Shulou(Shulou.com)06/01 Report--

This article focuses on "how to use the NFS network file system under Linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use the NFS network file system under Linux.

0. What is NFS (Network FileSystem)

NFS is the abbreviation of Network FileSystem, which was first developed by Sun. Its biggest function is that through the network, different machines, different operating systems, can share individual files with each other (share file), so it can also be simply regarded as a file server! This NFS Server allows your PC to mount the directory shared by the remote NFS host on the network to the local machine, so on the local machine, the directory of that remote host looks like its own partition!

Although NFS has its own protocol and port number, NFS uses a protocol called remote procedure call (Remote Procedure Call, RPC) to assist NFS itself in data transfer or other related messages.

1. NFS has at least two main parts: a server and a (or more) client. The client remotely accesses the data stored on the server. In order to work properly, some processes need to be configured and run.

Installation of the NFS server:

Check whether nfs-utils and portmap software packages are installed in the linux system

(these two packages have been installed by default on the RHEL4 system)

Command

The code is as follows:

# rpm-Q nfs-utils portmap

Check to see if the NFS server starts:

Command

The code is as follows:

# service nfs starus

# service portmap status

If the server is not started, the service is enabled (nfs is not fully enabled by default)

Command

The code is as follows:

# service nfs start

# service portmap start

2.RPC

When we use certain services to connect remotely, some information, such as the IP of the host, the port number of the service, the PID of the corresponding service, and so on, need to be managed and corresponded! The task of managing the correspondence of port and service relevance is the task of Remote Procedure Call RPC. NFS's own service does not provide a data transfer protocol, but NFS allows us to share files, and the reason is that NFS uses some other related transfer protocols! And these transmission protocols use the so-called RPC function. That is to say, NFS itself is a program that uses RPC! To put it more bluntly, NFS can also be regarded as a RPC server! At the same time, it should be noted that in some cases, not only the Server running NFS needs to activate the RPC service, but also the synchronous activation of RPC is required to mount the Client machine of NFS partition. In this way, the Server side and the Client side can correspond to program port through the protocol of RPC. NFS mainly manages the shared directories, but as for the transmission of data, just throw it to RPC's protocol to run it!

3.NFS activated RPC daemons

Rpc.nfsd: the main function of this daemon is to manage whether the Client can log in to the host, including the discrimination of the login ID of the login user.

Rpc.mountd: the main function of this daemon is to manage NFS's file system! When the Client successfully logs in to the host through rpc.nfsd, before he can use the files provided by NFS server, he will also go through the authentication process of the file permissions (that is, the permissions of-rwxrwxrwx and owner, group)! He will read the NFS profile / etc/exports to compare the permissions of Client. After passing this level, Client can get permission to use NFS files! (note: this is also the place we use to manage the permissions and security settings of NFS shared directories.)

4.NFS requires two packages, which are:

Nfs-utils

Is to provide rpc.nfsd and rpc.mountd these two NFS daemons and other related documents and documentation, execution files and other packages! This is the main suite of NFS.

Portmap

As just mentioned, our NFS can actually be regarded as a RPC server program, and before activating any RPC server program, we need to do a good job of the mapping of the port, which is actually the responsibility of the "portmap" service! In other words, before activating any RPC server, we need to activate portmap! So what on earth is this portmap doing? Just like the name of this service, ! Is to be the mapping of port! For example, when the Client side tries to use the services provided by RPC server, because Client needs to get a connected port to use the services provided by RPC server, Client will first say to portmap, "Hello!" Could you let me know if you can give me a port number so that I can contact RPC? "at this time, portmap automatically informs Client of the port mapping he manages so that he can connect to server. So: "before activating NFS, please activate portmap!" "

Settings on 5.NFS server side:

A) / etc/exports

Shared directory host name 1 or IP1 (parameter 1, parameter 2) host name 2 or IP2 (parameter 3, parameter 4)

b)。 Parameters.

Rw: erasable permissions

Ro: read-only permission

No_root_squash: a user who logs in to a NFS host and uses a shared directory. If it is root, then he has root permission for this shared directory! This project is "extremely unsafe" and is not recommended!

Root_squash: when logging in to the NFS host to use the shared directory, if the user is root, then the user's permissions will be compressed to anonymous users, usually his UID and GID will become the identity of nobody.

All_squash: regardless of the identity of the user who logs in to NFS, his identity will be compressed to an anonymous user, usually nobody!

Anonuid: the UID setting for anonymous users mentioned earlier about * _ squash is usually nobody, but you can set the value of this UID yourself! Of course, this UID must exist in your / etc/passwd!

Anongid: same as anonuid, but just become group ID

Sync: data are synchronously written to memory and hard disk

Async: data will be temporarily stored in memory rather than written directly to the hard disk.

6. Instance of the setting:

A) / tmp * (rw,no_root_squash) / / * indicates that all IP can be accessed

B) / tmp * (rw)

/ home/public 192.168.0.* (rw) * (ro) / / the following two lines have the same effect

/ home/public 192.168.0.0 Compact 24 (rw) * (ro)

C) / home/test 192.168.0.100 (rw) / / set permissions for only one machine

D) / home/linux * .linux.org (rw,all_squash,anonuid=40,anongid=40) / / when * .linux.org logs in to the NFS host and writes the file under / home/linux, the owner and all groups of the file will become users with the identity of UID 40 corresponding to / etc/passwd.

7. Authority problem

Suppose the content in / etc/exports is

The code is as follows:

# vi / etc/exports

/ tmp * (rw,no_root_squash)

/ home/public 192.168.0.* (rw) * (ro)

/ home/test 192.168.0.100 (rw)

/ home/linux * .linux.org (rw,all_squash,anonuid=40,anongid=40)

Suppose we log in to this NFS host (192.168.0.2) at the client side of 192.168.0.100, then

Case 1: the account number of 192.168.0.100 is test. At the same time, the account test is also available on the NFS host.

a)。 Because the / tmp permission of the NFS host is-rwxrwxrwt, I (test on 192.168.0.100) have access under / tmp, and the owner of the file is test.

b)。 In / home/public, because I have read and write permissions, if the permission of the NFS host in the / home/public directory is open to write to test, then it can read and write, and the owner of the write file is test. If the / home/public of the NFS host does not open write permissions for the user test, it cannot be written, even though there is a rw in the / etc/exports, which does not work.

c)。 In / home/test, permissions have the same status as / home/public, which requires the / home/test of the NFS host to have open permissions for test.

d)。 In / home/linux, no matter what kind of user, the identity will be changed to the account of UID=40.

Case 2: if our identity is test2 at 192.168.0.100, but the NFS host does not have the test2 account,

a)。 It can still be written under / tmp, but the owner of the file written becomes nobody.

b)。 Whether it can be written in / home/public and / home/test depends on the permission of / home/public, but the identity is changed to nobody.

C) the identity under / home/linux still becomes the account of UID=40.

Case 3: the identity is root at 192.168.0.100.

a)。 Can be written in / tmp, but due to the parameter of no_root_squash, changed the default setting of root_squash, so the owner of the file written in / tmp is root.

b)。 The identity under / home/public is compressed to nobody, because the default properties have root_squash, so the file owner becomes nobody.

C). / home/test is the same as / home/public.

D). / home/linux, the identity of root is also compressed to the user of UID=40.

8. Start the service portmap,nfs

The code is as follows:

# / etc/rc.d/init.d/portmap start

(or:

The code is as follows:

# service portmap start

)

The code is as follows:

# / etc/rc.d/init.d/nfs start

(or:

The code is as follows:

# service nfs start

)

You can check in / var/log/messages to see if it is activated correctly.

The usage of 9.exportfs

If we modify / etc/exports, we do not need to restart the nfs service, just scan / etc/exports again with exportfs and reload

Syntax: exportfs [- aruv]

-a: Mount (or uninstall) all / settings in etc/exports files

-r: remount the settings in / etc/exports, and synchronously update the contents of / etc/exports and / var/lib/nfs/xtab

-u: uninstall a directory

-v: in export, the shared directory is displayed on the screen.

Examples

The code is as follows:

# exportfs-rv / / re-export once

# exportfs-au / / Uninstall all

You can check the sharing permissions of each directory in 10./var/lib/nfs/xtab (but I can't find it. Shit, I found it. It turns out that the content will not appear until someone is on nfs on mount), such as:

/ tmp node3 (ro,sync,wdelay,hide,secure,root_squash,no_all_squash,subtree_check,secure_locks,mapping=identity,anonuid=-2,anongid=-2)

Why anonuid=-2? He he! In fact, it says that the value of 65536-2, that is, the UID of 65534! Compare / etc/passwd and you will find, Wow! So that's nobody's.

11.showmount command

Syntax: showmount [- ae] hostname

-a: displays the status of the usage directory connected to the client by the host

-e: displays the shared directory in / etc/exports of hostname

twelve。 View the active portnumber

The code is as follows:

# netstat-utln

The port opened by nfs itself is the 2049 port! That is, port NFS server, which is mainly produced by NFS, which we mentioned earlier, is a kind of RPC server, while NFS provides multiple program (such as rpc.mountd, rpc.rquotad, rpc.nfsd...). So you need to activate more than one port And these port are "randomly generated", that is, the port number will not be fixed! Every time restart nfs gets a different port number! So how does the Client know which port to connect to to call the required program? He he! That's the function of port number generated by sunrpc (port 111that portmap service)! Client will first connect to the sunrpc port to know which port to call the required program! So, daemon such as rpc.xxxx does not need to have a fixed port number.

Settings of NFS client

The code is as follows:

# mount-t nfs hostname (orIP): / directory / mountpoint

It's done. it's that simple.

For fear of accidentally executing a program with SUID permissions attached to the NFS side, root can mount the directory shared by NFS in a more secure situation.

The code is as follows:

# mount-t nfs-o nosuid,ro hostname:/directory / mountponit

What may go wrong:

1. The setting of permissions does not meet the requirements.

two。 If you forgot to activate portmap, you will get an error:

Mount: RPC: Port mapper failure-RPC: Unable to receive or

Mount: RPC: Program not registered

So, start portmap and restart nfs

The code is as follows:

# service portmap start

# service nfs restart

3. Get rid of the firewall.

Reset the firewall, including iptables and TCP_Wrappers, because portmap is activated, so port 111must be provided. So in iptables rules, add:

The code is as follows:

Iptables-An INPUT-p TCP-- dport 111j ACCEPT

Iptables-An INPUT-p UDP-- dport 111j ACCEPT

If it doesn't work, it's the problem with TCP_Wrappers. Check / etc/hosts.deny, if one line is:

The code is as follows:

ALL: ALL: deny

Then you must add to / etc/hosts.allow:

The code is as follows:

Portmap: ALL: allow

If our NFS is developed for internal networks, and for external networks only for academic networks (140.0.0.0), you can:

The code is as follows:

Iptables-An INPUT-I eth0-p TCP-s 192.168.0 ACCEPT 24-dport 111-j

Iptables-An INPUT-I eth0-p UDP-s 192.168.0 ACCEPT 24-dport 111-j

Iptables-An INPUT-I eth0-p TCP-s 140.0.0.0 dport 8-- dport 111-j ACCEPT

Iptables-An INPUT-I eth0-p UDP-s 140.0.0.0 dport 8-- dport 111-j ACCEPT

You can also use TCP_Wrappers to specify the IP and name of the host connected to the NFS host in / etc/hosts.allow, for example

The code is as follows:

# vi /. Etc/hosts.allow

Portmap: 192.168.0.0/255.255.255.0: allow

Portmap: 140.113.23.23: allow

Portmap: .sdu.edu.cn: allow

Related commands of RPC Server

The code is as follows:

Rpcinfo

# rpcinfo-p hostname (orIP)

Problems to pay attention to:

It should be noted that because the RPC used by NFS is connected to the host on the client side, then your host wants to shut down, which will become an "impossible task"! I don't know the right reason yet, but if you still have Client online on your Server, you may have to wait hours before you can shut down successfully. Ah! Really?! Don't you believe it? Or try it yourself! ^ _ ^! So, it is recommended that you turn off portmap and nfs before your NFS Server wants to turn off! If you can't turn off the two daemons correctly, first find the PID with netstat-utlp, and then turn it off with kill! Only in this way can we successfully shut down the computer normally. Please pay special attention to this.

In TurboLinux8.0 for AMD64 (kernel 2.4.21-4smp), an error was reported in mount NFS:

Portmap: server localhost not responding, timed out

Solution:

The code is as follows:

Mount-t nfs-o nolock node1:/public / public

That is, add the-o nolock parameter because:

Unfsd doesn't support NLM locking, and it's causing the lockd daemon to be started (which again requires the portmapper to be installed etc.)

At this point, I believe you have a deeper understanding of "how to use the NFS network file system under Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.