DiskShare - Frequently
Asked Support Questions

  • Sharing Directories with File Manager
  • Server Utilities
  • Locking
  • Performance
  • DiskShare Security
  • Network Connections
  • PortMapper
  • General Information

  • Sharing Directories with File Manager
    Q. How do I make a share mountable as Read-Only by any NFS client?

    A. By default, a directory is shared as Read-Write to every NFS client machine. Change the type of access for the "GLOBAL PERMISSION" entry in the NFS Permissions dialog for the share to "Read-Only".

    Q. How do I deny mount access to all but a selected group of NFS client machines?

    A. Change the "GLOBAL PERMISSION" entry in the NFS Permissions dialog for the share to "No-Access". Then push the Add button to bring up the Add Clients and Client Groups dialog. If the names of the machines are not already listed in the upper list box, type their names separated by semi-colons in the Add Names entry box at the bottom of th dialog box and press the OK button. For information on client groups, see the DiskShare Server Utilities section.

    Q. While adding client nodes in the Add Clients and Client Groups dialog, I get a dialog message box saying "The Name XXXX could not be resolved."

    A. The client name could not be resolved into an address using DNS or the hosts file. If DNS is used, the hostname must be added to the database on the DNS server, otherwise the hostname and address should be present in the hosts file. The Add Names entry field will accept dot-notation IP addresses with no host name, but adding the name to the hosts file is the preferred solution.

    Go To Top

    Q. Why do I get the dialog message saying "A parent directory of the path has already been shared" while trying to share a directory?

    A. NFS rules do not allow a directory to be accessible through more than one share. A parent directory of an existing share may not be exported, nor may a subdirectory of an existing share be exported.

    Q. Why do I get the dialog message "The Global Permission is greater than or equal to an Individual Permission"?

    A. The permission indicated by the "GLOBAL PERMISSION" entry is what is available to any client machine that mounts the share. It makes no sense to give every machine Read-Write access and then indicate one machine has Read- Only access.

    Q. Why does showmount -e server_name from a client machine return that a share's access is to everyone when I configured the share as Read-Only for the Global Permission?

    A. The command showmount -e lists which clients that can "Mount" the share. Clients that have Read-Only access are assumed to be able to mount the share.

    Go To Top

    Q. Why do clients still show up as mounted after they have supposedly unmounted from the share?

    A. The client command showmount -a server_name returns which clients have which shares mounted, which is stored in the rmtab file in the product directory. If a client does not unmount or unmounts when it cannot access the server across the network, a stale entry can be left in the rmtab file. Also, some NFS clients will not send a correct unmount request if the combined length of the original mount path and server name are greater than 32 characters. In this case, it is suggested that shorter share paths be used if possible. If necessary, the rmtab file may be edited to remove stale entries, but this should be done only while the nfsmount driver is shut-down. The recording of client mounts is strictly for informational use and does not affect whether a client actually has access to a share. NFS is a stateless protocol and does not depend on the knowledge of client mounts.

    Q. I do not want to go through an extra level of menus in File Manager to access existing Lan Manager shares, perhaps to avoid modifying desktop macros. Is there an alternative?

    A. An alternate File Manager DiskShare user interface is enabled if a value is found in the registry at \HKEY_LOCAL_MACHINE\Software\Intergraph\DiskShare \Defaults\AlternateFMUI. File Manager's default Share As and Stop Sharing menu items and toolbar buttons are not modified. Instead, control of NFS Shares is done through a separate top level menu with the name DiskShare, and separate toolbar buttons.

    Go To Top

  • DiskShare Server Utilities
    Q. What is the "Print Spool Destination" in the NFS Administrator main window?

    A. A PC NFS client accesses printing services on an NFS server via PCNFSD. When PCNFSD receives a print request from a client, it creates a directory which that client automatically mounts and into which it spools files to be printed. The "Print Spool Destination" is the parent directory in which PCNFSD creates subdirectories for clients.

    Q. What is the "Print Spool Destination" in the NFS Administrator main window?

    A. A PC NFS client accesses printing services on an NFS server via PCNFSD. When PCNFSD receives a print request from a client, it creates a directory which that client automatically mounts and into which it spools files to be printed. The "Print Spool Destination" is the parent directory in which PCNFSD creates subdirectories for clients.

    Q. What is the purpose of the "NFS Threads" section in the NFS Administrator main window?

    A. When DiskShare is started, a number of worker threads are created to service incoming requests. The "NFS Threads" sections specifies this number.

    Q. Why would I want to increase the number of concurrently executing threads?

    A. If an NFS request comes in and all threads are busy, the request does not get serviced until a thread becomes free. Increasing the maximum number of threads may increase response time on a heavily-accessed server. Conversly, if other system processing is too slow, the number of threads can be reduced.

    Go To Top

    Q. What is User Mapping?

    A. A User Mapping is a concept used to give clients an identity on the DiskShare server. Most NFS requests contain a UNIX-style User Identification Number, or UID. In the UNIX world, this UID tells the operating system who the requestor is, and what privileges or rights he/she should be afforded. The same idea carries over to the DiskShare server. Every requesting UID can be mapped to a local user on the Windows NT server. This allows the NFS request to be executed as if it were done by that user locally. User Mappings are also used in reporting User and Group IDs and file permissions. The UID or GID designated as the 'Default' mapping will be the UID or GID reported as the file owner or group. The owner permissions are those allowed for the user who owns the file locally on the server. If the local file is owned by a group to which an ID is mapped, that default GID will be returned as the file group, along with the permissions granted to that group. If there is no group, or the group is not mapped, DiskShare will traverse the list of GIDs in the NFS request packet and return the first mapped GID which has an entry in the file access list. If no mapped GID is found, GID 65534 is returned.

    Go To Top

    Q. What about UIDs that are not mapped?

    A. n NFS request whose UID is not mapped to a local user (or those requests for which no UID is given) is mapped to the well-known ANONYMOUS LOGON account. This account commonly has limited access on the system. It is recommended that all users who will be accessing the server use a correctly mapped UID. When reporting file permissions for a file owner which has no UID mapped to it, the nouser ID will be returned (65534 by default).

    Q. How does user mapping affect file access permissions?

    A. When an NFS request comes in from a client, it has a UNIX UID associated with it. Because NT does not understand UIDs, DiskShare must translate the UID to a local NT user account. If a UID is mapped to a local user name using the User Mapping dialog, the user on the client machine will be granted the same access privileges as the NT user to which the UID is mapped. If a UID is not explicitly mapped and there is a UNIX-style password file on the server, DiskShare will search for a local user name that is the same as the name in the password file. If there is no password file or the name is not found, UIDs that are not mapped are translated to user "Anonymous Logon", which has restricted privileges.

    Go To Top

    Q. What is Group Mapping?

    A. Group mapping is analogous to user mapping. The group mapping allows NFS GIDs to be converted to a local group for assigning permissions. For a more detailed description of group mapping and its impact on file permissions, see the Intergraph DiskShare Quick-Start Guide.

    Q. What about GIDs that are not mapped?

    A. If a request is made to set the attributes on an NTFS file and the new GID is not mapped, no group permissions are given on the file. If no group can be found when reporting permissions, the nogroup ID will be returned (65534 by default).

    Q. How does group mapping affect file access permissions?

    A. The group mapping only affects the setting of file attributes. Attribute retrieval is governed only by the UID mapping. A more detailed explanation is given in the Intergraph DiskShare Quick-Start Guide.

    Q. How do I create a password file on my machine and where do I need to put it?

    A. It is recommended that you copy an /etc/passwd file from a UNIX machine into "system root"/system32/drivers/etc/passwd. You can run unixusrs.exe, in the DiskShare product directory, to create or modify the password file, or manually create it with an editor. If you manually create the file, each entry must be in the format "username:[password]:UID:[GID]:[other information optional]". If an entry is manually created, PCNFSD will be unable to decrypt the password.

    Go To Top

    Q. How do I create a group file on my machine, and where do I need to put it?

    A. This is a very involved issue which has been addressed in other DiskShare documents. Please refer to them for a detailed explanation. In general however, these three should be remembered:

    1. If a UID is mapped to the file owner, that UID is returned as the file owner. (If multiple UIDs are mapped to the file owner, the one marked as default in the mapping dialog will be returned.)
    2. If no UID is mapped to the file owner, the UID for nouser will be returned. If the entry nouser does not exist in the password file, the value 65534 will be returned.
    3. If a GID is mapped to the file group, that ID will be returned as the file group. If no GID is mapped to the file group, the GID for nogroup will be returned. If the entry nogroup does not exist in the group file, the value 65534 will be returned.
    4. NTFS file permissions are more robust than those allowed under NFS. Before extensive use of NTFS permissions is made with DiskShare, be sure to become familiar with the permissions mapping so you will know how the file system will respond in your environment. (In particular, pay close attention to the UID to local user mapping described above.)

    Go To Top

    Q. Why do files report a GID of 65534 when I do a directory listing, even though I have correctly mapped UNIX groups to NT groups and have assigned the corresponding group permissions to the directories and files?

    A. DiskShare relies on a file's POSIX group field to determine the GID to report back to clients. By default, files on NT do not have a group assignment, so the POSIX group field is blank. In order for DiskShare to report the mapped GID as expected, the group ownership and permissions on each file must be set from a UNIX client. For example, assume file 'tempfile' on a NTFS file system is owned by user Fred, who has Full Control permissions. UNIX user bjones is mapped to NT user Fred, and UNIX group users is mapped to NT group Users. Originally, the long listing on the file would look like: rwx------ fred 65534 tempfile To report the group correctly, execute the following commands on the client: # chgrp users tempfile # chmod g+rw tempfile Now a long listing will report: rwxrw---- fred 65534 tempfile.

    Q. Can I create separate NT accounts for DiskShare users and then map them?

    A. Yes. This is a good way to audit DiskShare access.

    Q. What if I change a user mapping?

    A. User mappings are stored in the system registry. When DiskShare is started, the mappings are read from the registry into quick-access cache to improve performance. When you add, change, or delete a user mapping, DiskShare automatically discards the entries in the cache and rereads the registry. In addition, the cache is automatically refreshed every 24 hours by default so that any changes in the password file will be incorporated. The cache refresh time can be changed or disabled by double clicking on the NFS Administrator icon and then selecting the Mapping Cache button.

    Go To Top

    Q. What happens if I change the NT account that an NFS user UID is mapped to?

    A. If the user account is changed ... permissions, user rights, groups, logon hours, account disabled, etc., DiskShare will honor these changes. The only caveat is that if the user is currently using DiskShare then his information has been cached for performance. The new user information will be used when the cache gets refreshed. The cache can be manually refreshed by first double-clicking on the NFS Administrator icon and then selecting the Mapping Cache button. In the Mapping Cache dialog, select the Refresh button. The only attribute not honored is the Logon From machine listing for NTAS servers. The equivalent of this can be accomplished to some degree by specifying individual client access in the mount point share.

    Go To Top

    Q. Will file access through DiskShare get normal NT auditing?

    A. Yes.

    Q. What is a client group?

    A. A client group is a logical grouping of NFS client machines. Client groups are useful when an administrator wants to restrict a directory or file share to certain machines. For example, if client group "planets" contains nodes "mercury", "venus", "earth", "mars", "jupiter", "saturn", "uranus", "neptune", and "pluto", the administrator can share a directory with root access using File Manager for client group "planets" instead of having to specify root access for all nine nodes. Client groups can be created by double clicking on the NFS Administrator icon and then selecting the Client Groups button.

    Q. Why does the NFS Statistics program report more server RPC calls than server NFS calls?

    A. The number of RPC calls includes all calls that were made to RPC Clients (Port Mapper, NFS, Mount, ...)..

    Q. When I share a directory with access for a client group, why don't I see the client group name when I list the exported file systems using Show Mounts?

    A. DiskShare recognizes that access has been granted to a client group and reports the names of all the machines in the group.

  • Locking
    Q. Why does the system allow me to access a locked file from the File Manager?

    A. There are two reasons for this. First, the NFS lock database format is not the same as the format the File Manager uses (they have different locking objectives because they come from different environments - Windows and UNIX). Secondly, NFS file locking is advisory only. This means that other applications (not just File Manager), that do not support NFS File Locking are able to access files locked by NFS.

    Go To Top

    Q. When my server boots, there is a long period before any new locks are granted. Why does it take so long?

    A. When the server boots, it allows clients that had locks before it was shut down to reclaim them. During this period, all new lock requests are denied. By default, the DiskShare server allows 45 seconds for client machines to reclaim locks. If this period seems too long , it may be adjusted by double clicking on the NFS Server icon, selecting the NFS Administrator icon, and then choosing the Locks selection and reducing the Reclaim Locks time period.

    Q. If a client that holds locks on a needed file crashes, how can I release these locks to make the file accessable to other clients?

    A. The NFS Administrator provides a way to manually release locks held by any client. Just double click on the DiskShare Server icon and then double click on the NFS Administrator icon. Choose the Locks selection and then the Release selection. This will display all the clients presently holding locks. Click on the name of the client that ha crashed and then click on OK to release ALL the locks held by that client.

    Go To Top

    Q. RPCINFO shows PCNFSD version two registered on the server. Why don't all the version two functions work?

    A. DiskShare supports only version one functions in this release. Version two had to be registered, however, in order to get some clients to operate with the PCNFSD server. In most cases, clients that make version two function calls will revert to calling version one functions when the server reports that a version two function is not supported.

    Q. My DOS NFS client is able to print files from MS Word and other word processing programs, but I can't print files from the DOS prompt.

    A. Most word processors require that a particular printer be configured before they can print. MS DOS will send raw data however, so you must make sure your printer will accept raw text data.

    Q. How can I change the spool directory used by PCNFSD?

    A. You can change the spool directory by double clicking on the DiskShare Server icon and then double clicking the NFS Administrator icon. Then change the Print Spool Destination directory to the desired device/directory.

    Go To Top

  • Performance
    Q. Why are operations on large NTFS directories with long filenames so slow?

    A. or DOS compatibility, NTFS always generates another filename for any name that does not conform to the normal DOS 8.3 filename specification. Unfortunately, it takes some time to verify that these automatically generated filenames are unique within that directory. Local access of these same directories also takes a corresponding amount of time. If filenaming can be reasonably restricted to the 8.3 convention, it is recommended that you do so. Some NFS clients have exhibited unreliable behavior when experiencing long delays in response time to NFS requests.

    Q. How can I optimize NFS?

    A. The two areas used primarily to fine tune DiskShare performance are the number of NFS threads used, and the formatting of disk drives. The number of NFS threads is controlled through the DiskShare NFS Administrator dialog. A good rule of thumb is to have one thread per three clients, with a minimum of 16 threads and a maximum of 64 on a single processor machine. On multi- processor machines with large numbers of clients, the number of threads can be increased up to a maximum of 512. Disk drives should be formatted with cluster sizes of 8K at a minimum if possible. (At present NTFS drives only support cluster sizes up to 4K; it is recommended that this value be used.)

    Go To Top

    Q. Can I use the Performance Monitor to watch DiskShare activity?

    A. Using the NT Performance Monitor find the "Add To Chart" dialog and choose the Thread object. Then look in the Instance box for a process number (not a process name) that has the appropriate number of threads. Chart these and verify that they are the DiskShare threads by sending some NFS traffic. You can also chart the process using the Process object once you know the number. Note that the process number changes each time DiskShare is stopped and restarted.

    Q. Does disk partitioning affect DiskShare performance?

    A. Yes. DiskShare reports disk cluster size as the file system block size. Most clients use this figure to determine read, write, and read directory buffer sizes. The larger this number, up to the NFS-defined restriction of 8192 byes, the better. On NTFS file systems, cluster size is the same as sector size. On FAT file systems, cluster size is obtained by multiplying the sector size by the number of sectors per cluster.

    Go To Top

  • DiskShare Security
    Q. How secure is DiskShare?

    A. The short answer is "equivalent to other NFS servers." The long answer can be split according to the two questions below.

    Q. 1. Will the packet be processed? A. The current release contains support for RPC authentication styles of AUTH_NONE and AUTH_UNIX. Both of these are inherently insecure and the only restriction enforced by DiskShare is that AUTH_NONE style packets get mapped to the Anonymous UID. If Anonymous access is not allowed on the mount point, the packet is rejected. Checking for "low" or "privileged" port numbers on incoming packets is generally insecure and not supported in DiskShare. Support for IP address validation is provided in specifying the mount point hare. Although this is not secure either, this is the best method for restricting network access because if GLOBAL_PERMISSION has been set to NoAccess, then packets with an IP address not allowed in the mount point will be rejected. Note that packets are not forwarded by DiskShare's portmapper, so exporting a mount point to the local machine does ot open a new security hole.

    2. Will the NFS operation succeed on the file? A. After a packet has been processed, the UID is mapped to an NT user (or the Anonymous user if there is no mapping). Then access is according to the NT Security Model. The only exception is that NFS semantics for file owners are maintained when NT Security would differ.

    Go To Top

    Q. How is file ownership controlled by DiskShare?

    A. File ownership is controlled by the user mapping. One issue to take note of is the treatment of the Administrators group. If a file is created by a user who is a member of the Administrators group, the file will be owned by that group. If on the other hand, ownership is changed on an existing file, then the requesting user will own the file, not the Administrators group. This may differ from expected behavior in that other members of the Administrators group may now be denied access to the file.

  • Network Connections
    Q. Does DiskShare support multiple interfaces?

    A. Yes. DiskShare uses all interfaces that the TCP/IP protocol stack is currently configured on and bound to. DiskShare does not support selecting a subset of these interfaces.

    Go To Top

  • PortMapper
    Q. Can DiskShare work with another portmapper on the same local system?

    A. No. But the portmapper with DiskShare should support other applications.

    Q. Does the DiskShare portmapper act as a proxy for RPC calls?

    A. Mostly no. Only calls to procedure 0 are forwarded by portmapper, with any RPC data stripped from the packet.

  • General Information
    Q. What is the Inode File?

    A. The Inode File is the file that records pseudo-inode numbers for every file for which an NFS handle is obtained under DiskShare. It is a hidden, system, read- only file located by default in the DiskShare product directory. The Inode File is used because 32 byte NFS handles are not large enough to store entire pathnames. Using an Inode File enables reliable recovery in the event of resource loss on the part of the client, the server, or the network. On large systems, the Inode File can grow rather large. The DiskShare administrator may find it advantageous to remove the file occassionally when DiskShare has been stopped for some reason. NOTE: Removing the file and restarting DiskShare will require any currently mounted clients to unmount and remount their shared resources.

    Go To Top

    Q. What are the conventions for filename case?

    A. For FAT and CDFS, which by default always return uppercase names, the convention is to translate all filenames to lower case before returning to the client. NTFS and HPFS do no case translation before returning to the client, since both of the file systems are case-preserving. Keep in mind that all supported file systems are case-insensitive. That is, an NFS request for file 'ABC' will match any case combination of the name (e.g. 'Abc', 'abc', 'aBc', etc.) The reason this is an issue is because of wildcard expansion and case- sensistivity on UNIX clients. The rule to remember is: If filename comparisons are done on the server, case is unimportant, if filename comparisons are done on the client, case-sensitivity is dictated by that client's operating system.

    Q. When I mount a DiskShare server from a UNIX machine, what is the syntax for the shared directory?

    A. Use the syntax that is reported from the showmount command. For example, for DiskShare server "mercury": # /etc/showmount -e mercury export list for mercury: /C/TEMP (everyone) /D/nfstest (everyone) Use mount syntax # /etc/mount -f NFS mercury:/c/temp /mnt or # /etc/mount -t nfs mercury:/c/temp /mnt depending on the UNIX operating system.

    Go To Top

    All Contents © Copyright 1996, 1997, 1998
    Intergraph Corporation