It is somewhat of a security risk to be putting a password on the command line, as we did with the ncpmount command. Other active, concurrent users could see the password if they happen to be running a program like top or ps. To reduce the risk of others seeing and stealing NetWare login passwords, ncpmount is able to read certain details from a file in a user's home directory. In this file, the user keeps the login name and password associated with each of the fileservers he or she intends to mount. The file is called ~/.nwclient and it must have permissions of 0600 to ensure that others cannot read it. If the permissions are not correct, the ncpmount command will refuse to use it.

The file has a very simple syntax. Any lines beginning with a # character are treated as comments and ignored. The remainder of the lines have the syntax:

fileserver/userid password

The fileserver is the name of the fileserver supporting the volumes you wish to mount. The userid is the login name of your account on that server. The password field is optional. If it is not supplied, the ncpmount command prompts users for the password when they attempt the mount. If the password field is specified as the - character, no password is used; this is equivalent to the -n command-line argument.

You can supply any number of entries, but the fileserver field must be unique. The first fileserver entry has special significance. The ncpmount command uses the -S command-line argument to determine which of the entries in ~/.nwclient to use. If no server is specified using the -S argument, the first server entry in ~/.nwclient is assumed, and is treated as your preferred server. You should place the fileserver you mount most frequently in the first position in the file.

Let's look at a more complex ncpmount example involving a number of the features we've described. First, let's build a simple ~/.nwclient file:

# NetWare login details for the Virtual Brewery and Winery

#

# Brewery Login

ALES_F1/MATT staoic1

#

# Winery Login

REDS01/MATT staoic1

#

Make sure its permissions are correct:

$ chmod 600 ~/.nwclient

Let's mount one volume of the Winery's server under a subdirectory of a shared directory, specifying the file and directory permissions such that others may share the data from there:

$ ncpmount -S REDS01 -V RESEARCH -f 0664 -d 0775 /usr/share/winery/data/

This command, in combination with the ~/.nwclient file shown, would mount the RESEARCH volume of the REDS01 server onto the /usr/share/winery/data/ directory using the NetWare login ID of MATT and the password retrieved from the ~/.nwclient file. The permissions of the mounted files are 0664 and the directory permissions are 0775.

The ncpfs package contains a number of useful tools that we haven't described yet. Many of these tools emulate the tools that are supplied with NetWare. We'll look at the most useful ones in this section.

The slist command lists all of the fileservers accessible to the host. The information is actually retrieved from the nearest IPX router. This command was probably originally intended to allow users to see what fileservers were available to mount. But it has become useful as a network diagnosis tool, allowing network admins to see where SAP information is being propagated:

$ slist

NPPWR-31-CD01                               23A91330  000000000001

V242X-14-F02                                A3062DB0  000000000001

QITG_284ELI05_F4                            78A20430  000000000001

QRWMA-04-F16                                B2030D6A  000000000001

VWPDE-02-F08                                35540430  000000000001

NMCS_33PARK08_F2                            248B0530  000000000001

NCCRD-00-CD01                               21790430  000000000001

NWGNG-F07                                   53171D02  000000000001

QCON_7TOMLI04_F7                            72760630  000000000001

W639W-F04                                   D1014D0E  000000000001

QCON_481GYM0G_F1                            77690130  000000000001

VITG_SOE-MAIL_F4R                           33200C30  000000000001

slist accepts no arguments. The output displays the fileserver name, the IPX network address, and the host address.

NetWare supports a mechanism to send messages to logged-in users. The nsend command implements this feature in Linux. You must be logged in to the server to send messages, so you need to supply the fileserver name and login details on the command line with the destination user and the message to send:

# nsend -S vbrew_f1 -U gary -P j0yj0y supervisor "Join me for a lager before we do the print queues!"

Here a user with login name gary sends a tempting invitation to the person using the supervisor account on the ALES_F1 fileserver. Our default fileserver and login credentials will be used if we don't supply them.

Each NetWare fileserver maintains a database of information about its users and configuration. This database is called the bindery. Linux supports a set of tools that allow you to read it, and if you have supervisor permissions on the server, to set and remove it. A summary of these tools is listed in Table 15.3.

Table 15.3: Linux Bindery Manipulation Tools