In the NFS service settings, we can find that two adjustments are required. On the one hand, it is the server, and on the other hand, it is the setting and use of the client. In this case, we will first look at the server configuration details. Let's take a look at the specific steps for creating the NFS service.
Server Configuration
1. Create a shared directory
- # mkdir /home/share
- # chown nobody.nogroup /home/share
2. Create or modify the/etc/exports configuration file
The content of this file is very simple. Each row consists of the throw path, the list of Customer names, and access options followed by each customer name: [shared directory] [host name or IP address (parameter, parameters)]
The parameters are optional. If no parameter is specified, nfs uses the default option. the default sharing options are sync, ro, root_squash, and no_delay. if the host name or IP address is empty, it indicates that the shared IP address is used to provide services to any client. when the same directory is shared to multiple clients but the permissions provided to each client are not the same, you can: [shared directory] [host name 1 or IP1 (parameter 1, parameter 2)] [host name 2 or IP2 (parameter 3, parameter 4)]
Below are some common NFS sharing parameters:
- Ro read-only access
- Rw read/write access
- Sync all data written for sharing upon request
- Async NFS can request data before writing data
- Secure NFS is sent through the secure TCP/IP ports below 1024
- Insecure NFS is sent over port 1024
- Wdelay if multiple users want to write data to the NFS Directory, write data to the group by default)
- No_wdelay if multiple users want to write data to the NFS Directory, write the data immediately. This setting is not required when async is used.
- Hide does not share its subdirectories in the NFS shared directory.
- No_hide shares the subdirectory of the NFS Directory
- Subtree_check if sub-directories such as/usr/bin are shared, force NFS to check the permission of the parent directory by default)
- No_subtree_check is opposite to the above. The parent directory permission is not checked.
- All_squash: The UID and GID of the shared file are mapped to the anonymous user anonymous, which is suitable for public directories.
- No_all_squash retains the UID and GID of the shared file by default)
- Root_squash all requests of the root user are mapped to the same permissions as those of the anonymous user by default)
- The no_root_squas root user has full management access permissions to the root directory.
- Anonuid = xxx specifies the UID of an anonymous user in the NFS server/etc/passwd file
- Anongid = xxx specifies the GID of anonymous users in the NFS server/etc/passwd file
The configuration file/etc/exports is as follows:
- $ cat /etc/exports
- /home/share 192.168.102.15(rw,sync) *(ro)
Configuration Description: grant read and write permissions to 192.168.102.15. Other machines only have read-only permissions.
3. Restart the NFS service.
- # /etc/init.d/nfs-kernel-server restart
4. View NFS resource sharing on the client
- # showmount -e 192.168.102.47
- Export list for 192.168.102.47:
- /home/share (everyone)
5. Use the mount command to mount shared resources.
Load shared resources on client 192.168.102.15
- # Mount 192.168.102.47:/home/share/mnt
- # Cd/mnt
- # Echo '000000'> 12345
- You can find that the shared directory on the server is writable.
- # Umount/mnt
- Load shared resources on client 192.168.102.61
- # Mount 192.168.102.47:/home/share/mnt
- # Cd/mnt
- # Ls
- 123
- # Touch321
- Touch: cannot touch '000000': Permission denied
- # Echo '000000'> 123455
- -Bash: 123: Permission denied
You can find that only the read permission is available for the server shared directory, which is consistent with the permission settings on the server. Do we need to restart the nfs service every time we modify the configuration file? At this time, we can use the exportfs command to re-scan the/etc/exports file to make the change take effect immediately.
For example:
- # Exportfs-au Uninstall all shared directories
- # Exportfs-rv share all directories again and output details
The exportfs command is provided by the software package nfs-kernel-server. For more information about the exportfs command, see:
Man exportfs
For instructions on the Chinese manual, see here: How do we know what permissions are released when resources are shared? In this case, we can view the/var/lib/nfs/etab file, which is generated by the exportfs command according to/etc/exports.
- # cat /var/lib/nfs/etab
- /home/share 192.168.102.15(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)
- /home/share *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)
Now let's check which ports are enabled on the NFS server:
- tonybox:/home/share# lsof -i|grep rpc
- portmap 1931 daemon 3u IPv4 4289 UDP *:sunrpc
- portmap 1931 daemon 4u IPv4 4290 TCP *:sunrpc (LISTEN)
- rpc.statd 3206 statd 3u IPv4 7081 UDP *:1029
- rpc.statd 3206 statd 6u IPv4 7072 UDP *:838
- rpc.statd 3206 statd 7u IPv4 7085 TCP *:1031 (LISTEN)
- rpc.mount 3483 root 6u IPv4 7934 UDP *:691
- rpc.mount 3483 root 7u IPv4 7937 TCP *:694 (LISTEN)