Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to deploy NFS services under Linux". The content is simple and clear. I hope it can help you solve your doubts. Let me lead you to study and learn this article "how to deploy NFS services under Linux".

The NFS server allows PC to mount the directory shared by the NFS server on the network to the file system on the local side, while in the local system, the directory of that remote host is like a disk partition of its own, which is quite convenient to use.

System environment

System platform: CentOS release 5.6 (Final)

NFS Server IP:192.168.1.108

The firewall is turned off / iptables: Firewall is not running.

SELINUX=disabled

Install the NFS service

The installation of NFS is very simple, requires only two software packages, and is usually installed as the default package for the system.

Nfs-utils-*: including basic NFS commands and monitor portmap-*: connections that support secure NFS RPC services

1. Check whether NFS is installed on the system.

Two nfs-utils portmap packages have been installed by default.

2. If the software package required by NFS is not installed in the current system, it needs to be installed manually. The installation files for both the nfs-utils and portmap packages are available on the system CD.

# mount / dev/cdrom / mnt/cdrom/# cd / mnt/cdrom/CentOS/# rpm-ivh portmap-4.0-65.2.2.1.i386.rpm# rpm-ivh nfs-utils-1.0.9-50.el5.i386.rpm# rpm-Q nfs-utils portmapNFS system daemon nfsd: it is a basic NFS daemon and its main function is to manage whether the client can log in to the server Mountd: it is the RPC installation daemon and its main function is to manage the file system of NFS. When the client successfully logs in to the NFS server through nfsd, it must also verify the file usage rights before using the files provided by the NFS service. It reads NFS's configuration file / etc/exports to compare client permissions. Portmap: the main function is to do port mapping. When a client tries to connect and use a service provided by a RPC server, such as a NFS service, portmap provides the client with the managed port corresponding to the service, which enables the customer to request the service from the server through that port. Configuration of NFS server

The configuration of the NFS server is relatively simple, just set it in the appropriate configuration file, and then start the NFS server.

Common directories of NFS

/ main configuration file for etc/exports NFS service

Administrative commands for / usr/sbin/exportfs NFS service

/ usr/sbin/showmount client view command

/ var/lib/nfs/etab records the full permission settings of directories shared by NFS

/ var/lib/nfs/xtab records the client information that has been logged in

The configuration file for the NFS service is / etc/exports, which is the main configuration file for NFS, but the system does not have a default value, so this file does not necessarily exist. You may have to create it manually using vim, and then write the configuration content in the file.

/ etc/exports file content format:

[client 1 options (access rights, user mapping, other)] [client 2 options (access rights, user mapping, other)]

a. Output directory:

The output directory refers to the directory in the NFS system that needs to be shared with the client.

b. Client:

A client is a computer on a network that can access this NFS output directory.

The common way of specifying the client

Hosts with specified ip address: 192.168.0.200 all hosts in the specified subnet: 192.168.0.0Comp24 192.168.0.0and255.255.255.0 hosts in the specified domain: david.bsmart.cn all hosts in the specified domain: * .bsmart.cn all hosts: *

c. Options:

Option is used to set the access rights of the output directory, user mapping, and so on.

There are three main types of options for NFS:

Access option

Set output directory read-only: ro set output directory read / write: rw

User mapping option

All_squash: maps all ordinary users and groups to which they belong to remote access to anonymous users or user groups (nfsnobody); no_all_squash: against all_squash (default); root_squash: maps root users and groups to anonymous users or user groups (default); no_root_squash: inverts with rootsquash Anonuid=xxx: maps all users accessed remotely to anonymous users and specifies the user as UID=xxx; anongid=xxx: maps all user groups accessed remotely to anonymous user group accounts and specifies the anonymous user group account as local user group account (GID=xxx)

Other options

Secure: restricts clients to connect to nfs servers only from tcp/ip ports less than 1024 (default setting); insecure: allows clients to connect to servers from tcp/ip ports greater than 1024; sync: writes data synchronously to memory buffer and disk, which is inefficient, but ensures data consistency; async: saves data in memory buffer first, then writes to disk if necessary Wdelay: check whether there are related writes, and if so, perform them together to improve efficiency (the default); no_wdelay: if there is a write, it should be performed immediately and should be used in conjunction with sync; subtree: if the output directory is a subdirectory, the nfs server will check the permissions of its parent directory (the default) No_subtree: even if the output directory is a subdirectory, the nfs server does not check the permissions of its parent directory, which improves efficiency; start and stop of the NFS server

After you have configured the exports file correctly, you can start the NFS server.

1. Start the NFS server

In order for the NFS server to work properly, you need to start both portmap and nfs services, and portmap must be started before nfs.

# service portmap start# service nfs start

2. Query the status of NFS server

# service portmap status# service nfs status

3. Stop the NFS server

To stop the NFS runtime, you need to stop the nfs service and then stop the portmap service. You do not need to stop the portmap service when there are other services in the system (such as NIS) that need to be used

# service nfs stop# service portmap stop

4. Set the automatic startup status of the NFS server

For the actual application system, it is unrealistic to start the nfs server manually after starting the LINUX system every time. It is necessary to set the system to start portmap and nfs services automatically at the specified running level.

# chkconfig-list portmap# chkconfig-list nfs

Set the portmap and nfs services to start automatically at system run levels 3 and 5.

# chkconfig-level 35 portmap on# chkconfig-level 35 nfs on instance

1. Share the / home/david/ of NFS Server to the 192.168.1.0 Universe 24 network segment with read and write permissions.

The server-side files are as follows:

# vi / etc/exports

/ home/david 192.168.1.0 Compact 24 (rw)

2. Restart portmap and nfs services

# service portmap restart# service nfs restart# exportfs

3. The server uses the showmount command to query the sharing status of NFS.

# showmount-e / / View your shared services by default, provided that DNS can parse itself, otherwise it is easy to report errors.

# showmount-a / / displays the directory information that has been connected to the client

4. The client uses the showmount command to query the sharing status of NFS.

# showmount-e NFS server IP

5. The client mounts the shared directory in the NFS server

Command format

# mount NFS server IP: shared directory local mount point directory

# mount 192.168.1.108:/home/david/ / tmp/david/

# mount | grep nfs

Mounted successfully.

Check to see if the file is consistent with the server side.

6. Share permissions and access control of NFS

Now let's create a file in / tmp/david/ and see what the permissions are.

# touch 20130103

Permission denied appears here because the write permission of the directory shared on the NFS server side is not open to other users. Open this permission on the server side.

# chmod 777-R / home/david/

Create a file in the client / tmp/david/ again

The file I created with the root user became the nfsnobody user.

NFS has many default parameters. Open / var/lib/nfs/etab to view the shared / home/david/ full permission settings.

# cat / var/lib/nfs/etab

By default, there are sync,wdelay,hide, etc., no_root_squash allows root to maintain permissions, and root_squash maps root to nobody,no_all_squash so that all users do not maintain permissions in the mount directory. Therefore, the owner of the file established by root is nfsnobody.

Next we use ordinary users to mount and write to the file test.

# su-david

$cd / tmp/david/

$touch 2013david

Ordinary users write their own names when they write files, which ensures the security of the server.

Analysis of permissions

1. Check for ordinary users when the client connects

a. If the identity of an ordinary user is explicitly set, then the identity of the client user is converted to the specified user

b. If there is a user with the same name on the NFS server, the identity of the client login account is converted to the user of the same name on the NFS server.

c. If it is not explicitly specified and there is no user with the same name, then the user identity is compressed to nfsnobody

two。 Check the root when the client connects

a. If no_root_squash is set, the identity of the root user is compressed to the root on the NFS server.

b. If all_squash, anonuid, and anongid are set, the root identity is compressed to the specified user

c. If not explicitly specified, the root user is compressed to nfsnobody at this time

d. If you specify both no_root_squash and all_squash users will be compressed to nfsnobody, and if anonuid is set, anongid will be compressed to the specified users and groups

7. Unmount the mounted NFS shared directory

# umount / tmp/david/

Start automatic mount of nfs file system

Format:

: / export > local/directory > nfs 0 0

# vi / etc/fstab

Save exit and restart the system.

Check to see if / home/david is automatically mounted.

Automatic mount succeeded.

Related command

1 、 exportfs

If we modify / etc/exports after starting NFS, do we have to restart nfs? At this point, we can use the exportfs command to make the changes take effect immediately, which is in the following format:

# exportfs [- aruv]

-a mount or unmount all the contents of / etc/exports-r reread the information in / etc/exports, and synchronously update / etc/exports, / var/lib/nfs/xtab-u uninstall a single directory (used with-a to uninstall directories in all / etc/exports files)-v outputs detailed information to the screen when export.

Specific example: # exportfs-au uninstalls all shared directories # exportfs-rv re-shares all directories and outputs details

2 、 nfsstat

Viewing the running status of NFS is of great help in adjusting the operation of NFS.

3 、 rpcinfo

Check the rpc execution information, a tool that can be used to detect the operation of rpc, and use rpcinfo-p to find out which programs are provided by the ports opened by RPC.

4 、 showmount

-a displays the directory information already on the client connection-e IP or hostname displays the directory shared by this IP address

5 、 netstat

You can find the ports opened by the nfs service, of which the nfs is opened by 2049 and the rest is opened by rpc.

Finally, note two points: although ordinary users can access it through permission settings, only root can be mounted by default when mounting, and ordinary users can execute sudo.

When NFS server shuts down, make sure that the NFS service is turned off and that no client is connected! You can view it through showmount-a, and end it with kill killall pkill, if any, (- 9 forced end)

These are all the contents of the article "how to deploy NFS Services under Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.