Installation and configuration of the Linux NFS server
I. Introduction to the NFS service NFS is short for the Network File System, that is, the Network File System. An agreement for the use of distributed file systems, developed by Sun, was published on April 9, 1984. The function is to allow different machines and operating systems to share individual data with each other through the network, so that applications can access data on server disks through the network on the client, it is a way to share disk files between Unix-like systems.
The basic principle of NFS is "allow different clients and servers to share the same file system through a group of RPC", which is independent of the operating system, allows different hardware and operating system systems to share files.
NFS depends on the RPC protocol during file transfer or information transfer. Remote Procedure Call (RPC) is a mechanism that enables the client to execute programs in other systems. NFS itself does not provide information transmission protocols and functions, but NFS allows us to share data over the network, because NFS uses some other transmission protocols. These transmission protocols use this RPC function. NFS itself is a program that uses RPC. Or NFS is also an rpc server. Therefore, the RPC service must be started wherever NFS is used, whether it is an nfs server or an nfs client. In this way, the SERVER and CLIENT can implement the corresponding program port through RPC. We can understand the relationship between RPC and NFS in this way: NFS is a file system, while RPC is responsible for information transmission.
Ii. System Environment
System Platform: CentOS release 5.6 (Final)
NFS Server IP: 192.168.1.108
Firewall disabled/iptables: Firewall is not running.
SELINUX = disabled
Iii. Install the NFS service
NFS installation is very simple. Only two software packages are required. In general, NFS is installed as the default package of the system.
Nfs-utils-*: includes basic NFS commands and monitoring programs.
Portmap-*: supports secure connections to the nfs rpc service.
Of course, the rpcbind and portmap functions are the same. I use rpcbind.
1. Check whether NFS is installed in the system.
Two software packages nfs-utils portmap are installed by default.
2. If no software package required for NFS is installed in the current system, you must install it manually. The installation files of nfs-utils and portmap are available on the system disk.
# mount /dev/cdrom /mnt/cdrom/# cd /mnt/cdrom/CentOS/# rpm -ivh portmap-4.0-65.2.2.1.i386.rpm # rpm -ivh nfs-utils-1.0.9-50.el5.i386.rpm# rpm -q nfs-utils portmap
Iv. NFS system daemon
Nfsd: it is a basic NFS Daemon. Its main function is to manage whether the client can log on to the server;
Mountd: it is the RPC installation daemon. Its main function is to manage NFS file systems. After the client successfully logs on to the NFS server through nfsd, it must pass the File Permission verification before using the files provided by the NFS service. It reads the NFS configuration file/etc/exports to compare the client permissions.
Portmap: Mainly used for port ing. When the client tries to connect to and use the services provided by the RPC server (such as the NFS service), portmap will provide the managed port corresponding to the service to the client, this allows the customer to request services from the server through this port.
V. NFS server configuration
The configuration of the NFS server is relatively simple. You only need to set it in the corresponding configuration file and then start the NFS server.
Common NFS directories
/Etc/exports NFS service main configuration file/usr/sbin/exportfs NFS service management command/usr/sbin/showmount client view command/var/lib/nfs/etab record the full permission setting value for the directories shared by NFS/var/lib/nfs/xtab records the client information that has been logged on.
The NFS service configuration file is/etc/exports. This file is the main NFS configuration file, but the system does not have the default value. Therefore, this file may not exist and may need to be manually created using vim, then write the configuration content in the file.
/Etc/exports file content format:
<Output directory> [client 1 option (access permission, user ing, others)] [client 2 Option (access permission, user ing, others)]
A. output directory:
The output directory refers to the directory that needs to be shared to the client in the NFS system;
B. Client:
A client is a computer on the network that can access the NFS output directory.
Common Methods for specifying clients
Host with the specified IP Address: 192.168.0.200
All hosts in the specified subnet: 192.168.0.0/24 192.168.0.0/255.255.255.0
Host for the specified domain name: David .bsmart.cn
All hosts in the specified domain: * .bsmart.cn
All Hosts :*
C. Options:
Options are used to set the access permission and user ing of the output directory.
NFS has three main options:
Access permission options
Set output directory read-only: ro
Set output directory read/write: rw
User ing options
All_squash: maps all common users and groups remotely accessed to anonymous users or user groups (nfsnobody );
No_all_squash: returns an inverse value from all_squash (default );
Root_squash: maps root users and groups to anonymous users or user groups (default );
No_root_squash: returns the inverse of rootsquash;
Anonuid = xxx: maps all remotely accessed users to anonymous users and specifies the user as a local user (UID = xxx );
Anongid = xxx: maps all remotely accessed user groups to anonymous user group accounts, and specifies this anonymous user group account as a local user group account (GID = xxx );
Other options
Secure: restrict the client to connect to the nfs server from a TCP/IP Port less than 1024 (default );
Insecure: allows the client to connect to the server from a TCP/IP Port greater than 1024;
Sync: write data synchronously to the memory buffer and disk, which is less efficient, but can ensure data consistency;
Async: stores data in the memory buffer before writing data to the disk if necessary;
Wdelay: Check whether there are related write operations. If yes, execute these write operations together to improve the efficiency (the default setting );
No_wdelay: if there is a write operation, it will be executed immediately and should be used with sync;
Subtree: If the output directory is a sub-directory, the nfs server checks the permissions of its parent directory (default );
No_subtree: even if the output directory is a sub-directory, the nfs server does not check the permissions of its parent directory, which improves efficiency;
Vi. Start and Stop an NFS server
After the exports file is correctly configured, you can start the NFS server.
1. Start the NFS server
To enable the NFS server to work properly, you need to start portmap and nfs services, and portmap must be started before nfs.
# service portmap start# service nfs start
2. query the NFS server status
# service portmap status# service nfs status
3. Stop the NFS server
To stop running NFS, you must stop the nfs service before stopping the portmap service. If other services (such as NIS) in the system need to be used, you do not need to stop the portmap service.
# service nfs stop# service portmap stop
4. Set the Automatic startup status of the NFS server
For the actual application system, it is unrealistic to manually start the nfs server after each LINUX system is started. You need to set the system to automatically start the portmap and nfs services at the specified running level.
# chkconfig --list portmap# chkconfig --list nfs
Set portmap and nfs service to automatically start at system running level 3 and 5.
# chkconfig --level 35 portmap on# chkconfig --level 35 nfs on
VII. Instances
1. Share the/home/david/of the NFS Server to the network segment 192.168.1.0/24 with the read and write permissions.
The server files are as follows:
# Vi/etc/exports
/home/david 192.168.1.0/24(rw)
2. Restart the portmap and nfs services.
# service portmap restart# service nfs restart# exportfs
3. The server uses the showmount command to query the NFS sharing status.
# Showmount-e // check your shared services by default, provided that the DNS can resolve itself, otherwise it is easy to report errors
# Showmount-a // display the directory information that has been connected to the client
4. The client uses the showmount command to query the NFS sharing status.
# Showmount-e NFS server IP Address
5. Mount the shared directory in the NFS server on the client.
Command Format
# Mount NFS server IP Address: shared directory local mount point directory
# Mount 192.168.1.108:/home/david/tmp/david/
# Mount | grep nfs
Mounted successfully.
Check whether the file is consistent with that on the server.
6. NFS share permission and Access Control
Now we create a file in/tmp/david/To see what permissions are.
# Touch20130103
Here Permission denied is displayed because the write Permission of the shared directory on the NFS server is not open to other users and is enabled on the server.
# Chmod 777-R/home/david/
Create a file in the client/tmp/david/again
I used the file created by the root user to become the nfsnobody user.
NFS has many default parameters. Open/var/lib/nfs/etab to view the shared/home/david/full permission settings.
# Cat/var/lib/nfs/etab
By default, sync, wdelay, hide, and so on are available. no_root_squash allows root to maintain permissions, while root_squash maps root to nobody, and no_all_squash does not allow all users to maintain permissions in the Mount directory. Therefore, the root object owner is nfsnobody.
Next we will test the mounting and writing of files by common users.
# Su-david
$ Cd/tmp/david/
$ Touch 2013 david
When a common user writes a file, it is his own name, which ensures the security of the server.
Permission Analysis
1. Check for common users during Client Connection
A. if the identity of a common user is clearly set, the identity of the client user is converted to the specified user;
B. If the NFS server has a user with the same name, the identity of the client Logon account is converted to the user with the same name on the NFS server;
C. If no user with the same name is specified, the user identity will be compressed into nfsnobody;
2. Check root during Client Connection
A. If no_root_squash is set, the root user's identity will be compressed to the root on the NFS server;
B. If all_squash, anonuid, and anongid are set, the root identity is compressed to the specified user;
C. If not explicitly specified, the root user is compressed into nfsnobody;
D. If both no_root_squash and all_squash users are specified, they will be compressed to nfsnobody. If anonuid and anongid are set, they will be compressed to the specified users and groups;
7. unmount the mounted NFS shared directory
# Umount/tmp/david/
8. Start automatic mounting of the nfs File System
Format:
<server>:</remote/export> </local/directory> nfs < options> 0 0
# Vi/etc/fstab
Save and exit. restart the system.
Check whether/home/david is automatically mounted.
Automatic mounting is successful.
9. Related commands
1. exportfs
If we modify/etc/exports after starting NFS, do we have to restart nfs? At this time, we can use the exportfs command to make the change take effect immediately. The command format is as follows:
# Exportfs [-aruv]
-A mount or detach all content in/etc/exports
-R re-reads the information in/etc/exports and synchronously updates/etc/exports,/var/lib/nfs/xtab
-U unmount a single directory (used with-a to uninstall all directories in the/etc/exports file)
-V outputs detailed information to the screen during the export operation.
Example:
# Exportfs-au Uninstall all shared directories
# Exportfs-rv share all directories again and output details
2. nfsstat
Checking the running status of NFS is helpful for adjusting the running status of NFS.
3. rpcinfo
You can view the rpc execution information and use rpcinfo-p to check the program provided by the port opened by rpc.
4. showmount
-A: displays the directory information that has been connected to the client.
-E IP address or hostname: displays the directory shared by this IP address.
5. netstat
We can check the port opened by the nfs service. nfs enables port 2049, portmap enables port 111, and rpc enables port.
At last, pay attention to the two points. Although the permission settings allow normal users to access the file, by default, only root users can mount the file, and general users can execute sudo.
When the NFS server is shut down, make sure that the NFS service is closed. No client is connected! You can use showmount-a to check whether kill killall pkill is used to end the process (-9 is forced to end)