NFS server configuration and experimental process

Network File system
1.NFS
Unix/linux <---> unix/linux
2.CIFS
Unix/linux/windows <---> unix/linux/windows

Nfs

Red Hat 5 port mapper Ports mapping table
Red Hat 6 Rpcbind Remote Procedure Call

Nfs
Network File System
V1:sun Internal Use
V2: Getting Started with open use
V3: Use the most
V4: The latest version,


Mount-t NFS 192.168.100.2:/abc/mnt/nfs

RPC Server component: Rpcbind listening on TCP port 111
Server for NFS component: Nfs-utils


/usr/sbin/rpc.mountd
/usr/sbin/rpc.nfsd

[[Email protected] ~]# Service NFS Start
Starting NFS services: [OK]
Starting NFS quotas: [OK]
Starting NFS daemon: [OK]
Starting NFS mountd: [OK]
[[Email protected] ~]# service NFS Status
RPC.SVCGSSD is stopped
RPC.MOUNTD (PID 22958) is running ...
NFSD (PID 22955 22954 22953 22952 22951 22950 22949 22948) is running ...
Rpc.rquotad (PID 22942) is running ...

[Email protected] ~]# rpcinfo-p localhost
Program vers (Version) Proto Port service



NFS Master Profile/etc/exports---> called export
is divided into two parts:
Part Two
The directory to be exported (must be an absolute path) access control and options (enclosed in parentheses) cannot have spaces in the middle



Access control:
Host authentication:
Specific IP addresses, such as: 192.168.100.2
Specific network addresses, such as: 192.168.100.0/255.255.255.0
Domain names, such as: *.qhdlink.com client2.qhdlink.com
All, * on behalf of all hosts

Options: (Multiple options separated by commas ",")
rw
Ro:
Async: Async
Sync: Syncing
Nohide: Does not hide in the exported file system, hangs in the other file system, when the client mounts the exported file system, its internal other file system can also be accessed
Root_squash: forcibly restrict users with Uid/gid to 0 as anonymous users (default)
No_root_squash: Let uid/gid for 0 users to complete the operation as the original identity
All_squash: Force all users to be restricted to anonymous users
No_all_squash: Allow all users to complete operations as they are (default)
Anonuid=uid: Forced designation
Anongid=gid:uid/gid as long as it's legal, just write it.

/var/shared 192.168.100.0/24 (rw,all_squash,anonuid=2000,anongid=2000)
/var/shared 192.168.100.0/24 (RO) 192.168.100.2 (Rw,all_squash)

[[email protected] ~]# Man 5 exports can view the format of access control


Showmount
-A: See which file systems are mounted on the NFS server
-e: View which file systems are exported on the NFS server

Client
[Email protected] ~]# showmount-e 192.168.100.2
Export list for 192.168.100.2:
/var/shared 192.168.100.0/24
[Email protected] ~]# showmount-a 192.168.100.2
All mount points on 192.168.100.2: No one is mounted
[Email protected] ~]# mount-t NFS 192.168.100.2:/var/shared/mnt/
[[email protected] ~]# DF
Filesystem 1k-blocks used Available use% mounted on
/dev/sda3 20024188 3279988 15727012 18%/
Tmpfs 59324 0 59324 0%/dev/shm
/DEV/SDA1 99150 23827 70203 26%/boot
DF: '/mnt/cdrom ': No such file or directory
192.168.100.2:/var/shared
20024192 1276160 17730816 7%/mnt

[Email protected] ~]# Exportfs
/var/shared 192.168.100.0/24



Exportfs-maintain List of NFS exported file systems to prevent restart
Exportfs
-r:reload re-export. Reload
-u:unreload undo Export or uninstall, client cannot access
-A: Commonly used with-R or-u, export all directories listed in the/etc/exports file or revoke all exported directories
-v:verbose Show Details

[Email protected] ~]# Exportfs-arv
Exporting 192.168.100.0/24:/var/shared

To write write permissions to the folder

Root--nfsnobody force mappings to anonymous users for NFS
Lisi--nobody
[[email protected] ~]# grep nfsnobody/etc/passwd
Nfsnobody:x:65534:65534:anonymous NFS User:/var/lib/nfs:/sbin/nologin
Root_squash root suppression identifies a user with UID 0 as a request that is mapped to anonymous
Map requests from Uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any
Other UIDs or gids that might is equally sensitive, such as user bin or group staff.


Configuration file for the NFS service startup script, the port on which the fixed service initiated the process is listening

[Email protected] ~]# Vim/etc/sysconfig/nfs
Let it have a fixed port: uncomment it
#RQUOTAD_PORT =875

# TCP Port RPC.LOCKD should listen on.
#LOCKD_TCPPORT =32803
# UDP Port RPC.LOCKD should listen on.
#LOCKD_UDPPORT =32769
#MOUNTD_PORT =892
#STATD_PORT =662
#STATD_OUTGOING_PORT =2020

[Email protected] ~]# rpcinfo-p localhost
100011 2 TCP 875 Rquota
100011 2 UDP 875 Rquotad
100011 1 TCP 875 Rquotad
100011 2 TCP 875 Rquotad
100021 1 UDP 32769 nlockmgr
100021 3 UDP 32769 nlockmgr
100021 4 UDP 32769 nlockmgr
100021 1 TCP 32803 Nlockmgr
100021 3 TCP 32803 Nlockmgr
100021 4 TCP 32803 Nlockmgr
100005 1 UDP 892 Mountd
100005 1 TCP 892 Mountd
100005 2 UDP 892 Mountd
100005 2 TCP 892 MOUNTD
100005 3 UDP 892 Mountd
100005 3 TCP 892 Mountd


Nohide Options

[Email protected] ~]# Mkdir/var/shared/cdrom
[Email protected] ~]# mount/dev/sr0/var/shared/cdrom/

Client
[Email protected] ~]# mount-t NFS 192.168.100.1:/var/shared/mnt/
[Email protected] ~]# ls/m
media/misc/mnt/
[Email protected] ~]# ls/mnt/
CDRom
[Email protected] ~]# ls/mnt/cdrom/
[[email protected] ~]# content is empty

Server
[Email protected] ~]# Vim/etc/exports
/var/shared 192.168.100.0/24 (RO) 192.168.100.2 (Rw,all_squash)
/var/shared/cdrom * (nohide) plus one
[Email protected] ~]# Exportfs-ra

Client

[Email protected] ~]# umount/mnt/
[Email protected] ~]# mount-t NFS 192.168.100.1:/var/shared/mnt/
[Email protected] ~]# ls/mnt/cdrom/
EULA release-notes-bn-in.html release-notes-ko-kr.html release-notes-zh-cn.html
GPL release-notes-de-de.html release-notes-ml-in.html release-notes-zh-tw.html
Highavailability release-notes-en-us.html release-notes-mr-in.html Repodata
Images release-notes-es-es.html release-notes-or-in.html resilientstorage
Isolinux release-notes-fr-fr.html release-notes-pa-in.html Rpm-gpg-key-redhat-beta
LoadBalancer release-notes-gu-in.html release-notes-pt-br.html Rpm-gpg-key-redhat-release
Media.repo release-notes-hi-in.html release-notes-ru-ru.html Server
Packages release-notes-it-it.html release-notes-si-lk.html TRANS. TBL
README release-notes-ja-jp.html release-notes-ta-in.html
release-notes-as-in.html release-notes-kn-in.html release-notes-te-in.html
Client
[Email protected] ~]# showmount-e 192.168.100.1
Export list for 192.168.100.1:
/var/shared/cdrom *
/var/shared 192.168.100.0/24
[[email protected] ~]# mount-t NFS 192.168.100.1:/var/shared/cdrom/media/Mount/var/shared/cdrom
[Email protected] ~]# DF-HTP
Filesystem Type Size used Avail use% mounted on
/dev/sda3 ext4 20G 1.3G 17G 7%/
Tmpfs tmpfs 504M 0 504M 0%/dev/shm
/DEV/SDA1 ext4 97M 24M 69M 26%/boot
/dev/sr0 iso9660 2.8G 2.8G 0 100%/mnt/cdrom
192.168.100.1:/var/shared NFS 20G 1.3G 17G 7%/mnt
192.168.100.1:/var/shared/cdrom NFS 2.8G 2.8G 0 100%/media
[Email protected] ~]# DF-HTP | Column-t
Filesystem Type Size used Avail use% mounted on
/dev/sda3 ext4 20G 1.3G 17G 7%/
Tmpfs tmpfs 504M 0 504M 0%/dev/shm
/DEV/SDA1 ext4 97M 24M 69M 26%/boot
/dev/sr0 iso9660 2.8G 2.8G 0 100%/mnt/cdrom
192.168.100.1:/var/shared NFS 20G 1.3G 17G 7%/mnt
192.168.100.1:/var/shared/cdrom NFS 2.8G 2.8G 0 100%/media


How to automatically mount the boot (to avoid mounting, not to enter the system)
[Email protected] ~]# Vim/etc/fstab
192.168.100.1:/var/shared/mnt NFS Defaults,_netdev 0 0
Network File System mount
Failure to mount failed to boot system

Mount-t Nfs-o _netdev
_netdev
The filesystem resides on a device this requires network access (used to prevent the system
From attempting to mount these filesystems until the network have been enabled on the system).
Skip mount after network server NFS outage

Another way is to auto.master auto-mount--->Pending Additions

The difference between FTP and NFS is that NFS supports online changes, and NFS needs to be downloaded and changed

This article is from the "small operation of the attack" blog, please be sure to keep this source http://liyongjian5179.blog.51cto.com/10134786/1733364

NFS server configuration and experimental process