From owner-svn-doc-all@FreeBSD.ORG Thu Apr 3 23:19:12 2014 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 16C2F1C5; Thu, 3 Apr 2014 23:19:12 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0224BB43; Thu, 3 Apr 2014 23:19:12 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s33NJBG6047060; Thu, 3 Apr 2014 23:19:11 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s33NJBVt047059; Thu, 3 Apr 2014 23:19:11 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201404032319.s33NJBVt047059@svn.freebsd.org> From: Dru Lavigne Date: Thu, 3 Apr 2014 23:19:11 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44432 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2014 23:19:12 -0000 Author: dru Date: Thu Apr 3 23:19:11 2014 New Revision: 44432 URL: http://svnweb.freebsd.org/changeset/doc/44432 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 3 23:00:29 2014 (r44431) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Apr 3 23:19:11 2014 (r44432) @@ -503,7 +503,7 @@ server-program-arguments NFS has many practical uses. Some of - the more common uses include: + the more common uses include: @@ -530,9 +530,8 @@ server-program-arguments Administration of NFS exports is - simplified. For example, there is only one file - system where security or backup policies must be - set. + simplified. For example, there is only one file system + where security or backup policies must be set. @@ -545,11 +544,10 @@ server-program-arguments - NFS consists of - a server and one or more clients. The client - remotely accesses the data that is stored on the server - machine. In order for this to function properly, a few - processes have to be configured and running. + NFS consists of a server and one or more + clients. The client remotely accesses the data that is stored + on the server machine. In order for this to function properly, + a few processes have to be configured and running. These daemons must be running on the server: @@ -587,28 +585,28 @@ server-program-arguments nfsd The NFS daemon which services - requests from NFS - clients. + requests from NFS clients. mountd The NFS mount daemon which - carries out requests received from nfsd. + carries out requests received from + nfsd. rpcbind - This daemon allows - NFS clients to discover which port - the NFS server is using. + This daemon allows NFS + clients to discover which port the + NFS server is using. - Running &man.nfsiod.8; on the - client can improve performance, but is not required. + Running &man.nfsiod.8; on the client can improve + performance, but is not required. Configuring the Server @@ -618,15 +616,14 @@ server-program-argumentsconfiguration - The file systems which the NFS server will - share are specified in /etc/exports. Each - line in this file specifies a file - system to be exported, which clients have access to that - file system, and any access options. When adding entries to this file, - each exported file system, its properties, and allowed - hosts must occur on a single line. If no clients are listed in the entry, - then any client on the network can mount that file - system. + The file systems which the NFS server + will share are specified in /etc/exports. + Each line in this file specifies a file system to be exported, + which clients have access to that file system, and any access + options. When adding entries to this file, each exported file + system, its properties, and allowed hosts must occur on a + single line. If no clients are listed in the entry, then any + client on the network can mount that file system. NFS @@ -634,24 +631,23 @@ server-program-arguments The following /etc/exports entries - demonstrate how to export file systems. - The examples can be modified to match the file systems - and client names on the reader's network. There are many - options that can be used in this file, but only a few - will be mentioned here. See &man.exports.5; for the full list - of options. + demonstrate how to export file systems. The examples can be + modified to match the file systems and client names on the + reader's network. There are many options that can be used in + this file, but only a few will be mentioned here. See + &man.exports.5; for the full list of options. This example shows how to export - /cdrom to - three hosts named alpha, + /cdrom to three hosts named + alpha, bravo, and charlie: /cdrom -ro alpha bravo charlie The -ro flag makes the file system - read-only, preventing clients from making any changes to - the exported file system. This example assumes that the host + read-only, preventing clients from making any changes to the + exported file system. This example assumes that the host names are either in DNS or in /etc/hosts. Refer to &man.hosts.5; if the network does not have a DNS @@ -660,42 +656,40 @@ server-program-argumentsThe next example exports /home to three clients by IP address. This can be useful for networks without DNS or - /etc/hosts entries. - The -alldirs flag - allows subdirectories to be mount points. In other words, it - will not automaticaly mount the subdirectories, but will permit the client to - mount the directories that are required as needed. + /etc/hosts entries. The + -alldirs flag allows subdirectories to be + mount points. In other words, it will not automaticaly mount + the subdirectories, but will permit the client to mount the + directories that are required as needed. /home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4 - This next example exports /a so that two - clients from different domains may access that file system. - The allows - root on the - remote system to write data on the exported file system as - root. If + This next example exports /a so that + two clients from different domains may access that file + system. The allows root on the remote system to + write data on the exported file system as root. If -maproot=root is not specified, the client's root user will be mapped to the server's nobody account and will be - subject to the access limitations defined for - nobody. + subject to the access limitations defined for nobody. /a -maproot=root host.example.com box.example.org - A client can only be specified once per file - system. For example, if - /usr is a single file system, these - entries would be - invalid as both entries - specify the same host: + A client can only be specified once per file system. For + example, if /usr is a single file system, + these entries would be invalid as both entries specify the + same host: # Invalid when /usr is one file system /usr/src client /usr/ports client - The correct format for this - situation is to use one entry: + The correct format for this situation is to use one + entry: /usr/src /usr/ports client @@ -712,35 +706,35 @@ server-program-arguments - To enable the processes required by the NFS server - at boot time, add - these options to - /etc/rc.conf: + To enable the processes required by the + NFS server at boot time, add these options + to /etc/rc.conf: - rpcbind_enable="YES" + rpcbind_enable="YES" nfs_server_enable="YES" mountd_flags="-r" - The server can be started now by - running this command: + The server can be started now by running this + command: &prompt.root; service nfsd start Whenever the NFS server is started, mountd also starts automatically. However, mountd only reads - /etc/exports when it is started. To make subsequent - /etc/exports edits take effect immediately, - force mountd to reread it: + /etc/exports when it is started. To make + subsequent /etc/exports edits take effect + immediately, force mountd to reread + it: &prompt.root; service mountd reload - + Configuring the Client - To enable NFS clients, set this option in each client's - /etc/rc.conf: + To enable NFS clients, set this option + in each client's /etc/rc.conf: nfs_client_enable="YES" @@ -752,8 +746,8 @@ mountd_flags="-r" The client now has everything it needs to mount a remote file system. In these examples, the server's name is server and the client's name is - client. To - mount the /home file system on + client. To mount the + /home file system on server to the /mnt mount point on client: @@ -764,10 +758,9 @@ mountd_flags="-r" &prompt.root; mount server:/home /mnt - The files and - directories in - /home will now be available - on client, in the + The files and directories in + /home will now be available on + client, in the /mnt directory. To mount a remote file system each time the client boots, @@ -782,8 +775,8 @@ mountd_flags="-r" Locking - Some applications - require file locking to operate correctly. To enable locking, add these lines to + Some applications require file locking to operate + correctly. To enable locking, add these lines to /etc/rc.conf on both the client and server: @@ -797,8 +790,9 @@ rpc_statd_enable="YES" If locking is not required on the server, the NFS client can be configured to lock - locally by including when running mount. - Refer to &man.mount.nfs.8; for further details. + locally by including when running + mount. Refer to &man.mount.nfs.8; + for further details. @@ -831,27 +825,25 @@ rpc_statd_enable="YES" The automatic mounter daemon, - amd, automatically - mounts a remote file system whenever a file or directory - within that file system is accessed. File systems that are - inactive for a period of time will be automatically - unmounted by amd. - - - This daemon provides an alternative to - modifying /etc/fstab to list every - client. It operates by attaching - itself as an NFS server to the - /host and - /net directories. When - a file is accessed within one of these directories, + amd, automatically mounts a remote + file system whenever a file or directory within that file + system is accessed. File systems that are inactive for a + period of time will be automatically unmounted by + amd. + + This daemon provides an alternative to modifying + /etc/fstab to list every client. It + operates by attaching itself as an NFS + server to the /host and + /net directories. When a file is + accessed within one of these directories, amd looks up the corresponding remote mount and automatically mounts it. /net is used to mount an exported file system from an IP address while /host is used to mount an export from a - remote hostname. For instance, an attempt to access a file within - /host/foobar/usr would tell + remote hostname. For instance, an attempt to access a file + within /host/foobar/usr would tell amd to mount the /usr export on the host foobar. @@ -860,9 +852,10 @@ rpc_statd_enable="YES" Mounting an Export with <application>amd</application> - In this example, showmount -e shows the exported file - systems that can be mounted from the NFS - server, foobar: + In this example, showmount -e shows + the exported file systems that can be mounted from the + NFS server, + foobar: &prompt.user; showmount -e foobar Exports list on foobar: @@ -888,7 +881,7 @@ Exports list on foobar: To start amd now: &prompt.root; service amd start - + Custom flags can be passed to amd from the amd_flags environment variable. By @@ -897,9 +890,8 @@ Exports list on foobar: amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" The default options with which exports are mounted are - defined in /etc/amd.map. - Some of the more - advanced features of amd are + defined in /etc/amd.map. Some of the + more advanced features of amd are defined in /etc/amd.conf. Consult &man.amd.8; and &man.amd.conf.5; for more @@ -930,46 +922,44 @@ Exports list on foobar: --> - Network Information System - (<acronym>NIS</acronym>) + Network Information System + (<acronym>NIS</acronym>) - NIS - Solaris - HP-UX - AIX - Linux - NetBSD - OpenBSD - - yellow pages - NIS - + NIS + Solaris + HP-UX + AIX + Linux + NetBSD + OpenBSD + + yellow pages + NIS + - Network Information System (NIS) - is designed to centralize administration of &unix;-like - systems such as &solaris;, HP-UX, &aix;, Linux, NetBSD, - OpenBSD, and &os;. NIS was originally - known as Yellow Pages but the name was changed due to - trademark issues. This is the reason why - NIS commands begin with - yp. + Network Information System (NIS) is + designed to centralize administration of &unix;-like systems + such as &solaris;, HP-UX, &aix;, Linux, NetBSD, OpenBSD, and + &os;. NIS was originally known as Yellow + Pages but the name was changed due to trademark issues. This + is the reason why NIS commands begin with + yp. - - NIS - domains + + NIS + domains - NIS is a Remote Procedure Call - (RPC)-based client/server system that - allows a group of machines within an NIS - domain to share a common set of configuration files. This - permits a system administrator to set up - NIS client systems with only minimal - configuration data and to add, remove, or modify configuration - data from a single location. + NIS is a Remote Procedure Call + (RPC)-based client/server system that allows + a group of machines within an NIS domain to + share a common set of configuration files. This permits a + system administrator to set up NIS client + systems with only minimal configuration data and to add, remove, + or modify configuration data from a single location. - &os; uses version 2 of the NIS - protocol. + &os; uses version 2 of the NIS + protocol. <acronym>NIS</acronym> Terms and Processes @@ -1130,250 +1120,245 @@ Exports list on foobar: Planning Considerations This section describes a sample NIS - environment which consists of 15 &os; machines with - no centralized point of administration. Each - machine has its own /etc/passwd and - /etc/master.passwd. These files are - kept in sync with each other only through manual - intervention. Currently, when a user is added to the lab, - the process must be repeated on all 15 machines. - - The configuration of the lab will be as follows: - - - - - - Machine name - IP address - Machine role - - - - - - ellington - 10.0.0.2 - NIS master - - - - coltrane - 10.0.0.3 - NIS slave - - - - basie - 10.0.0.4 - Faculty workstation - - - - bird - 10.0.0.5 - Client machine - - - - cli[1-11] - - 10.0.0.[6-17] - Other client machines - - - - - - If this is the first time an NIS - scheme is being developed, it should be thoroughly planned - ahead of time. Regardless of network size, several - decisions need to be made as part of the planning - process. - - - Choosing a <acronym>NIS</acronym> Domain Name - - - NIS - domain name - - When a client broadcasts its requests for info, it - includes the name of the NIS domain - that it is part of. This is how multiple servers on one - network can tell which server should answer which request. - Think of the NIS domain name as the - name for a group of hosts. - - Some organizations choose to use their Internet domain - name for their NIS domain name. This - is not recommended as it can cause confusion when trying - to debug network problems. The NIS - domain name should be unique within the network and it is - helpful if it describes the group of machines it - represents. For example, the Art department at Acme Inc. - might be in the acme-art - NIS domain. This example will use the - domain name test-domain. - - However, some non-&os; operating systems require the - NIS domain name to be the same as the - Internet domain name. If one or more machines on the - network have this restriction, the Internet domain name - must be used as the - NIS domain name. - - - - Physical Server Requirements - - There are several things to keep in mind when choosing - a machine to use as a NIS server. - Since NIS clients depend upon the - availability of the server, choose a machine that is not - rebooted frequently. The NIS server - should ideally be a stand alone machine whose sole purpose - is to be an NIS server. If the network - is not heavily used, it is acceptable to put the - NIS server on a machine running other - services. However, if the NIS server - becomes unavailable, it will adversely affect all - NIS clients. - - - - - Configuring the <acronym>NIS</acronym> Master - Server - - The canonical copies of all NIS - files are stored on the master server. The databases used - to store the information are called NIS - maps. In &os;, these maps are stored in - /var/yp/[domainname] where - [domainname] is the name of the - NIS domain. Since multiple domains are - supported, it is possible to have several directories, one - for each domain. Each domain will have its own independent - set of maps. - - NIS master and slave servers handle - all NIS requests through &man.ypserv.8;. - This daemon is responsible for receiving incoming requests - from NIS clients, translating the - requested domain and map name to a path to the corresponding - database file, and transmitting data from the database back - to the client. + environment which consists of 15 &os; machines with no + centralized point of administration. Each machine has its own + /etc/passwd and + /etc/master.passwd. These files are kept + in sync with each other only through manual intervention. + Currently, when a user is added to the lab, the process must + be repeated on all 15 machines. + + The configuration of the lab will be as follows: + + + + + + Machine name + IP address + Machine role + + + + + + ellington + 10.0.0.2 + NIS master + + + + coltrane + 10.0.0.3 + NIS slave + + + + basie + 10.0.0.4 + Faculty workstation + + + + bird + 10.0.0.5 + Client machine + + + + cli[1-11] + + 10.0.0.[6-17] + Other client machines + + + + + + If this is the first time an NIS + scheme is being developed, it should be thoroughly planned + ahead of time. Regardless of network size, several decisions + need to be made as part of the planning process. - NIS - server configuration + + Choosing a <acronym>NIS</acronym> Domain Name + + + NIS + domain name - Setting up a master NIS server can - be relatively straight forward, depending on environmental - needs. Since &os; provides built-in - NIS support, it only needs to be - enabled by adding the following lines to - /etc/rc.conf: - - - - nisdomainname="test-domain" - - This line sets the NIS domain - name to test-domain. - - - - nis_server_enable="YES" - - This automates the start up of the - NIS server processes when the - system boots. - - - - nis_yppasswdd_enable="YES" - - This enables the &man.rpc.yppasswdd.8; daemon so - that users can change their NIS - password from a client machine. - - - - Care must be taken in a multi-server domain where the - server machines are also NIS clients. It - is generally a good idea to force the servers to bind to - themselves rather than allowing them to broadcast bind - requests and possibly become bound to each other. Strange - failure modes can result if one server goes down and others - are dependent upon it. Eventually, all the clients will - time out and attempt to bind to other servers, but the delay - involved can be considerable and the failure mode is still - present since the servers might bind to each other all over - again. - - A server that is also a client can be forced to bind to - a particular server by adding these additional lines to - /etc/rc.conf: + When a client broadcasts its requests for info, it + includes the name of the NIS domain that + it is part of. This is how multiple servers on one network + can tell which server should answer which request. Think of + the NIS domain name as the name for a + group of hosts. + + Some organizations choose to use their Internet domain + name for their NIS domain name. This is + not recommended as it can cause confusion when trying to + debug network problems. The NIS domain + name should be unique within the network and it is helpful + if it describes the group of machines it represents. For + example, the Art department at Acme Inc. might be in the + acme-art NIS domain. This + example will use the domain name + test-domain. + + However, some non-&os; operating systems require the + NIS domain name to be the same as the + Internet domain name. If one or more machines on the + network have this restriction, the Internet domain name + must be used as the + NIS domain name. + - nis_client_enable="YES" # run client stuff as well + + Physical Server Requirements + + There are several things to keep in mind when choosing a + machine to use as a NIS server. Since + NIS clients depend upon the availability + of the server, choose a machine that is not rebooted + frequently. The NIS server should + ideally be a stand alone machine whose sole purpose is to be + an NIS server. If the network is not + heavily used, it is acceptable to put the + NIS server on a machine running other + services. However, if the NIS server + becomes unavailable, it will adversely affect all + NIS clients. + + + + + Configuring the <acronym>NIS</acronym> Master + Server + + The canonical copies of all NIS files + are stored on the master server. The databases used to store + the information are called NIS maps. In + &os;, these maps are stored in + /var/yp/[domainname] where + [domainname] is the name of the + NIS domain. Since multiple domains are + supported, it is possible to have several directories, one for + each domain. Each domain will have its own independent set of + maps. + + NIS master and slave servers handle all + NIS requests through &man.ypserv.8;. This + daemon is responsible for receiving incoming requests from + NIS clients, translating the requested + domain and map name to a path to the corresponding database + file, and transmitting data from the database back to the + client. + + NIS + server configuration + + Setting up a master NIS server can be + relatively straight forward, depending on environmental needs. + Since &os; provides built-in NIS support, + it only needs to be enabled by adding the following lines to + /etc/rc.conf: + + + + nisdomainname="test-domain" + + This line sets the NIS domain name + to test-domain. + + + + nis_server_enable="YES" + + This automates the start up of the + NIS server processes when the system + boots. + + + + nis_yppasswdd_enable="YES" + + This enables the &man.rpc.yppasswdd.8; daemon so that + users can change their NIS password + from a client machine. + + + + Care must be taken in a multi-server domain where the + server machines are also NIS clients. It + is generally a good idea to force the servers to bind to + themselves rather than allowing them to broadcast bind + requests and possibly become bound to each other. Strange + failure modes can result if one server goes down and others + are dependent upon it. Eventually, all the clients will time + out and attempt to bind to other servers, but the delay + involved can be considerable and the failure mode is still + present since the servers might bind to each other all over + again. + + A server that is also a client can be forced to bind to a + particular server by adding these additional lines to + /etc/rc.conf: + + nis_client_enable="YES" # run client stuff as well nis_client_flags="-S NIS domain,server" - After saving the edits, type - /etc/netstart to restart the network - and apply the values defined in - /etc/rc.conf. Before initializing - the NIS maps, start - &man.ypserv.8;: - - &prompt.root; service ypserv start - - - Initializing the <acronym>NIS</acronym> - Maps - - - NIS - maps - - NIS maps are generated from the - configuration files in /etc on the - NIS master, with one exception: - /etc/master.passwd. This is to - prevent the propagation of passwords to all the servers in - the NIS domain. Therefore, before the - NIS maps are initialized, configure the - primary password files: + After saving the edits, type + /etc/netstart to restart the network and + apply the values defined in /etc/rc.conf. + Before initializing the NIS maps, start + &man.ypserv.8;: + + &prompt.root; service ypserv start + + + Initializing the <acronym>NIS</acronym> Maps + + + NIS + maps + + NIS maps are generated from the + configuration files in /etc on the + NIS master, with one exception: + /etc/master.passwd. This is to prevent + the propagation of passwords to all the servers in the + NIS domain. Therefore, before the + NIS maps are initialized, configure the + primary password files: - &prompt.root; cp /etc/master.passwd /var/yp/master.passwd + &prompt.root; cp /etc/master.passwd /var/yp/master.passwd &prompt.root; cd /var/yp &prompt.root; vi master.passwd - It is advisable to remove all entries for system - accounts as well as any user accounts that do not need to - be propagated to the NIS clients, such - as the root and - any other administrative accounts. - - Ensure that the - /var/yp/master.passwd is neither - group or world readable by setting its permissions to - 600. - - - After completing this task, initialize the - NIS maps. &os; includes the - &man.ypinit.8; script to do this. When generating maps - for the master server, include - and specify the NIS - domain name: + It is advisable to remove all entries for system + accounts as well as any user accounts that do not need to be + propagated to the NIS clients, such as + the root and any + other administrative accounts. + + Ensure that the + /var/yp/master.passwd is neither group + or world readable by setting its permissions to + 600. + + + After completing this task, initialize the + NIS maps. &os; includes the + &man.ypinit.8; script to do this. When generating maps + for the master server, include and + specify the NIS domain name: - ellington&prompt.root; ypinit -m test-domain + ellington&prompt.root; ypinit -m test-domain Server Type: MASTER Domain: test-domain Creating an YP server will require that you answer a few questions. Questions will all be asked at the beginning of the procedure. @@ -1397,63 +1382,58 @@ Is this correct? [y/n: y] y< NIS Map update completed. ellington has been setup as an YP master server without any errors. - This will create - /var/yp/Makefile from - /var/yp/Makefile.dist. By - default, this file assumes that the environment has a - single NIS server with only &os; - clients. Since test-domain has a - slave server, edit this line in - /var/yp/Makefile so that it begins - with a comment (#): - - NOPUSH = "True" - - - - Adding New Users - - Every time a new user is created, the user account - must be added to the master NIS - server and the NIS maps rebuilt. - Until this occurs, the new user will not be able to - login anywhere except on the NIS - master. For example, to add the new user - jsmith to the - test-domain domain, run these - commands on the master server: + This will create /var/yp/Makefile + from /var/yp/Makefile.dist. By + default, this file assumes that the environment has a + single NIS server with only &os; clients. + Since test-domain has a slave server, + edit this line in /var/yp/Makefile so + that it begins with a comment + (#): + + NOPUSH = "True" + + + + Adding New Users + + Every time a new user is created, the user account must + be added to the master NIS server and the + NIS maps rebuilt. Until this occurs, the + new user will not be able to login anywhere except on the + NIS master. For example, to add the new + user jsmith to the + test-domain domain, run these commands on + the master server: - &prompt.root; pw useradd jsmith + &prompt.root; pw useradd jsmith &prompt.root; cd /var/yp &prompt.root; make test-domain - The user could also be added using adduser - jsmith instead of pw useradd - jsmith. - - - - - Setting up a <acronym>NIS</acronym> Slave - Server - - - NIS - slave server *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***