<BR>

<P>Some versions of UNIX use the share command to set up a directory for export. (SCO UNIX does not support the share command because the functions are duplicated in the /etc/exports file.) The syntax of the share command is as follows:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">share -F nfs -o <I>options</I> -d <I>description</I> <I>path</I></FONT></PRE>

<P>The -F option indicates that the directory or files given in the path are to be set as NFS filesystems. The options following -o set the type of access in the same way as the SCO UNIX options for the /etc/exports file shown earlier. The -d option can be followed by a descriptive statement used by clients to describe the export filesystem. For example, to share the directory /usr/public as read-write (the default), you could issue this command:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">share -F nfs -d &quot;Server public directory&quot; /usr/public</FONT></PRE>

<P>Options can be combined, as shown in this example:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">share -F nfs -o ro=artemis,anon=200 -d &quot;Book material&quot; /usr/tparker/book</FONT></PRE>

<P>This command shares the directory /usr/tparker/book, which is tagged with the description &quot;Book material&quot;, with everyone as read-write except for a machine called artemis, for which it is read-only. Any anonymous users accessing the system use UID 200.

<BR>

<P>The share command by itself usually shows a list of all filesystems that are exported.

<BR>

<BR>

<A ID="E69E160" NAME="E69E160"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Setting Up a UNIX NFS Client</B></FONT></CENTER></H4>

<BR>

<P>UNIX can mount an NFS exported filesystem from another machine with the mount command. The syntax for mounting an NFS filesystem is as follows:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">mount -F nfs -o <I>options</I> <I>machine:filesystem</I> <I>mount-point</I></FONT></PRE>

<P>The -F option tells the mount command the filesystem is an NFS filesystem; <I>machine:filesystem</I> is the name of the remote machine and the filesystem to be mounted; and <I>mount-point</I> is the location in the current filesystem where the remote filesystem is to be mounted. Some versions of UNIX change the syntax a little. For example, SCO UNIX uses a lower case f and uppercase NFS to indicate the type. Check the man pages for the exact syntax on your version.

<BR>

<P>In use, mount is easy to work with. For example, the command

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">mount -F nfs artemis:usr/public /usr/artemis</FONT></PRE>

<P>mounts the filesystem /usr/public on the remote machine called artemis onto the local machine in the directory called /usr/artemis. The mount-point (in this case /usr/artemis) must exist for the mount to succeed.

<BR>

<P>The -o optional component of the mount command can be used to set options from the following list:

<BR>

<UL>

<UL>

<P>rw: Sets the mount to read-write (the default value)

<BR>

</UL></UL>

<UL>

<UL>

<P>ro: Sets the mount to read-only

<BR>

</UL></UL>

<UL>

<UL>

<P>timeo=x: Gives a timeout value in tenths of a second to attempt the mount before giving up

<BR>

</UL></UL>

<UL>

<UL>

<P>retry=x: Retries x times before giving up

<BR>

</UL></UL>

<UL>

<UL>

<P>soft: Forces the client to give up the mount attempt if an acknowledgment is not received from the remote machine

<BR>

</UL></UL>

<UL>

<UL>

<P>hard: The client continues trying to mount the filesystem until successful

<BR>

</UL></UL>

<BLOCKQUOTE>

<BLOCKQUOTE>

<P>intr: Enables the keyboard to interrupt the mount request; otherwise, the attempts go on forever

<BR>

</BLOCKQUOTE></BLOCKQUOTE>

<P>Any of these options can be combined in one mount command, as they could be for the share command. For example, the command line

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">mount -F nfs -o soft,ro artemis:usr/public /usr/artemis</FONT></PRE>

<P>tries to mount the /usr/public directory on artemis as read-only, but it gives up if the mount attempt is not acknowledged by artemis. The mount command by itself usually shows all mounted filesystems.

<BR>

<BR>

<A ID="E69E161" NAME="E69E161"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Setting Up Windows-Based NFS </B></FONT></CENTER></H4>

<BR>

<P>Several TCP/IP suites and application packages for Windows 3.<I>x</I>, Windows 95, and Windows NT provide NFS support. One of the widest used is NetManage's ChameleonNFS, which can be used under any of the Windows operating system versions. ChameleonNFS enables a Windows machine to act as both client and server for NFS file access. In other words, another machine can access files on the ChameleonNFS machine, and the ChameleonNFS machine can access files on other NFS-equipped machines.

<BR>

<P>Implementing NFS access on a Windows machine can vary from very complex to very easy, depending on the software package that provides the NFS capabilities. Some available NFS products don't offer server capabilities, enabling only NFS client behavior on the installation machine. Carefully check the software before you purchase or install it to ensure you are getting a product that meets your NFS requirements. In this section I continue with ChameleonNFS as the example NFS software, because it is relatively easy to install, configure, and use. I use Windows 3.11 as the operating system example.

<BR>

<P>ChameleonNFS relies on a software daemon called Portmapper, which maintains a list of all currently registered network services (including NFS). Portmapper is loaded automatically when the Windows machine boots in most installations. ChameleonNFS is set to record mounted drives to the WIN.INI file (for Windows 3.<I>x</I> at least) whenever a Windows session is saved. This enables currently mounted drives to be remounted automatically when the next Windows session is started.

<BR>

<P>ChameleonNFS server activities such as administration and configuration are conducted through the NFS icon in the NetManage program group. The sole exception is printer handling for network devices, which is handled through the Printer icon on the Control Panel. NFS client activities are done through normal Windows applications, such as the File Manager and Control Panel. Drives are mounted and unmounted through the File Manager, whereas all other options are handled through the Network panel in the Control Panel. 

<BR>

<P>Once installed, ChameleonNFS lets you mount a remote directory on an NFS server from the File Manager. Select the Network Connections option from the Disk pull-down menu. This displays the Network Connections dialog shown in Figure 12.4. The remote machine name and the directory to be mounted are specified in this dialog. The mounted filesystem is usually mounted as another drive, not as part of an existing drive's filesystem.

<BR>

<P><B><A HREF="12tyt04.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/12tyt04.gif">Figure 12.4. The Network Connections dialog lets </B><B>you mount a remote filesystem using NFS.</A></B>

<BR>

<P>If you want to see all the filesystems that are available for mounting on a remote machine, use the Browse button. The remote machine name and all the filesystems available are listed, as shown in Figure 12.5. In Figure 12.5 the only filesystem that is showing as available on the machine called tpci is the root filesystem, which means the entire filesystem on the remote. You can't tell from this window whether it is set for special access rights such as read-only.

<BR>

<P><B><A HREF="12tyt05.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/12tyt05.gif">Figure 12.5. When you specify the host name in the </B><B>Browse dialog, all that remote's NFS filesystems are listed.</A></B>

<BR>

<P>Clicking the OK button after the remote machine name and directory name are filled in mounts the remote filesystem at the location you indicate in the window, as shown in Figure 12.6. This mounts the remote machine's root directory as drive H on the local machine. When you click OK to close the NFS dialog, the remote machine's filesystem is available from the File Manager. The drive icon shows that it is a network drive.

<BR>

<P><B><A HREF="12tyt06.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/12tyt06.gif">Figure 12.6. This window shows that tpci's root </B><B>directory is to be mounted as drive H on the local machine.</A></B>

<BR>

<P>To disconnect an NFS-mounted drive, use the Disconnect button on the Network Connections dialog. The drive icon should be removed from the File Manager to show that the mount is no longer in effect.

<BR>

<BR>

<A ID="E69E162" NAME="E69E162"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Sharing a Windows Directory</B></FONT></CENTER></H4>

<BR>

<P>ChameleonNFS can be used to share PC drives or directories with other users on the network. To share a drive, create a list of users who have access to the drive, unless everyone can mount the drives. The user access list is maintained under the NFS icon with ChameleonNFS. Start the NFS server process by clicking the NFS icon in the Chameleon program group. This displays the NFS main window. Clicking the Users menu item on the NFS window opens the Server Users window, shown in Figure 12.7. From here you can add and manage all access to your NFS available drives. To enter a user, type the name, any password you want them to use (if you want a password), and a group and user ID number. Click the Add button, and the entry appears as part of the user list.

<BR>

<P><B><A HREF="12tyt07.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/12tyt07.gif">Figure 12.7. The Server Users window lets you set </B><B>access rights to your NFS drives.</A></B>

<BR>

<P>When you have entered all the users, click the Save button to write the entries to the disk. If you don't save the table, any changes are lost. Figure 12.8 shows two users on the access table.

<BR>

<P><B><A HREF="12tyt08.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/12tyt08.gif">Figure 12.8. Two users are allowed to access the </B><B>local machine's NFS drives.</A></B>

<BR>

<P>Next, you need to set the drives and directories that can be exported by other clients. Use the Exports menu item in the NFS window to display the Server Exports window. Use the directory browser to move between the drives and directories, selecting the ones you want to export. Click the Add button to enter the drive and directory combination to the export list.

<BR>

<P>Figure 12.9 shows the Server Exports window with two specific directories and one entire drive set to be exported. For each drive or directory you can set access rights by clicking the Access button. This displays the Access dialog, which you can use to select the proper permissions and access rights.

<BR>

<P><B><A HREF="12tyt09.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/12tyt09.gif">Figure 12.9. The Server Exports window with </B><B>directories and drives defined for NFS access.</A></B>

<BR>

<P>Once the access permissions are set, a remote client can access your NFS drives. The remote user is prompted for a password if you have set your system to require one.

<BR>

<BR>

<A ID="E68E111" NAME="E68E111"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Network Information Service (NIS)</B></FONT></CENTER></H3>

<BR>

<P>The Yellow Pages (YP) protocol is an RPC application layer service (like NFS) that provides a versatile directory service. Because of copyright restrictions, Yellow Pages was renamed to Network Information Service (NIS), although both terms are in common use. NIS was developed for several reasons, but the one that affects users the most is access permissions. The effect these permissions have on users is generally transparent except for one major advantage.

<BR>

<P>If you are a user on a large network and you tend to connect to other machines frequently (through Telnet or FTP, for example), you must maintain accounts on each machine you connect to. Thus, you would need user accounts on every machine you could conceivably want to access. Maintaining the passwords on a large number of machines is awkward, because you must log into each one and perform password changes. NIS was developed to enable one single, central user file to be shared over the network, requiring only a single entry to enable access to all machines (unless specific restrictions are imposed), and simplifying a password change on all machines to one step.

<BR>

<P>In RPC terms, this combination of user ID and password works on the RPC authentication procedures. RPC uses the user and group IDs to grant access to files, so it is necessary for the client and server's user and group IDs to match. Without NIS this could be very difficult to implement because each machine's user file might have the same names, but their user IDs might not coincide. Worse, another user with a matching user ID on another machine could access files on your machine as though he or she were logged in as you.

<BR>

<P>NIS is a distributed access system in that each machine on the network that uses NIS accesses a central server, called the <I>NIS master </I>or <I>ypmaster</I> (depending on the version), for access information. On larger networks, to spread the load, and for all networks as a backup contingency, several other machines are designated as <I>slaves</I> or <I>ypslaves </I>that maintain up-to-date access information. In case of a failure of the master server, a slave takes up the functions. NIS uses both TCP and UDP for communications.

<BR>

<BLOCKQUOTE>

<BLOCKQUOTE>

<HR ALIGN=CENTER>

<BR>

<NOTE>

<IMG SRC="note.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/note.gif" WIDTH = 75 HEIGHT = 46>There are two versions of NIS in general use. The first release (Version 1) had serious problems under certain circumstances, so Version 2 was quickly released. However, some systems still use the older version.</NOTE>

<BR>

<HR ALIGN=CENTER>

</BLOCKQUOTE></BLOCKQUOTE>

<P>The NIS protocol has a set of procedures defined within the RFC. These enable a search for master servers, access to the user files, and system management functions. Another procedure is used to transfer copies of the master files. Several machines are grouped together into one NFS subnetwork, called a <I>domain</I> (not to be confused with the Internet domain). Each domain has master and slave machines.

<BR>

<P>NIS keeps the access information in a set of <I>maps,</I> each map corresponding to a particular area or domain of a network. This allows for several groups to use the same NIS master but have different access permissions. The NIS maps do not have to correspond to DNS domains, enabling more versatility in configuration. Maps consist of a set of records in ASCII format, each with an <I>index key </I>for fast lookup. The index key is usually the user name. The records have the same structure as normal user files (such as UNIX's /etc/passwd), both for compatibility and for simplicity.

<BR>

<BLOCKQUOTE>

<BLOCKQUOTE>

<HR ALIGN=CENTER>

<BR>

<NOTE>

<IMG SRC="note.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/note.gif" WIDTH = 75 HEIGHT = 46>The use of NIS does not negate the need for a complete set of access files on each machine, because NIS is loaded after the machine has been booted (and these files are read). The stand-alone files should have access for a system administrator at least, although it is good practice to also include the most frequent users in case of a network crash preventing access to the NIS directories.</NOTE>

<BR>

<HR ALIGN=CENTER>

</BLOCKQUOTE></BLOCKQUOTE>

<P>NIS is not restricted to the users of a system. Any file can be set up to use NIS, such as the list of machines on a network (UNIX's /etc/hosts file). Thus, only one change needs to be made to these files on any network. A set of aliases also can be managed by NIS.

<BR>

<P>Several NIS-specific commands are involved with the protocol, although most system administrators set up aliases to minimize the impact on users. For most users, only one command is necessary on a regular basis. For UNIX systems, this is the command yppasswd to change a user's password. This is usually aliased to passwd, the normal password change command. Application developers might have to examine the NIS protocol in more detail when writing client/server code that runs on an NIS-based system, but the effects of the distributed system are usually transparent.

<BR>

<BR>

<A ID="E68E112" NAME="E68E112"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Configuring NIS</B></FONT></CENTER></H3>

<BR>

<P>Earlier today you saw how NIS can be used to provide network-wide access to files that would normally be local, offering greatly improved access for users and administrators. With NIS active, you don't need to maintain a separate current /etc/passwd file on each UNIX system; instead, you can use the NIS master password files to enable global access to any machine on the