1, server-side software: Install Nfs-utils and Portmap (Rpcbind)
Nfs-utils: Two NFS Daemons kits for RPC.NFSD and RPC.MOUNTD
Portmap:nfs can actually be viewed as an RPC server program, and to start an RPC server program, do a good job of port correspondence, and such a task is done by Portmap. Popular saying Portmap is used to do the mapping of the port.
NFS need to start daemons: Refer to NFS Daemons
PC.NFSD: The main complex landing permission detection must be portmap: Processing RPC Program client and server-side port correspondence must be RPC.MOUNTD: The file System for NFS, when the client side through the RPC.NFSD landing server, the Clinet access server files for a series of management must be LOCKD: processing the lock request through the RPC package STATD: Provides crash recovery functionality for NFS Lockdown Services Rquotad: Processes the quota daemon boot sequence when a user nfsmount to a remote server: Rpc.portmap, Rpc.mountd, RPC.NFSD, RPC.STATD, RPC.LOCKD (The new version will automatically follow NFSD to start up), Rpc.rquotad
NF Server-side command:
Yum install nfs-utils Portmap chkconfig on #chkconfig: Update and query system services at run Level Rpcbind NFS on service chkconfig start SE Rvice NFS Start
2, server-side profile/etc/exports: Specify the directories and permissions to share man exports
HTML Code #: Allows a computer with an IP address range to access the/home/work directory with read and write access to the 192.168.0.*. /home/work 192.168.0.* (Rw,sync,root_squash) /home 192.168.1.105 ( Rw,sync) /public * (rw,sync) profiles are divided into two segments per line: The first segment is a shared directory, the absolute path is used, The second paragraph is the client address and permissions. address can use full IP or network segments, such as 10.0.0.8 or 10.0.0.0/24,10.0.0.0/255.255.255.0, of course, can also address the use of host names, DNS resolution and local/etc/hosts resolution of the line , support wildcard characters, such as:*.chengyongxu.com : rw:read-write, readable and writable; Note that this is only set to read-write client is still not write correctly, but also to set permissions to the shared directory, reference issues 7 ro:read-only, read-only; sync: Files are written to both hard disk and memory; Async: Files are held in memory, rather than written directly to memory; NO_ROOT_SQUASH:NFS the client connects to the server, if root is used, then the directory shared by the server also has root privileges. Obviously it's not safe to open this. Root_squash:nfs The client connects to the server if root is used, then the directory shared by the server has anonymous user rights, and usually he will use nobody or nfsnobody identity; All_squash: Regardless of which user the NFS client connects to the server, the directory shared by the server has anonymous user rights; Anonuid: The UID value of the anonymous user, usually nobody or nfsnobody, You can set; a at this pointNongid: The GID value of the anonymous user.
NFS Client User mapping: The client logs on to the user as root or another user, and then according to server-side NFS server configuration, the corresponding client connection is mapped to the user on the NFS server side as root or a specified user (via Anonuid or Anongid), Nfsnobody and so on. Finally, this mapped user and shared directory permissions together affect whether the client connection has read and write access.
Manually set client, server-side user mappings, Parameters: Map_static=/etc/nfs.map
The contents of the/etc/nfs.map file map are as follows:
# Remote Local
GID 500 1000
UID 500 2003
Reference: The description of the NFS customer connection user Identity in the NFS learning notes does not verify the following description:
When the client connects, the check to the ordinary user, No.1 if explicitly set the ordinary user is compressed identity, then the client user's identity is converted to a specified user, No.2 if NFS server has the same name, then the identity of the client login account is converted to NFS Server with the same name, No.3 if not explicitly specified, there is no user with the same name, then the user identity is compressed into Nfsnobody client connection, the root of the check, No.1 if set No_root_squash, At this point, the root user's identity is compressed into NFS server root,no.2 if the All_squash, Anonuid, Anongid are set, the root is compressed to the specified user, No.3 if it is not explicitly specified, the root user is compressed to nfsnobody,no.4 if both No_root_squash and All_squash are specified and the user is compressed to Nfsnobody if Anonuid is set, Anongid will be compressed to the specified user and group
3, Firewall settings modified
By default, only 22 ports are released from the firewall iptables configuration after the CentOS6 server version is installed.
Specify the NFS service-related ports in the NFS profile/etc/sysconfig/nfs and modify the firewall to release the appropriate ports
Java code #Port RPC.MOUNTD should listen on. #MOUNTD_PORT =892 #Port rpc.statd should listen on. #STATD_PORT =662 #/usr/sbin/rpc.rquotad PORT Rquotad should listen on. #RQUOTAD_PORT =875 #TCP PORT RPC.LOCKD should listen on. #LOCKD_TCPPORT =32803 #UDP Port RPC.LOCKD should listen on. #LOCKD_UDPPORT =32769
Modify Iptables Profile/etc/sysconfig/iptables, release (Portmap service port), 2049 (NFS service port)
4,/etc/hosts.allow Configuration Modifications
/etc/hosts.allow,/etc/hosts.deny describes which hosts allow the use of local inet services.
The default seems to be that you don't need to modify it, but it's best to set it to allow only the client machine you need, and then the other machines will deny the connection.
#服务进程名: Host list: Optional command action when rule matches
Server_name:hosts-list[:command]
To add a rule to allow client access in/etc/hosts.allow
all:127.0.0.1 #允许本机访问本机所有服务进程
all:192.168.0.135 #允许192.168.0.135 Client machines Access all service processes on this machine
smbd:192.168.0.0/255.255.255.0 #允许网段的IP访问smbd服务
sshd:192.168.100.0/255.255.255.0 #允许192.168.100. sshd process on the IP Access server of the network segment
sshd:60.28.160.244 #允许外网的60.28.160.244 access to SSHD processes on this server
Attempts to access the/etc/hosts.deny in the connection information can also be set to log down to the user's mailbox
Sshd:all #禁止所有
5, modify the shared directory permission is 760, and modify the directory all groups for Nfsnobody
Reference: Question 7
6, the client mount: Execute the following instructions to the NFS server (IP address for 192.168.1.45) to share the/home mount to the local/mnt/nfs/home directory.
SHOWMOUNT-E Nfs-serverip: View resources shared by Server for NFS
Mount-t NFS 192.168.1.45:/home/mnt/nfs/home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.