTO.html> (JF ɂ{ <http://www.linux.or.jp
        /JF/JFdocs/Firewall-HOWTO.html>) 瓾܂B
       


7.4. }Eg{[ŁAt@CɃANZX錠܂

2 ̌l܂B

݂̌Ȃꍇ́AT[o /proc/fs/nfs/exports āAGN
X|[gIvVmFĂB̃t@CVXe͓ǂݎ
pɂȂĂȂł傤Bǂݎp̏ꍇ́Aǂݏ[hōăG
NX|[gȂ΂Ȃ܂ (/etc/exports ҏW exportfs
-ra YȂ悤)B܂NCAg /proc/mounts ׁA{[
ǂݏ[hŃ}EgĂ邩mF܂傤 (ǂݎp
}EgĂꍇ́AƓ肵₷G[bZ[Wo
ł傤)BĂ rw IvVtčă}Eg܂傤
B

2 ߂̌́A[Ũ}bsOɊ֌WĂA root ̏ꍇƔ
root ̏ꍇƂŏXقȂ܂B

root łȂƂ́ANCAgƃT[oŃ[UvĂȂ
܂BNCAgƃT[o̗ id [user] sAUID ԍ
ǂmFĂBقȂĂƂ́ANIS, NIS+, rsync ̑
A[U̓ɗpĂVXeɖ肪܂BO[vv
Ă邩mF܂傤B܂AGNX|[g̍ۂ all_squash IvV
w肵ĂȂǂmF܂傤B[UvĂ
́Ã[Uɂ NFS Ƃ͖֌WȁAʓIȌ֘A̖肪
̂Ǝv܂B

root ̎́AGNX|[g̍ۂ no_root_squash IvVtĂȂ
̂ł͂Ȃł傤BT[o /proc/fs/nfs/exports ܂ /var/lib/nfs
/xtab 𒲂ׁAIvVw肳Ă邩mFĂB
ɂ́ANFS T[o root ƂĂ̏݌^̂́Aقǂ̕Kv
Ȃǂlł͂܂ (Linux NFS ftHgł֎~
Ă闝Rł܂)Bڍׂ Section 6 ĂB

root squash pĂꍇ́Â܂܂ɂĂ̂ł傤B
root 擾ĂAt@Cɑ΂錠 nobody ̂̂ƓɂȂ܂
B root ǂ uid Ƀ}bv邩߂Ă̂̓T[oł邱
ƂYȂ悤ɁBftHgł́AT[o /etc/passwd t@C 
nobody Gg UID  GID g܂A/etc/exports t@C 
anonuid IvV anongid IvVg΁AύXł܂B
NCAgƃT[oŁAnobody Ƀ}bv UID ɂȂĂ邩
mFĂ܂傤B



7.5. ɑ傫ȃt@C]ƁA NFS T[o CPU Ă
āA~܂悤ɂȂĂ܂܂

 2.2 J[l fsync() R[̖ŁASĂ sync-to-disk N
GXg𓯎ɍsłB]ďݎԂt@CTCY̓
ȂĂ܂܂B\ȂA2.4 J[lɂΖ͉܂B܂
GNX|[g no_wdelay IvVw肷΁AevO͂荂
 o_sync() g悤ɂȂ܂B



7.6. OɊȃG[bZ[Wo

 a. ̂悤ȃtH[}bg̃bZ[W:
   
    
     Jan 7 09:15:29 server kernel: fh_verify: mail/guest permission failure, acc=4, error=13    
     Jan 7 09:23:51 server kernel: fh_verify: ekonomi/test permission failure, acc=4, error=13  
                                                                                                
    
   
     NFS  setattr Iy[VA݌̂Ȃt@C
    ɑ΂Ď݂ꂽƂɋN܂B̃bZ[W͖Qł
    B
   
 b. ̂悤ȃbZ[WOɕpɂɌ:
   
    
     kernel: nfs: server server.domain.name not responding, still trying  
     kernel: nfs: task 10754 can't get a request slot                     
     kernel: nfs: server server.domain.name OK                            
                                                                          
    
   
     "can't get a request slot" ƂbZ[ẂANCAg
     RPC R[h^CAEg񌟏o (炭̓lbg[N
    GT[ỏߕׂ̂) ߂ɁAv̒lA
    T[oׂ̕y悤ƂĂ邱ƂĂ܂B̃b
    Z[W̌́A炭͐\߂łB Section 5 Ă݂
    B
   
 c. }EgANCAgŎ̂悤ȃbZ[Wo:
   
    
    nfs warning: mount version older than kernel            
                                                            
    
   
    ͏ĂƂłBmount ̃pbP[W am-utils Abv
    O[hĂ (Ȃ炩̗RŃAbvO[hłȂꍇ
    ARpCȂāAVJ[l̋@\RpCɔF
    悤ɂ邾łA荇͉ł܂)B
   
 d. N/I lockd ̃OɃG[o:
   
    u[gOɎ̂悤ȃbZ[WoĂ̂ł傤:
    
    nfslock: rpc.lockd startup failed                       
                                                            
    
   
    ͖QłBÂo[W rpc.lockd ́A蓮ŋNKv
    ܂BVo[Wł́A knfsd ɂĎIɋN
    ܂B݂̃ftHg̋NXNvg̑́A܂ lockd 
    ŋN悤Ƃ܂A͕svȂ̂łB̃bZ[W~
    ΁ANXNvgύX OK łB
   
 e. ̂悤ȃbZ[WOɌ:
   
    
    kmem_create: forcing size word alignment - nfs_fh       
                                                            
    
   
    ̓t@Cnh 32 rbg̔{ł͂Ȃ 16 rbgł邱
    Ƃ痈Ă܂B̂߃J[l̋@ƈȂĂ
    łBQłB
   


7.7. ۂ̃p[~bV /etc/exports ̎wƈقȂ

/etc/exports ̓Xy[XɂƂĂƂĂqłBႦΈȉ 2 s͓
ł͂܂:

/export/dir hostname(rw,no_root_squash)                                
/export/dir hostname (rw,no_root_squash)                               
                                                                       

ŏ̂ق́Ahostname  /export/dir ΂ rw ANZX^A
root_squash ͂Ă܂BԖڂ̂́Ahostname  rw ^
root_squash wAāuzXgv rw ANZX^A
root_squash ͂Ă܂B킩܂?



7.8. ȁAsȐU

ls ̂悤ȊȒPȃR}h͓삷邪Aʂ̏]悤ȍƂ
sƃ}Eg|CgbNB

2 ̗Rl܂B

 i. T[oNCAg ipchains gĂAtOgꂽ
    pPbg`FCʂȂ悤ɂĂƁÂ悤ȂƂN
    ܂B[gzXg̃tOg΁AĂы@\
    ͂łB Section 6.4 ĂB
   
ii. }EgIvV rsize  wsize ɁAT[oT|[gĂ
    傫Ȓlw肵Ă̂܂B rsize  wsize  1024
    Ɍ炵āA肪邩ĂBAĂт
    ƁAK؂Ȓlɑ₵ĂĂB
   


7.9. nfsd NȂ

/etc/exports 𒲂ׁA root ɑ΂ǂݎ苖邩mFĂ
BoCi𒲂ׁAst@Cł邩mFĂBJ[l NFS
T[õT|[ggݍ܂Ăł傤B̂ł
Ȃ΁AoCiăCXg[Kv邩܂B



8. Linux  NFS 𑼂 OS Ǝg

 OS (Linux ܂) ɂ́Aꂼ NFS ̎ɁAƂ
Ⴂ₭܂Bꍇ̓vgRBȂA
͂łZLeBz[c܂܂ł邹AR͂
낢łB Linux ́AX̒mł́AW[ȃx_ NFS 
ׂĂƐ삵܂BA 2  OS ݂NAɒʐMĂ
邩ǂmFɂ́Aǉ̍ƂKvɂȂ邱Ƃ܂B̃Z
NVł͂̍ƂׂĂ܂B

ʓIɌāAJ[l 2.2.18 O Linux }VA Linux ȊO
̃NCAg NFS T[oƂ̂́AS߂ł܂BÂJ[
lł̎́ANCAgƂĂȂȂ삷Ǝv܂B
̃J[lŉ肪NꍇAXłAhoCX́A
܂J[lAbvO[hĖ肪邩Ă݂AłB[U
Ԃ NFS A Linux ȊÕNCAgƂ͂܂܂B

ȍ~ɁALinux W[ OS ƂɎgꍇɒmĂ鎖
Ă܂B



8.1. AIX

8.1.1. Linux NCAg AIX T[o

Section 3 ŗpɑΉ /etc/exports t@C̃tH[}bǵA
̂悤ɂȂ܂B

  /usr   slave1.foo.com:slave2.foo.com,access=slave1.foo.com:slave2.foo.com 
  /home  slave1.foo.com:slave2.foo.com,rw=slave1.foo.com:slave2.foo.com     
                                                                            



8.1.2. AIX NCAg Linux T[o

AIX  /etc/fstab ł͂Ȃ /etc/filesystems p܂B Section 4 ł
ɑΉGg̃TvĂ܂B

/mnt/home:                                                                    
        dev             = "/home"                                             
        vfs             = nfs                                                 
        nodename        = master.foo.com                                      
        mount           = true                                                
        options         = bg,hard,intr,rsize=1024,wsize=1024,vers=2,proto=udp 
        account         = false                                               
                                                                              

 i. Version 4.3.2  AIX ɑ΂ẮAt@CVXe insecure IvV
    ŃGNX|[gKv܂BȂ킿 NFS |[g
    (܂ 1024 ȏ́Aroot ȊÕ[UoChł|[g) ő
    @܂BÂo[W AIX ł́A͕KvȂ悤łB
   
ii. AIX ̃NCAǵAftHgł Version 3 NFS over TCP Ń}E
    g܂B Linux T[oT|[gĂȂꍇ́A}Eg
    ̃IvV vers=2  proto=udp w肵Ȃ΂Ȃ܂B
   
iii. /etc/exports Ƀlbg}XNgƁANCAgZbg
    ƂɁAʂ̃NCAg̃}Eg؂Ă܂ꍇ܂B
    ͊ezXgXgΉ܂B
   
iv. AIX 4.3.2 ̃I[g}EǵA炩ɂǂւłB
   


8.2. BSD

8.2.1. BSD T[o Linux NCAg

BSD J[l̓ubNTCY傫قǂ삷X
܂B



8.2.2. Linux T[o BSD NCAg

BSD ̃o[WɂẮAT[o|[gœ삵ĂKv
܂B̏ꍇ{[GNX|[gƂ insecure IvV
KvɂȂ܂Bڍׂ exports(5)  man y[WB



8.3. Compaq Tru64 Unix

8.3.1. Tru64 Unix T[o Linux NCAg

ʂ Tru64 Unix T[o Linux NCAgƋɂ߂ėǍDɓ삵܂B
Section 3 ŉXpɑΉ /etc/exports t@C̃tH[}b
ǵÂ悤ɂȂ܂B

                                                                       
/usr         slave1.foo.com:slave2.foo.com \                           
     -access=slave1.foo.com:slave2.foo.com \                           
                                                                       
/home        slave1.foo.com:slave2.foo.com \                           
         -rw=slave1.foo.com:slave2.foo.com \                           
       -root=slave1.foo.com:slave2.foo.com                             
                                                                       

Tru64 ́A}Egv邽т /etc/exports t@C`FbN
B] exportfs R}hNKv͂܂B Tru64 Unix
̑̃o[Wł́ÃR}h݂͑܂B



8.3.2. Linux T[o Tru64 Unix NCAg

̑gݍ킹ɂ͒ӓ_ 2 ܂B܂A Tru64 Unix ̃}Eg
ftHg Version 3 NFS p܂B Linux ̃T[o Version 3 NFS
T|[gĂȂƁA}EgG[ɂȂł傤BɁATru64 Unix
4.x ł́ANFS bNNGXg daemon s܂B] Tru64 Unix
4.x NCAgɃGNX|[g{[ɂ́Aׂ insecure_locks
w肷Kv܂Bڍׂ exports(5)  man y[WB



8.4. HP-UX

8.4.1. HP-UX T[o Linux NCAg

HP-UX ł /etc/exports ̃Gg̗܂B

/usr -ro,access=slave1.foo.com:slave2.foo.com                             
/home -rw=slave1.foo.com:slave2.fo.com:root=slave1.foo.com:slave2.foo.com 
                                                                          

(Ō̃Ggł root IvV́AƂĎړIłB
ȂΎw肵ȂĂ\܂B)



8.4.2. Linux T[o HP-UX NCAg

HP-UX ̃fBXNXNCAgɑ΂āAfoCXt@C𐳂GN
X|[gɂ́AȂƂJ[l̃o[W 2.2.19 (邢
2.2.18 Ƀpb`𓖂Ă) KvɂȂ܂B



8.5. IRIX

8.5.1. IRIX T[o Linux NCAg

IRIX ł /etc/exports ̃Gg̗܂B

/usr -ro,access=slave1.foo.com:slave2.foo.com                             
/home -rw=slave1.foo.com:slave2.fo.com:root=slave1.foo.com:slave2.foo.com 
                                                                          

(Ō̃Ggł root IvV́AƂĎړIłB
ȂΎw肵ȂĂ\܂B)

񍐂ɂƁAlinux 2.2 x[X̃VXe nohide IvVpăG
NX|[gƖ肪邻łB 2.4 J[lł͏CĂ
܂BƂ肠ɂ́At@CVXẻ̊KwʁXɃGNX
|[gă}Eg邱ƂłB



8.5.2. IRIX NCAg Linux T[o

݉^pɊւ鎖͓ɂ܂B



8.6. Solaris

8.6.1. Solaris T[o

Solaris ̃T[ǒ`́A OS ƏXقȂĂ܂Bݒt@C
ɂ /etc/exports łȂ /etc/dfs/dfstab p܂BGgɂ
"share" R}hp܂B Section 3 ł̗ɑΉ鏑͎̒ʂ
B

share -o rw=slave1,slave2 -d "Master Usr" /usr                         
                                                                       

ĕҏWɂ́Aexportfs ̑ shareall s܂B

Solaris ̃T[o̓pPbgTCYɔɕqłB Linux NCAg
Solaris T[oƎgꍇɂ́AK}Eg rsize  wsize  32768
ɂĂB

Ō Solaris ɂ root squash ɂďqׂĂ܂B root ̓
[U noone Ƀ}bvA̓[U nobody Ƃ͈قȂ܂BNCA
gŃt@C̃p[~bVɊւĖ肪A}bsOҒ
ɂȂĂ邩AYꂸ`FbNĂB



8.6.2. Solaris NCAg

Solaris ̃NCAg͒IɎ̂悤ȃbZ[Wo܂B


svc: unknown program 100227 (me 100003)                             
                                                                    


 Solaris ̃NCAgA}EgۂɁA ACL 擾
Ƃ邩ł -  Linux ɂ͂܂B̃bZ[W͖
č\܂B

fBXNX Solaris NCAgɊւẮA 2 قǒӓ_
B܂ /dev/null 𐳂GNX|[gɂ́AȂƂJ[l̃o
[W 2.2.19 łȂ΂Ȃ܂BɁAfBXNX sparc N
CAgł́ApPbgTCYɏ (Ȃ킿 1024 ) Ȃ
΂Ȃ܂BNCAg̓pPbgtɕ׊邱ƂłȂ
łB̓NCAg /etc/bootparams Őݒł܂B



8.7. SunOS

SunOS ɂ NFS Version 2 over UDP ܂B



8.7.1. SunOS T[o

T[oł́ASunOS  /etc/exports t@C̓`IȌ`p܂B 
Section 3 ł̗͎̂悤ɂȂ܂B

/usr    -access=slave1.foo.com,slave2.foo.com                                 
/home   -rw=slave1.foo.com,slave2.foo.com, root=slave1.foo.com,slave2.foo.com 
                                                                              



8.7.2. SunOS NCAg

SunOS  NFS bNNGXgׂ daemon Ƃčs܂B]
SunOS NCAgɃGNX|[g{[ɂ́Aׂ 
insecure_locks w肷Kv܂Bڍׂ exports(5)  man y[
WB

