Thursday, August 11, 2011

Great Private File Server for Medium to Small Environments

Use Open Indiana with ZFS to Create a Somewhat Locked Down File Server


Install OpenIndiana v148 with SSH


You will need a system with at least four(4) disks for this example

  • The system disk
    • This disk is to put the operating system on.
    • I recommend at least 30GB
    • The faster the better
  • The first data disk
    • This the first disk of a pair.
    • Reliablilty is paramount
    • Buy as big as you can afford
  • The second data disk
    • This the second disk of a pair.
    • Reliablilty, again, is paramount
    • And buy as big as you can afford
  • AT LEAST ONE BACKUP DISK
    • RAID, ZFS, OTHER... their purpose is to help with uptime
    • ZFS also assists in somewhat painlessly growing your storage capacity
    • Backup is backup, redundant disk strategies are for use and failure
    • Buy as big as you can afford

Follow the prompts, turn on SSH, use the whole system disk.


Update the system via CLI


pkg image-update --require-new-be

The GUI tools are not working in release 148 upon installation.


Find the disk names


format

Use [CTRL + C] to exit the format command


Create the mirrored zpool


zpool create newpool mirror c2t2d0 c2t3d0

Check out your handiwork


zpool status
df -h

Create a base directory structure


newpool|-business
       |-hobby
       |-books
       |-users|-admin01
       |      |-asmith|-shared
       |      |-lsmith|-shared
       |-misc

mkdir /newpool/business/
mkdir /newpool/hobby/
mkdir /newpool/books/
mkdir /newpool/users/
mkdir /newpool/users/admin01/
mkdir /newpool/users/asmith/
mkdir /newpool/users/asmith/shared/
mkdir /newpool/users/lsmith/
mkdir /newpool/users/lsmith/shared/
mkdir /newpool/misc/

Create any groups if necessary


groupadd admin01
groupadd internal
groupadd external
groupadd common


Add any non-existing initial users


Please note that I am creating two users with two commands, they are long so the text is wrapping.


useradd -d /newpool/users/asmith/ -c "Adam Smith" -G internal,common -s /usr/lib/rsh asmith
useradd -d /newpool/users/lsmith/ -c "Luanne Smith" -G external,common -s /usr/lib/rsh lsmith

The options are as follows:

  • -d is the home directory /newpool/users/username/ in this example.
  • -c is the real name, it can really be anything. But it you want it to contain a space then enclose the value in double quotes.
  • -G list all the groups of the directories you want the people to have access to separated by commas.
    • At the very least I give membership to the common group -G common .
    • But maybe I want to give access to the external directory as well -G external,common .
  • -s /usr/lib/rsh is the 'restricted shell' to prevent a lot of funny business.

Set passwords for any non-existing initial users


passwd lsmith
passwd asmith

passwd username

(Enter password twice-- tada!)

(passwd: password successfully changed for username)


Modify existing users


usermod -G admin01,internal,common admin01

(UX: usermod: admin01 is currently logged in, some changes may not take effect until next login.)


You can verify user information in the plaintext /etc/passwd file

You can verify group creation in the plaintext /etc/group file


Apply proper owner:group properties


chown admin01:admin01 /newpool/business/
chown admin01:peers /newpool/hobby/
chown admin01:peers /newpool/books/
chown admin01:admin01 /newpool/users/
chown admin01:admin01 /newpool/users/admin01/
chown asmith:admin01 /newpool/users/asmith/
chown asmith:admin01 /newpool/users/asmith/shared/
chown lsmith:admin01 /newpool/users/lsmith/
chown lsmith:admin01 /newpool/users/lsmith/shared/
chown admin01:common /newpool/misc/

Apply proper permissions

(4 read 2 write 1 execute)

(! execute required for non-owner:group on directory to traverse file system)


chmod 700 /newpool/business/
chmod 750 /newpool/hobby/
chmod 750 /newpool/books/
chmod 711 /newpool/users/
chmod 770 /newpool/users/admin01/
chmod 770 /newpool/users/asmith/
chmod 770 /newpool/users/asmith/shared/
chmod 770 /newpool/users/lsmith/
chmod 770 /newpool/users/lsmith/shared/
chmod 750 /newpool/misc/

770 gives writability, readability, traversing to owners and group members, and nothing to others - for regular user directories

750 gives writing to the owner, reading and traversing to the owner and group members, and nothing to others - for read only access to regular users

711 gives all access to the owner, and being able to traverse the directory to everyone - allows regular users to descend deeper into the directory tree where they may have access

700 gives no access to anyone but the owner, can't even open the directory - revoke access to regular users entirely


NFS & Samba


Currently, I don't have any NFS or Samba shares set up for this server.

I will update the instructions should that change.


Set quotas


On my file server I don't plan on having many users and even fewer user groups. So far I have no plans for any quotas.


If I did set a quota, I would likely do it on a user by user basis.


zfs set userquota@username=100G newpool/users/username

However, with version 15 of ZFS user group quotas are available as well.


zfs set groupquota@common=250GB newpool/misc

More users?


Add new directories


mkdir in users /newpool/users/username/ and /newpool/users/username/shared/

Add new users


useradd -d /newpool/users/username/ -c "Fname Lname" -G [comma separated list,]common -s /usr/lib/rsh username

Change owner:group properties to new users directories


Same as above


Apply proper permissions to new directories


Same as above


Set new user password


Same as above

Posted by Rust Belt Rebellion at 8/11/2011 09:56:00 PM 5 comments
Tags:
Subscribe to: Posts (Atom)

Followers