Bug of NFS server in Ubuntu

Source: Internet
Author: User
I used the Network File System in Ubuntu a few days ago as a prompt saying that my nfs file system is read-only and I checked it repeatedly, I found my/etc/export file. I clearly specified that my shared directory is for all, and the permission is read/write, but why? I have referenced the information on the Internet. Nextpreviuscontents4. on the server side, configure 4.1 to create a shared directory # mkdir/home/share # chown. I used the Network File System in Ubuntu a few days ago to prompt that my nfs file system is read-only, I checked multiple times,
I found my/etc/export file. I clearly specified that my shared directory is for all and the permission is read/write.
But why?
I have referenced the information on the Internet.
Next Previous Contents 4. server side configuration 4.1 create a shared directory

# mkdir /home/share
# chown nobody.nogroup /home/share
4.2 create or modify the/etc/exports configuration file.

The content of this file is very simple. Each line consists of the throw path, the list of Customer names, and the Access Options followed by each customer name:

[Shared directory] [host name or IP address (parameter, parameter)]
The parameters are optional. If no parameter is specified, nfs uses the default option. The default sharing options are sync, ro, root_squash, and no_delay.

If the host name or IP address is empty, it indicates that the shared IP address is used to provide services to any client.

If you share the same directory with multiple clients but have different permissions for each client, you can:

[Shared directory] [host name 1 or IP1 (parameter 1, parameter 2)] [host name 2 or IP2 (parameter 3, parameter 4)]
Below are some common NFS sharing parameters:

Ro read-only access
Rw read/write access
Sync all data written for sharing upon request
Async NFS can request data before writing data
Secure NFS is sent through the secure TCP/IP ports below 1024
Insecure NFS is sent over port 1024
Wdelay if multiple users want to write data to the NFS Directory, group write (default)
No_wdelay if multiple users want to write data to the NFS Directory, write the data immediately. This setting is not required when async is used.
Hide does not share its subdirectories in the NFS shared directory.
No_hide shares the subdirectory of the NFS Directory
Subtree_check if sub-directories such as/usr/bin are shared, force NFS to check the permissions of the parent directory (default)
No_subtree_check is opposite to the above. The parent directory permission is not checked.
All_squash: The UID and GID of the shared file are mapped to the anonymous user anonymous, which is suitable for public directories.
No_all_squash retains the UID and GID of the shared file (default)
Root_squash all requests of the root user are mapped to the same permissions as those of the anonymous user (default)
The no_root_squas root user has full management access permissions to the root directory.
Anonuid = xxx specifies the UID of an anonymous user in the NFS server/etc/passwd file
Anongid = xxx specifies the GID of anonymous users in the NFS server/etc/passwd file

The configuration file/etc/exports is as follows:

$ cat /etc/exports

/home/share 192.168.102.15(rw,sync) *(ro)

Configuration Description: grant the read and write permissions to 192.168.102.15. Other machines only have the read-only permission.

4.3 restart the NFS service

# /etc/init.d/nfs-kernel-server restart
4.4 view NFS resource sharing on the client

# showmount -e 192.168.102.47

Export list for 192.168.102.47:
/home/share (everyone)
4.5 Use the mount command to mount shared resources

Load shared resources on client 192.168.102.15

# mount 192.168.102.47:/home/share /mnt

# cd /mnt

# echo '12345'> 123

You can find that the shared directory on the server is writable.

# umount /mnt

Load shared resources on client 192.168.102.61

# mount 192.168.102.47:/home/share /mnt

# cd /mnt

# ls
123

# touch 321

touch: cannot touch `321': Permission denied

# echo '123455' >123

-bash: 123: Permission denied

You can find that only the read permission is available for the server shared directory,

This is consistent with our server-side permission settings.

Do we need to restart the nfs service every time we modify the configuration file? At this time, we can use the exportfs command to re-scan the/etc/exports file to make the change take effect immediately.

For example:

# Exportfs-au Uninstall all shared directories

# Exportfs-rv share all directories again and output details

The exportfs command is provided by the software package nfs-kernel-server. For more information about the exportfs command, see:

man exportfs

For instructions on the Chinese manual, see here:

When resources are shared, how do we know which permissions are granted? Now we can view the/var/lib/nfs/etab file, which is generated by the exportfs command according to/etc/exports.

# cat /var/lib/nfs/etab

/home/share 192.168.102.15(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)
/home/share *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)

Now let's check which ports are enabled on the NFS server:

tonybox:/home/share# lsof -i|grep rpc
portmap 1931 daemon 3u IPv4 4289 UDP *:sunrpc
portmap 1931 daemon 4u IPv4 4290 TCP *:sunrpc (LISTEN)
rpc.statd 3206 statd 3u IPv4 7081 UDP *:1029
rpc.statd 3206 statd 6u IPv4 7072 UDP *:838
rpc.statd 3206 statd 7u IPv4 7085 TCP *:1031 (LISTEN)
rpc.mount 3483 root 6u IPv4 7934 UDP *:691
rpc.mount 3483 root 7u IPv4 7937 TCP *:694 (LISTEN)

I checked my shared directory, but I wrote RW.
Then I changed. Check that all IP addresses can be read and written, and files can be modified in the test.
I'm dizzy.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.