Installation configuration for Linux mount

1, first need to install Nfs-utils and Portmap:

Yum Install nfs-utils Portmap  (installs the software, can also install the Yum install nfs* Portmap directly)
Chkconfig Rpcbind on  (set boot start portmap)
Chkconfig NFS on     (set boot to start NFS)
Service Rpcbind Restart (start Portmap service)
Service NFS Restart     (Start NFS Service)

2. Server-side configuration file/etc/exports: Specify the directories and permissions to share

#: Allow IP address range in 192.168.0.* Computer to access the/home/work directory with read-write permissions. /home/work 192.168.0.* (rw,sync,root_squash)/home 192.168.1.105 (Rw,sync)/public * (rw,sync) profile each line is divided into two segments: the first segment is a shared directory, Using the absolute path, the second segment is the client address and permissions. Address can use full IP or network segment, for example 10.0.0.8 or 10.0.0.0/24,10.0.0.0/255.255.255.0 can also address can use host name, DNS resolved and local/etc/hosts parse line, support wildcard character,  
  For example: *.chengyongxu.com permissions are: Rw:read-write, can read and write; Only this is set to read and write client or not write properly, but also to correctly set the permissions of the shared directory, refer to the problem 7ro:read-only, read-only; sync: Files are written to both the hard disk and memory; async: Files are staged in memory instead of directly to memory; no_root_ Squash:nfs the client connects to the server, if root is used, it also has root access to the directory shared by the server. Obviously it's not safe to turn it on. Root_squash:nfs the client connects to the server, if root is used, then the directory shared by the server has anonymous user rights, usually he will use nobody or nfsnobody identity; All_ Squash: Regardless of which user is used by the NFS client to connect to the server, the directory shared by the server has anonymous user rights; Anonuid: The UID value of the anonymous user, usually nobody or nfsnobody, which can be set at its own ; Anongid: The GID value of the anonymous user. 

NFS Client User mapping: the client logs on to the user as root or another user, and then according to server-side NFS server configuration, The corresponding client connections are mapped to the NFS server side by root or by the specified user (set by anonuid or Anongid), nfsnobody, etc.  Finally, the permissions that map the user and the shared directory affect whether the client connection has read and write permissions.
Manually set client, server-side user mappings, Parameters: Map_static=/etc/nfs.map
The contents of the/etc/nfs.map file map are as follows:
# Remote Local
GID 500 1000
UID 500 2003

? when the client connects, check with the normal user :

If you explicitly set an identity that is compressed by a normal user, the identity of the client user is converted to the specified user at this time.

No.2 if NFS server has the same name as the user, then the client login account is converted to the same name as the User on NFS server.

No.3 if there is no explicit designation and no user of the same name, then the user identity is compressed into nfsnobody.
? when the client connects, check for root :

If the No_root_squash is set, then the root user's identity is compressed to root on NFS server.

No.2 if All_squash, Anonuid, and Anongid are set, the root identity is compressed to the specified user.

No.3 if not explicitly specified, the root user is now compressed to nfsnobody.

No.4 if you specify both No_root_squash and All_squash users will be compressed to nfsnobody, if Anonuid is set, Anongid will be compressed to the specified user and group

3. Firewall Settings Modification
By default, when the CENTOS6 server installation is complete, only Port 22 is released from the firewall iptables configuration.
Specify the NFS service-related ports in the NFS configuration file/etc/sysconfig/nfs and modify the firewall to release the appropriate ports

#Port Rpc.mountd should listen on.  #MOUNTD_PORT=892    #Port rpc.statd should listen on.  #STATD_PORT=662    #/usr/sbin/Rpc.rquotad PORT Rquotad should listen on.  #RQUOTAD_PORT=875    #TCP PORT RPC.LOCKD should listen on.  #LOCKD_TCPPORT=32803    #UDP Port RPC.LOCKD should listen on.  #LOCKD_UDPPORT=32769   # (This procedure can be omitted)

Modify iptables configuration file/etc/sysconfig/iptables, release 111 (Portmap service port), 2049 (NFS service port)

4,/etc/hosts.allow Configuration Modification (the default is that it does not need to be modified, but it is best to allow only the required client machine connection, and then the connection of the other machines to deny)
/etc/hosts.allow,/etc/hosts.deny describes which hosts allow the use of local inet services.

#服务进程名: Host list: Optional command action when rules match server_name:hosts-List[:command] in/etc/add rule All to allow client access in Hosts.allow:127.0.0.1#允许本机访问本机所有服务进程 All:192.168.0.135#允许192.168.0. 135 client machine access to native all service processes SMBD:192.168.0.0/255.255.255.0#允许网段的IP访问smbd服务 sshd:192.168.100.0/255.255.255.0#允许192.168.100. Network segment IP access to the SSHD process sshd on the server:60.28.160.244#允许外网的60.28.160. 244 accessing the SSHD process on this server is/etc/Hosts.deny The attempted connection information in the forbidden login can also be set to record the user mailbox Sshd:all #禁止所有

5, modify the shared directory permissions to 760, and modify the directory for all groups Nfsnobody
Reference: Question 7

6, client Mount : Execute the following instructions to mount the NFS server (IP address 192.168.1.45) share to the local/mnt/nfs/home directory.
SHOWMOUNT-E Nfs-serverip: Viewing resources shared by NFS servers
Mount-t NFS 192.168.1.45:/home/mnt/nfs/home

7,NFS Performance test (can be ignored):

? set reasonable wsize,rsize values according to the command time DD If=/dev/zero of=/mnt/home bs=16k count=16384
? based on the number of NFS clients, set the appropriate number of NFS server-side processes in the/etc/sysconfig/nfs configuration file Rpcnfsdcount, default is 8

Exportfs command: If we change the/etc/exports after we start NFS, do we have to restart NFS? At this point we can use the EXPORTFS command to make the change take effect immediately, the command format is as follows:
Exportfs [-aruv]-A: All mount or unmount/etc/exports content-r: Re-mount/etc/exports share the directory-u:umount directory-V: In the export, will be detailed The information is output to the screen.
Showmount command: Displays mount information for NFS servers.
SHOWMOUNT-E [Nfs-server]: Displays the directory specified for NFS server on the export, and does not specify the subsequent IP when viewing the directories that are shared externally when the Server is NFS:
rpcinfo-p command: Displays RPC information-P parameter: uses the RPC protocol to probe the rpcbind used on host hosts and displays all registered RPC programs.
Nfsstat command: View the running Status of NFS, which is helpful for adjusting the operation of NFS

Problems that arise during the process are resolved:

1, after installing Portmap through Yum or RPM, the following error was found executing the command service Portmap start times: portmap:unrecognized service.
CentOS6 (Linux Kernel 2.6.32), Portmap has been replaced by Rpcbind , carefully review the installation information will find that the execution of the command yum install Portmap when installed is rpcbind. After the installation is complete, you can also use the command: Yum whatprovides portmap to see the details.

2, when the client mounts, the error is reported Mount Clntudp_create:RPC:Port mapper failure-rpc:unable to receive.

? 1, by command rpcinfo-p to view Portmap service when normal startup and corresponding port (default 111)
? 2, check the/etc/sysconfig/iptables firewall settings, allow TCP,UDP 111 port access, and then service iptables restart
? 3, check the/etc/hosts.deny,/etc/hosts.allow to see if the client connection is blocked

3, when the client executes the command SHOWMOUNT-E Nfs-server, the error is reported: Mount Clntudp_create:RPC:Program not registered.
NFS, Rpcbind service does not start, use Chkconfig to add NFS, rpcbind to system services and start with service
Or add a rule that allows client access in/etc/hosts.allow all:192.168.0.135

4, when the client executes the command SHOWMOUNT-E Nfs-server, the error is reported: RPC mount Export:RPC:Unable to receive; errno = No route to host
Configuration file:/etc/sysconfig/nfs
After locating the NFS service-related port settings and removing the annotations, specify in the Iptables firewall settings to allow the udp,tcp of the appropriate ports to flow through.

#MOUNTD_PORT =892  #STATD_PORT=662  #LOCKD_TCPPORT=32803  #LOCKD_ Udpport=32769662 -M State--state NEW-661 -M state--state New-j AC CEPT

5, Showmount-e Nfs-server succeeded, officially mounted the times wrong: Mount:mount to NFS server ' 192.168.1.5 ' Failed:system error:no route to host. This is because n The default port of FS service 2049 is blocked by a firewall, and similar to the above modified iptables allow 2049 port through

6, Showmount-e Nfs-server succeeded, officially mounted the times wrong: Mount:mount to NFS server ' 192.168.1.5 ' failed:timed out (retrying).
When editing/etc/sysconfig/iptables, TCP ports on the relevant ports are allowed to pass, while UDP is not allowed.
Disable name lookup requests from NFS server to a DNS server.
or NFS version used by the NFS client was other than version 3.

The Directory Permissions property in the 7,exports configuration file is set to RW (default is Root_squash), but the client Mount directory performs the Touch command times error: Touch:cannot touch ' a ': Permission denied. Solve:

? server-Side shared directory Permissions View ll-d/Home
Modify server-side shared directory Permissions chown 760/home (file owner root has full permissions, file All group users have read and write permissions, other users do not have permissions, and then set the directory's group to nfsnobody)
Modify server side shared Directory permission Group owner is nfsnobody (cat/etc/passwd | grep nob)
? chgrp Nfsnobody/home

8, frequently encountered when the client executes MOUNT-T NFS ip:/folder/folder, error: Mount nfs:connected timeout. See if the server's environment is correct

  View the SELinux status of service gas:  1 ,/usr/sbin/sestatus-v # #如果SELinux The status parameter is enabled, which is on, SELinux status:enabled  2  , Getenforce # #也可以用这个命令检查关闭SELinux:  1   0   # #设置SELinux become permissive mode # #setenforce  1   set SELinux to be enforcing mode  2  , modify the configuration file to restart the machine: Modify the /etc/selinux/config file will be selinux  = Enforcing to Selinux=disabled restart machine   

Successfully create a new file on the client!

Installation configuration for Linux mount