Introduction of Services for NFS
NFS is the abbreviation for Network file system, which is the network filesystem. An agreement for the decentralized file system, developed by Sun, was released in 1984. The function is to allow different machines, different operating systems to share individual data with each other through the network, so that the application can access the data on the server disk through the network, it is a way to realize disk file sharing between Unix-like systems.
The basic principle of NFS is "to allow different clients and services to share the same file system through a set of RPC", which is independent of the operating system, allowing different hardware and operating system systems to share files.
NFS relies on the RPC protocol during file transfer or information transfer. RPC, remote procedure invocation (Procedure call) is a mechanism that enables clients to execute programs in other systems. NFS itself does not provide the protocol and functionality to transmit information, but NFS allows us to share information over the network because NFS uses some other transport protocol. And these transport protocols are used for this RPC functionality. It can be said that NFS itself is a program that uses RPC. Alternatively, NFS is also an RPC SERVER. So you start RPC services wherever you use NFS, whether it's NFS server or NFS CLIENT. This allows the server and client to implement the program Port's counterpart through RPC. You can understand the relationship between RPC and NFS: NFS is a file system, and RPC is responsible for the transmission of information.
Second, the system environment
System platform: CentOS release 5.6 (Final)
NFS Server ip:192.168.1.108
The firewall is closed/iptables:firewall is not running.
Selinux=disabled
III. Installation of NFS Services
The installation of NFS is very simple, requires only two packages, and is normally installed as the default package for the system.
nfs-utils-*: Includes basic NFS commands and monitoring programs
portmap-*: Support for secure NFS RPC Service connections
1. See if the System has NFS installed
The system defaults to the Nfs-utils portmap two packages installed.
2, if the current system does not have NFS required to install the package, you need to install manually. The installation files for the nfs-utils and Portmap two packages are available on the system CD.
Four, the NFS system daemon
NFSD: It is the basic NFS daemon, and the primary function is to manage whether the client can log on to the server;mountd: It is the RPC installation daemon, the main function of which is to manage NFS file systems. When a client logs on to an NFS server successfully via NFSD, it must also be authenticated with file permission before using the files provided by the NFS service. It reads NFS's profile/etc/exports to compare client permissions. Portmap: The main function is to do port mapping work. When a client tries to connect and uses the services provided by the RPC server, such as the NFS service, PORTMAP provides the managed port to the client, allowing customers to request services from the server.
Five, Server for NFS configuration
Server for NFS is relatively simple to configure, just set up in the appropriate configuration file, and then start the NFS server.
Common Directories for NFS
/etc/exports The main configuration file for NFS services
/USR/SBIN/EXPORTFS Management commands for NFS services
/usr/sbin/showmount Client's view command
/var/lib/nfs/etab record full permission settings for NFS-shared directories
/var/lib/nfs/xtab record client information that has been logged in
The configuration file for NFS services is/etc/exports, which is the primary configuration file for NFS, but the system does not have a default value, so this file does not necessarily exist, you may want to manually build with Vim, and then write the configuration content in the file.
/etc/exports File Content format:
A. Output directory:
The output directory refers to the directories that need to be shared with the client in an NFS system;
B. Client:
A client is a computer in the network that can access this NFS output directory
Client-specific methods used
• Host of the specified IP address: 192.168.0.200
• Specify all hosts in the subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0
• Host of specified domain name: david.bsmart.cn
• Specify all hosts in the domain: *.bsmart.cn
• All hosts: *
C. Options:
option is used to set access permissions, user mappings, and so on for the output directory.
There are 3 main types of NFS options:
Access rights options
• Set Output directory Read only: RO
• Set output directory Read/write: RW
User mapping Options
All_squash: All normal users and groups of remote access are mapped to anonymous users or groups of users (Nfsnobody);
No_all_squash: Reverse with All_squash (default setting);
Root_squash: Maps root and group to anonymous users or groups of users (default setting);
No_root_squash: With the Rootsquash to take the opposite;
anonuid=xxx: Maps All users of remote access to anonymous users and specifies that the user is a local user (uid=xxx);
anongid=xxx: Maps all user groups for remote access to anonymous user group accounts and designates the anonymous user group account as the local user group account (GID=XXX);
Other options
Secure: Restrict clients from connecting to NFS servers from TCP/IP ports less than 1024 (default setting);
insecure: Allows clients to connect to the server from TCP/IP ports greater than 1024;
Sync: It is inefficient to write data synchronously to memory buffer and disk, but it can guarantee the consistency of data;
Async: Save the data in a memory buffer before writing to disk if necessary;
wdelay: Check for write-related writes and, if so, execute them together, which can improve efficiency (default setting);
No_wdelay: If there is a write operation will be implemented immediately, should be used in conjunction with the sync;
subtree: If the output directory is a subdirectory, the NFS server checks the permissions of its parent directory (the default setting);
No_subtree: Even if the output directory is a subdirectory, NFS server does not check the permissions of its parent directory, which can improve efficiency;
Server for NFS start and stop
After the exports file is properly configured, you can start the NFS server.
1. Start Server for NFS
In order for the NFS server to function properly, the Portmap and NFS two services need to be started, and Portmap must be started before NFS.
2. Querying NFS Server Status
3. Stop NFS Server
To stop NFS running, you need to stop the NFS service before stopping the Portmap service, and you do not need to stop the Portmap service for other services in the system (such as NIS) that need to be used
4, set up Server for NFS automatic start state
For the actual application system, it is unrealistic to start the NFS server manually each time you start the Linux system, and you need to set up the system to automatically start Portmap and NFS services at the specified run level.
Set up Portmap and NFS services to start automatically at System run level 3 and 5.
Vii. examples
1, NFS Server to share the/home/david/to 192.168.1.0/24 network segment, access to read and write.
Server-side files are detailed as follows:
# Vi/etc/exports
/home/david 192.168.1.0/24 (rw)
2. Restart Portmap and NFS Services
3. Server-side uses the Showmount command to query NFS for shared status
# SHOWMOUNT-E//default view of their shared services, provided that DNS can resolve their own, or easy to complain
# SHOWMOUNT-A//Display directory information that has been connected to the client
4. Clients use the Showmount command to query NFS for shared status
# SHOWMOUNT-E NFS Server IP
5. Client mount shared directory in NFS server
Command format
# Mount NFS Server IP: Shared directory local mount point directory
# Mount 192.168.1.108:/home/david//tmp/david/
# Mount |grep NFS
Mount succeeded.
View whether the file is consistent with the server side.
6. NFS Shared permissions and access control
Now we're going to create a file inside/tmp/david/to see what the permissions are.
# Touch 20130103
Permission denied appears here because the Write permission on the server-side shared directory itself is not open to other users and opens the permission on the server side.
# chmod 777-r/home/david/
Create a file in the client/tmp/david/again
I used the file created by the root user to become a nfsnobody user.
NFS has a number of default parameters, open/var/lib/nfs/etab to view the shared/home/david/full permissions setting values.
# Cat/var/lib/nfs/etab
The default is sync,wdelay,hide and so on, No_root_squash is to leave the root to retain permissions, Root_squash is to map root to Nobody,no_all_squash does not allow all users to maintain the permissions in the Mount directory. So, the owner of the file created by root is nfsnobody.
Below we use normal user mount, write file test.
# Su-david
$ Cd/tmp/david/
$ Touch 2013david
Ordinary users write their own name when writing to the file, which guarantees the security of the server.
About the analysis of permissions
1. When the client connects, the inspection to the ordinary user
A. If you explicitly set the identity of the ordinary user is compressed, then the identity of the client user is converted to the designated user;
B. If there is a user with the same name on the NFS server, then the client logon account is converted to a user of the same name above the NFS server;
C. If there is no explicit designation, there is no user with the same name, then the user identity is compressed into nfsnobody;
2. When the client is connected, check the root
A. If the No_root_squash is set, the root user's identity is compressed to root on NFS server;
B. If the All_squash, Anonuid, Anongid are set, the root status is compressed to the specified user;
C. If not explicitly specified, the root user is compressed to nfsnobody at this time;
D. If you specify both No_root_squash and All_squash users will be compressed to nfsnobody, if Anonuid is set, Anongid will be compressed to the specified user and group;
7. Uninstall an NFS shared directory that is mounted
# Umount/tmp/david/
Eight, start Automatic Mount NFS file system
Format:
<server>:</remote/export> </local/directory> NFS < options> 0 0
# Vi/etc/fstab
Save exit and reboot the system.
Check to see if/home/david is automatically mounted.
Automatic mount success.
Ix. Related Orders
1, Exportfs
If we have modified/etc/exports after we started NFS, do we have to restart NFS? This time we can use the EXPORTFS command to make the changes immediately effective, the command format is as follows:
# Exportfs [-aruv]
-A all mounts or unloads the contents of the/etc/exports
-R re-read the information in the/etc/exports and synchronizes the updates/etc/exports,/var/lib/nfs/xtab
-U unload a single directory (used together with-A to uninstall directories in all/etc/exports files)
-V in export, the detailed information to the screen.
Specific examples:
# Exportfs-au Uninstall all shared directories
# EXPORTFS-RV share all directories and output details
2, Nfsstat
Looking at the running Status of NFS is a great help for adjusting the operation of NFS.
3, Rpcinfo
View RPC execution information, a tool that can be used to detect RPC operations, and use RPCINFO-P to see what programs are available from RPC-enabled ports.
4, Showmount
-A displays directory information that is already on the client connection
-e IP or hostname displays the directory where this IP address is shared
5, Netstat
The
can view the port on which the NFS service is opened, where NFS is opened by 2049,portmap 111, and the rest is RPC-enabled.
Finally note two points, although the permission settings allow ordinary users to access, but when the mount by default only root can be mounted, ordinary users can execute sudo.
NFS server shuts down a bit to ensure that the NFS service is turned off and that no clients are connected! The showmount-a can be viewed and, if so, ended with a kill Killall Pkill (-9 forced end)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
