linux_course_doc/modules/qualifying/learning_centralized_accoun...

# Centralized account management

Up until now most of the services and servers we installed did not need a lot of user accounts to be shared acrossed devices.
Once we venture into [NFS](https://en.wikipedia.org/wiki/Network_File_System) it will become quite essential to have some sort of shared *database* to manage users and permissions.
We'll dive into this from the bottom up so let's create a problem first!

## The problem

To create the problem you'll need at least **three** virtual machines.
They can be as minimal as you want but I would advise to install one with the tools you like, such as `vim-nox`, `htop`, `zsh` etc and make clones from that one.
We don't need a graphical environment for this exercise.
Put the hostnames as follows:

* `nas` for the NFS server
* `client1` for the first client
* `client2` for the second client

### The server

Let's install an NFS server on the VM.
This is very easy to do on Debian.
The command below is enough have an NFS server up and running.

```bash
➜  ~ sudo apt install nfs-kernel-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
nfs-kernel-server is already the newest version (1:1.3.4-6).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
➜  ~ 
```

But we need to define *which* folders are shared on the network.
I created a folder `/home/shared` for all shared files and folders and `chown` it to my *main* user.

```bash
➜  ~ ls -l /home 
total 8
drwxr-xr-x 2 waldek waldek 4096 Sep 15 16:21 shared
drwxr-xr-x 4 waldek waldek 4096 Sep 15 16:33 waldek
➜  ~ touch /home/shared/hello
➜  ~ cat /etc/exports                     
# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#
/home/shared       192.168.122.0/24(rw,sync,no_subtree_check)
➜  ~ sudo exportfs -ar                    
➜  ~ 
```

### The first client

On the client we need to `mount` the network share.
This is done with `mount -t nfs` and a source and destination.
Let's observe the *out of the box* behavior.

```bash
➜  ~ mkdir -p media/nfs                                      
➜  ~ sudo mount -t nfs 192.168.122.100:/home/shared media/nfs
mount: /home/waldek/media/nfs: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.
➜  ~ 
```

The command is correct but we're missing the helper program to mount NFS shares.
This can be installed with the `nfs-common` package.

```bash
➜  ~ sudo apt install nfs-common                             
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
nfs-common is already the newest version (1:1.3.4-6).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
➜  ~ sudo mount -t nfs 192.168.122.100:/home/shared media/nfs
➜  ~ ls -l media/nfs 
total 0
-rw-r--r-- 1 waldek waldek 0 Sep 15 16:21 hello
```

Wonderful!
We can now copy files to this network share from all connected clients.
Now do the same for the second client.
It should all work as expected, nothing weird here.
But what happens when we add more users?

### Creating the conflict
adds nfs start 2021-09-20 18:45:06 +02:00			`# Centralized account management`

			`Up until now most of the services and servers we installed did not need a lot of user accounts to be shared acrossed devices.`
			`Once we venture into [NFS](https://en.wikipedia.org/wiki/Network_File_System) it will become quite essential to have some sort of shared database to manage users and permissions.`
			`We'll dive into this from the bottom up so let's create a problem first!`

			`## The problem`

			`To create the problem you'll need at least three virtual machines.`
			They can be as minimal as you want but I would advise to install one with the tools you like, such as `vim-nox`, `htop`, `zsh` etc and make clones from that one.
			`We don't need a graphical environment for this exercise.`
			`Put the hostnames as follows:`

			* `nas` for the NFS server
			* `client1` for the first client
			* `client2` for the second client

			`### The server`

			`Let's install an NFS server on the VM.`
			`This is very easy to do on Debian.`
			`The command below is enough have an NFS server up and running.`

			```bash
			`➜ ~ sudo apt install nfs-kernel-server`
			`Reading package lists... Done`
			`Building dependency tree... Done`
			`Reading state information... Done`
			`nfs-kernel-server is already the newest version (1:1.3.4-6).`
			`0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.`
			`➜ ~`
			```

			`But we need to define which folders are shared on the network.`
			I created a folder `/home/shared` for all shared files and folders and `chown` it to my main user.

			```bash
			`➜ ~ ls -l /home`
			`total 8`
			`drwxr-xr-x 2 waldek waldek 4096 Sep 15 16:21 shared`
			`drwxr-xr-x 4 waldek waldek 4096 Sep 15 16:33 waldek`
			`➜ ~ touch /home/shared/hello`
			`➜ ~ cat /etc/exports`
			`# /etc/exports: the access control list for filesystems which may be exported`
			`# to NFS clients. See exports(5).`
			`#`
			`# Example for NFSv2 and NFSv3:`
			`# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)`
			`#`
			`# Example for NFSv4:`
			`# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)`
			`# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)`
			`#`
			`/home/shared 192.168.122.0/24(rw,sync,no_subtree_check)`
			`➜ ~ sudo exportfs -ar`
			`➜ ~`
			```

			`### The first client`

			On the client we need to `mount` the network share.
			This is done with `mount -t nfs` and a source and destination.
			`Let's observe the out of the box behavior.`

			```bash
			`➜ ~ mkdir -p media/nfs`
			`➜ ~ sudo mount -t nfs 192.168.122.100:/home/shared media/nfs`
			`mount: /home/waldek/media/nfs: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.`
			`➜ ~`
			```

			`The command is correct but we're missing the helper program to mount NFS shares.`
			This can be installed with the `nfs-common` package.

			```bash
			`➜ ~ sudo apt install nfs-common`
			`Reading package lists... Done`
			`Building dependency tree... Done`
			`Reading state information... Done`
			`nfs-common is already the newest version (1:1.3.4-6).`
			`0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.`
			`➜ ~ sudo mount -t nfs 192.168.122.100:/home/shared media/nfs`
			`➜ ~ ls -l media/nfs`
			`total 0`
			`-rw-r--r-- 1 waldek waldek 0 Sep 15 16:21 hello`
			```

			`Wonderful!`
			`We can now copy files to this network share from all connected clients.`
			`Now do the same for the second client.`
			`It should all work as expected, nothing weird here.`
			`But what happens when we add more users?`

			`### Creating the conflict`