open.itworld.com
  Search  
Security Home Page Security Webcasts Security White Papers Security Newsletters Security News Open Topics Careers ITworld Voices ITwhirled The Security site of ITworld.com

Unix Tip: Using netgroups to share files

 ITworld.com 8/27/2007

Sandra Henry-Stocker, ITworld.com

Send in your Unix questions today! | See additional Unix tips and tricks

Solaris and other SVR4 versions of Unix provide file sharing through NFS and the /etc/dfs/dfstab file. The syntax of this particular file permits you to restrict file system sharing to a limited number of hosts or to share file systems with no restrictions whatsoever. Restricting file systems to a select set of hosts is particularly important if you are permitting the client hosts to access the file systems read/write and even more important if root on the clients will have the authority of root on your NFS server.

You can specify the hosts that are permitted to mount file systems by stringing them together in a colon-separated format with the share command, such as this command which can be issued on the command line or included in the dfstab file for a more or less permanent setup: 

share -F nfs -o rw=mercury:venus:earth:mars:jupiter:saturn:uranus:neptune /planets
If you include additional options or a large number of client systems, your share command can become quite long:

share -F nfs -o rw=mercury:venus:earth:mars:jupiter:saturn:uranus:neptune,anon=0 -d "planetary data" /planets

Given several dozen clients or more that need to be included in your host list, your share commands can quickly become unwieldy. One way around this problem is to convert your list of clients into a netgroup that includes all of the client systems with which your server's file systems should be shared. The netgroup definitions are set up the in /etc/netgroup file. The format of each entry in a netgroup is: 

(host, user, domain)
The format of each netgroup includes the netgroup name followed by a series of netgroup members: 

group-name (host, user, domain) ...
As you can see, this format is not just for creating lists of systems. For other uses, each of the fields represented in the "triplet" may be used. For NFS file sharing, only the host field is needed. To comply with the format, you would omit the user and domain fields, but include the commas as separators. An example of such an entry for the host "mercury" would look like this: 

(mercury,,)
To define a group for all of the planets, therefore, you would use this syntax: 

planets (mercury,,) (venus,,) (earth,,) (mars,,) (jupiter,,) (saturn,,) \
(uranus,,) (neptune,,)
You could also use a vertical approach to setting up this list if this appeals more to you. The example below shows the planet with the continuation backslash at the end of each line. 

planets \
(mercury,,) \
(venus,,) \
(earth,,) \
(mars,,) \
(jupiter,,) \
(saturn,,) \
(uranus,,) \ 
(neptune,,)
Once your netgroup is set up, you need to decide how you're going to use it. Within the /etc/dfs/dfstab file, your netgroup would take the place of the client list: 

share -F nfs -o rw="planets",anon=0 -d "planetary data" /planets
I put the name of the netgroup in quotes just to differentiate it from the host names that might also appear in the file. In fact, you could mix the two if you were so inclined: 

share -F nfs -o rw="planets":pluto,anon=0 -d "planetary data" /planets
In this share command, we are sharing the /planets file system with the eight planets and pluto (Pluto was downgraded from planet status a year or more ago).

For your server to use the /etc/netgroup file to determine which hosts are included in a particular netgroup, you need to make sure that the netgroup line in the /etc/nsswitch.conf file on your NFS server contains the word "files" or set up the netgroup map on your NIS server. In the /etc/nsswitch.conf, the line might look like this: 

netgroup:   files
If you're going to share file systems with the same hosts from multiple servers, you might elect to share this information through NIS instead. In this case, you would create your /etc/netgroup file, cd to /var/yp and run a "make netgroup" command to add netgroup to your NIS maps.

To view netgroups distributed via NIS, you can run this command on a client: 

ypcat -k netgroup
The -k option includes the name of the netgroup to the information displayed. The response for the planets netgroup would look like this: 

planets (mercury,,) (venus,,) (earth,,) (mars,,) (jupiter,,) (saturn,,)
(uranus,,) (neptune,,)
In other words, it looks just like the contents of the /etc/netgroup file (but flattened into a single line if you defined your netgroup vertically).

Once a netgroup is set up, it simplifies sharing additional file systems with the same group and makes it less likely than file systems will be shared without the proper host restrictions. Adding or removing share clients is also straightforward. Just update the /etc/netgroup file and push the map if you are using NIS.

On this topic
Unix Tip: Reassembling Very Large "split" Files
Unix Tip: Experimenting with Rsync
Unix Tip: Shuffling file systems with rsync
Building a Monitoring Infrastructure with Nagios
Get practical tips, IT news, how-tos, and the best in tech humor.

 

 Sandra Henry-Stocker has been administering Unix systems for more than 18 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She currently works for TeleCommunication Systems, a wireless communications company, in Annapolis, Maryland, where no one else necessarily shares any of her opinions. She lives with her second family on a small farm on Maryland's Eastern Shore. Send comments and suggestions to bugfarm@gmail.com.
Sponsored Links

Sign up for a Microsoft Dynamics® CRM WEBCAST
Hear globally recognized leaders in customer strategy discuss the importance and evolution of CRM.
Sun Microsystems' - FREE 60 DAY TRIAL OFFER!
Test Sun's Newest Servers BEFORE YOU BUY. Plug Them In With Access To Full Technical Support.
100% Web Based Help Desk Software
Easy to use, customizable to meet your needs, powerful and scalable. Free online demo. Try it today!
Sign up for a Microsoft Dynamics® CRM WEBCAST
Hear globally recognized leaders in customer strategy discuss the importance and evolution of CRM.
Used and Refurbished HP ProCurve Switches
Lifetime Warranties, Professional Testing & Shipping on all HP Equipment Purchases!
» Buy a link now

Advertisements
Sponsored links
Locate Hidden Software on business PCs with this free tool
Bring harmony to your mix of UNIX-Linux-Windows computing environments
Top 5 Reasons to Combine App Performance and Security
KODAK i1400 Series Scanners stand up to the challenge
Home  Open source Operating systems Unix
www.itworld.com    open.itworld.com     security.itworld.com     smallbusiness.itworld.com
storage.itworld.com     utilitycomputing.itworld.com     wireless.itworld.com

 
Contact Us   About Us   Privacy Policy    Terms of Service   Reprints  

CIO   Computerworld   CSO   GamePro   Games.net   IDG Connect   IDG World Expo   Infoworld   ITworld   JavaWorld   LinuxWorld  MacUser   Macworld   Network World   PC World   Playlist  

Copyright © Computerworld, Inc. All rights reserved

Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.