NFS server configuration

Server Configuration
1. Create a shared directory
# Mkdir/home/share
# Chown nobody. nogroup/home/share
2. Create or modify the/etc/exports configuration file
The content of this file is very simple. Each line consists of the throw path, the list of Customer names, and the Access Options followed by each customer name:
[Shared directory] [host name or IP address (parameter, parameter)]
The parameters are optional. If no parameter is specified, NFS uses the default option. The default sharing options are sync, Ro, root_squash, and no_delay.
If the host name or IP address is empty, it indicates that the shared IP address is used to provide services to any client.
If you share the same directory with multiple clients but have different permissions for each client, you can:
[Shared directory] [host name 1 or IP1 (parameter 1, parameter 2)] [host name 2 or ip2 (parameter 3, parameter 4)]
Below are some common NFS sharing parameters:
RO read-only access
RW read/write access
Sync all data written for sharing upon request
Async NFS can request data before writing data
Secure NFS is sent through the secure TCP/IP ports below 1024
Insecure NFS is sent over port 1024
Wdelay if multiple users want to write data to the NFS Directory, group write (default)
No_wdelay if multiple users want to write data to the NFS Directory, write the data immediately. This setting is not required when async is used.
Hide does not share its subdirectories in the NFS shared directory.
No_hide shares the subdirectory of the NFS Directory
Subtree_check if sub-directories such as/usr/bin are shared, force NFS to check the permissions of the parent directory (default)
No_subtree_check is opposite to the above. The parent directory permission is not checked.
All_squash: The UID and gid of the shared file are mapped to the anonymous user anonymous, which is suitable for public directories.
No_all_squash retains the UID and gid of the shared file (default)
Root_squash all requests of the root user are mapped to the same permissions as those of the anonymous user (default)
The no_root_squas root user has full management access permissions to the root directory.
Anonuid = xxx specifies the UID of an anonymous user in the NFS server/etc/passwd file
Anongid = xxx specifies the GID of anonymous users in the NFS server/etc/passwd file
The configuration file/etc/exports is as follows:
$ CAT/etc/exports
/Home/share 192.168.102.15 (RW, sync) * (RO)
Configuration Description: grant the read and write permissions to 192.168.102.15. Other machines only have the read-only permission.

3 iptables Firewall
If our NFS server is behind the firewall, you need to add the following policies to the fire prevention policy:
-A input-p tcp-M state -- state new-M multiport -- dport 111,2049, 4001,32764: 32767-J accept
-A input-p udp-M state -- state new-M multiport -- dport 111,2049, 4001,32764: 32767-J accept

========================================================

NFS: Network File System, a file sharing service in Linux.

To use NFS, You Need To Enable RPC (remoteprocedure call). RPC can specify the port number corresponding to each NFS function. After RPC is restarted, all NFS function services managed by RPC must be registered with RPC again.

To set NFS, you must install the nfs-utils and Portmap programs. Run rpm-Q to check whether the nfs-utils and Portmap programs are installed.

Nfs-utils:Provides rpc. nfsd and rpc. mountd daemon and other document description files.

Rpc. nfsd:Whether the client can log on to the host and identify the login ID.

Rpc. mountd:Manage the NFS file system and read/etc/exports to obtain the corresponding permissions from the client.

Portmap: Port ing. Do port ing before starting rpc.

Two NFS configuration files are available:

/Etc/exports: NFS configuration file

/Var/lib/nfs/* Tab: The path where NFS server logs are stored. etab records the complete permission settings for the shared directories. xtab records the client data that has been connected to the NFS host.

Two commands:

/Usr/sbin/exportfs: Maintain NFS shared resources. Share the/etc/exports directory again or unmount or share the nfsserver shared directory again.

/Usr/sbin/showmount: View the directory resources shared by the NFS server on the client.

/Etc/exportsConfiguration File

You must manually edit the/etc/exports configuration file.

Shared directoryThe absolute path must be used. The permission part is shared to different hosts according to different permissions, and the positions of permission parameters are set in brackets. When there are more than one permission, separate them with commas, host names and brackets are connected together.

Host Name settingsYou can use the CIDR Block: 192.168.1.0/24 or the complete IP Address: 192.168.1.23 or the host name, but the host name must exist in/etc/hosts or be found using DNS. Find the IP address, the host name supports wildcards, such *?

/Mnt/sda4/share/A 192.168.23.129 (RW)

Set the shared directory/mnt/sda4/share/a. Only the host 192.168.23.129 allows access to the shared directory and has read and write permissions.

/Mnt/sda4/share/B 192.168.23.129 (RW) * (RO)

Set the shared directory/mnt/sda4/share/B, 192.168.23.129 to read and write the shared directory. Other hosts can only read the shared directory.

/Mnt/sda4/share/C 192.168.23.129 (no_root_squash)

Set the shared directory/mnt/sda4/share/C. Only 192.168.23.129 can be accessed and read/written. The root account has the root permission during logon.

/Mnt/sda4/share/d 192.168.23.0/24 (RW)

Set the shared directory/mnt/sda4/share/D. Only hosts with the 192.168.23.0/24 CIDR block can access and read/write files in this directory.

/Mnt/sda4/share/E * (RW, all_squash, anonuid = 500, anongid = 500)

Set the shared directory/mnt/sda4/share/E. All Hosts are allowed to access this shared directory and have read and write permissions. However, when they access this shared directory, the UID and GID have been set to 500. The UID and gid = 500 permissions in the nfsserver host have been set.

The permission parameters are described as follows:

RW: Read-write permission

Ro: Read-Only

No_root_squash: Users who log on to the NFS host to use the shared directory. If the user is root, they have root permissions on the shared directory, which is not recommended.

Root_squash: Users who log on to the NFS host and use the shared directory. If the user is root, the user permission will be compressed to anonymous users, and their UID and GID will be compressed to nobody (nfsnobody) the identity of the system account.

All_squash: No matter what the NFS user identity is, its identity is converted to an anonymous user, that is, nobody.

Anonuid: Anonymous; that is, nobody. You can set this uid value, but this uid must exist in/etc/passwd.

Anongid: The same as the anonuid, which can be changed to the group ID.

Sync: Data is synchronously written to memory and Hard Disk

Async: Data is saved in the memory first, rather than directly written to the hard disk.

Permission description:

1. the NFS server and NFS client have the same UID and account

If nfsserver and nfsclient share the same file account and uid, the client will have the permissions set by/etc/exports when logging on to nfsserver.

2. the NFS server and NFS client have different accounts.

If the nfsclient does not have an nfsserver shared file account, or the nfsclient account does not exist on the nfsserver, whether the shared directory can be read and written depends on the permissions of the nfsserver. Its identity will change to the anonymous user nobody.

3. the NFS client is root.

By default, the root identity of the client is compressed into the anonymous user nobody.

Start NFS

To start NFS, you only need to start the Portmap and NFS services. To enable the data consistency check, you must start the nfslock service.

Use netstat-tnlu to check which ports are open to NFS. Portmap port 111 and NFS port 2049

[Root @ localhost share] # rpcinfo-P

Program version protocol port service name

100000 2 TCP 111 Portmapper

100000 2 UDP 111 Portmapper

100024 1 udp 695 Status

100003 2 UDP 2049 NFS

100021 1 udp 46017 nlockmgr

......................................................

If the data in rpcinfo-P cannot be output, it indicates that the registered data is faulty. Restart Portmap and NFS.

The client can check which NFS services the server provides and use showmount.

# Showmount-E: displays the directory data shared by/etc/exports on a host.

# Showmount-A: displays the online NFS sharing status between the current host and the client.

# Showmount-e

Export list for localhost. localdomain:

/Mnt/sda4/share/E *

/Mnt/sda4/share/d 192.168.23.0/24

/Mnt/sda4/share/C 192.168.23.129

/Mnt/sda4/share/B (everyone)

/Mnt/sda4/share/A 192.168.23.129

Scan the NFS shared directory provided by a host and use showmount-e IP (hostname ).

View/var/lib/nfs/etab to view the nfsserver directory permission settings

# Cat/var/lib/nfs/etab

/Mnt/sda4/share/A 192.168.23.129 (RW, sync, wdelay, hide, nocrossmnt, secure, root_squash, no_all_squash, no_subtree_check, Token, ACL, mapping = identity, anonuid = 65534, anongid = 65534)

..................................................................

If you do not need to restart NFS after modifying the/etc/exports file, you only need to scan the file/etc/exports and load the settings again;

Exportfs:

-A: All mounting (or unmounting) settings in the/etc/exports file.

-R: Remount the settings in/etc/exports and synchronously update the/etc/exports and/var/lib/nfs/xtab content.

-U: unmount a directory.

-V: displays the shared directory on the screen during the export operation.

Mount/etc/exports again: # exportfs-ARV

Unmount all/etc/exports settings: # exportfs-AUV

Client Configuration:

# Mkdir-P/mnt/share/client/B

# Mount-T nfs192.168.23.128:/mnt/sda4/share/B/mnt/share/client/B

# DF

File System 1 K-block used available % mount point

/Dev/sda2 5952284 3158868 2486176 56%/

/Dev/sda1 101086 11481 84386 12%/boot

Tmpfs 127720 0 127720 0%/dev/SHM

192.168.23.128:/mnt/sda4/share/B 3905632 73408 3633824 2%/mnt/share/client/B

Set to boot and start mounting

Modify the/etc/fstab file

192.168.23.128:/mnt/sda4/share/e/mnt/share/client/e NFS ults, RW 0 0

In addition, you can use autofs to set automatic mounting when the client is needed, and unmount the client automatically after several minutes. You can also set some parameters when/etc/fstab or the client is manually mounted for ease of use by the client.

From: http://www.cnblogs.com/cabin/archive/2010/10/26/1861286.html

NFS: Network File System, a file sharing service in Linux.

To use NFS, You Need To Enable RPC (remoteprocedure call). RPC can specify the port number corresponding to each NFS function. After RPC is restarted, all NFS function services managed by RPC must be registered with RPC again.

To set NFS, you must install the nfs-utils and Portmap programs. Run rpm-Q to check whether the nfs-utils and Portmap programs are installed.

Nfs-utils:Provides rpc. nfsd and rpc. mountd daemon and other document description files.

Rpc. nfsd:Whether the client can log on to the host and identify the login ID.

Rpc. mountd:Manage the NFS file system and read/etc/exports to obtain the corresponding permissions from the client.

Portmap: Port ing. Do port ing before starting rpc.

Two NFS configuration files are available:

/Etc/exports: NFS configuration file

/Var/lib/nfs/* Tab: The path where NFS server logs are stored. etab records the complete permission settings for the shared directories. xtab records the client data that has been connected to the NFS host.

Two commands:

/Usr/sbin/exportfs: Maintain NFS shared resources. Share the/etc/exports directory again or unmount or share the nfsserver shared directory again.

/Usr/sbin/showmount: View the directory resources shared by the NFS server on the client.

/Etc/exportsConfiguration File

You must manually edit the/etc/exports configuration file.

Shared directoryThe absolute path must be used. The permission part is shared to different hosts according to different permissions, and the positions of permission parameters are set in brackets. When there are more than one permission, separate them with commas, host names and brackets are connected together.

Host Name settingsYou can use the CIDR Block: 192.168.1.0/24 or the complete IP Address: 192.168.1.23 or the host name, but the host name must exist in/etc/hosts or be found using DNS. Find the IP address, the host name supports wildcards, such *?

/Mnt/sda4/share/A 192.168.23.129 (RW)

Set the shared directory/mnt/sda4/share/a. Only the host 192.168.23.129 allows access to the shared directory and has read and write permissions.

/Mnt/sda4/share/B 192.168.23.129 (RW) * (RO)

Set the shared directory/mnt/sda4/share/B, 192.168.23.129 to read and write the shared directory. Other hosts can only read the shared directory.

/Mnt/sda4/share/C 192.168.23.129 (no_root_squash)

Set the shared directory/mnt/sda4/share/C. Only 192.168.23.129 can be accessed and read/written. The root account has the root permission during logon.

/Mnt/sda4/share/d 192.168.23.0/24 (RW)

Set the shared directory/mnt/sda4/share/D. Only hosts with the 192.168.23.0/24 CIDR block can access and read/write files in this directory.

/Mnt/sda4/share/E * (RW, all_squash, anonuid = 500, anongid = 500)

Set the shared directory/mnt/sda4/share/E. All Hosts are allowed to access this shared directory and have read and write permissions. However, when they access this shared directory, the UID and GID have been set to 500. The UID and gid = 500 permissions in the nfsserver host have been set.

The permission parameters are described as follows:

RW: Read-write permission

Ro: Read-Only

No_root_squash: Users who log on to the NFS host to use the shared directory. If the user is root, they have root permissions on the shared directory, which is not recommended.

Root_squash: Users who log on to the NFS host and use the shared directory. If the user is root, the user permission will be compressed to anonymous users, and their UID and GID will be compressed to nobody (nfsnobody) the identity of the system account.

All_squash: No matter what the NFS user identity is, its identity is converted to an anonymous user, that is, nobody.

Anonuid: Anonymous; that is, nobody. You can set this uid value, but this uid must exist in/etc/passwd.

Anongid: The same as the anonuid, which can be changed to the group ID.

Sync: Data is synchronously written to memory and Hard Disk

Async: Data is saved in the memory first, rather than directly written to the hard disk.

Permission description:

1. the NFS server and NFS client have the same UID and account

If nfsserver and nfsclient share the same file account and uid, the client will have the permissions set by/etc/exports when logging on to nfsserver.

2. the NFS server and NFS client have different accounts.

If the nfsclient does not have an nfsserver shared file account, or the nfsclient account does not exist on the nfsserver, whether the shared directory can be read and written depends on the permissions of the nfsserver. Its identity will change to the anonymous user nobody.

3. the NFS client is root.

By default, the root identity of the client is compressed into the anonymous user nobody.

Start NFS

To start NFS, you only need to start the Portmap and NFS services. To enable the data consistency check, you must start the nfslock service.

Use netstat-tnlu to check which ports are open to NFS. Portmap port 111 and NFS port 2049

[Root @ localhost share] # rpcinfo-P

Program version protocol port service name

100000 2 TCP 111 Portmapper

100000 2 UDP 111 Portmapper

100024 1 udp 695 Status

100003 2 UDP 2049 NFS

100021 1 udp 46017 nlockmgr

......................................................

If the data in rpcinfo-P cannot be output, it indicates that the registered data is faulty. Restart Portmap and NFS.

The client can check which NFS services the server provides and use showmount.

# Showmount-E: displays the directory data shared by/etc/exports on a host.

# Showmount-A: displays the online NFS sharing status between the current host and the client.

# Showmount-e

Export list for localhost. localdomain:

/Mnt/sda4/share/E *

/Mnt/sda4/share/d 192.168.23.0/24

/Mnt/sda4/share/C 192.168.23.129

/Mnt/sda4/share/B (everyone)

/Mnt/sda4/share/A 192.168.23.129

Scan the NFS shared directory provided by a host and use showmount-e IP (hostname ).

View/var/lib/nfs/etab to view the nfsserver directory permission settings

# Cat/var/lib/nfs/etab

/Mnt/sda4/share/A 192.168.23.129 (RW, sync, wdelay, hide, nocrossmnt, secure, root_squash, no_all_squash, no_subtree_check, Token, ACL, mapping = identity, anonuid = 65534, anongid = 65534)

..................................................................

If you do not need to restart NFS after modifying the/etc/exports file, you only need to scan the file/etc/exports and load the settings again;

Exportfs:

-A: All mounting (or unmounting) settings in the/etc/exports file.

-R: Remount the settings in/etc/exports and synchronously update the/etc/exports and/var/lib/nfs/xtab content.

-U: unmount a directory.

-V: displays the shared directory on the screen during the export operation.

Mount/etc/exports again: # exportfs-ARV

Unmount all/etc/exports settings: # exportfs-AUV

Client Configuration:

# Mkdir-P/mnt/share/client/B

# Mount-T nfs192.168.23.128:/mnt/sda4/share/B/mnt/share/client/B

# DF

File System 1 K-block used available % mount point

/Dev/sda2 5952284 3158868 2486176 56%/

/Dev/sda1 101086 11481 84386 12%/boot

Tmpfs 127720 0 127720 0%/dev/SHM

192.168.23.128:/mnt/sda4/share/B 3905632 73408 3633824 2%/mnt/share/client/B

Set to boot and start mounting

Modify the/etc/fstab file

192.168.23.128:/mnt/sda4/share/e/mnt/share/client/e NFS ults, RW 0 0

In addition, you can use autofs to set automatic mounting when the client is needed, and unmount the client automatically after several minutes. You can also set some parameters when/etc/fstab or the client is manually mounted for ease of use by the client.

From: http://www.cnblogs.com/cabin/archive/2010/10/26/1861286.html