NSF and samba basic applications

< a >, NFS

RPC : Remoteprocedure Call Protocol , that is, the remote procedure call protocol

Invoking a function on a remote host

Some functions are done by the local program, and the other part is done by the function on the remote host.

Remote Procedure Call

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/7A/wKiom1VJ4oyyZcKoAAFtPKQ-GSI991.jpg "title=" 1.png " alt= "Wkiom1vj4oyyzckoaaftpkq-gsi991.jpg"/>

Semi-structured data

Xml:extended Marklanguage, extended Markup language, heavyweight;

JSON: Lightweight;

RESTful: http-based RPC;

NFS : Network File System , that is, the network file system

Relies on RPC to implement its functionality

is a file Sharing server scheme that realizes network storage function across hosts

NFS Architecture

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/76/wKioL1VJ5AyjGjY0AACfeF5hW9o646.jpg "title=" 2.png " alt= "Wkiol1vj5ayjgjy0aacfef5hw9o646.jpg"/>

Scenario One:

A file (a) is created on the client as Fedora (id=785), and the owner and group of the file is Fedora, which is stored to a remote NFS server;

1, NFS server without id=785, the owner of a file and the group has no corresponding user, the client user rights map to the service side of the nobody user rights;

2, the NFS server happens to have id=785, the corresponding user is Hadoop, the client user rights map to the service side of the Hadoop user rights;

Scenario Two:

Create a file (b) on the client as root, and store it to the remote Server for NFS, the owner of the B file, the group id=0, and the root user ID of the NFS server = 0, so that the client user rights are mapped to the privileges of the service-side administrator;

Nis:network information Service, i.e. network information system

Authentication is not done locally, but is focused on the specified server

NFS: IP-based authentication

Rpc:

NFS:2049/TCP, 2049/UDP

RPC Service : portmapper

Rpcinfo:report RPC Information

Server for NFS :

NFSD, Mountd, IDMAPD

View server-side shared file System for NFS :

SHOWMOUNT-E nfsserver_ip

Mount NFS File System :

Mount-t NFS Server:/path/to/sharedfs/path/to/mount_point

/etc/exports:

File system client (option) client (option)

Client: IP, FQDN, or domain, NETWORK

exportfs: Special tools for maintaining file system tables exported by exports files:

Export-ar: Re-export all file systems

Export-au: Close all exported file systems

Export-u FS: Close the specified exported file system

auto mount on boot NFS:

/etc/fstab

Server:/path/to/exported_fs/mount_point NFS Defaults,_netdev 0 0

Supplemental Materials :

The format of the entries in the/etc/exports file is fairly straightforward. To share a filesystem, simply edit the/etc/exports and give the file system (and options) using the following format:

Directory (or file system) Client1 (Option1, Option2) client2 (Option1,option2)

Common options

There are several common options that can be customized for NFS implementations. These options include:

Secure: This option is the default option, which uses TCP/IP ports below 1024 for NFS connections. Specify insecure to disable this option.

rw: This option allows NFS clients to read/write access. The default option is read-only.

Async: This option improves performance, but if you restart the NFS server without shutting down the NFS daemon completely, this can also result in data loss.

no_wdelay: This option turns off write delay. If async is set, then NFS ignores this option.

nohide: If you mount a directory on top of another directory, the original directory is usually hidden or looks empty. To disable this behavior, you need to enable the Hide option.

no_subtree_check: This option turns off subtree checking, and the subtree check performs some security checks that you do not want to ignore. The default option is to enable subtree checking.

NO_AUTH_NLM: This option can also be specified as Insecure_locks, which tells the NFS daemon not to authenticate the locking request. If you are concerned about security issues, avoid using this option. The default option is AUTH_NLM or secure_locks.

MP (Mountpoint=path): NFS requires you to mount the exported directory by explicitly declaring this option.

Fsid=num: This option is typically used in the case of NFS failover. If you want to implement failover for NFS, refer to the NFS documentation.

User Mappings

With user Mappings in NFS, you can assign the identities of pseudo or actual users and groups to a user who is working on an NFS volume. This NFS user has permission to map the allowed users and groups. Using a common user/Group for NFS volumes provides some security and flexibility without a lot of administrative load.

When using Files on NFS mounted file systems, user access is often restricted, which means that users are accessing files as anonymous users, who by default have read-only access to those files. This behavior is especially important for root users. However, this is actually true: you want the user to access files on the remote file system as the root user or another user as defined. NFS allows you to specify users who access remote files-by using the user identification Number (UID) and group identification Number (GID), you can disable normal squash behavior.

options for user mapping include :

root_squash: This option does not allow the root user to access mounted NFS volumes.

no_root_squash: This option allows the root user to access mounted NFS volumes.

all_squash: This option is useful for NFS volumes with public access, it restricts all UID and GID, and only uses anonymous users. The default setting is No_all_squash.

Anonuid and Anongid: These two options modify the anonymous UID and GID to specific user and group accounts.

Special options that can be used when the client mounts :

Client

Mountingremote Directories

Beforemounting Remote Directories 2 daemons should be is started first:

Rpcbind

Rpc.statd

rsize is the number of bytes read from the server. wsize is the number of bytes written to the server. The default is 1024, and if you use a higher value, such as 8192, you can increase the transfer speed.

Thetimeo value is the amount of time, in tenths of a second, to wait for beforeresending a transmission after an RPC timeout. After the first timeout, thetimeout value was doubled for each retry for a maximum of seconds or until Amajor timeout OC Curs. If connecting to a slow server or over a busy network,better performance can is achieved by increasing this timeout value.

THEINTR option allows signals to interrupt the file operation if a major timeoutoccurs for a hard-mounted share.

Summary :

1, the client representation method

2. Export options:

Rw,async, Sync, Root_squash, No_root_squash, All_squash, Anonuid, Anongid

3, Exportfs and Showmount

< two >, samba

Samba Basics :

Smb:service Message Block

Cifs:common Internet File System

Listening port: 137/udp,138/udp, 139/tcp, 445/tcp

Netbios:windows based on the host to achieve mutual communication mechanism;

15 characters

Processes enabled by the Samba service

Nmbd:netbios

Smbd:cifs

WINBINDD:

UNC path : \\SERVER\shared_name

Samba two ways to access

Interactive Data Access :

#smbclient-L Host-u USERNAME

After you have obtained the shared information,

#smbclint//server/shared_name-u USERNAME

mount-based access :

Mount-t CIFS//server/shared_name/mount_point-o Username=username,password=password

Common Commands and files

Server:

# yum-y Install Samba

Service script:

/etc/rc.d/init.d/nmb

/etc/rc.d/init.d/smb

Master configuration file:

/etc/samba/smb.conf

Samba Users:

Account: All system users ,/etc/passwd

Password: Samba Services own password files,

add a system user as Samba commands: smbpasswd

smbpasswd

-A Sys_user: Add system user to Samba Users

-D: Disable

-E: Enabled

-X: Delete

Configuration file:

Smb.conf

Global Settings

Settings for specific shares

Private home Directory

Printer Sharing

Custom Share

Custom share:

[Shared_name]

Path =/path/to/share_directory

comment= Comment String

Guestok = {Yes|no}

public= {Yes|no}

writable= {Yes|no}

readonly = {Yes|no}

Writelist = +group_name

Test the configuration file for syntax errors, and show the configuration that is finally in effect:

#testparm

NSF and samba basic applications