  NFS HOWTO
  Nicolai Langfeldt janl@math.uio.no
  v0.7, 3 November 1997
  앐Y nakano@apm.seikei.ac.jp
  v0.7j2, 25 November 1997

  ̕ NFS NCAgƃT[o̐ݒ@Lq̂łB
  ______________________________________________________________________

  Table of Contents

  1. O
     1.1 @IȂ
     1.2 ̑
     1.3 

  2. README.first
  3. NFS T[o̐ݒ
     3.1 ݒ̑O
     3.2 ͂߂̂
     3.3 |[g}bpiportmapperj
     3.4 mountd  nfsd

  4. NFS NCAg̐ݒ
     4.1 Mount options
     4.2 NFS œK

  5. xCʂĂ NFS
  6. ZLeB NFS
     6.1 NCAg̃ZLeB
     6.2 T[õZLeB: nfsd
     6.3 T[õZLeB: |[g}bp
     6.4 NFS ƃt@CAEH[
     6.5 ܂Ƃ

  7. }Eg̃`FbNXg
  8. FAQ
  9. t@CVXe export
     9.1 IRIX, HP-UX, Digital-UNIX, Ultrix, SunOS 4 (Solaris 1), AIX
     9.2 Solaris 2

  10. PC-NFS

  ______________________________________________________________________

  1.  O

  1.1.  @IȂ

  (C)opyright 1997 Nicolai Langfeldt.  Do not modify without amending
  copyright, distribute freely but retain this paragraph.  The FAQ
  section is based on a NFS FAQ compiled by Alan Cox.  The Checklist
  section is based on a mount problem checklist compiled by the IBM
  Corporation.

  ̒̕쌠 (C)opyright 1997 Nicolai Langfeldt ɂ܂B
  Cꍇ͒쌠\ɂ̎|LĉB錾ύX
  ȂΎRɍĔzz邱Ƃł܂B FAQ ZNV Alan Cox
  ɂĕ҂܂ꂽ NFS FAQ ɂĂ܂B`FbNXg̐߂ IBM
  Corporation ɂĕ҂܂ꂽ mount problem checklist ɂĂ
  B

  󒍁F|͒앐Ys܂B (C)opyright 1997 Takeo Nakano

  1.2.  ̑

  ͂̕܂̂ł͂܂B̕ǂɂ邽
  ߂ɁA_␬ȂǂɂĕM҂Ƀ[𑗂ĉBAR
  gAȂǂ janl@math.uio.no ܂ŁB[𑗂AԐM]
  ɂ́AԐM̃AhX@\Ă邱ƂmFĉ悤
  肢܂B

   HOWTO |󂷂ꍇɒm点ĉBǂ̌Ɏ̖O
  ڂm肽̂ :-)

  ̕ƂɊ߁A܂̗Lvȏꂽ Olaf Kirch
  ɊӁiƃO`X :-)B

   HOWTO ł̓J[lo[W 2.0 ɂ NFS Ă܂B
  2.1 ł̃J[lł́ANFS ɊւďdvȊgƕύXsĂ܂B

  󒍁F|ɊւRg͒앐Y nakano@apm.seikei.ac.jp ܂ł
  ܂B{̖|ɓẮA肳AȂ߂A{
   JF [OXg̊FɗLvȂwE܂B

  1.3.  

   HOWTO  Anne Line Norheim Langfeldt ɕBƂĂޏ
  ̕ǂނƂ͖낤ǁBނ̏̎qȂ
  ȂB

  󒍁Fł :-)

  2.  README.first

  NFS (Network File System) ɂ͎O̏dvȓ܂B

  o  NFS pƃlbg[NŐڑꂽzXgԂŃt@CLł
     悤ɂȂ܂B

  o  Ă̏ꍇ͂܂܂B

  o  NFS ̓VXeɃZLeB̖񎝂݂܂B
     ̖݂͂ȃNbJ[ɗǂmĂ̂ŁAȂ̃t@Cɑ
     ANZXireadAwrite  deletejN\
     B

  ̕ł͂̓_ꂼɂďqׂłB̃̕Z
  LeBɊւ߂͕Kǂނ悤ɂĉBԔȃZLeBz
  [cĂ͂Ȃł傤HZLeBɊւ镔͋ZpI
  xȓe܂ނƂ̂ŁA IP lbg[LO֘Apɑ΂
  x̒mKvƂ܂B킩ȂtoĂÃlb
  g[N֘A HOWTO ǂނAlbg[NǗɊւ鏑Ђǂ
  ŁA TCP/IP ̗pɊ悤ɂĉB͂ɂ UNIX
   Linux }V̊Ǘɂ͕KvȂƂłB̕Ɋւ
  ɗǂ{ЉĂ܂傤B Craig Hunt ɂ TCP/IP Network
  Administration ŁAoŎЂ O'Reilly & Associates, Inc. łB̖{
  ǂœe𗝉΁Aȍ~ETɋJ邱Ƃ͂ȂȂł傤
  :-)B

  󒍁F̖{͓{łI[ЂłĂ܂BḾuTCP/IP lbg
  [NǗvłB
  NFS ̃guV[g̖ɗZNV 2 ݂܂B ``}E
  g̃`FbNXg''  ``FAQ'' łB܂Ȃꍇɂ́A
  ̐߂QƂĉB

  3.  NFS T[o̐ݒ

  3.1.  ݒ̑O

   HOWTO ǂݐi߂OɁA܂T[oyуNCAgƂĎg}V
  ̊ԂŁAꂼ݂ telnet ʐMł悤ɐݒ肵ĂKv
  ܂B̐ݒ肪ȂĂȂꍇ́A NET-3 HOWTO Ȃǂǂ
  Kvȃlbg[NݒsĉB

  3.2.  ͂߂̂

  ͂Ƃ NFS T[õZbgAbv܂KvłBǎ҂ł邠
  Ȃw̃lbg[NɎQĂꍇɂ́A炭 NFS
  T[oɑ݂Ă邱Ƃł傤B̃T[oɑ΂ANZX
  A HOWTO ̐ݒ̂߂ɓǂłꍇɂ́Ȁ͂ǂ
  Kv͂܂B ``NFS NCAg̐ݒ'' ɐiŉB

  ܂ Linux ȊÕ}V NFS T[oɂꍇ́AVXẽ}jA
  TāAT[o@\̗グ@ƁAt@CVXe NFS ɂ
   export @Ƃ𗝉Kv܂B HOWTO ɂÂ
  낢ȃVXeŃT[o𗧂グ@ɂĐ߂݂Ă
  ܂BT[oƂĂ̐ݒׂčsƂłA HOWTO ̎
  ͂ɐiŉB邢͂̏͂ǂݐił݂Ăǂ܂B
  ̏͂ŏqׂĂeɂ́AT[oɂ}V̎ނɂ炸ɗ
  Ƃꕔ܂܂Ă܂B

  āA܂œǂݐiłȂ́Aȉ̂悤Ȃ̃vO
  ̐ݒ邱ƂɂȂ܂B

  3.3.  |[g}bpiportmapperj

  |[g}bp Linux ł portmap  rpc.portmap Ƃt@C
  ȂĂ܂B̃VXe man y[WɂƁÁuDARPA |[g
   RPC vOԍɃ}bvvOvƂȂĂ܂BāA
  ̃vO{ HOWTO ɂŏ̃ZLeBEz[̌
  Ȃ܂B̌ǂ@ɂĂ ``NFS ̃ZLeB'' ɏĂ
  ܂B悤łAKǂł悤ɂĉB

  ł̓|[g}bpN܂傤B炭 /usr/sbin fBNg
  portmap  rpc.portmap ƂOő݂Ă͂łiꕔ̃VXe
  ł rpcbind ƂȂĂ邱Ƃ܂jBƂ肠͎蓮ŋN
  ΗǂłÃvO̓VXeu[g邽тɎs
  ̂łA rc XNvgɋLqĂƂ悢ł傤B rc XNv
  gɊւĂ init  man y[WɏڂLqł傤B炭
  /etc/rc.d  /etc/init.dA /etc/rc.d/init.d ̃fBNgɂ
  ͂łB inet ̂悤ȃt@Ĉ̂A炭ҏWΏۂƂȂXN
  vgłBAǂ̂悤ɕҏW΂悢Ƃ̂͂ HOWTO 
  ͈͂zĂ܂̂ŐG܂BāA|[g}bvNAs
  Ă邩 ps aux ŊmF܂傤BĂ܂H낵B

  3.4.  mountd  nfsd

  ɕKvɂȂvO mountd  nfsd łBN
  OɁA܂ʂ̃t@CҏWȂ΂Ȃ܂B /etc/exports łB
  Ⴆ eris Ƃ}Vɂ /mn/eris/local ƂfBNgȉ
  apollon Ƃ}V痘pł悤ɂꍇl܂傤B
  ꍇ eris  /etc/export Ɉȉ̂悤ȍs}܂B
  ______________________________________________________________________
  /mn/eris/local  apollon(rw)
  ______________________________________________________________________

  ł appllon  /mn/eris/local ւ̓ǂݏ̋^Ă܂B
  rw ̑ ro Ƃ邱ƂłȀꍇ͓ǂݏőɂȂ
  ܂iȂΓǂݏő^܂jBɂ
  IvV ܂ÂZLeBɊ֘Âɂ
  ͌ŐGłBIvVׂ̂Ă exports  man y[
  WɋLq܂BȂƂꐶɈx͖ڂʂĂׂł傤B
  ܂ exports ɂ͑SẴzXgKv͂ȂA֗
  @܂BႦ NIS  NYS iYP Ƃ݂邩
  ܂jgĂꍇ́AlbgO[vɂw肪\łB NIS
  gĂȂĂA}Eg^zXg̎wɃhC̃C
  hJ[h IP ̃Tulbgp邱Ƃł܂B̂悤Ɉꗥ
  ȋ^Ƃ́AȂ[Uɂ܂ŃANZX^
  ĂȂǂӂKv܂B

  :  exports t@C̏͑ Unix ŎĝƂ͈قȂ
  Ă܂B Unix ɂ exports t@CɊւẮA HOWTO 
  ʂ̐߂݂Ă܂B

  ł mountd irpc.mountd Ƃt@C܂j nfsd i
   rpc.nfsd jN邱Ƃɂ܂傤B̃vO
   exports t@CQƂ܂B

  /etc/exports ҏWA mountd  nfsd Ƀt@CύXꂽ
  m点Kv܂B`Iȕ@ exportfs s邱Ƃł
  AĂ Linux zzpbP[Wɂ exportfs vO͓Ă
  ܂B̂悤ȏꍇ͈ȉ̃XNvgg̃zXgɏƗ
  ł傤B

  ______________________________________________________________________
  #!/bin/sh
  killall -HUP /usr/sbin/rpc.mountd
  killall -HUP /usr/sbin/rpc.nfsd
  echo re-exported file systems
  ______________________________________________________________________

  ̃t@CႦ /usr/sbin/exportfs ƂOŕۑAYꂸ
  chmod a+rx ܂Bȍ~ exports t@CҏW邽т root ɂȂ
  Ă exportfs R}hsĉB

  ł mountd  nfsd ƎsĂ邩mF܂傤B܂
  rpcinfo -p sĉBȉ̂悤ȕ\oƎv܂B

  ______________________________________________________________________
     program vers proto   port
      100000    2   tcp    111  portmapper
      100000    2   udp    111  portmapper
      100005    1   udp    745  mountd
      100005    1   tcp    747  mountd
      100003    2   udp   2049  nfs
      100003    2   tcp   2049  nfs
  ______________________________________________________________________

  ̂悤Ƀ|[g}bpɂ portmapper g mountdA nfsd Ai
  EX܂B

  rpcinfo: can't contact portmapper: RPC: Remote system error -
  Connection refused Ƃ悤ȕ\oꍇɂ́A|[g}bps
  Ă܂BCĉBNo remote programs registered. Ƃ
  \oꍇ̓|[g}bpɖ₢킹鋖A
  ȂĂ܂B nfsdA mountd ƃ|[g}bp kill āAxŏ
  sȂĂ݂ĉB

  |[g}bp̃T[rXɊւ\mFA ps ɂĂmF
  ݂ĉB|[g}bp̓T[rXvOIłT[rX|
  [g񍐂Ă܂̂ŁAȂ ps Ń`FbNĂ݂
  ꍇ܂B

  u[g̓x mountd  nfsd Nꍇɂ́A|[g}bp
  ̏ꍇƓ悤ɃVXe rc XNvgCKv܂B
  炭قƂǂ̏ꍇɂ́AȂ̃}VɊɃXNvg݂Ă
  Ǝv܂B̏ꍇ͕KvȕRgAEgāAKvȃf[
  K؂ȎsxŋN悤ɂ邾łB

  ǂłׂ man y[W portmapA mountdA nfsdAy exports 
  B

  āA܂Ŏ̌ĂƂׂĎsꂽA NFS NCA
  gN邽߂̏ƂɂȂ܂B

  4.  NFS NCAg̐ݒ

  ܂J[l NFS t@CVXe̋@\Kv܂B
  ɑgݍނAW[Ƃėpł悤ɂ邩ĂĉB
  ̓J[lRpCOɎw肵܂B܂xJ[l̃R
  pCƂ̂Ȃl kernel HOWTO Ȃǂǂł΂ĉ
  B܂ǂłzzpbP[WiRed Hat ȂǁjgĂāA܂
  J[l⃂W[ĂȂi܂䖳ɂĂȂ :-) 
  ȂA炭 NFS ͂łɗpł悤ɂȂĂł傤B

   root ̃vvgœK؂ mount R}hs΃t@CV
  Xe𗘗pł悤ɂȂ܂BȌ̗͂𑱂邱ƂɂāA
  eris  /mn/eris/local }Egꍇl܂B̏ꍇ͈ȉ
  悤ȃR}hɂȂ܂B

  ______________________________________________________________________
  mount -o rsize=1024,wsize=1024 eris:/mn/eris/local /mnt
  ______________________________________________________________________

  rsize  wsize IvVɂĂ͌Ő܂B̎_ /mnt 
  Ńt@CVXepł悤ɂȂĂ͂łB cd  ls 
  Aꂼ̃t@C邱Ƃł܂B̃t@CVXe̓
  [JȂ̂͒x܂񂪁Ał ftp ͂ƕ֗
  傤H

  }Eg܂sȂāA mount: eris:/mn/eris/local failed,
  reason give by server: Permission denied Ƃ悤ȃG[bZ[W
  oꍇɂ́AT[o exports t@CԈĂȂAC
  exportfs ̎ssmFĉB܂ mount clntudp_create:
  RPC: Program not registered ƂG[ꍇ́AT[o mountd
   nfsd sĂȂ̂łB

  t@CVXe؂藣ɂ͈ȉ̂悤ɂ܂B

  ______________________________________________________________________
  umount /mnt
  ______________________________________________________________________

  VXe̋N NFS t@CVXe}Eg邽߂ɂ́A
  /etc/fstab t@Cʏ̂悤ɕҏW܂BX̗ɏ]΁Aȉ
  悤ȍsKvɂȂ܂B

  ______________________________________________________________________
  # device      mountpoint     fs-type     options              dump fsckorder
  c
  eris:/mn/eris/local  /mnt    nfs        rsize=1024,wsize=1024 0    0
  c
  ______________________________________________________________________

  łقƂǏIłA̐ǂŉˁB

  4.1.  Mount options

  ɂꏏɂĂƗǂȃIvV܂B NFS T[o
  NbVƂlbg[NؒfꂽƂɃNCAgłǂ
  邩w肷̂łB̏ԂDɈƂł̂ NFS ̗
  Ƃ̈łBT[ȍQɓĂ͓̃[h܂B

     soft
        NFS NCAg NFS }Egꂽt@CVXeɃANZX
        ĂvZXɃG[ʒm܂B̃G[𐳂v
        O͂قƂǂ܂̂ŁA̐ݒ͂߂ł܂B

     hard
        NFS }Egꂽt@CVXẽt@CɃANZXĂ
        vO̓T[oNbVƒԂɂȂ܂B
        ̃vZX intr ꏏɎw肵ĂȂꍇ͒f邱Ƃ
        kill 邱ƂłȂȂ܂B NFS T[oƁAvO
        ͂ꂼꉽȂ̂悤ɍĊJ܂B炭炪
        ]܂ꍇł傤B͑SĂ NFS }Eg hard,intr
        p邱Ƃ߂܂B

  ȑO̗܂p邱Ƃɂ܂B fstab ̃Gg͈ȉ̂悤ɂȂ
  ܂B

  ______________________________________________________________________
  # device      mountpoint     fs-type    options                  dump fsckorder
  c
  eris:/mn/eris/local  /mnt    nfs        rsize=1024,wsize=1024,hard,intr 0 0
  c
  ______________________________________________________________________

  4.2.  NFS œK

  rsize  wsize ƂIvVȂꍇAʏ NFS  4096  8192
  oCgPʂɓǂݏs܂B Linux ̃J[lƃlbg[
  NJ[h̑gݍ킹ɂẮA̐ݒł͓ȂA邢͒x
  ȂĂ܂肷ꍇ܂Bł炱ł͎sāA
  ɂȂ悤 rsize  wsize 肷qׂ邱Ƃɂ܂B]
  x͊ȒPȃR}h̑gݍ킹Œׂ邱Ƃł܂Bقǎ
  mount R}hŏ݉\ɂfBXNɁAȉ̂悤ȃR}hp
  邱ƂŃV[PVȏ݂̐\eXg邱Ƃł܂B

  ______________________________________________________________________
  time dd if=/dev/zero of=/mnt/testfile bs=16k count=4096
  ______________________________________________________________________

  ̃R}hɂĒׂ 0 ̃oCgŖߐsꂽ 64Mb 
  t@Cł܂i炭ꂾ̃TCY΁AptH[}X
  ΂LbV̉ełł傤B񃁃ς
  łꍇɂ͂ƃt@C傫ĉjBxi5`10 񂭂
  jsĕώԂ߂ĉB̏ꍇł厖Ȃ̂ `elapsed' 
  邢 `wall clock' ŕ\鎞ԂłBɂ̃t@Cēǂݍ
  邱ƂŁAǂݍݐ\̃eXgs܂B

  ______________________________________________________________________
  time dd if=/mnt/testfile of=/dev/null bs=16k
  ______________________________________________________________________

  sĕς܂傤B̌ umount A rsize  wsize
  ɑ傫ȒlčĂ mount ĉBl 1024 ̔{ɂȂ悤
  A 16384 oCg͉zȂ悤ɂ܂傤i NFS o[W 2
  ̐łjB mount 炻̃t@CVXe cd œAt@C
  VXe̒邩΂炭ׂĂ݂ĉB rsize 
  wsize 傫߂ƁAȒ󂪌At@C̐M 100% ł
  Ȃ܂B悭ƂẮAuG[bZ[W͏oȂ̂ "ls" 
  ʂsSɂȂvuG[bZ[W͏oȂ̂Ƀt@C̓ǂݍ݂
  svȂǂ܂BāA^ rsize  wsize ŃVXe
  삵Ă邱Ƃ킩Axx̃eXgĂ݂܂傤B
  T[o OS ႤƍœKȃTCYقȂꍇłB SunOS 
  Solaris ̏ꍇ 4096 ɔׂĂƑ肷邻łB

  ŋ߂ Linux J[li1.3 ̂ǂꂩȍ~jł rsize }Ṽy[WT
  CYƓȏɂƐǂ݂s܂B Intel  CPU ł̓y[
  W̃TCY 4096 oCgłBǂ݂ NFS ̓ǂݍݑx͂
  łقǍ܂Bł Intel ̃}Vł́A\Ȃ
  rsize  4096 oCgɂƗǂł傤B񂠂܂ŉ\Ȃ΁A
  łB
  rsize  wsize 𔽉f邽߂ɂ /etc/fstab ̕ҏWKvɂȂ邱
  YȂB

  NFS ̏ݑxグZƂāAT[o݂̓֎~@
  ܂B NFS ̎dlɂƁAf[^s̃fBAiʂ
  fBXNjɏ܂܂ŁANFS ̏ݗv͏IꂽƂ͌Ȃ
  ܂B̎dl̂ߏݐ\ɐ܂B܂񓯊
  ݂ɂ NFS ̏ݑx㏸̂͂̂߂łB܂
  Linux  nfsd œ݂ꂽƂ͂܂BȂȂ
  Linux ̃t@CVXe̎ɂĂ͓݂dvĂ
  łB Linux ȊÕT[oł exports t@CɈȉ̂悤
  ȋLq邱ƂɂĐ\グ邱Ƃ\łB

  ______________________________________________________________________
  /dir    -async,access=linuxbox
  ______________________________________________________________________

  ͈قȂ邩܂̂ŁÃ}V exports  man y[WQ
  ƂĉBȂAɂăf[^댯͍܂邱Ƃ͒m
  ĉB

  5.  xCʂĂ NFS

  uxCvƂĂ̓f ISDNA邢͉ꂽRlNV
  ǂz肵Ă܂i肪Ȃ͍̂Ōł傤jB

  ̐߂̓vgR̒mɊÂ̂ŁAۂ͍̎sĂ܂B
  ̉Ƃ̃Rs[^ HDD ̃NbV̂ł̂Uԃ_E
  ܂܂Ȃ̂ŁA̓eeXg邽߂̃fȂ̂łB
  ̓eA񎄂܂łm点 :-)

  ܂oĂė~Ƃ́A NFS ͒xvgRłAƂ
  łB NFS ̓I[o[wbh傫̂łB NFS p̂̓t@C]
   kermit p悤Ȃ̂ŁAx̂łBقƂǂ̃vgR
  NFS 葬A FTP AHTTPA rcpA ssh SłB

  łĂ݂AłH킩܂B

  NFS ̃ftHg̃p[^́A]߂đCɌ
  ̂ɂȂĂ܂BftHg̃p[^̒xCɗp
  ƁAuNFS G[|[gvAuIy[VfvA
  ut@Cۂ菬ȂvȂǂȂǁAlXȕsvcȌۂɌ
  邱ƂɂȂ܂B

  ܂ŏɍśׂA}EgIvV soft ̎gp𒆎~邱Ƃ
  Bpƃ^CAEgA\tgEFAɃG[Ԃ
  BẴ\tgł͂̃G[𐳂悤ɂȂĂ܂B
  ꂪsvcȃG[̎ȗRłBɃ}EgIvVƂ
  hard pĉB hard LɂƁAɃgCJԂ
  ɂȂA\tgEFA̓slɏɒf肷邱ƂȂ
  ܂B̕ǂłB{łB

  ɂׂƂ́A}EgIvV timeo  retrans `[
  ƂłB nfs(5) ̃}jAy[WɋLqĂ܂A
  ɂRs[܂B

     timeo=n
        RPC ^CAEǧAŏ̍đs܂ł̎Ԃ 1/10 bPʂ
        w肷BftHg 7 i܂ 0.7 bjBŏ̃^CAEg
        ́A^CAEg̎Ԃ͔{XB̓^CAEgől
         60 bɂȂ邩A邢͍đ̉񐔂w肵l傫Ȃ
        ăW[^CAEgƂȂ܂őBW[^CAEgɂȂ
        ƁAt@CVXen[h}EgĂꍇɂ́AVȃ^
        CAEg񂪏l 2 {ɂčĂю݂i̓ł̓^
        CAEg͔{XjB^CAEg̍ől͏ 60 błBlb
        g[NGĂAT[oxAoHɕ̃[^܂̓Q
        [gEFCAȂǂ̏ꍇɂ͂̃^CAEg𑝂₷Ƃ
        đŜ̐\コ邱ƂłB

     retrans=n
        }Ci[^CAEgƍđ̍v̒l𒴂ƃW[^C
        AEgƂȂBftHg 3 BW[^CAEgN
        ƁAt@C͒f邩A邢 "server not responding"
        ̃bZ[WR\[ɕ\B

  Ƃ킩₷܂傤BԎ^CAEgł 0.7
  bi700msĵɕԂĂȂƁA NFS NCAg̓NGXgđ
  ă^CAEg{ 1.4 bɂ܂BɕԎ 1.4 bȓɕԂ
  Ȃꍇɂ́AēxNGXg𑗂A^CAEg{ 2.8 bɂ
  킯łB

  C̑x ping ő肷邱Ƃł܂BpPbg̃TCY
  rsize/wsize IvVŗ^lƓɂ܂B

  ______________________________________________________________________
  $ ping -s 8192 lugulbanda
  PING lugulbanda.uio.no (129.240.222.99): 8192 data bytes
  8200 bytes from 129.240.222.99: icmp_seq=0 ttl=64 time=15.2 ms
  8200 bytes from 129.240.222.99: icmp_seq=1 ttl=64 time=15.9 ms
  8200 bytes from 129.240.222.99: icmp_seq=2 ttl=64 time=14.9 ms
  8200 bytes from 129.240.222.99: icmp_seq=3 ttl=64 time=14.9 ms
  8200 bytes from 129.240.222.99: icmp_seq=4 ttl=64 time=15.0 ms

  --- lugulbanda.uio.no ping statistics ---
  5 packets transmitted, 5 packets received, 0% packet loss
  round-trip min/avg/max = 14.9/15.1/15.9 ms
  ______________________________________________________________________

  ł̎Ԃ ping ̃pPbg lugulbanda ܂ŉ鎞Ԃ𑪂Ă
  ܂B 15ms ͂߂čƌ܂B 28000 bps ̃Cł́A
  4000-5000ms x̒lƂȂł傤BCɑׂ̕Ă
  ꍇɂ͂̎Ԃ͂ɒȂA{ɂȂ邱Ƃ܂B
  ԂƂuxvƌĂ̂łBʓIɁApPbg
  傫ȂقǁA܂Cׂ̕Ȃقǉ͒xȂ܂B
  timeo Ȃ̃Cƕׂɂ킹đ傫ĉBC𑼂̗p
  rɎgĂꍇ͉̕xȂ邱ƂlĉBႦ
  FTP  NFS 𓯎Ɏg悤ȏꍇɂ́A FTP Ńt@C]s
  Ԃ ping ̎ԂvĂׂł傤B

  6.  ZLeB NFS

  fĂ܂A̓Rs[^ZLeB̐Ƃł͂܂B
  ZLeBɊւđ͖ɗAhoCX邱Ƃł
  v܂BłӂĉBɏĂ邱Ƃ NFS ̖
  ăXgAbv̂ł͂Ȃ̂łBɏĂ邱Ƃs
  ŁuSvƎv́AƂ񂾂lDƂ̂łBuK
  ^Ăԃc{vƂ𔄂Ȃ悤ɋCtǂł
  :-)B

  ȉ̂悤ȏ󋵂ȂȀ͂̓e͕Kv܂FȂ̃zXg
  Ă̂lbg[NŁAɂSẴ[U͐Mp
  AłȂl̓lbg[Ñ}VɃANZXłȂ悤ɂȂ
  ꍇłB܂lbg[Nɑ΂_CAAbvڑ͋֎~A
  lbg[Nɂւ̐ڑ֎~ĩlbg̃[USMłāAl
  ̃ZLeBmۂĂꍇ͕ʁjłBΎɉ߂Ǝv܂H
  SRȂƂ͂ȂłB̓ZLeBɊւ邲{Iȍl
  ɉ߂܂BɁAoĂĉAꂩqׂ邱Ƃ
  {IȂƂȂ̂łBSȃTCg\zɂ́AMSŒm[
  AݓIȃZLeB̖_ɊւŐV̓mĂ
  悤ȊǗ҂słB

  NFS ̊{IȖ_́AɎwȂ΃NCAgƃT[o
  MĂ܂Ƃɂ܂B͂܂킯ŁAႦ΃T[
  o root AJEgjꂽANCAg root AJEgj
  ̂ɊȒPɂȂĂ܂킯łit܂jB̖
  @͂AŐ\łB

  CERT ̃ZLeBɊւ銩ǂł悤ɂ܂傤B̕
  ̈ȉ̂قƂǂACERT eĂ܂BŐV̊̃
  Xg <ftp://ftp.cert.org/01-README> Ō邱Ƃł܂B NFS ֘A
  ̊ȉɂĂ܂B

  ______________________________________________________________________
  CA-91:21.SunOS.NFS.Jumbo.and.fsirand                            12/06/91
       Vulnerabilities concerning Sun Microsystems, Inc. (Sun) Network
       File System (NFS) and the fsirand program.  These vulnerabilities
       affect SunOS versions 4.1.1, 4.1, and 4.0.3 on all architectures.
       Patches are available for SunOS 4.1.1.  An initial patch for SunOS
       4.1 NFS is also available. Sun will be providing complete patches
       for SunOS 4.1 and SunOS 4.0.3 at a later date.

  CA-94:15.NFS.Vulnerabilities                                    12/19/94
       This advisory describes security measures to guard against several
       vulnerabilities in the Network File System (NFS). The advisory was
       prompted by an increase in root compromises by intruders using tools
       to exploit the vulnerabilities.

  CA-96.08.pcnfsd                                                 04/18/96
       This advisory describes a vulnerability in the pcnfsd program (also
       known as rpc.pcnfsd). A patch is included.
  ______________________________________________________________________

  6.1.  NCAg̃ZLeB

  NCAgł́AT[oMȂ悤ɐݒ肷邱Ƃ\ŁA
  ̓}Eg̃IvVŎw肵܂BႦ NFS t@CVXe
  ɂ suid ꂽvO𓮍삳Ȃ悤ɂɂ nosuid Iv
  Vg܂B͗ǂݒŁANFS }EgSẴfBXNɓ
  lׂƎv܂BpȂƁAT[o root [UN
  CAgł root DƂłĂ܂܂B suid vO
  T[õt@CVXeɍANCAgɈʃ[UŃOC
  Đقǂ suid vOs... 킩łˁH}Eg
  t@CVXẽt@C̎sׂċ֎~邱Ƃł܂B
  ɂ noexec IvVp܂BA͎ۂɂ nosuid ɔׂ
  ԕsւɂȂĂ܂ł傤Bǂȃt@CVXeɂsȂ
  ΂ȂȂXNvgvO̗ނ͓Ăł傤
  B̃IvV /etc/fstab ̃IvV̗ɁA rsize 
  wsize ȂǂƈꏏɃR}ŋ؂ċLq܂B

  6.2.  T[õZLeB: nfsd

  T[oł́ANCAg root AJEgMȂ悤ɐݒ肷
  Ƃł܂Bɂ exports ɋLqہA root_squash IvV
  p܂B

  ______________________________________________________________________
  /mn/eris/local apollon(rw,root_squash)
  ______________________________________________________________________

  ƁANCAg UID 0 ̃[Ut@CɃANZXiread,
  write, deletej悤ƂƁAT[o UID T[oɂ "nobody"
  AJEĝ̂ƒu܂B܂T[o root ɃANZX
  XĂt@Cɑ΂āANCAg root ANZXύX
  sƂłȂȂ̂łBǂݒŁA export SĂ
  t@CVXe root_squash pׂƎv܂BułNC
  Ag root [U `su' gđ̃[UɂȂāÃ[U
  t@CύXłႤȂłIvƌӌ邩܂
  B̒ʂAꂪ Unix  NFS ̗VȂ̂łB̈ӌɂ͏dvȑ
  ʂ܂BdvȃoCit@CȂǂ root ɂĕۗL
  ŁA bin Ȃǂ root ȊÕAJEgɂׂł͂܂BȂ
  ȂNCAg root [UANZXłȂ̂̓T[o root AJ
  Eg̃t@CłB nfsd  man y[Wɂ͑ɂނ
  ̔rIvVLqĂ܂Bp΁ADȁi邢
  ȁjNCAg[UMȂ悤ɐݒł܂B܂ UID 
  GID ͈̔͂ɂĔr@\ݒ肷邱ƂIvVŎwł܂B
    Linux  nfsd  man y[WɋLqĂ܂B

  root_squash ͎ Linux  NFSd ł̓ftHgɂȂĂ܂Bt@C
  VXeւ root ̃ANZXɂ no_root_squash w肵
  B

  dvȂƂ́A nfsd ɑ΂|[g̐ڑv`FbN
  Ă邩ǂmFĂƂłBNCAg̗v
  ǂȃ|[gł󂯓Ă܂ƁA NFS vgRbKȃv
  OpāAȂNCAg[Ũ[Uɐ肷
  ܂ƂłĂ܂܂î悤ȃvO̓C^[lbgŗe
  ɓł܂jB Linux  nfsd ̓ftHgł̃`FbN悤
  ɂȂĂ܂A OS ł͎蓮ł̃`FbNw肵Ȃ΂Ȃ
  ܂B̍Ƃ͂ OS  nfsd  man y[WɋLq
  ͂łB

  ŌɂBt@CVXe `localhost'  127.0.0.1 ɑ΂
  export Ă͂Ȃ܂B̓_ɊւĂ͎MpĉB

  6.3.  T[õZLeB: |[g}bp

  ̃|[g}bp nfsd ̑gݍ킹ɂ͐݌v̖肪A NFS T
  [õt@Cւ̃ANZXɉ\ɂȂĂ܂Ă܂BK
  ^ȂƂ Linux ̃|[g}bp͂̍Uɑ΂ĔrISɂȂĂ
  ܂B܂̃t@CpANZXXgݒ肷邱ƂɂāA
  ɈSɂł܂B

  ܂ /etc/hosts.deny ҏW܂Bȉ̍s݂܂B

  ______________________________________________________________________
  portmap: ALL
  ______________________________________________________________________

  Ƃǂ̃ANZX󂯕tȂȂ܂B͂Ƌɒ[
  ɂ̂ŁA/etc/hosts.allow ҏWă|[gĂъJ邱ƂɂȂ
  ܂B܂ǂ̃NCAgɊJ邩߂Kv܂B܂T[o
  ̃|[g}bpɃANZXKv̂}VXgAbv܂B
  Ɛݒ肳ꂽVXeł́A|[g}bp̂|[gɃANZX
  Kvȃ}VƂ͔̂ɏȂ͂łB|[g}bp nfsd 
  mountdA ypbind/ypservA pcnfsdA  ruptime  rusers Ȃǂ 'r'
  R}hQǗ܂B̂ nfsd  mountdA ypbind/ypserv 
  pcnfsd ݂̂̑ΏۂƂȂ̂łBzXg}ṼT[rXɃANZ
  XKvȃ}Vɂ͋^Ȃ΂Ȃ܂BႦ΃T[õAh
  X 129.240.223.254 ŁATulbg 129.240.223.0 ɂNCAgz
  XgɃANZX^Ƃ܂i networking HOWTO Ɠ
  BKv networking HOWTO xɍsāAȂ̔]
  tbVĉjB̏ꍇ hosts.allow Ɉȉ̂悤
  ɏ܂B

  ______________________________________________________________________
  portmap: 129.240.223.0/255.255.255.0
  ______________________________________________________________________

   route R}hŗplbg[NAhXy ifconfig ŗp
  Tulbg}XNƓłB̏ꍇ eth0 foCXɑ΂ ifconfig
  ̌ʂ͈ȉ̂悤ɂȂĂ͂łB

  ______________________________________________________________________
  c
  eth0      Link encap:10Mbps Ethernet  HWaddr 00:60:8C:96:D5:56
            inet addr:129.240.223.254  Bcast:129.240.223.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:360315 errors:0 dropped:0 overruns:0
            TX packets:179274 errors:0 dropped:0 overruns:0
            Interrupt:10 Base address:0x320
  c
  ______________________________________________________________________

  l netstat -rn Ƃƈȉ̂悤ɂȂ͂łB

  ______________________________________________________________________
  Kernel routing table
  Destination     Gateway         Genmask         Flags Metric Ref Use    Iface
  c
  129.240.223.0   0.0.0.0         255.255.255.0   U     0      0   174412 eth0
  c
  ______________________________________________________________________

  iŏ̗̓lbg[NAhXɂȂ܂j

  hosts.deny  hosts.allow t@CɊւĂ͓ man y[WɋLq
  ܂B

  : ҂̂Ƃł "man 5 hosts_access" łB

  dv: portmap ̍sɂ IP ԍȊÔ̂͏ȂŉBzXgl[
  ̖₢킹͊ԐړIɃ|[g}bpĂяoƂAƂ܂z
  Xgl[̖₢킹ă|[g}bpĂяozXgl[̖
  킹...

  ȏłȂ̃T[o͐肵͂łBćiA܂
  łjAMĂ}V root jꂽꍇi邢 MS-
  DOS u[gꂽꍇj炢łB̂Ƃ root 𗘗pƐM
  |[gʂđ̃[Uɐ肷܂悤ȗvoƂ\
  ȂĂ܂܂B

  6.4.  NFS ƃt@CAEH[

  [^t@CAEH[p NFS |[g}bp̃|[gǂ̂
  ɗǂlłB nfsd ͒ʏ|[g 2049  tcp/udp p܂B|
  [g}bp̓|[g 111  tcp/udpA mountd  745  747  tcp/udp 
  g܂B̃|[g rpcinfo -p Œׂ鎖ł܂B

  t NFS Ƀt@CAEH[zꍇ́Aŋ߂ nfsd  mountd
  ɂIvVgḗiWȁj|[gp悤ɂA
  |[gt@CAEH[ŊJΗǂł傤B

  6.5.  ܂Ƃ

  hosts.allow/denyA root_squashA nosuid  portmapper/nfs \tg̓
  |[g֘A̋@\p΁AݒmĂ|[g}bp NFS Ɋ֘A
  ̖邱ƂłAȂƂ͈S邱Ƃł
  B /home  /var/spool/mail  NFS }EgĂƁA
  ̃lbg[Nւ̐N҂ .forward ⃁[{bNX̃t@Cɓ
  ȃR}h𖄂ߍł܂Ƃł܂BRA PGP ̔閧
   NFS ANZXł悤ɂׂł͂܂B邢͏Ȃ
  댯mĂȂ΂Ȃ܂im킯łjB

  NFS ƃ|[g}bp͕GȃVXȇgݍ킹ȂĂ̂ŁA
  ɂ킽Ċ{݌vɃoOȂƂ͌܂B邢͌
  _ɂĂ݂ĂāANpĂ邩Ȃ̂łB
  ܂ꂪlƌ̂łB̂悤ɕɒxȂ߂ɂ́AȂ
  Ƃ comp.os.linux.announce  comp.security.announce Ȃǂɂ͖ڂʂ
  ĂKvł傤B

  7.  }Eg̃`FbNXg

  ̐߂ IBM Ђ́uNFS mount problem checklistvƂɂĂ܂B
  { HOWTO ֈp邱ƂĂꂽނɊӂ܂B NFS
  t@CVXe}Egۂɖ肪A|XgOɂ
  ̃XgQƂĉBeX̍ڂŏQ̗lqƏC@LqĂ
  ܂B

  1. t@CVXe export ĂȂB邢͖ƂȂĂN
     CAgɑ΂ export ĂȂB

     C: export B

  2. export Xg name resolution vȂB

     ܂A export Xgł johnmad  export 邱ƂɂȂĂ
     ɁA johnmad  johnmad.austin.ibm.com  resolve Ă
     A"permission is denied" ɂȂĂ܂ꍇȂǂłB

     C:̖O export B

     ɁANCAg 2 ̃C^[tF[XĂāAꂼ
     ɈႤOtĂ̂ɁAЕɂ export ĂȂAƂ
     ȂƂ肪łB

     C:̃C^[tF[X export B

     ܂T[oNCAg lookuphostbyname ܂ lookuphostbyaddr
     i̓Cu֐łjłȂꍇ邩܂BN
     CAgɑ΂ host <name>  host <ip_addr> sƂłA
     ҂}VƂmFĉB

     C:name resolution Ɛݒ肷B

  3. NFS X^[gŁAT[õt@CVXe}EgꂽB
     ̂悤ȏꍇɂ́AT[o̓}Eg|CgȉɉBꂽ
     export Ă܂A}Egꂽt@CVXe export ܂
     B

     C: NFSd Vbg_EčċNB

     : }Eg|Cgȉ̉Bꂽ}EgĂ܂NC
     AǵAT[õX^[gɃANZXłȂȂ܂B

  4. tT[oNCAgA邢̗͂ő傫ĂB
     ̂悤ȏꍇɂ́Amake ߂ႭɂȂ܂B

     C: t𐳂ZbgB

     M҂͓t̓ NTP p邱ƂE߂܂B NTP ɂ͕čɂ
     ėAoK̂ŁAdebian  redhatA slackware p NTP 
     <ftp://ftp.hacktic.nl/pub/replay/pub/linux/>܂͂̃~[
     肷Kv܂B

  5. 8 ȏ̃O[vɑĂ郆[Ũ}Egv󂯕t
     B

     C: ̃[ȔO[v炷Ã[UŃ}E
     gB

  8.  FAQ

  FAQ ZNVłB̐߂ Alan Cox  NFS FAQ ƂɂĂ܂B

  1. Linux  nfs T[oɂ 'stale nfs handle' ƂG[p
     ܂B

     ͌Âł nfsd ɂoOłB nfs-server2.2beta16 ȍ~
     ł͏CĂ܂B

  2. t@CVXe}Eg悤ƂƁAȉ̂悤ȃbZ[W
     oĂ܂܂B

       can't register with portmap: system error on send

  Caldera ̃VXegł͂܂񂩁H̃VXeɂ rc XN
  vgɃoO܂B Caldera ɘAďCłɓĉB

  3. NFS T[oɃRs[vOsłȂłH

     ̗RŁA nfsd  open t@CnhLbV邩
     łinfsd [ÜŎsĂ邱ƂvoĉjB
     nfsd t@CI[vĂԁi܂肻̃t@Cɏ݂
     sjɂ́AJ[l͂̃t@CɎs^܂B 95
     N̏tȍ~ nfsd ł́Ãt@Cnh̃[X͐bŏI
     ܂AÂ̂ł͐LbV܂܂̂Ƃ܂B

  4. NFS t@CS[hI[Ȃ̂łB

     Linux  NFS T[o̓ftHgł̓[hI[łB exports 
     nfsd  man y[WǂŉB/etc/exports CKv
     ł傤B

  5. Linux  NFS T[o}EgƂA΂炭oƓǂݏ
     ȂȂꍇ܂B

     Âo[Wł rsize=1024,wsize=1024 ă}EgKv
     ܂B

  6. ubNTCY 3500  4000 ̊Ԃɂă}EgƁA Linux z
     XgNbV邱Ƃ܂B

     ͈͈̔ȊÕubNTCYgĉB

  7. Linux ł TCP p NFS ͉\łH

     ̂Ƃł܂B

  8. Linux }V NFS }Eg悤ƂƕsvcȃG[
     ܂ɕ\܂B

     NFS g[ȔO[v 8 ȓɎ܂Ă邱Ƃm
     FĉBÂT[oł͂̏KvȂƂ܂B

  9. NCAg}Vu[gƂAnO NFS T[o
     umount ƃNCAgnOĂ܂Ƃ܂B

     u[g~Ƃɂ NFS T[o umount APɖĉ
     B umount ȂΉNƂ͂܂BR}h
      umount -avt nonfs ƂȂ܂B

  10.
     Linux  NFS NCAg Sun  BSD ̃VXeɏނƔ
     ɒx̂łB

     NFS ݂̏͒ʏ퓯Iɍs܂if[^댯C
     ɂȂ΂𖳌ɂ邱Ƃł܂jBƂɁABSD 
     RJ[lɂẮAȃubNɂĂꂪ܂@\
     Ȃꍇ̂łBႦ Linux  4K ̃f[^ 1K ̃pPb
     gɕďƂƁA BSD ͈ȉ̂悤ȓs܂B

               read 4K page
               alter 1K
               write 4K back to physical disk
               read 4K page
               alter 1K
               write 4K page back to physical disk
               etc..

  9.  t@CVXe export

  NFS Ńt@CVXe export ́AvbgtH[قȂ
  ƕKƂ͌܂Bł Linux  Slaris 2 Ԃ͂
  łB̐߂ł͑̃VXeɂ export ̕@ȒPɃXg
  Ǝv܂Bg̃VXe̒ɓĂȂꍇɂ́Ag
  Ă OS  man y[WĉBL[[hƂẮA nfsdA
  system administration toolArc scriptsA boot scriptsA boot
  sequenceA /etc/exportsA exportfs ȂǂgƗǂł傤B̐߂
  ́u/mn/eris/local  apollon  read/write \Ȃ悤 export v
  ɂĎƂɂ܂B

  9.1.  IRIX, HP-UX, Digital-UNIX, Ultrix, SunOS 4 (Solaris 1), AIX

   OS ł͓`I Sun  export tH[}bgpĂ܂B
  /etc/exports Ɉȉ̂悤ɏĉB

  ______________________________________________________________________
  /mn/eris/local -rw=apollon
  ______________________________________________________________________

  ڍׂȉ exports  man y[Wɂ܂Bt@CҏW
  exportfs -av săt@CVXe export ĉB

  exportfs R}h̕@ɑ΂錵i̓VXeɂĕς܂B OS
  ɂĂ͐قǓ͂s

  ______________________________________________________________________
  /mn/eris/local apollon
  ______________________________________________________________________

  ŗǂƂ܂Aȉ̂悤ɏȗł邱Ƃ܂B

  ______________________________________________________________________
  /mn/eris/local rw=apollon
  ______________________________________________________________________

  A͐ȏ邱Ƃ߂܂B̃o[W exportfs
  }ɕ@ɌȂ΁AˑRĂ̑SĂ~܂Ă܂댯
  ̂łB

  9.2.  Solaris 2

  Sun  Solaris 2 JƂɁAԗւSɍŏĊJ悤
  łˁB]Ă͑ OS Ƃ͊SɈقȂĂ܂B Solaris 2 ł
  ҏWt@C /etc/dfs/dfstab ɂȂĂ܂B share R}
  h share(1M)  man y[WɏĂ悤ɋLq܂Bȉɗ
  ܂B

  ______________________________________________________________________
  share -o rw=apollon -d "Eris Local" /mn/eris/local
  ______________________________________________________________________

  ҏWIAvO shareall săt@CVXe
  export ܂B

  10.  PC-NFS

  PC-NFS g킸 samba g܂傤B

  ߂ȂA PC NFS ɂ͂܂݂ȂłBɘA
  ΁A̓eɎ荞݂ƎvĂ܂B

