[O & M personnel? Why? 11) precautions for permission setting during GNU/LinuxNFS server deployment
Source: Internet
Author: User
[O & M personnel? Why? 11) precautions for permission setting during GNU/LinuxNFS server deployment [during O & M? Why? 09] How does one delete massive data files in seconds? Why? 11) precautions for permission setting during GNU/Linux NFS server deployment
[O & M personnel? Why? 09: How to delete massive data files in seconds
Http://www.2cto.com/ OS /201304/203155.html
NFS, simply put, is a file server
In the deployment process, the read and write permissions of files are more error-prone than the tutorial.
This blog is based on the following six aspects, but focuses on file permissions,
● Principle
●/Etc/exports
● File permission
● Server/Client configuration
● Two common commands
● Troubleshoting
● Experience suggestions
(I) principle
A picture is better than a thousand words.
Rocky just followed the big stream and put 2 images
It is worth noting that before NFS is started, portmap should be started first.
(Ii)/etc/exports
The deployment of NFS is actually very simple. The strategy is implemented in three steps: Configure/etc/exports → start portmap → start NFS
So, the first step of the long journey: Configure/etc/exports
This configuration file is very simple and the directory to be shared at the beginning of each line
Then, the directory can be shared to different hosts according to different permissions.
For example:
/Tmp/rokcy 192.168.1.0/24 (ro) * .fjnu.edu.com (rw, sync)
Format Description: parentheses () are used to set the location of the permission parameter, and the host name is connected with the parentheses.
There are several methods to set the host name:
● You can use a complete IP address or CIDR block, such as 192.168.1.110 or 192.168.1.0/24.
● The host name can be used, but this name must be found in/etc/hosts or DNS. the host name supports wildcards, for example, * OR?
Common permissions include:
Rw: read/write;
Ro: Read-only;
Sync: synchronization mode. data in the memory is always written to the disk;
Async: the data in the memory is periodically written to the disk;
No_root_squash: With this option added, the root user will have the highest permission control over the shared directory, just like operating on the local directory. Not secure. not recommended;
Root_squash: corresponds to the preceding options. the root user has low permissions on the shared directory, and only the permissions of common users are limited;
All_squash: no matter who the NFS user is, his identity will be limited to a specified normal user identity;
Anonuid/anongid: used together with root_squash and all_squash to specify the uid and gid after the user-defined NFS is used, provided that the uid and gid exist in the/etc/passwd of the local machine.
(Iii) file permissions
The write permission for an object must meet the following requirements:
(1) user account, that is, UID-related identity
(2) the NFS server allows write permission.
(3) the file system does have w permissions
(4) two commands
① Use on the Client:
Showmount-e IP address or host name
View the mounted Directory
② Use on the Server:
After you reconfigure/etc/exports, it is available:
Exportfs-avr
(V) Troubleshoting
① The identity and permissions of the user or client do not match
[Plain]
[Root @ linux ~] # Mount-t nfs localhost:/home/test/home/nfs
Mount: localhost:/home/test failed, reason given by server: Permission denied
Solution:
If you are sure that your IP address is correct, please notify the server, ask the administrator to add your IP address to/etc/exports
② Some services on the server or client are not started:
[Plain]
[Root @ linux ~] # Mount-t nfs localhost:/home/test/home/nfs
Mount: RPC: Port mapper failure-RPC: Unable to receive
[Root @ linux ~] # Mount-t nfs localhost:/home/test/home/nfs
Mount: RPC: Program not registered
Solution:
If you forget to enable portmap, you must forget to enable nfs on the server! The solution is to start these two things!
③ The firewall files are out:
This is also easy to forget! That is to reset your firewall, which contains two parts, iptables and TCP_Wrappers!
Because we started portmap, there are two pieces of data to be shared. one is port 111 which needs to be provided,
Therefore, the port must be enabled in your iptables rules.
(Vi) experience suggestions
If NFS runs in a high-speed environment, we recommend that you add:
Mount-t nfs-o nosuid, noexec, nodev, rw, bg, soft, rsize = 32768, wsize = 32768
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.