0. What is NFS (network filesystem)
NFS is the acronym for Network FileSystem, which was first developed by Sun. His greatest function is to be able to use the network to allow different machines, different operating systems, to share individual files (share file), so you can simply consider him a file server! This NFS Server can let your PC to the network remote NFS host share of the directory, mounted to the local side of the machine, so, on the local side of the machine looks like the directory of the remote host as if it is their own partition!
Although NFS has its own protocol and the port number used, NFS uses a protocol called Remote Procedure call, RPC, to assist in the operation of NFS itself in the case of data transfer or other related messaging.
1. NFS has at least two main components: one server and one (or more) clients. The client remotely accesses data stored on the server. To work properly, some processes need to be configured and run.
Server for NFS Installation:
Check to see if Nfs-utils and Portmap two packages are installed in the Linux system
(These two packages are already installed by default RHEL4 system)
Command
To see if Server for NFS starts:
Command
If the server is not started, the service is turned on (NFS is not fully open under the default service)
Command
2.RPC
When we use some services for remote online, some information, such as host IP, service port number, and corresponding to the service PID, and so on, need to manage and corresponding! These management port's correspondence with the service relevance work, is this Remote Procedure call, RPC's task. The Services of NFS itself do not provide a protocol for data delivery, but NFS allows us to share files, which is the result of NFS using a number of other related transport protocols! And these transport protocols, is the use of this so-called RPC function?? ≌ Hotel The book. NFS itself is a program that uses RPC! To speak more vernacular, NFS can also be regarded as an RPC server! Also note that in some cases, not only the Server running NFS need to activate RPC services, and, to mount NFS partition Client machine, also need to synchronize the activation of RPC! So that the Server and client can be RPC protocol to the program port of the corresponding Oh! NFS is primarily in the management of shared directories, and as for the transfer of information, he is directly to the RPC protocol to operate it!
3.NFS-activated RPC daemons
RPC.NFSD: The main function of this daemon is to manage the Client's ability to log on to the host, which also includes the ID of the login.
RPC.MOUNTD: The main function of this daemon is to manage the NFS file system! Once the client has successfully logged into the host via RPC.NFSD, he will be able to access the file using the files provided by NFS server (that is, the-rwxrwxrwx and owner, group permissions) certification process! He would read NFS's profile/etc/exports to the client, and after that, the client would get permission to use NFS files! (Note: This is where we use permissions and security settings for managing NFS-shared Directories)
4.NFS requires two kits to do so, respectively:
Nfs-utils
is to provide RPC.NFSD and rpc.mountd of these two NFS daemons and other related documents and documents, implementation files, etc. kits! This is the main kit for NFS.
Portmap
As we have just mentioned, our NFS can actually be treated as an RPC server program, and before activating any RPC server program, we need to do a good job of port correspondence (mapping), and this job is actually " Portmap "This service is responsible for! In other words, before activating any RPC server, we need to activate Portmap. So what is this portmap doing? Just like the name of the service, haha! is the mapping of port! For example, when the client tries to use the services provided by RPC server, the client needs to obtain a port that can be connected to use the services provided by RPC server, so the client first goes to the Portmap and says, "Hello ! Could you inform me, give me a port number, so that I can contact RPC! "This time Portmap automatically will own management of the port mapping inform the Client, so that he can connect to the server!" So?? Before the skeleton hang せnfs, please activate Portmap first! 』
5.NFS server-side settings:
A/etc/exports
shared directory host name 1 or IP1 (parameter 1, parameter 2) host name 2 or IP2 (parameter 3, parameter 4)
. Parameter
RW: erasable Permissions
Ro : Read-only permission
No_root_squash: Log on to an NFS host using a shared directory user, if root, then he has root privileges for the shared directory! This item is "extremely unsafe" and is not recommended!
Root_squash: When a user who is logged on to an NFS host using the shared directory is root, the user's permissions are compressed into anonymous users, and usually his UID and GID become nobody;
All_squash: No On the identity of the user who logged into NFS, his identity will be compressed into anonymous users, usually the nobody!
Anonuid: The previous UID set value for the anonymous user mentioned in *_squash, usually nobody, but you can set the value of the UID yourself! Of course, this UID will need to exist in your/etc/passwd!
Anongid: Same as Anonuid, but becomes a group ID
Sync: Data synchronization writes to memory and hard disk
Async: Data is stored in memory, not directly to the hard drive
6. Examples of settings:
a)/tmp * (Rw,no_root_squash)//* indicates that all IP can be accessed
b)/tmp * (rw)
/home/public 192.168.0.* (rw) * (RO)//The following two lines function
/home/public 192.168.0.0/24 (rw) * (RO)
c)/home/test 192.168.0.100 (rw)//Only set permissions on one machine
D/home/linux *.linux.org (rw,all_squash,anonuid=40,anongid=40)//When *.linux.org logs on to this NFS host and writes files under/home/linux, The owner and all groups of the file will become the user of the identity that corresponds to the UID 40 in the/etc/passwd.
7. Issues of Competence
Suppose the contents of the/etc/exports are
Suppose we log on to this NFS host (192.168.0.2) on the client side of 192.168.0.100, then
One: in 192.168.0.100 's account as test this, and also on NFS host test this account
a). Because the/TMP permission for the NFS host is-RWXRWXRWT, I (Test on 192.168.0.100) has access rights under////, and everyone who writes to the file is test.
B). In/home/public, because I have read and write permission, if the NFS host in/home/public permissions for this directory open write to test, then can read and write, and write the file of the owner is test. If the/home/public for the NFS host does not have open write access to the test user, it cannot be written, although the/etc/exports is RW and does not work.
C). In/home/test, permissions are in the same state as/home/public, and the/home/test for the NFS host requires open permissions for test.
D). In the/home/linux, regardless of the user, the identity will be turned into uid=40 this account number two: if we 192.168.0.100 in the identity of Test2, but the NFS host does not test2 this account
a). can be written in/tmp, but the files written by the file owner become nobody.
B). Whether the/home/public and/home/test can be written inside, but also need to see the/home/public permissions, but the identity is turned into nobody
C/home/linux under the identity or become uid= 40 of the account number.
Condition Three: The identity of 192.168.0.100 is Root
a). can be written in/tmp, but because of the no_root_squash parameters, the preset root_squash is changed, so the The owner of TMP writes to the file as root.
B). The identity under/home/public is compressed into nobody, because the preset attributes are Root_squash, so the file owner becomes nobody.
C). The/home/test situation is the same as/home/public.
D). In/home/linux, the identity of root is also compressed into the uid=40 user.
8. Start Service Portmap,nfs
The code is as follows:
#/etc/rc.d/init.d/portmap start
(Or:
)
(Or:
)
You can go inside the/var/log/messages to see if it's activated properly.
The use of 9.exportfs
If we modify the/etc/exports, we do not need to restart the NFS service, just rescan the/etc/exports once with Exportfs and reload it
Syntax: Exportfs [-aruv]
-A: All mount (or uninstall) the settings in the/etc/exports file
-r: Reload/etc/exports inside the set, also synchronized update/etc/exports and/var/lib/nfs/xtab inside the content
-U: Uninstalling a directory
-V: In export, the shared directory is displayed on the screen.
Example
The code is as follows:
10./var/lib/nfs/xtab can view the share of each directory (but I did not find, rely on, found, the original need to mount NFS before the content will appear), such as:
/tmp Node3 (ro,sync,wdelay,hide,secure,root_squash,no_all_squash,subtree_check,secure_locks,mapping=identity, ANONUID=-2,ANONGID=-2)
Why Anonuid=-2? Oh! In fact, it said that the value of 65536-2, that is, the UID of 65534! Compare/etc/passwd, and you'll find out, wow! So that's nobody.
11.showmount command
Syntax: showmount [-AE] hostname
-A: Displays the status of the usage directory currently attached to the host and client
-E: Displays the shared directories within the/etc/exports of hostname
12. View the activated PortNumber
The Port that NFS itself opens, is that 2049 port! NFS is the main generated port NFS server in the front we mentioned that he is a kind of RPC server, and NFS because of the provision of multiple program (such as Rpc.mountd, Rpc.rquotad, rpc.nfsd ...) , so you need to activate multiple port! And these port is "randomly generated", that is, the port number will not be fixed! Each time restart NFS will get a different port number! So how does the client side know to connect to the port to call the required program? Oh! That is SUNRPC (port 111) that Portmap service produced by the function of port number! Client will first connect to the SUNRPC that port to know should go to that port to call the necessary procedures! So?? Rpc.xxxx and the like daemon naturally do not need to have a fixed port number??? BR/> NFS Client settings
The code is as follows:
It's easy.
To worry about accidentally hooking up NFS-terminated programs with SUID permission files, root can mount NFS-shared directories in a more secure situation, which can be
The code is as follows:
Where there may be problems:
1. The set of permissions does not conform to
2. Forgot to activate Portmap, at this time will be an error:
Mount:RPC:Port Mapper failure-rpc:unable to receive or
Mount:RPC:Program not registered
Then, start Portmap, and restart NFS
The code is as follows:
3. Get rid of the firewall
Reset the firewall, including iptables and Tcp_wrappers, because the portmap is activated, so port 111 must be provided. Therefore, in the iptables rules, Increase:
The code is as follows:
If not, that is the problem of tcp_wrappers, check/etc/hosts.deny if there is one line:
The code is as follows:
That must be added to the/etc/hosts.allow:
The code is as follows:
If our NFS is for internal network development, for the external network only for academic network development (140.0.0.0/8), you can:
The code is as follows:
You can also use Tcp_wrappers to specify the host IP and name of the NFS host in/etc/hosts.allow, for example
The code is as follows:
Related commands for RPC server
Issues to be aware of:
It should be noted that as NFS uses this RPC to connect to the client side of the host, then your host wants to shut down, it will become an "impossible task"! I don't know what the right reason is, but if your Server has a Client online, then you have to shut down, and you may have to wait a few hours for a normal shutdown to succeed! Crunch It's a real fake! Don't believe it? Or you try it yourself! ^_^! So??? ㄒ, Penang? NFS Server would like to "turn off Portmap and NFS" two things before shutting down the computer! If you can't properly turn off the two daemons, then netstat-utlp the PID and turn him off first! This is the way to normal shutdown success Oh! Please pay special attention to this!
In TurboLinux8.0 for AMD64 (kernel 2.4.21-4SMP), Mount NFS error is:
Portmap:server localhost not responding, timed out
Solution:
The code is as follows:
Mount-t Nfs-o nolock Node1:/public/public
The-o nolock parameter is added because:
UNFSD doesn ' t support NLM locking, and it ' s causing the LOCKD daemon to is started (which again the requires to be installed etc.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
