Common Directories for NFS
/etc/exports Primary configuration file for NFS services
/USR/SBIN/EXPORTFS Management commands for NFS services
View commands for/usr/sbin/showmount clients
/var/lib/nfs/etab record full permission SetPoint for NFS-shared directory
/var/lib/nfs/xtab Logging of client information that has been logged on
There are 3 main types of NFS options:
Access Permissions Options
Service side:
/home/backup/haitao 172.16.150.12 (Rw,sync,no_root_squash)
Client:
Mount-t NFS 172.16.150.100:/home/backup/$ (hostname) $DEST
Set output Directory read-only: RO
Set output directory Read/write: RW
User mapping Options
All_squash: Maps all normal users and groups that are accessed remotely to anonymous users or user groups (Nfsnobody);
No_all_squash: Reverse with All_squash (default setting);
Root_squash: The root user and the owning group are mapped to anonymous users or groups of users (default setting);
No_root_squash: Reverse with Rootsquash;
ANONUID=XXX: Maps All remote access users to anonymous users and specifies that the user is a local user (uid=xxx);
ANONGID=XXX: Maps All remote Access user groups to anonymous user group accounts and specifies that the anonymous user group account is a local user group account (GID=XXX);
Other options
Secure: Restrict clients from connecting to Server for NFS (default setting) only from TCP/IP ports less than 1024;
Insecure: Allow clients to connect to the server from TCP/IP ports greater than 1024;
Sync: It is inefficient to write data synchronously to memory buffer and disk, but it can guarantee the consistency of data;
Async: Save the data in the memory buffer first, and write to disk if necessary;
Wdelay: Check if there is a related write operation, if any, then perform these writes together, which can improve the efficiency (default setting);
No_wdelay: If a write operation is performed immediately, it should be used in conjunction with sync;
Subtree: If the output directory is a subdirectory, the NFS server will check the permissions of its parent directory (default setting);
No_subtree: Even if the output directory is a subdirectory, the NFS server does not check the permissions of its parent directory, which can improve efficiency;
Fixed NFS boot port facilitates iptables setup:
To assign a port, edit the configuration file:
1
Vi/etc/sysconfig/nfs
Add to:
rquotad_port=30001
lockd_tcpport=30002
lockd_udpport=30002
mountd_port=30003
statd_port=30004
Restart Rpcbind and NFS:
/etc/init.d/rpcbind restart
/etc/init.d/nfs restart
Now look at the ports that are started:
Rpcinfo-p
Iptables settings:
Iptables-a input-s 192.168.1.1-p TCP--dport 111-j ACCEPT
Iptables-a input-s 192.168.1.1-p UDP--dport 111-j ACCEPT
Iptables-a input-s 192.168.1.1-p TCP--dport 2049-j ACCEPT
Iptables-a input-s 192.168.1.1-p UDP--dport 2049-j ACCEPT
Iptables-a input-s 192.168.1.1-p TCP--dport 30001:30004-j ACCEPT
Iptables-a input-s 192.168.1.1-p UDP--dport 30001:30004-j ACCEPT
Linux NFS Mount