The LINUX User-Space NFS Server Version 1.5 Mark Shand, Donald J. Becker, Rick Sladkey, Orest Zborowski, Fred N. van Kempen, HISTORY: ===================================================================== This package implements a simple user level NFS server based on the sunrpc3.9 package that was posted to the net a few months ago. The current version only provides read access from the clients. It has been tested between a VAX11/780 running 4.3BSD (the server) and several diskful SUN3/60 running SunOS 3.4 (the clients) and on a diskless SUN3/50 running SunOS 3.2 remounting its own root at a lower level of its file hierarchy. The server is implemented by two programs unfsd and unfsmntd. Unfsmntd handles the mount protocol, and unfsd handles all sub- sequent operations. Currently NFS is defined to use internet port 2049. As a consequence there can only be one implementation of NFS active on a given machine. Thus a machine cannot make it filesystem available through this server while concurrently running some alternate server implementation. Normally the server would be run by the super-user. I had hoped to be able to run the server as a normal user, and indeed the server contains code to cope with paths containing directories that can be accessed but not searched, however the sunrpc portmapper listens on port 111 so some superuser cooperation is required to at least gain support for sunrpc on sites running standard 4.3 BSD. Unlike SUN's NFS-servers, the file hierarchy exported by unfsd treats mount points within an exports filesystem transparently; thus the client sees the same file hierarchy as is seen from the server. COPYRIGHT ========= These programs may be freely distributed provided they retain my copyright notices. They are provided as is, with no warranty expressed or implied. INSTALLATION ============ 1. If you have installed Van Jacobson's TCP/IP code be sure you have installed the fix I posted to comp.bugs.4bsd (reproduced below). Otherwise UDP packets larger than the maximum IP fragment size of your net will mysteriously fail. 2. Edit the first few lines of the Makefile to reflect local conditions. 3. If your client and server machines have different uid/username mappings you may wish to run ugidd on the client (see below). Otherwise the server assumes one-to-one correspondence between uids and gids on the server. 4. "make" and "make install". 5. Create a /etc/unfsd_exports file to authorize clients of your server, and set desired options (Note: options may also be set with the command that starts the server see unfsd(8) and instal- lation step 7). 6. Run "unfsmntd" and "unfsd" and try to mount server file systems from your authorized clients. 7. Arrange for the server to be started at boot-time. EG in the /etc/rc.local file, add: if [ -f /etc/unfsmntd ]; then /etc/unfsmntd fi if [ -f /etc/unfsd ]; then /etc/unfsd fi 8. Edit client fstabs to mount from the new server at boot-time. UGIDD ===== If you have the same set of user group names on your client and server machines but differing uids and gids you may wish to run the ugidd on the clients and enable to server to map between local and remote ids using this pprogram. Ugidd is a simple rpc-based service that supplies translations between names and uid/gids on the client. To guard against trojan horses the ugidd authenicates itself by signalling the unfsd on a reserved internet port. To install ugidd on a client: 1. "make ugidd" and copy ugidd to standard place like /usr/etc/rpc.ugidd 2. Either run it from /etc/rc.local with the command /usr/etc/rpc.ugidd -d or if using a version of inetd that supports sunrpc, invoke it from inetd with the line rpc udp /usr/etc/rpc.ugidd 545580417 1 in /etc/servers (SunOS 3.x) or /etc/inetd.conf (4.3 BSD). (See ugidd(8)). 3. Set the "map_daemon" option for this client in the servers /etc/unfsd_exports file. (See unfsd_exports(5)). Note: When ugidd fails to respond to a server, or the specified name (or uid/gid) has no corresponding uid/gid (or name), the server assumes a mapping to the unprivelegded user "nobody" (uid: -2). TCP/IP FIX ========== Here follows a fix to the Van Jacobson TCP/IP upgrade. Subject: bug in new tcp/ip code [ posted to comp.bugs.4bsd Thu Apr 21 16:36:04 1988 ] There is a bug in the upgrade of 4.3BSD networking code that was recently posted to comp.bugs.4bsd.ucb-fixes. When an IP packet is too large for an interface and must therefore be fragmented, some of the fields of the IP header in the first packet are not converted to network byte-order. The fix is as follows: *** /sys/netinet/ip_output.c.orig Tue Apr 12 15:52:46 1988 --- /sys/netinet/ip_output.c Thu Apr 21 13:16:16 1988 *************** *** 232,239 **** * and updating header, then send each fragment (in order). */ m_adj(m0, hlen + firstlen - ip->ip_len); ! ip->ip_len = hlen + firstlen; ! ip->ip_off |= IP_MF; ip->ip_sum = 0; ip->ip_sum = in_cksum(m0, hlen); sendorfree: --- 232,239 ---- * and updating header, then send each fragment (in order). */ m_adj(m0, hlen + firstlen - ip->ip_len); ! ip->ip_len = htons((u_short)(hlen + firstlen)); ! ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); ip->ip_sum = 0; ip->ip_sum = in_cksum(m0, hlen); sendorfree: SECURITY ISSUES =============== When I first started looking at standard SunOS 3.x NFS I was pretty well appalled by the lack of security. I later found that Security could be improved considerably it was just that the defaults were (in my opinion) wrong. By default, unfsd insists that NFS requests originate from a secure port from a known internet address. Unfsd presumes that the kernel of the client deals correctly with access permission checks. In my experience this seems to be true of SunOS 3.x kernels for read accesses across NFS, but not for write accesses. It is for this reason that write accesses remain unimple- mented in the current version of the server. ---------- Mark Shand Joint Microelectronics Research Centre School of Electrical Engineering University of NSW PO Box 1 Kensington NSW 2033 AUSTRALIA +61 2 697 4898 shand@cad.jmrc.eecs.unsw.oz HISTORY: ===================================================================== This directory contains the Harris NFS server, developed by Don Becker at the Advanced Technology Department, Harris Corporation. He may be reached at becker@trantor.harris-atd.com. COMMENT: his current address is An early version of my NFS server is available by anonymous FTP on trantor.harris-atd.com. That version still uses some of Mark Shand's NFS code and manual pages, but it has been tested. My current version uses only Harris-written code, but it hasn't been tested and needs work on the manual pages. Eventually I hope to put in additional authentication mechanisms such as Kerberos. If you send me mail requesting it, I'll send you a letter whenever I release a new version. This is a user-level (no kernel mods) NFS server, unlike Der Mouse's server which does add system calls to improve performance. This is not an NFS client implementation, which would require changes to both the kernel and system utilities. Oh, by the way, this is not an official Harris product. It is in the anonymous FTP directory in the hope that it will be useful to others. I would like to receive any bug reports or improvements, but Harris Corporation can't offer any user support or warranty. I personally would be happy to help in any way I can. Written while I was: Donald Becker Advanced Technology Department becker@trantor.harris-atd.com Harris Corporation, Melbourne FL New address: Donald Becker Supercomputing Research Center becker@super.org 17100 Science Dr. Bowie MD. (301) 805-7482 ===================================================================== This is an NFS server package for Linux. It is a combination of two packages: * unfsd - Mark Shand's user-space read-only NFS package, circa 1988 * hnfs - Don Becker's extension of unfsd for read-write NFS, circa 1989 I made quite a few changes and bug fixes and then merged the two. Requirements: * you must have the RPC library or libc-4.2 installed to compile it * you must have the portmapper running before you start the daemons * you must have a syslog daemon running to peruse debugging output Installation: * read the exports man page and set up /etc/exports * start up the nfsd and mountd daemons in you rc/rc.local/rc.net or whatever * mount a filesystem from a system that supports NFS clients (e.g. a Sun) *** IMPORTANT *** Make sure that you mount using the options rsize=1024,wsize=1024 or their equivalents when mounting a Linux filesystem from a non-Linux NFS client. Lots of nasty things can happen if you don't do this. Rick Sladkey jrs@world.std.com ===================================================================== This the 1.4 release of Rick Sladkey's NFS server package for the LINUX operating system. I cleaned up the sources (GCC now only issues some warnings on the RPC files- cannot do anything about that...). I reorganized the modules "a bit", and simplified the debug/log facility. It can now be configured for either SYSLOG (normal operation) or a log file (debug runs). I also fixed a bug in auth_init.c, which caused my network to be left with RO-file systems only. The function that read the /etc/exports file acted weird when it encountered "empty" lines (i.e. blank or comment lines). It's OK now. Fred N. van Kempen, 02/14/93