IBM AS/400e - Manuals

Network Data Encryption . . . . . . . . . . . . . . . . . . . . 82 User Authorities . . . . . . . . . . . . . . . . . . . . . . . . 83 User Identifications (UIDs) . . . . . . . . . . . . . . . . . . . 83 Group Identifications (GIDs) . . . . . . . . . . . . . . . . . . . 83 Mapping User Identificatio...

Figures 1. AS/400 Operations Navigator Display . . . . . . . . . . . . . . xii 2. The local client and its view of the remote server before exporting data . . 1 3. The local client and its view of the remote server after exporting data . . 2 4. The local client mounts data from a remote server . . ....

54. Using the End NFS Server (ENDNFSSVR) display . . . . . . . . . 71 55. Starting or stopping NFS server daemons. . . . . . . . . . . . . 73 56. NFS Properties dialog box. . . . . . . . . . . . . . . . . . . 73 57. Using the Release File System Locks (RLSIFSLCK) display . . . . . . 76 58. Client ou...

Tables 1. CL Commands Used in Network File System Applications . . . . . . . 91 © Copyright IBM Corp. 1997, 1999 ix

About OS/400 Network File System Support (SC41-5714) The purpose of this book is to explain what the Network File System is, what itdoes, and how it works on AS/400. The book shows real-world examples of howyou can use NFS to create a secure, useful integrated file system network. Theintended audien...

This new interface has been designed to make you more productive and is the onlyuser interface to new, advanced features of OS/400. Therefore, IBM recommendsthat you use AS/400 Operations Navigator, which has online help to guide you.While this interface is being developed, you may still need to use...

http://www.as400.ibm.com/infocenter http://publib.boulder.ibm.com/pubs/html/as400/infocenter.htm The AS/400 Information Center contains important topics such as logicalpartitioning, clustering, Java, TCP/IP, Web serving, and secured networks. It alsocontains Internet links to Web sites such as the A...

Summary of Changes This manual includes changes made since Version 4 Release 1 of the OS/400licensed program on the AS/400 system. This edition includes information that hasbeen added to the system to support Version 4 Release 4. Changes made to this book include the following items: v Updated graph...

Chapter 1. What is the Network File System? Introduction OS/400 Network File System Support introduces a system function for AS/400 that aids users and administrators who work with network applications and file systems.You can use the Network File System (NFS**) to construct a distributed networksys...

OS/400 Network File System Support is the replacement for the TCP/IP File ServerSupport/400 (FSS/400) system application. Users who are accustomed to workingwith FSS/400 will notice many similarities between FSS/400 and NFS. It isimportant to note, however, that FSS/400 and NFS are not compatible wi...

Each group of users works on sets of clients that need different file systems fromthe TULAB server. Each group of users has different permissions and authoritiesand will pose a challenge to establishing a safe, secure NFS namespace. Chris Admin will encounter common problems that administrators of N...

Chapter 2. The Network File System Client/Server Model To understand how the Network File System works on AS/400, you must firstunderstand the communication relationship between a server and various clients.The client/server model involves a local host (the client) that makes a procedurecall that is...

Network Status Monitor Daemon (NSMD) The Network Status Monitor (NSM) is a stateful NFS service that providesapplications with information about the status of network hosts. The Network LockManager (NLM) daemon heavily uses the NSM to track hosts that have establishedlocks as well as hosts that main...

Client-side caching in NFS reduces the number of RPC requests sent to the server.The NFS client can cache data, which can be read out of local memory instead offrom a remote disk. The caching scheme available for use depends on the filesystem being accessed. Some caching schemes are prohibited becau...

Data Cache The data cache is very similar to the directory and file attribute cache in that itstores frequently used information locally on the client. The data cache, however,stores data that is frequently or likely to be used instead of file or directoryattributes. The data cache provides data in ...

CRTUDFS Display When you use the CRTUDFS command, you can specify many parameters andoptions: v The required UDFS parameter determines the name of the new UDFS. Thisentry must be of the form /DEV/QASPXX/name.udfs , where the XX is one of the valid Auxiliary Storage Pool (ASP) numbers on the system, ...

This command creates a case sensitive user-defined file system (UDFS) named kate.udfs in the user Auxiliary Storage Pool (ASP), qasp02 . Display a User-Defined File System The Display User-Defined File System (DSPUDFS) command presents theattributes of an existing UDFS, whether mounted or unmounted....

Example Display UDFS in user ASP on TULAB2 DSPUDFS UDFS('/DEV/QASP02/kate.udfs') This command displays the attributes of a user-defined file system (UDFS) named kate.udfs in the user Auxiliary Storage Pool (ASP), qasp02 . Delete a User-Defined File System The Delete User-Defined File System command ...

DLTUDFS Display When you use the DLTUDFS command, you only have to specify one parameter: v The UDFS parameter determines the name of the unmounted UDFS to delete. This entry must be of the form /DEV/QASPXX/name.udfs , where the XX is one of the valid Auxiliary Storage Pool (ASP) numbers on the syst...

2. Export the path to the UDFS mount point (the directory you mounted over in Step 1) The previous steps will ensure that the remote view of the namespace is the sameas the local view. Afterwards, the exported UDFS file system can be mounted (Type*NFS) by remote NFS clients. However, you must have p...

This window displays the properties of a user-defined file system. For moreinformation about the DSPUDFS command, see “Display a User-Defined FileSystem” on page 17. User-Defined File System Functions in the Network File System To export the contents of a UDFS, you must first mount it on the local n...

directories. For this reason, exporting /DEV or objects within it can causeadministrative difficulties. The next sections describe how you can work around onesuch scenario. Using User-Defined File Systems with Auxiliary Storage Pools This scenario involves an eager user, a non-communicative system a...

Chapter 4. Server Exporting of File Systems A key feature of the Network File System is its ability to make various local filesystems, directories, and objects available to remote clients through the exportcommand. Exporting is the first major step in setting up a “transparent” relationshipbetween c...

The mount daemon checks the export table each time a client makes a request tomount an exported file system. Users with the proper authority can update the /etc/exports file to export file systems at will by adding, deleting, or changing entries. Then the user can use the export command to update th...

Chris Admin can export a directory containing only the database files with statisticsof the bridge construction safety records. This operation can be performed withoutfear of unknown users accessing the sensitive data. Chris Admin can use the exportcommand to allow only selected client systems to ha...

After exporting, a remote client can view the exported file systems PROJ2 and PROJ3 . Not all the file systems on the server are visible to remote clients. Only the exportedfile systems are available for mounting by clients with proper authorities as specifiedon the export command or in the /etc/exp...

For example, the file system /home/sweet/home has been exported, and /home/sweet is a parent directory of /home/sweet/home . You cannot now export /home/sweet unless it exists on a different local file system. 4. You can only export local file systems. Any file systems or proper subsets of file syst...

You can export to specific groups of clients by using the /etc/netgroup file. This file contains an alias for a group of clients to whom file systems will be exported. Noother systems outside of the netgroup will be able to access the file systems. Formore information about the /etc/netgroup file, s...

v The directory entry is the name of the directory that you want to export. Thepathname you specify will be listed in the DIR parameter on the CHGNFSEXPcommand. This entry specifies the path name of the existing directory to beexported (made available to NFS clients) or unexported (made unavailable ...

CHGNFSEXP OPTIONS('-I -O RO,ANON=199,ACCESS=Prof:1.234.5.6') DIR('/engdata/mech') HOSTOPT((TULAB1 850 850)) This command exports the directory tree under the path name /engdata/mech as read-only. This command allows only two clients to mount this directory tree. Ittakes advantage of the positional p...

In the Exports dialog, clicking the Export button will immediately export the folderon the AS/400 server. You also have the option of updating the /ETC/EXPORTS file with this new or changed export. Finding out what is exported Often, you need to know the items that are currently exported on an AS/40...

5. Select Exports. From here, you can easily add new exports or remove entries from the list. The figure below shows the dialog box for NFS Exports. Retrieve Network File System Export Entries (QZNFRTVE) API A second method of finding currently exported items on an AS/400 is using theRetrieve Networ...

Exporting Considerations Mounted File System Loops Users and administrators can encounter difficulty with the inability of NFS to exportan already-mounted Network File System. NFS will not allow the export of amounted file system because of the possibility of mounted file system loops. Thisproblem w...

Chapter 5. Client Mounting of File Systems The mount command places the remote file system over a local directory on anNFS client. After exporting, mounting a file system is the second major step insetting up a “transparent” relationship between client and server. Mounting allows clients to actually...

There is a “downstream” principle for mounting that is similar to the “downstream”rule for exporting. Whenever you mount a remote file system over a local directory,all of the objects “downstream” of the mount point are “covered up”. This rendersthem inaccessible to the local namespace. If you mount...

Sometimes the namespace of a client can become too complicated or overwhelmedwith information. The unmount command is an easy way to slowly disengage fromthe server one file system at a time. To unmount all file systems, specify the *ALL value for the TYPE parameter on the UNMOUNT or RMVMFS (Remove ...

The new local directory tree on the client will display /user/work and the various contents and sub-directories, as shown here. Note: NFS clients will always see the most recent view of a file system. If the client dynamically mounts or unmounts a file system, the change will be reflectedon the name...

Mount Points Mount points mark the area of the local client and remote server namespaceswhere users have mounted exported file systems. Mount points show where the filesystem has been mounted from on the server and show where it is mounted to on the client. For example, the system exports the /home/...

v The path name code page specifies what code page should be assumed for pathnames on the remote system. This is a code page to be assumed for pathnames on the remote system. Any AS/400 code page is supported on thisparameter. Graphical User Interface When accessing AS/400 through AS/400 Client Acce...

ADDMFS TYPE(*NFS) MFS('TULAB2:/QSYS.LIB/WORK.LIB') MNTOVRDIR('/HOME') OPTIONS('ro, nosuid, rsize=256, retrans=10') CODEPAGE(*JOBCCSID) This command mounts the /qsys.lib/work.lib file system from the remote system TULAB2 onto the local client directory /HOME . This command also specifies: v Mount as ...

2. a remote file system accessed via a Network File System server (*NFS) 3. a local or remote NetWare file system (*NETWARE). If any of the objects in the file system are in use, the command will return an errormessage to the user. Note that if any part of the file system has itself beenmounted over...

Examples Example 1: Unmounting a Directory. RMVMFS TYPE (*NFS) MNTOVRDIR('/tools') This command unmounts a Network File System that is accessible on directory /tools . Example 2: Unmounting a User-Defined File System. RMVMFS TYPE(*UDFS) MFS('/DEV/QASP02/A.udfs') This command unmounts the user-define...

Examples Example 1: Displaying Statistics of a Mounted File System. DSPMFSINF OBJ('/home/students/ann') This command displays the statistics for the mounted file system that contains /home/students/ann . Example 2: Displaying ’/QSYS.LIB’ File System Statistics. DSPMFSINF OBJ('/QSYS.LIB/MYLIB.LIB/MYF...

Chapter 6. Using the Network File System with AS/400 FileSystems There are several exceptions to using AS/400 file systems with NFS on variousclients. This is because you are able to export several different file systems on anAS/400 NFS server. Each file system has its own set of requirements anddev...

Read/Write Options No matter what options the client specifies on the MOUNT command, some serverfile systems from QOpenSys exist as read-only or read-write. However the clientmounts a file system determines how the file system is treated and how it functionson the client. Library File System (QSYS.L...

Note: See the System API Reference, SC41-4801 book for more details on the open() API and the O_TEXTDATA and O_CODEPAGE options. QPWFSERVER Authorization List The QPWFSERVER is an authorization list (object type *AUTL) that providesadditional access requirements for all objects in the QSYS.LIB file ...

Document Library Services File System (QDLS) Network File System Differences Mounting and QDLS Users can mount the QDLS file system on a client, but users cannot mount over theQDLS file system. File Creation Users cannot create regular files in the top-level /QDLS directory. Users can only create fi...

using the ADDDIRE (Add Directory Entry) command. All anonymous client requeststhat are mapped to QNFSANON will fail at the server if you do not enroll theQNFSANON user profile in FMS. For more information regarding the QDLS file system, see v Integrated File System Introduction, SC41-4711 v Managing...

Case-Sensitivity QOPT is case-insensitive. It converts lowercase English alphabetic characters touppercase when used in object names. Therefore, the path name /QOPT/volume/dir/file represents the same path as /QOPT/VOLUME/DIR/FILE .. Security and Authorization The QOPT file system offers volume-leve...

Network File System Differences Case-Sensitivity When remote UNIX clients mount objects that the server exports from a UDFS, thecase-sensitivity is variable, depending on how the user created the UDFS. A UDFSthat is mounted on a UNIX client can cause the case-sensitivity to change in themiddle of a ...

a. Select option 2 (Change) from the CFGTCP menu to add a name for an address. b. Select option 1 from the CFGTCP menu to add an entire new address with names. 6. Verify that the names LOOPBACK and LOCALHOST are associated with the IP address 127.0.0.1 in the host table. 7. Verify that the long and ...

waits for requests (the standard is #2049). All server daemons will use thissame port. The NFS server daemons then wait on the port for RPC requestsfrom NFS clients to access local files. 4. The user starts the mount daemon (QNFSMNTD). This daemon registers to the local RPC binder daemon. It then wa...

If you attempt to start a daemon or daemons that are already running, they will notcause the command to fail, and it will continue to start other daemons you haverequested to start. The command will issue diagnostic message CPDA1BA if thedaemon is already running. For best results, end NFS daemons b...

STRNFSSVR Display When you use the STRNFSSVR command, you can specify many parameters: v The required SERVER parameter on the STRNFSSVR command specifies theNetwork File System daemon jobs to be started by this command. The specifieddaemon should not already be running. v The NBSVR parameter on the ...

This command starts the NFS mount daemon, and waits up to the default of 30seconds for it to start. The mount daemon should not be already running, and otherdaemons have been started in the appropriate order. Proper Shutdown Scenario Shutting down an NFS server properly allows for all jobs to finish...

v The mount (MNT) daemon v The server (SVR) daemon v The block I/O (BIO) daemon v The Remote Procedure Call (RPC) binder daemon If you are choosing to end just one daemon, be sure you understand theappropriate order for ending NFS daemons and the possible consequences ofending deamons in an order ot...

v The required SERVER parameter on the ENDNFWSVR command specifies theNetwork File System daemon jobs to end. v The ENDJOBTIMO parameter on the ENDNFSSVR command specifies thenumber of seconds to wait for each daemon to successfully end. If a daemonhas not ended within the timeout value, the command...

You can also display the status of each individual daemon by choosing Properties.This brings up the following dialog box: In the example, Chris Admin has decided to start 4 of the Server type daemons to give better throughput. You can start up to 20 of these daemons from the General Figure 55. Start...

tab of the previous dialog box. Notice that the Network lock manager daemon isstopped. This could indicate that it encountered a problem by trying to start up.Alternately, it could mean that the administrator chose to end it specifically becauseof no need for byte range locking. Both NFS and RPC sha...

If a client with a granted lock request should happen to fail, a specific set ofoperations will occur at startup time to recover the locks: 1. When the user restarts the NSM daemon on a system, the daemon will send a change of state RPC to other NSM daemons in the network. This message istransmitted...

RLSIFSLCK Display When you use the RLSIFSLCK command, you can specify many parameters: v The RMTLOCNAME parameter on the RLSIFSLCK command specifies the hostname or internet address of a remote system whose NFS-related locks on localfiles are to be released. v The OBJ parameter on the RLSIFSLCK comm...

UDP does not guarantee the delivery or order of data returned to clients. A client may receive any one of the following return codes for a successful operation: 1. Return code=0 (RC=0). The operation is completed successfully. 2. EEXIST. The operation is completed successfully. This error condition ...

Once a file or directory is open, subsequent requests to perform operations on a fileor directory can fail. This is because attributes are checked at the server on eachrequest. When permissions on the object are more restrictive at the server, youroperations on an open file descriptor will fail when...

Chapter 9. Network File System Security Considerations You can use the Network File System to create a seamless, transparent namespacewhere all users have access to the right information at any given time. However,NFS also has special security considerations. These considerations deal mainlywith use...

Network Data Encryption A client existing outside the trusted community can become aware of thecommunity’s existence. Furthermore, a malignant client can introduce a “sniff”program that can read and change data as it transfers in the client/serverrelationship. It accomplishes this by intercepting th...

User Authorities As users log on to NFS clients and servers, the user authority of each user dictateswhat they can and cannot do. User authorities are assigned to users byadministrators, and usually take the form of user identifications (UIDs) for particularusers, group identifications (GIDs) for gr...

forbidden to their profiles. It is important to become aware of which users fromwhich groups have access to your data. GIDs can help a user from a powerfulgroup gain unauthorized access to sensitive data. The various IDs a user has and the attached authorities can create NFS securityhazards. This is...

appropriate to both the user and the system in question. Just because usersneed *SECOFR authority on one system does not mean that they need thatsame authority on all machines. UID Mapping Examples In the TULAB, an engineering graduate student named Bill has a UID of 136 onTULAB1 and a UID of 142 on...

There are other ways to tap into a system of users and the objects owned by them.The administrator of a client can deliberately impersonate a remote server UID. For example, the administrator of a client can log on and access the UID of a user,Mary on TULAB2, who accesses the client. If the UID of M...

However, instead of changing the UID and user profile for each user on eachsystem, administrators can use the QSYCHGID API (application programminginterface). This new API can be called from AS/400 command lines, C programs,COBOL programs, and through other interfaces as well. This function can chan...

1. Administrators should never export the “root” (/) Directory. Remember that whenever you export a file system, you also export all of the directories andobjects “downstream” of the path. Should the “root” (/) directory becomeexported, all the other directories and objects downstream of “root” (/) ...

v Change the file permissions for “the world” while still mapped to QNFSANON Exporting to ″ The World ″ Instead of making exported data accessible to everyone, an administrator canemploy the technique of specifying selective clients. Administrators can use theACCESS option of the CHGNFSEXP command t...

Appendix B. Understanding the /etc Files A directory named /etc exists within the integrated file system namespace. This directory contains important system files that users should never write to or changeunless they are experienced NFS administrators. NFS uses these files to performspecific system ...

10. No tabs or line feeds can be used in the path name 11. All characters following the pound sign ’#’ are considered comments until the end of the line. The only exception to this rule is the HOSTOPT parameter,which uses the ’#’ character as a starting point for each HOSTOPT entry. Formatting the H...

3. Options are case-insensitive. 4. Options that are not specified will be processed as the defaults described in “Formatting the HOSTOPT (Host Options) Parameter” on page 95. Examples of Formatting /etc/exports with HOSTOPT Parameter Example 1: Exporting to a host and specifying all options. /home/...

Notices This information was developed for products and services offered in the U.S.A. IBMmay not offer the products, services, or features discussed in this document in othercountries. Consult your local IBM representative for information on the products andservices currently available in your area...

Bibliography This bibliography lists publications that containbackground information or more details forinformation that OS/400 Network File System Support discusses. The list below gives the full title and order numberof each book. OS/400 Network File System Support may use a shortened version of t...

Readers’ Comments — We’d Like to Hear from You AS/400eOS/400 Network File System SupportVersion 4 Publication No. SC41-5714-01 Overall, how satisfied are you with the information in this book? Very Satisfied Satisfied Neutral Dissatisfied Very Dissatisfied Overall satisfaction h h h h h How satisfie...

Readers’ Comments — We’d Like to Hear from You SC41-5714-01 SC41-5714-01 IBMR Cut or FoldAlong Line Cut or FoldAlong Line Fold and Tape Please do not staple Fold and Tape Fold and Tape Please do not staple Fold and Tape NO POSTAGENECESSARYIF MAILED IN THEUNITED STATES BUSINESS REPLY MAIL FIRST-CLASS...