Shulou(Shulou.com)06/02 Report--

I. basic concepts

NFS:Network File System network file system, a protocol for sharing files between Unix systems, can only be used in a local area network

Map network disk partitions to local, saving local disk space

Agreement:

RPC (Remote Procedure Call Protocol)-remote procedure call protocol

Software:

Nfs-utils-*: includes basic NFS commands and monitors (only this one is installed)

Rpcbind-*: connections that support secure NFS RPC services (installed by default)

1.1.The NFS system daemon

Nfsd: it is the basic NFS daemon and its main function is to manage whether the client can log in to the server.

Mountd: it is the RPC installation daemon and its main function is to manage the file system of NFS. When the client successfully logs in to the NFS server through nfsd, it must also verify the file usage rights before using the files provided by the NFS service. It reads NFS's configuration file / etc/exports to compare client permissions.

Rpcbind: the main function is to do port mapping. When a client tries to connect and use a service provided by a RPC server, such as a NFS service, rpcbind provides the client with the managed port corresponding to the service, which enables the customer to request the service from the server through that port.

1.2.Configuration of NFS server

The configuration of the NFS server is relatively simple, just set it in the appropriate configuration file, and then start the NFS server.

1.2.1. Common directories of NFS

/ main configuration file for etc/exports NFS service

Administrative commands for / usr/sbin/exportfs NFS service

/ usr/sbin/showmount client view command

/ var/lib/nfs/etab records the full permission settings of directories shared by NFS

/ var/lib/nfs/xtab records the client information that has been logged in

The configuration file for the NFS service is / etc/exports, which is the main configuration file for NFS, but the system does not have a default value, so this file does not necessarily exist. You may have to create it manually using vim, and then write the configuration content in the file.

1.2.2, format of the configuration file

/ etc/exports file content format:

[client 1 options (access rights, user mapping, other)] [client 2 options (access rights, user mapping, other)]

a. Output directory: the directory in the NFS server system that needs to be shared with the client

b. Client: a client is a computer on the network that can access this NFS output directory.

Commonly specified methods for clients:

The host that specifies the ip address: 192.168.0.200

Specify all hosts in the subnet: 192.168.0.0 Universe 24 or 192.168.0.0 Universe 255.255.255.0

The host of the specified domain name: david.bsmart.cn

All hosts in the specified domain: * .bsmart.cn

All hosts: *

c. Options: options are used to set the access rights of the output directory, user mapping, and so on.

There are three main types of options for NFS:

Access options:

Set the output directory to read-only: ro

Set output directory read / write: rw

User mapping options:

All_squash: maps all ordinary users and groups that are accessed remotely to anonymous users or user groups (nfsnobody)

No_all_squash: inverted from all_squash (default)

Root_squash: map root users and their groups to anonymous users or user groups

No_root_squash: inverted from rootsquash (default)

Anonuid=xxx: maps all users accessed remotely to anonymous users and specifies the user as a local user (UID=xxx)

Anongid=xxx: maps all user groups accessed remotely to an anonymous user group account and specifies the anonymous user group account as a local user group account (GID=xxx)

Other options

Secure: restricts clients to connect to nfs servers only from tcp/ip ports less than 1024 (default setting)

Insecure: allows clients to connect to the server from a tcp/ip port greater than 1024

Sync: write data synchronously to memory buffers and disks, which is inefficient, but can ensure data consistency.

Async: save the data in a memory buffer before writing to disk if necessary

Wdelay: check if there are related writes, and if so, perform them together to improve efficiency (default setting)

No_wdelay: if there is a write operation, it should be performed immediately. It should be used with sync.

Subtree: if the output directory is a subdirectory, the nfs server will check the permissions of its parent directory (default)

No_subtree: even if the output directory is a subdirectory, the nfs server does not check the permissions of its parent directory, which improves efficiency

1.3.Starting and stopping of NFS server

1.3.1. Start the NFS server

(if there is a startup sequence, it must be A before B; the order of shutting down the NFS server is just the opposite, B first and then A)

A, service rpcbind start | stop

B, service nfs start | stop

1.3.2. Query NFS server status

Servicerpcbind status

Service nfs status

1.3.3. Set up the automatic startup of NFS server

Set the rpcbind and nfs services to start automatically at system runlevel 2345.

# chkconfig-- level 35 rpcbind on

# chkconfig-- level 35 nfs on

II. Examples

1. Share the / home/zhangsan of the NFS server to the 192.168.115.0 ax 24 network segment with rw permission

# vi / etc/exports

/ home/zhangsan 192.168.115.0 lap24 (rw,sync) read, write, synchronize

two。 Restart portmap and nfs services

# service rpcbind restart

# service nfs restart

# exportfs

3. Server-side view nfs share status

# showmount-e Native ip or exportfs

View your shared services

4. Client views nfs share status

Showmount-e NFS server IP

5. Client mounts the nfs server shared directory

Command format: mount NFS server IP: shared directory local mount point directory

# mount-t nfs 192.168.115.10:/home/zhangsan/ / media/zhangsan/

# mount | grep nfs

Verify that the client and nfs server files are consistent:

Modify the appropriate permissions on the server side, otherwise the client cannot access and use it properly.

6. Nfs share permissions and access control

a. Client root user

The file is created on the nfs server using the client's root identity, and the owner and group of the file is nfsnobody.

b. Client-side ordinary user

Use the normal user identity of the client to create the file on the nfs server, and the owner and group are nobody or normal users.

c. Reason: / var/lib/nfs/etab

1. Check the root when the client connects

If no_root_squash is set, the identity of the root user is compressed to the root on the NFS server.

If all_squash, anonuid, and anongid are set, the root identity is compressed to the specified user

If not explicitly specified, the root user is compressed to nfsnobody at this time

If you specify both no_root_squash and all_squash users will be compressed to nfsnobody, and if anonuid is set, anongid will be compressed to the specified users and groups

two。 Check for ordinary users when the client connects

If the identity of an ordinary user is explicitly set, then the identity of the client user is converted to the specified user

If there is a user with the same name on the NFS server, the identity of the client login account is converted to the user of the same name on the NFS server.

If it is not explicitly specified and there is no user with the same name, then the user identity is compressed to nobody

7. Uninstall and auto mount

Uninstall:

1. Uninstall the mount directory of the client

Umount mount point

two。 Stop sharing on the server side

Exportfs-au

Auto mount: / etc/fstab

Format:: nfs

0 0

# 192.168.115.10:/home/zhangsan / media/zhangsan nfs defaults 0 0

# mount-a

III. Relevant orders

A. Exportfs

If we modify / etc/exports after starting NFS, do we have to restart nfs? At this point, we can use the exportfs command to make the changes take effect immediately, which is in the following format:

Format: exportfs [- aruv]

-a Mount or unmount all the contents of / etc/exports

-r re-read the information in / etc/exports and synchronously update / etc/exports, / var/lib/nfs/xtab

-u uninstall a single directory (used with-a to uninstall directories in all / etc/exports files)

-v when in export, the detailed information is output to the screen.

Specific examples:

# exportfs-au uninstalls all shared directories

# exportfs-rv re-shares all directories and outputs details

B. Rpcinfo can use rpcinfo-p to find out what programs are provided by the ports opened by RPC.

Among them, nfs opens 2049 Magi portmapper (rpcbind) opens 111and the rest is a mapping port opened by rpc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.