CS 480 M01 Lecture Notes 19 - Nov 9, 2022

21: Network File System (NFS)

Goal: "to grant shared access to files and directories that are stored on the disks of remote systems"
• applications need to use the same system calls to open/read/write files as if it was on a local system
• conflicts related to parallel acees need to be resolved (two network clients may be trying to modify the same file at the same time)
• state issue (stateful x stateless)
• performance concerns due to network
• security (authentication, privacy, integrity, ...)
• Sharing file systems among computers / joining them on separate computers into one whole:
  
  picture from Tannenbaum: Modern Operating Systems, 4th Ed, Prentice Hall, 0-13-60066309
• Introduced in 1984 by Sun Microsystems as a FS for diskless clients
• NFS protocol - open standard: RFC 1094, 1813 (v3), 7530(v4) plus 7931, 8587, 8881, 8267, 8178, ...
• Supports heterogeneous systems (client and server running possibly different OS and on different architetures) through RPC (Remote Procedure Calls) and XDR (External Data Representation) : data converted from local representation to XDR to local representation on the remote host
• 2 client-server protocols
  • mounting resulting in a file handle (cookie) returned to client which contains fields uniquely identifying
    • the file system system,
    • the disk,
    • the i-node of the exported directory,
    • security info
  • protocol for file (and directory) access ( read , write, ...)
• Implementation:
  Parts of both server and client are implemented in kernel (no need to configure).
  Top layer - System call layer - handles calls like open, read, write, close
  VFS (Virtual File System) and v-nodes (either i-node or r-node = remote i-node) for every open file
  
  
  
  picture from Tannenbaum: Modern Operating Systems, 4th Ed, Prentice Hall, 0-13-60066309
• Stateful X Stateless
  • Stateful
    server keeps track of open files accross the network => complex
    after a server crash , the server negotiates with clients to reconcile the state of the connection
    clients can maintain more control
  • Stateless
    each request is independent of other requests
    nothing lost if server or client crashes
    BUT server cannot manage concurency
• performace issues: network (latency, bandwidth, reliability) may result in slow or eratic beaviour. Dealt with caching, read-aheads, updates in batches, ..
• version 2 - write op. problems (server must commit writes to disk before replying)
• version 3 - fixes writes bottleneck (coherency scheme that allows asynchronous writes) and other preformance problems
• version 4 - many enhancements:
  • firewall compatibility
  • lock and mount protocols integrated
  • stateful operation
  • strong integrated security
  • replication and migration support
  • unix as well as windows clients
  • ACLs
  • Unicode names
  • good performance even on a low-bandwidth connections
• transport - both UDP (original in v. 2 - best performance on LAN) or TCP ( adding congenstion control - optional in v 3. exclusively in v. 4),
  NFS runs on top of Sun's RPC (and XDR - eXternal Data Representation - layer 6 - Presentation in the OSI model)
  NFS does packet reassembly and error checking, but doesn't do congestion control (must have for good performance on a large IP network) => TCP
• File locking - NFS stateless (v 2 & 3) => no locking by default ,
  locking (flock, lockf, and fcntl system calls) done separately from NFS by lockd and statd
  Part of the core (stateful) protocol in version 4
• Disk quotas - rquotad
• Cookies and Stateless Mounting (not in v 4)
  cookie disclosed at the end of successfull mount , persists over reboots - crashes return to the previous state (unless FS modified through fsck, ... - clients may have to reboot in such a case)
• Security
  up to version 3 inclusive the NFS is an example of everything that has been wrong with unix/linux and security - essentially no concerns when designed ...
  semifixes through /etc/exports, + portmap / rpcbind restrictions through /etc/hosts.deny, /etc/hosts.allow
  and firewalls
  

  All versions : NFS intended to be security mechanism independent and most servers support multiple "authentication flavors"

  • AUTH_NONE
  • AUTH_SYS - UNIX-style user and group access control (! client v. server UIDs)
    • traditionally used by most sites
    • NFS server trusts clients to tell it who they are (what host), what users access the files , ...
    • need to enforce passwd file consistency (and more...)
      not enough ... we need more robust authentication such as Kerberos where clients are authenticated centrally...
  • RPCSEC_GSS - offers integrity and privacy plus strong authentication (through Kerberos ..)
    required in v4, optional in v3

  Version 4 - mandates support for strong security services and better user authentication

• Identity mapping in version 4 (UID / GID ==> user@nfs-domain / group@nfs-domain) - read the book
• Root access and the nobody account : squashing root: UID 0 -> nobody

Exports are presented to NFSv4 clients as a single filesystem hierarchy through the pseudo-filesystem.
Version 3: Two separate protocols (and daemons) for mounting file systems and using the files

• rpc.mountd - mount requests (obtaining cookie) - not in v4 if no v3 clients
• rpc.nfsd - actual NFS requests
• both require RPC => portmap / rpcbind must be running
• /etc/exports to define exported directories, see the book for details
  
  
• exportfs command to export manually
• Install support for the kernel based NFS server

• mount server:directory localdir
• showmount -e servername to see exports
• /etc/fstab - at boot time

27. Security Basics

Intro

• Security flaws have become increasingly dire and consequences more severe
• Threats from
  • Valid Users (malicious / intentional and accidental)
  • Computers attached to a local network
  • Outside
• History : Internet Worm in 1988 (R. Morris)
• More recent events:
  • ...
  • Stuxnet worm - 2010 - damaging Iran's centrifuges
  • Snowden - 2013 - NSA surveillance, spying on US citizens (also)
  • Ransomware ~ 2013 = new type of attack
  • 2015 - US Office of Personnel Management breached - all sorts of private details on 21 million US citizens including those with security clearances, polygraph results, ...
  • 2016 elections...
  • 2017 - NSA exploit based ransomware
  • ...
  • "...think it will get worse before it gets better..."
• Next: Security problems are not purely technical ...