OS/2 Arsenal

home *** CD-ROM | disk | FTP | other *** search

/ OS/2 Arsenal / OS2 Arsenal v1.0 (Disc 1)(Arsenal Computer).ISO / os2_inet / nfs20c1.exe / NFSCSD.DOC < prev next >

Wrap

Text File | 1994-06-13 | 24KB | 532 lines

************************************* ********* UN57064 CORRECTIVE SERVICE DISKETTE ********* ************************************* TCP/IP 2.0 for OS/2 NFS Corrective Service Diskette Information This README file for the corrective service diskette (CSD) reflects new and changed functions for the TCP/IP 2.0 for OS/2 Network File System (TM) kit. Note: You must install the Base Kit CSD (UN56401) before you install this CSD. --------------------------------------------------------------------- Topics incuded in this CSD are: 1. Installing this CSD 2. Previous CSD Information 3. Obtaining Future CSDs Electronically 4. Changes to NFSSTART 5. Changes to EXPORTS File 6. The MOUNT Command 7. The UMOUNT Command 8. NFS Security 9. The NFSCLEAN Command 10. APAR Fixes --------------------------------------------------------------------- 1. Installing this CSD To install this CSD from a diskette at your workstation, insert the diskette into your A: drive and enter: A:>TCPINST --------------------------------------------------------------------- 2. Previous CSD Information This CSD incorporates the corrective service and new functions that were previously released in CSD UN52836. Please see the file README.BAS in the <tcpip>\DOC directory for a description of the functions that were originally released in UN52836. --------------------------------------------------------------------- 3. Obtaining Future CSDs Electronically You can obtain Corrective Service Diskettes (CSDs) electronically by: o Using FTP to access SOFTWARE.WATSON.IBM.COM as Anonymous. NOTE: Fixes for TCP/IP for OS/2 are located in the pub\tcpip\os2 directory. o Establishing a modem connection to the NCSBBS bulletin board at 1-919-517-0001. NOTE: Set your modem settings to: none,8,1. The latest CSDs for TCP/IP Version 2.0 for OS/2 are shown in the following table: +=============================+===========================+ | KIT NAME | PACKAGE NAME | +=============================+===========================+ | Applications Kit | APP20CSD.PKG | +-----------------------------+---------------------------+ | Base Kit | TCP20CSD.PKG | +-----------------------------+---------------------------+ | Domain Name Server Kit | DNS20CSD.PKG | +-----------------------------+---------------------------+ | DOS/Windows Access Kit | DOS20CSD.PKG | +-----------------------------+---------------------------+ | Extended Networking Kit | XNT20CSD.PKG | +-----------------------------+---------------------------+ | NetBIOS Kit | NET20CSD.PKG | +-----------------------------+---------------------------+ | Network File System Kit | NFS20CSD.PKG | +-----------------------------+---------------------------+ | OSF/Motif Kit | MOT20CSD.PKG | +-----------------------------+---------------------------+ | Programmer's Tool Kit | PGM20CSD.PKG | +-----------------------------+---------------------------+ | X Window System Client Kit | XCL20CSD.PKG | +-----------------------------+---------------------------+ | X Window System Server Kit | PMX20CSD.PKG | +-----------------------------+---------------------------+ ************************************************* ********* UN57064 CORRECTIVE SERVICE DISKETTE STARTS HERE ********* ************************************************* --------------------------------------------------------------------- 4. Changes to NFSSTART NFSSTART is now an executable file instead of a command file. Now, when entering this command in the TCPSTART.CMD file, it should be entered as: nfsstart instead of the previous format: call nfsstart.cmd Note: To avoid conflicting commands and to preserve changes you may have made to NFSSTART.CMD, the installation program automatically renames NFSSTART.CMD to NFSSTART.BAK when you install this CSD. You must make changes to your TCPSTART.CMD file to ensure that NFS starts properly. There are two ways to make the changes to TCPSTART.CMD: - Open and save the Configuration Notebook (run and save TCPIPCFG.EXE) - Manually edit TCPSTART.CMD to call NFSSTART.EXE instead of the old NFSSTART.CMD --------------------------------------------------------------------- 5. Changes to EXPORTS File The hostname field of the NFSD EXPORTS file now accepts dotted-decimal IP addresses as well as hostnames. Dotted-decimal addresses have the advantage of not requiring the resolver during initialization. In addition, to be more efficient, NFSD now converts the hostnames in the EXPORTS file to IP addresses while the EXPORTS file is being read rather than every time a mount request arrives. --------------------------------------------------------------------- 6. The MOUNT Command The MOUNT command's -u and -g parameters have been modified to accept a wider range of values. >>--mount--.-----.--.-----------------.--.-----.--.--------.--> '- -c-' '- -v--.--------.-' '- -a-' '- -uuid-' '-passwd-' >----.--------.--.------------.--.-----------.--.-----.-------> '- -ggid-' '- -lloginid-' '- -ppasswd-' '- -s-' >-- drive_letter-- host_name:exported_file_system------------>< -uuid Specifies the user ID (uid). The uid must be a number between -2 147 483 647 and +2 147 483 647. Note: The range of values for the uid includes spaces for readability. When entering your uid, you should not include any spaces. -ggid Specifies the group ID (gid). The gid must be a number between -2 147 483 647 and +2 147 483 647. The GID value is passed to the NFS server for authentication. Note: The range of values for the gid includes spaces for readability. When entering your gid, you should not include any spaces. Notes: 1. If the client is mounting an OS/2 server, a UID and GID are still needed for the connection, but are not used for security. 2. The OS/2 NFS client supports versions 1 and 2 of the PCNFSD protocol. NFS determines which version is running each time you issue a MOUNT command. 3. If you use PCNFSD when using the MOUNT command and PCNFSD returns -2, -2 for the UID and GID, (indicating the 'nobody' user), you can still mount a directory. --------------------------------------------------------------------- 7. The UMOUNT Command The following warning has been added to the UMOUNT command description: Warning: To avoid unpredictable results, wait until all processing stops before unmounting a drive. --------------------------------------------------------------------- 8. NFS Security The NFS server protects files by limiting access to directories through: - The EXPORTS file - PCNFSD ---------------------- 8.1 The EXPORTS file The \TCPIP\ETC\EXPORTS file (on the OS/2 NFS server) must list each directory to be made available to NFS clients. If a directory is listed, all of its files and subdirectories are available to the NFS client. However, the EXPORTS file allows the NFS server's administrator to limit client access to directories (based upon the client's IP address or hostname). The following is an example of the contents of an EXPORTS file: d:\share\joe joe.somewhere.com d:\share\mary pink.triangle.edu In this example, a user would have to use a machine with an address of joe.somewhere.com to access any of the files and subdirectories under the d:\share\joe directory. Similarly, to access any files under d:\share\mary, requests would need to originate from the machine using an address of pink.triangle.com. Note: The hostname field of the NFSD EXPORTS file now accepts dotted-decimal IP addresses as well as hostnames. Dotted-decimal addresses have the advantage of not requiring the resolver during initialization. ---------------------- 8.2 PCNFSD NFS also provides security by enforcing authentication through PCNFSD. PCNFSD is a server which maps a valid login name and password to a uid (user ID). When the OS/2 NFS client issues a MOUNT command to access an NFS server's directories, the MOUNT command checks to see if PCNFSD is available. If it is, the OS/2 MOUNT command prompts you for your login name and password which it then passes to PCNFSD. If PCNFSD authenticates the login name and password, it passes back the associated uid. The OS/2 NFS client then uses that uid for each NFS request, ignoring any previously specified uid. If PCNFSD reports that the login name or password is invalid, the MOUNT command is terminated and access to the server's files is denied. PCNFSD uses the PASSWD file, located in the directory specified by the ETC environment variable. Each line in the PASSWD file contains a user's: - Login name - Password - User id (uid) - Group id (gid) - Full name - Home directory - Login shell As additional security, the password is encrypted in the file using a randomly chosen encryption key. Because each machine uses a different key, a user can use the same password on different machines with no loss of security. The user's full name, home directory, and login shell fields are provided only for Unix compatibility, and are not used by OS/2. Notes: 1. You can update the PASSWD file using the PASSWD command. You should not edit the PASSWD file manually because of its specific syntax. 2. If the PASSWD file contains path information in one or more of its fields, the colon normally used as part of the OS/2 path will appear in the PASSWD file as a semicolon. This is normal, and is due to the fact that PASSWD uses the colon character to separate the fields. ---------------------- 8.3 Starting and Running PCNFSD You can start PCNFSD from an OS/2 command line, or you can set up PCNFSD to autostart. The PCNFSD syntax is: >>--pcnfsd------------------------------------------------------>< Note: Because TCPIPCFG does not currently recognize PCNFSD, every time you run TCPIPCFG, it will remove PCNFSD from TCPSTART. Therefore, you should start PCNFSD from the TCPEXIT.CMD file located in \TCPIP\BIN. If this file exists, TCPSTART.CMD executes it as its final action. After you start PCNFSD, all error messages and warnings are logged to SYSLOGD (if running). Whenever a client's authentication fails, a message is logged to SYSLOGD. If a client repeatedly fails to authenticate, you should consider investigating the problem, because it could be an unauthorized attempt to access your data. ---------------------- 8.4 The PASSWD Command Use the PASSWD command to create the PASSWD file, and to add or modify the information in that file. Note: The OS/2 PASSWD file is compatible with any non-System 5 Unix PASSWD file. System 5 based Unix shadows passwords in a different file. >>--passwd--.-----.-- login_name-------------------------------->< |- -a-| |- -f-| '- -s-' -a Specifies that PASSWD is to add information for the user (login_name) to the PASSWD file. After you press Enter, PASSWD prompts you for the user's: - Password (twice, for verification) - Uid - Gid - Full name - Home directory - Login shell The login name and its associated uid must be unique. If either the login name or the uid is already listed in the PASSWD file, PASSWD does not change the file. -f Specifies that you are changing the FINGER information for the specified user. This parameter is provided for Unix compatibility and is not used by OS/2. Note: The FINGER command displays information about users on a remote host. On Unix, finger information for a login name reveals information about the person to whom that login name belongs. It can include the user's full name, office, telephone number, and other information deemed appropriate by the user. -s Specifies that you are changing the default shell for the specified user. This parameter is provided for Unix compatibility and is not used by OS/2. login_name Specifies the user's login name. If you do not specify other parameters with login_name, PASSWD allows you to change the specified user's password. PASSWD first requests the current password to verify that the user has the authority to change the password. PASSWD then requests the new password twice, the second time as verification. ---------------------- 8.5 SYSLOGD If you are running SYSLOGD, applications can record error messages and warnings for future reference. Messages can be: - Recorded in a file on your local host - Forwarded to a central location If everyone forwards the messages to a central location, the system administrator can browse and discover problem areas easily instead of logging onto each host to check the SYSLOG message depository. You can start SYSLOGD from an OS/2 command line, or you can set up SYSLOGD to autostart. The SYSLOGD syntax is: >>--syslogd--.------------.------------------------------------->< '- -t target-' -t target Specifies the target host, where target can be: o A fully qualified path name o An IP address o An IP host name If target specifies a fully-qualified filename, SYSLOGD will append all messages to that file. If target is an IP address or IP hostname, SYSLOGD forwards all messages to that host's SYSLOGD. If the -t option is not specified, SYSLOGD defaults to a file called SYSLOG.MSG in the \TCPIP\ETC subdirectory. You should inspect the target file occasionally, because the file will grow depending on which applications are running and how many messages they record. In addition, you should monitor all recorded program errors (for example, authentication failures). Note: Because TCPIPCFG does not currently recognize SYSLOGD, every time you run TCPIPCFG, it will remove SYSLOGD from TCPSTART. Therefore, you should start SYSLOGD from the TCPEXIT.CMD file located in the \TCPIP\BIN subdirectory. If this file exists, TCPSTART.CMD executes it as its final action. --------------------------------------------------------------------- 9. NFSCLEAN Command The description of the NFSCLEAN command function as stated in the Command Reference is incorrect. The following replaces the original description: If NFS has been stopped without unmounting all attached drives, use the NFSCLEAN command to unmount drives that are still attached. --------------------------------------------------------------------- 10. APAR Fixes The following is a list of APARs fixed since this release became available. APARs are grouped numerically by CSD. ---------------------- 10.1 APARs Fixed in This CSD (UN57064) +============+=============+=======================================+ | | MODULES | | | APAR | AFFECTED | DESCRIPTION | +============+=============+=======================================+ | PN46796 | NFSCTL.EXE | Fixed: Symbolically linked | | | | directories could not be linked by | | | | applications. | +------------+-------------+---------------------------------------+ | PN46880 | NFSD.EXE | Fixed: User starts the NFS client, | | | | connects to the SERVER, and receives | | | | error messages, resulting in an abend.| +------------+-------------+---------------------------------------+ | PN48329 | NFSCTL.EXE | Fixed: NFSCTL receives divide by | | | | zero error msg and terminates. | +------------+-------------+---------------------------------------+ | PN48338 | NFSD.EXE | Fixed: NFSD will hang when client | | | | tried to access file dated 1/1/80. | +------------+-------------+---------------------------------------+ | PN49844 | NFSD.EXE | Fixed: Wrong error code returned | | | | if MKDIR invoked when directory | | | | already exists. | +------------+-------------+---------------------------------------+ | PN50108 | NFSCTL.EXE | Fixed: DOS LAN requestor deleted | | | | wrong files through an NFS mounted | | | | drive. | +------------+-------------+---------------------------------------+ | PN50393 | NFSD.EXE | Fixed: Unable to access | | | | two-directory deep filesystem if a | | | | client name is specified in EXPORTS | | | | file. | +------------+-------------+---------------------------------------+ | PN52057 | NFS200.IFS | Fixed: DOSQUERYPATHINFO level 7 | | | | request not fixed in UN52836. | +------------+-------------+---------------------------------------+ | PN52251 | NFSCTL.EXE | Fixed: Unable to set access rights | | | | on NFS mounted drive. | +------------+-------------+---------------------------------------+ | PN53322 | NFSCTL.EXE | Fixed: Some applications cannot save | | | | files to an NFS mounted drive. | +------------+-------------+---------------------------------------+ | PN54375 | NFSCTL.EXE | Fixed: DIR of an NFS drive on some | | | | servers would return the '.' | | | | directory and then give back an | | | | error code. | +------------+-------------+---------------------------------------+ | PN55249 | NFSCTL.EXE | Fixed: MS Word can't save a document | | | | when file sharing is enabled. | +------------+-------------+---------------------------------------+ | PN55250 | NFSCTL.EXE | Fixed: NFS can only mount/unmount | | | | about 7000 times. | +------------+-------------+---------------------------------------+ ---------------------- 10.2 The following APARs were fixed in CSD UN52836. These changes are included in this CSD as well. +============+=============+=======================================+ | | MODULES | | | APAR | AFFECTED | DESCRIPTION | +============+=============+=======================================+ | PN45546 | NFSCTL.EXE | Fixed: Copying over a file with a | | | | different UID but the same GID will | | | | not work. | +------------+-------------+---------------------------------------+ | PN45780 | NFSCTL.EXE | Fixed: A date of 1/1/80 and a time | | | | between midnight and 1 AM caused a | | | | trap. | +------------+-------------+---------------------------------------+ | PN46618 | NFSBIOD.EXE | Fixed: NFS limited to 40 mounts. | +------------+-------------+---------------------------------------+ | PN46869 | NFSCTL.EXE | Fixed: Directory gets SYS0005 if | | | NFSDIR.EXE | there are files you do not have | | | | access to. | +------------+-------------+---------------------------------------+ | PN46970 | NFSCTL.EXE | Fixed: In NFS, XCOPY with wildcard | | | | characters only (*.*) fails. | +------------+-------------+---------------------------------------+ | PN47285 | NFSCTL.EXE | Fixed: NFS client does not handle | | | | daylight savings time correctly. | +------------+-------------+---------------------------------------+ | PN47491 | UMOUNT.EXE | Fixed: When a user unmounts an | | | | RS/6000, the ETC/RMTAB file is not | | | | being updated on the RISC/6000. | +------------+-------------+---------------------------------------+ | PN48574 | NFSCTL.EXE | Fixed: NFSCTL does not support | | | | DosQueryPathInfo level 7. | +------------+-------------+---------------------------------------+ | PN48770 | NFSCTL.EXE | Fixed: Mounting a server when client | | | MOUNT.EXE | uses 4OS2 results in files not | | | | displaying with DIR command. | +------------+-------------+---------------------------------------+