Linux System configuration NFS shared storage

Source: Internet
Author: User

1. Server-side

Installing Service Programs for NFS

Yum Install-y nfs-utils

Create Xiaobai folder (for testing purposes)

Write config file

Vim/etc/exports

Write

/xiaobai 10.234.1.56/255.255.255.0 (Rw,sync)

The format is:

The IP and mask or domain name of the directory share to be shared (permissions, synchronous update)

Start the service

Service Rpcbind Restart

/etc/init.d/nfs restart

Chkconfig NFS On

Chkconfig Rpcbind on



Then turn off the firewall and change the SELinux options for NIS

/etc/init.d/iptables Stop (Protection wall service off)

Chkconfig iptables off

System-config-selinux (set SELinux)





2, the Client

Edit the Fstab file to enable automatic mount on boot
1. Yum install-y nfs-utils
2. Start the service
Service Rpcbind Restart

/etc/init.d/nfs restart
3, server side use the showmount command to query the sharing status of NFS
#showmount-E//default view your shared services, if you want DNS to resolve their own, otherwise prone to error

#showmount-A//displays directory information that is already connected to the client * * * *

4. The client uses the Showmount command to query the shared status of NFS
#showmount-e NFS Server IP

Mount-t NFS ip:/directory to which directory is mounted (this is a temporary mount)

such as: Mount-t NFS 192.168.0.9:/doce/doc



Edit Fstab File

Vim/etc/init.d/fstab

ip:/Directory to mount NFS defaults 0 0



Then turn off the firewall and change the SELinux options for NIS

/etc/init.d/iptables Stop (Protection wall service off)

Chkconfig iptables off

System-config-selinux (set SELinux)

At this point, Linux builds NFS server complete.

6. Sharing permissions and access Control for NFS
Now let's create a file in/tmp/david/and see what the permissions are.
#touch 20130103

The permission denied appears here because the Write permission on the NFS server-side shared directory itself is not open to other users, and the permission is opened on the server side.
#chmod 777-r/home/david/

Create a file in client/tmp/david/again

I used the root user to create a file that became a nfsnobody user.
NFS has a lot of default parameters, open/var/lib/nfs/etab to view shared/home/david/? full permission set value.
#cat/var/lib/nfs/etab

The default is sync,wdelay,hide and so on, No_root_squash is to allow root to maintain permissions, Root_squash is to map root to Nobody,no_all_squash do not keep all users in the Mount directory permissions. Therefore, the file owner created by Root is nfsnobody.
Below we use normal user mount, write file test.
#su-david
$ Cd/tmp/david/
$ Touch 2013david

Ordinary users write to the file is their own name, which will ensure the security of the server.
On the analysis of permissions
1. When the client connects, the check for the ordinary user
A. If the identity of the normal user is explicitly set, then the identity of the client user is converted to the specified user;
B. If there is a user with the same name on NFS server, then the identity of the client login account is converted to the same user name as NFS server;
C. If there is no explicit designation, there is no user of the same name, then the user identity is compressed into nfsnobody;
2. When the client connects, the root check
A. If the No_root_squash is set, then the root user's identity is compressed to root on NFS server;
B. If All_squash, Anonuid, Anongid are set, the root identity is compressed to the specified user;
C. If there is no explicit designation, the root user is compressed to nfsnobody at this time;
D. If you specify both No_root_squash and All_squash users will be compressed to Nfsnobody, if set Anonuid, Anongid will be compressed to the specified user and group;
7. Unmount The mounted NFS shared directory
#umount/tmp/david/

Ix. Related Orders
1, Exportfs
If we change/etc/exports after we start NFS, do we have to restart NFS? At this point we can use the EXPORTFS command to make the change take effect immediately, the command format is as follows:

# Exportfs [-aruv]

-A? mount or uninstall all content in/etc/exports?
-R-Re-read the information in/etc/exports and synchronize updates/etc/exports,/var/lib/nfs/xtab
-U? Uninstalling a single directory (used together with-A to unload directories in all/etc/exports files)
-V Exports detailed information to the screen at the time of export.
Specific examples:?
# Exportfs-au Uninstall all shared directories
# EXPORTFS-RV re-share all directories and output detailed information
2, Nfsstat
Viewing the running Status of NFS is a great help in adjusting the operation of NFS.
3, Rpcinfo
View RPC execution information, a tool that can be used to detect RPC health, and use RPCINFO-P to see what programs are available for RPC-enabled ports.
4, Showmount
-A displays directory information that is already on the client connection
-e IP or hostname display the directory shared by this IP address
5, Netstat
You can view the ports that are open for NFS service, where NFS is turned on by 2049,portmap 111 and the rest is RPC enabled.
Finally note two points, although the permission settings can be accessed by ordinary users, but when mounted by default only root can be mounted, ordinary users can execute sudo.
When NFS server shuts down, make sure that the NFS service is down and no clients are connected! Showmount-a can be viewed, if any, with kill Killall Pkill to end, (-9 forced end)
?

Linux System configuration NFS shared storage

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.