Shulou(Shulou.com)06/02 Report--

NFS overview

NFS stands for Network File System. A protocol for distributed file systems developed by Sun Microsystems and published in 1984. The function is to allow different machines and different operating systems to share individual data with each other through the network, and to allow applications to access data located on server disks through the network. It is a way to achieve disk file sharing between Unix-like systems.

Agreement:

RPC (Remote Procedure Call Protocol)

Software:

nfs-utils-*: Includes basic NFS commands and monitors

rpcbind-*: Connections that support secure NFS RPC services

Note: Normally installed as the default package for the system

CentOS6.* Rpcbind was formerly called portmap.

NFS system daemons

nfsd: This is a basic NFS daemon that manages whether clients can log on to the server.

mountd: It is an RPC installation daemon whose primary function is to manage file systems for NFS. After the client successfully logs on to the NFS server through nfsd, it must also pass the file usage permission verification before using the files provided by the NFS service. It reads the NFS configuration file/etc/exports to compare client permissions.

rpcbind: The main function is to perform port mapping work. When a client attempts to connect to and use a service provided by an RPC server, such as an NFS service, rpcbind provides the client with the port managed for the service so that the client can request the service from the server through that port.

Configuration of NFS Server

NFS server configuration is relatively simple, you only need to set up in the corresponding configuration file, and then start the NFS server.

Common directories for NFS

/etc/exportsPrimary configuration file for NFS service

/usr/sbin/exportfsAdministrative commands for NFS services

/usr/sbin/showmount Client View Command

/var/lib/nfs/etab Record full permissions settings for directories shared by NFS

The requested URL/var/lib/was not found on this server.

The NFS service configuration file is/etc/exports, which is the main configuration file for NFS. However, the system does not have default values, so this file may not exist. You may need to use vim to manually create it, and then write the configuration content in the file.

/etc/exports file content format:

[Client 1 Options (Access, User Mapping, Other)] [Client 2 Options (Access, User Mapping, Other)]

a. Output directory: Output directory refers to the directory in NFS system that needs to be shared for client use

b. Client: A client is a computer on the network that has access to this NFS export directory

Common ways to specify clients:

Host with specified ip address: 192.168.0.200

Specify all hosts in subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0

Host of specified domain name: david.bsmart.cn

Specify all hosts in the domain: *. bsmart.cn

All hosts: *

c. Options: Options are used to set access rights to the output directory, user mapping, etc.

NFS has three main types of options:

Access options:

Set output directory read-only: ro

Set output directory read/write: rw

User mapping options:

all_squash: maps all ordinary users and their groups accessed remotely to anonymous users or user groups (nfsnobody);

no_all_squash: negates all_squash (default);

root_squash: maps root user and its group to anonymous user or user group (default setting);

no_root_squash: negates rootsquash;

anonuid=xxx: maps all users accessed remotely to anonymous users and specifies the user as local (UID=xxx);

anongid=xxx: map all user groups accessed remotely to anonymous user group accounts, and designate the anonymous user group accounts as local user group accounts (GID=xxx);

other options

secure: limits clients to connecting to nfs servers from tcp/ip ports less than 1024 (default setting);

insecure: Allow clients to connect to the server from tcp/ip ports greater than 1024;

sync: write data synchronously to memory buffer and disk, low efficiency, but can ensure data consistency;

async: Store data in memory buffer before writing to disk if necessary;

wdelay: Check if there are related writes, and if there are, execute these writes together to improve efficiency (default setting);

no_wdelay: If there is a write operation, it will be executed immediately. It should be used in conjunction with sync.

subtree: If the output directory is a subdirectory, the nfs server checks the permissions of its parent directory (default setting);

no_subtree: Even if the output directory is a subdirectory, the nfs server does not check the permissions of its parent directory, which can improve efficiency;

Start and Stop of NFS Server

Start the NFS server.

For NFS servers to work properly, both rpcbind and nfs services need to be started, and rpcbind must be started before nfs.

# service rpcbind start

# service nfs start

2. Query NFS server status

# service rpcbind status

# service nfs status

Stop the NFS server.

To stop NFS running, you need to stop the nfs service before stopping the rpcbind service. If there are other services in the system (such as NIS) that need to be used, you do not need to stop the rpcbind service.

# service nfs stop

# service rpcbind stop

4. Set the automatic startup status of NFS server

Set the rpcbind and nfs services to start automatically at runlevel 2345.

# chkconfig --level 2345 rpcbind on

# chkconfig --level 2345 nfs on

examples

1. Share/home/zhangsan of NFS server to segment 192.168.115.0/24 with rw permission

# vim /etc/exports

/home/zhangsan 192.168.115.0/24(rw)

Gateway is required to mount different network segments (ping connection)

2. Restart portmap and nfs services

# service rpcbind restart

# service nfs restart

# exportfs -rv (refresh profile)

3. server-side view of nfs share status

# showmount -e native ip

View your shared services

4. Client View nfs Share Status

showmount -e NFS Server IP

5. Client mounts nfs server shared directory

Command format: mount NFS server IP: shared directory local mount point directory

# mount 192.168.115.10:/home/zhangsan/ /media/zhangsan/

# mount |grep nfs

Verify that the client and nfs server-side files are consistent:

[root@NFS ~]#cd /media/zhangsan/

The requested URL/media/zhangsan/2016/09/09/09.jpg was not found on this server.

[root@NFS ~]#

Modify the corresponding permissions on the server, otherwise the client cannot access and use them normally.

6 nfs Shared permissions and access control

a. Client root

Create a file on the nfs server using the client's root identity, and the owner and group of the file is nfsnobody.

b. Client Regular User

Create a file on the nfs server using the client's normal user identity, the owner and the group to which it belongs is nobody or normal user.

c. Reason: /var/lib/nfs/etab

1. Check root when client connects

If no_root_squash is set, then the identity of the root user is compressed to root on the NFS server;

If all_squash, anonuid, anongid are set, the root identity is compressed to the specified user;

If not explicitly specified, root is compressed to nfsnobody;

If no_root_squash and all_squash are specified at the same time, the user will be compressed to nfsnobody. If anonuid and anongid are set, the user and group specified will be compressed.

2. Check for normal users when client connects

If the compressed identity of the ordinary user is explicitly set, then the identity of the client user is converted to the designated user at this time;

If there is a user with the same name on the NFS server, then the identity of the client login account is converted to the user with the same name on the NFS server.

If it is not explicitly specified and there is no user with the same name, then the user identity is compressed to nobody;

7. Unmount and automount

1. Unmount the client's mount directory

mount mount point

2. Stop server-side sharing

exportfs -au

Automount: /etc/fstab

Format: nfs

0 0

#192.168.115.10:/home/zhangsan /media/zhangsan nfs defaults 0 0

#mount -a

related commands

a. exportfs

If we modify/etc/exports after starting NFS, do we have to restart nfs? At this point we can use the exportfs command to make the change take effect immediately. The command format is as follows:

Format: exportfs [-aruv]

-a Mount or uninstall all contents of/etc/exports

-r Re-reads information from/etc/exports and updates/etc/exports,/var/lib/nfs/xtab synchronously

-u Unloads a single directory (used with-a to uninstall directories in all/etc/exports files)

-v When exporting, output detailed information to the screen.

Specific examples:

# exportfs -au Unloads all shared directories

# exportfs -rv Resharing all directories and outputting details

b. rpcinfo Use rpcinfo -p to see which programs are provided by RPC's open ports

Nfs is 2049, portmapper(rpcbind) is 111, and the rest are rpc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.