Previous | Next

Section 13 MORE NETWORKING

Objectives

This section aims to extend your knowledge of networking in the UNIX environment. It will examine the following topics

the Berkeley r commands including rcp, rsh, rlogin,
the concepts of host and account equivalence and the security implications of using the Berkeley r commands,
setting up and using the network file system (NFS) to share directories and files transparently between machines,
the process of adding a host to an existing network, and
a variety of commands and tips for debugging a network.

Introduction

The major aims of implementing a network are

to allow communication between users and hosts, and
to allow the sharing of computing resources such as printers and disk drives.

This section will introduce you to some of the commands and software protocols that enable a UNIX machine to fulfil these aims. In addition it will examine how you add a machine to an existing network and some of the tools that can be used to diagnose problems and observe the state of a network.

This section and the last section combine to provide an introduction to the topic of networking under the UNIX operating system. The entire area is much more complex and deserves a subject in its own right.

The Berkeley `r` Commands

A user with accounts on two or more machines would like to be able to move quickly between the two different accounts and maybe share files between the two accounts. The sort of operations a user might like to perform include

logging in without a password to an account as long as they are coming from their other account,
being able to execute a command on the other machine without having to log into that machine, and
being able to copy files from an account on one machine to the other.

Table 13.1 lists some of the Berkeley r commands that are supplied with most versions of the UNIX operating system.

	Command	Purpose

	rsh	remote shell, used to execute commands on a remote
		  machine without logging in
	rlogin	remote login, logs into a remote machine, if set up
		  properly no password will be asked for
	rcp	remote copy, copy a file from a remote machine to the
		  local machine

		Table 13.1. Some of the Berkeley r Commands.

On some systems rsh is a restricted shell. It acts like a normal shell except it only allows users to execute a limited set of commands. It is not very secure!

By default executing these commands will require the password of the remote account to be entered. If set up correctly the password would not be necessary.

For example:

	perform an ls on the remote machine aldur
	bash$ rsh aldur ls
	Password:

	Mail		core	   	masters.tar.z	
	rcos.uu		telnet.doc	Masters        
	dead.letter	mbox		research

However if the two level equivalence system that these commands use is satisfied then no password will be requested. The two levels of equivalence used are

host level equivalence
One machine is considered equivalent to another.
account level equivalence
Accounts on different machines are considered equivalent if they have the same username (and host level equivalence is enforced) or if a particular configuration file is set up.

Host level equivalence is checked first, if this check fails then a password will be required. If the check for host equivalence succeeds then account level equivalence is checked. If account level equivalence fails then a password is requested.

NOTE: This is not always the case. Some systems do not require host level equivalence before checking account level equivalence.

Host Level Equivalence

Given two machines, jasper and aldur, aldur will consider jasper an equivalent host if jasper is included in aldur's /etc/hosts.equiv file. This host level equivalence means that users with accounts on both jasper and aldur with the same usernames may use the r commands to connect from jasper to aldur without being asked for passwords.

Host and account equivalence are one way. In the above jasper is an equivalent host to aldur but not the other way around.

hosts.equiv file is a text file containing lines of the following format

		host_name [user_name]

For example:

	A machine pol might have the following /etc/hosts.equiv file
			aldur
			jasper david
	It specifies that all users on the machine aldur, and the
	user david from jasper are allowed to use the r commands
	to connect to pol without specifying passwords.

Account Equivalence

Host equivalence will only work when the usernames on the two different systems are the same. Account level equivalence allows you to specify that accounts, with different usernames are equivalent. Cases where you may wish to use this include

users having different usernames on different machines, or
For example, a user might have the username jonesd on the machine jasper and the username david on the machine aldur. To login from jasper to aldur the user would type rlogin -l david aldur. However without account level equivalence, users would always have to enter the password.
a user may wish a different user on a remote machine to have access to his or her account.
The users may belong to the same project and have to share files.

Account level equivalence is achieved by the file $HOME/.rhosts (a file .rhosts in the home directory of the individual user). The .rhosts file is a text file containing lines of the following format

		hostname [username_list]

If a username and host is listed in the .rhosts file it means that the specified account is equivalent to this one and may use the r commands without a password.

Using Host and Account Equivalence

Allowing the ability to switch between machines without entering passwords is a security hole that has been used before for nefarious purposes. Account and host equivalence were one of the security holes used by the Internet worm which brought down most of the American machines connected to the Internet.

If host and account level equivalence are allowed the following guidelines should be followed

make the access as fine grain as possible, and
never allow network workstations to be equivalent hosts to a file server.

Workstations (including PCs) are inherently vulnerable. Having insecure machines as equivalent hosts for a network file server is asking for trouble. Having the network file server as an equivalent host for the workstations is common place.

Exercise 13-1. Set a local machine up so that you have host and account equivalence between accounts on two machines.

Exercise 13-2. Having set up equivalence use the rsh command to perform the following tasks.

a) obtain a directory listing of the /etc directory
b) create a file passwd in the home directory of the local machine that contains the /etc/passwd of the remote machine (use rsh not rcp)
c) create a file listing on the remote machine that contains a directory listing of the home directory on the local machine
d) create a file directory.tar on the local machine that is a tar file that contains an archive of your entire home directory on the remote machine.

d) is a method that is sometimes used to implement backups across a network.

Network File System

A major aim (if not the major aim) of all operating systems is to make tasks as simple as possible for the user. The Berkeley r commands provide a bare bones approach to allowing the sharing of information between machines. The increasing importance and level of networking means that there are more users on networks and they all want a much simpler, if not transparent, mechanism for sharing files between machines.

The Network File System (NFS) was developed by Sun Microsystems, a manufacturer of UNIX machines. The specification for NFS was placed in the public domain and is now implemented on every version of UNIX currently available and implementations also exist on other platforms including MS-DOS and OS/2.

NFS runs on top of TCP/IP and is basically a new file system much like the ext2 and msdos file systems discussed in Section 7. It provides the ability to connect directories from remote machines into the local machine's normal file system. This means that users may manipulate the remote files and directories using the same commands they use on local files and directories.

In Diagram 13.1 NFS provides the jonesd and balsys directories that are located on another machine somewhere on the network. NFS allows the user to perform commands like ls /home/jonesd to obtain a directory listing of the jonesd directory.

Diagram 13.1. UNIX File system Using NFS.

Before using NFS the

NFS daemons need to be running, and
For NFS to work there are a number of daemons that must be running so that NFS requests can be satisfied.
the appropriate configuration files must specify the directories to import or export.

In the following discussion a client machine is a machine that imports (connects to) NFS partitions from other machines. The machine that exports the NFS partitions is referred to as a server machine. One machine can import and export NFS partitions at the same time.

NFS Daemons

For NFS to work there must be a number of daemons running. The daemons required by clients (machines importing directories via NFS) differ to those required by servers (machines exporting directories via NFS). It is possible for a machine to be both server and client.

The daemons and their purpose are summarised in Table 13.2 for servers and in Table 13.3 for clients.

The NFS daemons are started in the system startup scripts. The exact format of the startup scripts (as discussed in Section 9) will differ from system to system. Included below is an example from a server machine's startup scripts.

	Daemon		Purpose

	nfsd		handles NFS requests and executes them on the server,
			  a server will typically run multiple nfsd daemons
	mountd		handles the mount requests
	portmap		performs the translation from RPCs to ports
	biod		the block I/O daemon, typically multiple copies are
			  running
	rpc.statd	the network status daemon, notifies lockd if network
			  goes down
	rpc.lockd	handles file locking and lock recovery

		Table 13.2. NFS Server Daemons.


	Daemon		Purpose

	portmap		performs the translation from remote procedure calls
			  to ports
	biod		the block I/O daemon, typically multiple copies are
			  running
	rpc.statd	the network status daemon, notifies lockd if network
			  goes down
	rpc.lockd	handles file locking and lock recovery

		Table 13.3. NFS Client Daemons.

For example:

	if [ -f /etc/exports ] # does /etc/exports exist?
	then
		exportfs -a
		nfsd 8
		echo -n ' nfsd'
		rpc.mountd -n
	fi

Exporting NFS File systems

/etc/exports is the configuration file used to specify which file systems are available for export via NFS when the system commences. On many systems (like the one the above script was taken from) the NFS server system will not be initialised unless the /etc/exports file exists.

The /etc/exports file is a text file containing lines of the following format

	directory export_options

directory is the full path name of the directory that is to be exported. The choice of directory must follow these rules

any part of a file system may be exported,
NFS allows you to export a whole file system or a part of a file system.
a sub-directory of an exported file system can itself be exported only if it is on a different physical device,
a parent directory of an exported file system can only be exported it it is on a different physical device, and
the exported directory must be local.
You cannot export via NFS a directory you have imported via NFS.

export_options is a list of options taken from the list of options that NFS recognises. Table 13.4 lists some of these options.

	NFS Option	  Purpose

	rw=host:host	  specify which hosts can read/write to the
			    exported directory
	ro		  specify that the directory can only be mounted
			    read only
	access=host:host  only allow specified hosts to have access
	anon=uid	  map anonymous or unknown users to the specified uid
	secure		  clients must use secure RPC to access the file system
	root=host	  grant superuser access to the specified hosts

		Table 13.4. Export Options for NFS.

For example:

	An example /etc/exports file might be
	/home		-rw=bertha:pol
	/usr/local	-ro,access=bertha:pol:jasper:aldur
	This file specifies that the /home directory is exported for the hosts bertha and pol and they can read and write to that directory.
	/usr/local is exported read only to the hosts specified.

Exercise 13.3. The machine aldur has the following directory hierarchy

and the following /etc/fstab file

	/dev/hda1	/		 ext2	defaults
	/dev/hda2	/usr		 ext2	defaults
 	/dev/hdb1	/usr/local	 ext2	defaults

Indicate whether the following /etc/exports files contain valid or invalid entries. If they are invalid, why?

	a)	/usr		/usr/users
	b)	/usr		/usr/local

Importing NFS File Systems

There are two methods that can be used to import file systems from other hosts

modify the /etc/fstab or /etc/vfstab file, or
As mentioned in Section 7 these files control which file systems are automatically mounted when the system is booted.
use the mount command.
The mount command can be used to independently mount file systems without rebooting the system.

Section 7 contains coverage of the format and purpose of /etc/fstab or /etc/vfstab files. When mounting NFS directories

the file system type is nfs, and
the device to mount is a combination of the hostname and directory name of the server system.

If it was required to mount the directory /home/slackware from the machine pol the entry for the fstab file might look like this pol:/home/slackware (or on some systems /home/slackware@pol).

For example:

	An example /etc/fstab file might be
	/dev/hda1		/			ext2
	/dev/hda2		/usr/local		ext2
	/dev/hdb1		/dosc			msdos
	pol:/home/slackware	/usr/local/slackware	nfs

For example:

	The command to mount the directory /home/slackware from the host pol is
	mount -t nfs pol:/home/slackware /mnt

NOTE: The actual format of these commands and files will differ slightly between different implementations.

Exercise 13-4. Determine the locations of the files for the various NFS daemons listed in Tables 13.2 and 13.3.

Exercise 13-5. Determine where these daemons are started (if they are).

Exercise 13-6. Determine whether your machine is set up as an NFS client or server (or not at all).

Exercise 13-7. On your local site set up two machines as NFS server and client and using NFS share a particular directory between the two. Experiment with the options listed in Table 13.4.

Other Useful Commands

Part of Systems Administration is discovering and using useful tools and commands. This section will mention some of the more useful network related commands. Table 13.5 summarises the commands covered.

	Command		Purpose

	traceroute	to discover the route used by information flowing
			  over the network between two hosts
	nslookup	used to query nameservers to obtain IP addresses
			  and other information about hosts

		Table 13.5. Useful Network Commands.

`traceroute`

For some reason or another, users on one machine cannot connect to another machine or if they can any information transfer between the two machines is either slow or plagued by errors. What do you do?

Remember it is not only the machines at the two ends you have to check. If the two machines are on different networks the information will flow through a number of gateways and routers. It might be one of the gateway machines that is causing the problem.

The traceroute command provides a way of discovering the path taken by information as it goes from one machine to another and the problems that may occur. On the Internet that path may not always be the same.

For example:

	The following are the results of a number of executions of traceroute 
from the machine aldur (138.77.36.29).  Refer back to Diagram 12.3 knuth is 
on the same network so no gateway was used

bash$ traceroute knuth
traceroute to knuth.cqu.edu.au (138.77.36.20), 30 hops max, 40 byte packets
 1  knuth.cqu.EDU.AU (138.77.36.20)  2 ms  2 ms  2 ms

	a host one network away
bash$ traceroute jasper
traceroute to jasper.cqu.edu.au (138.77.1.1), 30 hops max, 40 byte packets
 1  centaurus.cqu.EDU.AU (138.77.36.1)  1 ms  1 ms  1 ms
 2  jasper.cqu.EDU.AU (138.77.1.1)  2 ms  1 ms  1 ms

	a machine still on the CQU site but a little further away
bash$ traceroute jade
traceroute to jade.cqu.edu.au (138.77.7.2), 30 hops max, 40 byte packets
 1  centaurus.cqu.EDU.AU (138.77.36.1)  1 ms  1 ms  1 ms
 2  hercules.cqu.EDU.AU (138.77.5.3)  4 ms  2 ms  12 ms
 3  jade.cqu.EDU.AU (138.77.7.2)  3 ms  13 ms  3 ms

	A host still in Australia (but a long way from CQU)
bash$ traceroute archie.au
traceroute to archie.au (139.130.23.2), 30 hops max, 40 byte packets
 1  centaurus.cqu.EDU.AU (138.77.36.1)  1 ms  1 ms  1 ms
 2  tucana.cqu.EDU.AU (138.77.5.27)  2 ms  2 ms  2 ms
 3  138.77.32.10 (138.77.32.10)  5 ms  5 ms  5 ms
 4  qld.gw.au (139.130.60.1)  21 ms  13 ms  51 ms
 5  national.gw.au (139.130.48.1)  35 ms  36 ms  40 ms
 6  plaza.aarnet.edu.au (139.130.23.2)  38 ms  35 ms  68 ms

	A host in the Eastern United States
bash$ traceroute sunsite.unc.edu
traceroute to knuth.cqu.edu.au (139.130.23.2), 30 hops max, 40 byte packets
 1  centaurus.cqu.EDU.AU (138.77.36.1)  1 ms  1 ms  1 ms
 2  tucana.cqu.EDU.AU (138.77.5.27)  2 ms  2 ms  3 ms
 3  138.77.32.10 (138.77.32.10)  5 ms  5 ms  5 ms
 4  qld.gw.au (139.130.60.1)  13 ms  20 ms  13 ms
 5  national.gw.au (139.130.48.1)  51 ms  36 ms  36 ms
 6  usa.gw.au (139.130.29.5)  37 ms  36 ms  38 ms  NOTICE THE TIME TO CROSS 
 7  usa-au.gw.au (203.62.255.1)  233 ms  252 ms  264 ms  THE PACIFIC
 8  * * t3-0.enss144.t3.nsf.net (192.203.230.253)  224 ms
 9  140.222.8.4 (140.222.8.4)  226 ms  236 ms  258 ms
10  t3-3.cnss25.Chicago.t3.ans.net (140.222.25.4)  272 ms  293 ms  266 ms
11  t3-0.cnss40.Cleveland.t3.ans.net (140.222.40.1)  328 ms  270 ms  300 ms
12  t3-1.cnss48.Hartford.t3.ans.net (140.222.48.2)  325 ms  355 ms  289 ms
13  t3-2.cnss32.New-York.t3.ans.net (140.222.32.3)  284 ms  319 ms  347 ms
14  t3-1.cnss56.Washington-DC.t3.ans.net (140.222.56.2) 352 ms 299 ms 305 ms
15  t3-1.cnss72.Greensboro.t3.ans.net (140.222.72.2)  319 ms  344 ms  310 ms
16  mf-0.cnss75.Greensboro.t3.ans.net (140.222.72.195)  343 ms  320 ms *
17  cnss76.Greensboro.t3.ans.net (192.103.68.6)  338 ms  319 ms  355 ms
18  192.103.68.50 (192.103.68.50)  338 ms  330 ms  330 ms
19  rtp5-gw.ncren.net (128.109.135.254)  357 ms  361 ms *
20  * rtp2-gw.ncren.net (128.109.70.253)  359 ms  334 ms
21  128.109.13.2 (128.109.13.2)  374 ms  411 ms  451 ms
22  * calypso-2.oit.unc.edu (198.86.40.81)  418 ms  415 ms

Exercise 13-8. For those of you connected to the Internet use the traceroute command to obtain the route between your machine and a machine in another country. Perform the same command twice. Each time send the output to a file. Compare the results.

`nslookup`

There are a number of times when the DNS may not work. In these situations the command nslookup can be used to interactively ask questions of Domain Nameservers. When started the command automatically connects to the server listed in your machine's /etc/resolv.conf file and displays a prompt. At this prompt you can issue various commands recognised by nslookup (some of the commands are explained in Table 13.6).

	Command			Purpose

	ls [-ah] [domain]	list information available for the current
				  domain, -a lists host aliases, -t lists
				  CPU and operating system information
				  (output can be redirected to a file using >)
	set keyword [ = value ]	change a variety of state information that
				  affects how lookups are done
	host			display information about host
	server host		change the server to query to host
	root			change the default server to the root server
				  for the entire Internet, the machine,
				  ns.nic.ddn.mil

		Table 13.6. Commands recognised by nslookup.

For example:

	bash$  nslookup
	Default Server: jasper.cqu.EDU.AU
	Address:  138.77.1.1

   	> ls cqu.edu.au
		all the machines this server knows about appear

Exercise 13-9. Using nslookup answer the following

a) What aliases are defined for your site?
b) How many machines does the nameserver recognise?
c) What is the real name of the machine www.cc.uq.oz.au?

The nameserver for the domain cc.uq.oz.au is the host cuscus (or at least it was at the time of writing).

Adding a Host

We have examined some of the concepts involved in networking, some of the commands that can be used and some of the services available. The next section lists the steps to take to add a new host to an existing network. The process of setting up a new network is beyond the scope of this text.

The process can be divided into the following steps

install the network hardware and reconfigure the kernel,
obtain the necessary information such as IP address, host name etc,
modify the various configuration files to reflect this information,
modify the startup and configuration files to correctly commence the network services required,
notify the outside world that the machine is connected, and
test the network connection.

Pre-Requisite Information

Before connecting the machine to the network you will require the following information

IP address
As mentioned in the last section every host must have a unique address. This will have to be assigned by the person in charge of the network.
hostname and domain name
Every machine must have a unique (within the domain at least) host name. Depending on your site either you will decide the hostname or you will have one assigned to your machine.
IP address and hostname of your gateway
When setting up your machine you will have to inform it which machine to use as a gateway host.
IP address and hostname of your nameserver
You will have to have a nameserver to take part in the DNS.
Network address
Used as part of the configuration of the hardware.
Broadcast address

Configuration Files

Most of the information from the previous section will have to be entered into network configuration files for the machine to be properly configured. Table 13.7 summarises the information and the configuration file in which it belongs.

There are a number of commands that may also make use of the above information and should be included in the startup scripts. Table 13.8 summarises these commands.

ifconfig is used to set up the software side of network interfaces so that they properly represent the systems values.

For example:

	An example ifconfig command is
	/sbin/ifconfig eth0 138.77.37.28 broadcast 138.77.37.255 \
		netmask 255.255.255.0


	Information				Configuration File

	IP address and hostname			/etc/hosts
	hostname				used by the hostname command
						  in the startup files
	Domain name				/etc/resolv.conf
	IP address and hostname of gateway	/etc/gateways
	IP address and hostname of nameserver	/etc/resolv.conf
	network address				used in startup files and
						  in/etc/networks
	broadcast address			used in startup files

		Table 13.7. Configuration Files for Networking.


	Command		Purpose

	ifconfig	performs configuration so software will recognise
			  each network card
	hostname	initialises the hostname of your machine

		Table 13.8. Startup Commands for Network Configuration.

Network Hardware and the Kernel

Before any new hardware will be recognised by the UNIX operating system the operating system must have a device driver for that device. Network hardware is no different. Before you can connect to a network the kernel for your machine must contain a device driver for the type of network hardware you are going to use.

Installing a new device driver will differ between versions of the UNIX operating system and is covered in a later section.

Startup Files and Network Services

The system startup files will have to be modified to

set up and configure the networking hardware
set up and configure the networking software
start the various required network services.

Notify the Outside World

Once the previous steps have been followed you should be able to talk to other machines on the network. However they will probably not be able to talk to you as your hostname will not yet have been added to the local nameserver.

Now you should notify those in charge of the local nameserver (possibly yourself) that your machine is up and talking to the network. They will then add your machine's host and IP address to the local nameserver that will allow other machines to connect to your machine.

Testing the Connection

As a last step you should carry out tests to see that everything works. A suggested order for tests is

start by pinging a remote host
telnet to a remote host
from a remote host ping your new host
ftp some files to and from your host
attempt to send electronic mail to and from your host

When testing using a remote host do not limit yourself to a host that is on the same network as the machine you have just added. Test with machines that are on different networks.

Conclusion

In this section you have been introduced to

the Berkeley r commands
Sun's Network File system
the commands traceroute and nslookup, and
the process for adding a host to an existing network

Over the last two sections you have received a gentle introduction to UNIX networking. There is a great deal more to learn and experience in this field.

Revision Questions

13.1. Table 13.e1 lists the UNIX machines and their purposes at your new workplace.

		Host	Purpose

		gandalf	system administrator's machine
		bilbo	used by software development team
		frodo	used by administration

		Table 13. e1.

Table 13.e2 lists the more important users on each system, their accounts and requirements.

	User		Position		Host	Username for equivalent
							  account
	yourself	System Administrator	gandalf, bilbo, frodo	your username
						gandalf	root
						bilbo	root
						frodo	root
	Arnold Pane	Managing Director	frodo	arnold
						bilbo	panea
	Andrew Hacker	software engineer	bilbo	andrew
	Jim Tidey	operator	gandalf	tideyj
	bilbo	backup
	frodo	backup

		Table 13. e2.

(a) List the full paths, host and contents of all the files that need to be created to allow each user to use the remote commands (rlogin, rsh, rcp etc) between all of their accounts.
(b) Why might this not be a good idea?

Previous | Next

David Jones (author)
Chris Hanson (html 09/09/96)