Linux NFS installation configuration and frequently asked questions,/etc/exports profiles, showmount commands _linux

1, server-side software: Install Nfs-utils and Portmap (Rpcbind)
nfs-utils: Two NFS Daemons kits for RPC.NFSD and RPC.MOUNTD
Portmap:nfs can actually be viewed as an RPC server program, and to start an RPC server program, do a good job of port correspondence, and such a task is done by Portmap. Popular saying Portmap is used to do the mapping of the port.
NFS need to start daemons: Refer to NFS Daemons

• PC.NFSD: The main complex landing permission detection must
• Portmap: Processing RPC Program client and server-side port correspondence must be
• RPC.MOUNTD: The file System for NFS, when the client side through the RPC.NFSD landing server, the Clinet access server files for a series of management must
• LOCKD: Handling lock requests through RPC packets
• STATD: Provides crash recovery functionality for NFS Lockdown services
• Rquotad: Processing quotas When a user passes nfsmount to a remote server
• daemon Boot sequence:rpc.portmap, Rpc.mountd, RPC.NFSD, RPC.STATD, RPC.LOCKD (the new version will automatically start with NFSD), Rpc.rquotad

NF Server-side command:

Yum Install nfs-utils Portmap
chkconfig rpcbind on #chkconfig: Update and query system services at run level
chkconfig NFS On
Service Rpcbind Start
Service NFS Start

2, server-side profile/etc/exports: Specify the directories and permissions to share man exports

Copy Code code as follows:

#: Allow the IP address range on the 192.168.0.* computer to access the/home/work directory with read and write permissions.
/home/work 192.168.0.* (Rw,sync,root_squash)
/home 192.168.1.105 (Rw,sync)
/public * (Rw,sync)

The configuration file is divided into two segments per line: The first paragraph is a shared directory, the absolute path is used, and the second paragraph is the client address and permissions.
Addresses can use full IP or network segments, such as 10.0.0.8 or 10.0.0.0/24,10.0.0.0/255.255.255.0, of course, addresses can use host names, DNS resolution and local/etc/hosts parse all rows, support wildcard characters, such as: *. Chengyongxu.com

Permissions are:
Rw:read-write, can read and write; Note that only here is set to read-write client or not normal write, but also to correctly set the permissions of the shared directory, reference question 7
Ro:read-only, read only;
Sync: Files are written to both hard disk and memory;
Async: Files are temporarily stored in memory, rather than written directly to memory;
When No_root_squash:nfs client connects to the server, if root is used, then the directory shared by the server also has root privileges. Obviously it's not safe to open this.
When Root_squash:nfs client connects to the server, if root is used, then the directory shared by the server has anonymous user rights, usually he will use nobody or nfsnobody identity;
All_squash: No matter what user the NFS client connects to the server, it has anonymous user rights to the directory shared by the server;
Anonuid: The UID value of an anonymous user, usually a nobody or nfsnobody, where you can set it yourself;
Anongid: The GID value of the anonymous user.

NFS Client User mapping: client logged in as root or other user, and then based on server-side NFS server configuration, The corresponding client connection maps to NFS server-side users as root or designated users (via Anonuid or Anongid), nfsnobody, and so on. Finally, this mapped user and shared directory permissions together affect whether the client connection has read and write access .
Manually set client, server-side user mappings, Parameters: Map_static=/etc/nfs.map
The contents of the/etc/nfs.map file map are as follows:
# Remote Local
GID 500 1000
UID 500 2003

Reference: The description of the NFS customer connection user Identity in the NFS learning notes does not verify the following description:

• Client connection, check for ordinary users, No.1 if you explicitly set the average user is compressed identity, then the client user's identity converted to a specified user, No.2 if NFS server has the same name, then the identity of the client login account to the NFS Server with the same name, No.3 if not explicitly specified, there is no user with the same name, then the user identity is compressed into nfsnobody
• Client connection, check root, no.1 if set No_root_squash, then the root user's identity is compressed to NFS server root,no.2 if set All_squash, Anonuid, Anongid, when Root is compressed to the specified user, no.3 if not explicitly specified, the root user is compressed to nfsnobody,no.4 if both No_root_squash and All_squash users are compressed to Nfsnobody, if the Anonuid is set, Anongid is compressed to the specified user and group

3, Firewall settings modified

By default, only 22 ports are released from the firewall iptables configuration after the CentOS6 server version is installed.
Specify the NFS service-related ports in the NFS profile/etc/sysconfig/nfs and modify the firewall to release the appropriate ports

Copy Code code as follows:

#Port Rpc.mountd should listen on.
#MOUNTD_PORT =892

#Port rpc.statd should listen on.
#STATD_PORT =662

#/usr/sbin/rpc.rquotad Port Rquotad should listen on.
#RQUOTAD_PORT =875

#TCP Port RPC.LOCKD should listen on.
#LOCKD_TCPPORT =32803

#UDP Port RPC.LOCKD should listen on.
#LOCKD_UDPPORT =32769

Modify Iptables Profile/etc/sysconfig/iptables, release (Portmap service port), 2049 (NFS service port)

The

4,/etc/hosts.allow configuration Modification
/etc/hosts.allow,/etc/hosts.deny describes which hosts allow local inet services to be used.
The default here seems to be that you don't need to modify it, but it's best to set it up to allow only the client machine you need to connect, and then the other machine's connection is deny
#服务进程名: Host list: Optional command action when rule matches
server_name:hosts-list[: Command]
Add rules to allow client access in/etc/hosts.allow
all:127.0.0.1         # Allows native access to all service processes on this computer
all:192.168.0.135     #允许192.168.0.135 Client machines Access all service processes on this computer
smbd:192.168.0.0 /255.255.255.0    #允许网段的IP访问smbd服务
sshd:192.168.100.0/255.255.255.0         #允许192.168.100. sshd process on the IP Access server of the network segment
sshd:60.28.160.244                                    #允许外网的60.28.160.244 access to SSHD processes on this server
in/etc/hosts.deny attempts to connect to a banned login can also be set to record concurrency to user mailboxes
sshd:all    #禁止所有

5, modify the shared directory permission is 760, and modify the directory all groups for Nfsnobody
Reference: Question 7

6, the client Mount : Execute the following instructions to the NFS server (IP address for 192.168.1.45) to share the/home mount to the local/mnt/nfs/home directory.
SHOWMOUNT-E Nfs-serverip: View resources shared by Server for NFS
Mount-t NFS 192.168.1.45:/home/mnt/nfs/home

7,NFS Performance test:

• Set reasonable wsize,rsize values according to the command time DD If=/dev/zero of=/mnt/home bs=16k count=16384
• Set the appropriate number of NFS server-side processes in the/etc/sysconfig/nfs configuration file, based on the number of NFS clients rpcnfsdcount, defaults to 8

exportfs Command : If we have changed the/etc/exports after we started NFS, are we going to restart NFS? This time we can use the EXPORTFS command to make the changes immediately effective, the command format is as follows:
Exportfs [-aruv]-A: All mount or unmount/etc/exports content-r: Re-mount/etc/exports the shared directory-u:umount Directory-V: in export, the details Information is exported to the screen.
showmount Command : Displays mount information for Server for NFS.
SHOWMOUNT-E [Nfs-server]: Displays the directory that is export from the specified NFS server, and does not specify a directory that is shared externally when the computer is an NFS server when you are not specifying the following IP.
rpcinfo-p Command : Displays the RPC information-P parameter: uses the RPC protocol to probe the rpcbind used on host hosts and displays all registered RPC programs.
nfsstat Command : View the running Status of NFS, which is helpful for adjusting the operation of NFS

Problem solving in the process:

1, after the installation of Portmap through Yum or RPM, found that the execution command service Portmap the start times the following error: portmap:unrecognized service.
In CentOS6 (Linux Kernel 2.6.32), Portmap has been replaced by Rpcbind, and a careful look at the installation information will find that Yum is installed when you execute the command install Portmap. After the installation is complete, you can also use the command: Yum whatprovides portmap to view details.

2, when the client mount, the error Mount Clntudp_create:RPC:Port mapper failure-rpc:unable to receive.

• 1, through the command rpcinfo-p to view the Portmap service when the normal boot and the corresponding port (default 111)
• 2, check/etc/sysconfig/iptables firewall settings, allow TCP,UDP 111 port access, then service iptables restart
• 3, check/etc/hosts.deny,/etc/hosts.allow to see if the client connection is blocked

3, when the client executes the command SHOWMOUNT-E Nfs-server, the report error: Mount Clntudp_create:RPC:Program not registered.
NFS, Rpcbind Service not started, use Chkconfig to add NFS, rpcbind to system services and start with service
Or add a rule to allow client access in/etc/hosts.allow all:192.168.0.135

4, the client executes the command SHOWMOUNT-E Nfs-server, the report error: RPC mount export:RPC:Unable to receive; errno = No route to host
Configuration file:/etc/sysconfig/nfs
Locate the NFS service-related port settings and, after removing the annotations, specify that the udp,tcp in the Iptables firewall setting allow the corresponding ports to circulate.
#MOUNTD_PORT =892
#STATD_PORT =662
#LOCKD_TCPPORT =32803
#LOCKD_UDPPORT =32769
Iptables-a input-p TCP--dport 662-m State--state New-j
Iptables-a input-p UDP--dport 661-m State--state New-j

5, Showmount-e nfs-server successful, official Mount Times error: Mount:mount to NFS server ' 192.168.1.5 ' Failed:system error:no to host. This is because n The default port 2049 of the FS service is blocked by a firewall and is similar to the above modified iptables allows 2049 ports to pass

6, Showmount-e nfs-server successful, officially mounted times wrong: Mount:mount to NFS server ' 192.168.1.5 ' failed:timed out (retrying).
When editing/etc/sysconfig/iptables, the TCP port for the associated port is allowed to pass while UDP is not allowed. Other possible reason references: Mount command fails with NFS server failed error.
Disable name lookup requests from NFS server to a DNS server.
or NFS version used by the NFS client are other than version 3.

The Directory Permissions property in the 7,exports configuration file is set to RW (default is Root_squash), but the client Mount directory executes touch command times error: Touch:cannot touch ' a ': Permission denied. Solve:

• Server-side shared directory permissions View ll-d/home
• Modify server-side shared directory Permissions chown 760/home (file owner root has full permissions, all group users have read and write permissions, other users do not have permissions, and then set the directory's group to nfsnobody)
• Modify server-side shared directory permissions Group owner is nfsnobody (cat/etc/passwd | grep nob)
chgrp Nfsnobody/home
• Successfully create a new file on the client!