Organize NFS configurations above 6 Rhel

Source: Internet
Author: User
Tags anonymous create directory parent directory file permissions
I. Overview:
NFS (Network File system), which can be used for file sharing on Unix-like systems. If a system that involves windows needs to consider using the file share provided by the Samb service. It is a server program that is based on the RPC (Remote Procedure Call) protocol (port 111) and cannot be run without RPC. So: 1. The server side must start the RPC service and the NFS service to achieve file sharing; 2. The client side must also run the RPC service and the NFS service; 3). RHEL more than 6 version uses NFSV4, only need to open 2049 ports on the firewall
two. Documents and principlesSoftware: Portmap software package (rhel6 renamed to Rpcbind later) for RPC service; The Nfs-utils software package, which provides startup scripts and maintenance tools for NFS servers, typically portmap yum-y install Portmap main files and formats are first installed:
Master configuration file:/etc/exports The configuration file format is as follows: < output directory > [Client 1 options (access rights, user mappings, other)] [Client 2] ... 1. The output directory refers to the directory to be shared to the client;
2. Client-specific mode: IP address: 192.168.100.110; Specify host (CIDR) in subnet: 192.168.100.0/24 Specify the host in the domain name-a.xxx.com all hosts of the specified domain name: *.xxx.com All hosts: * Host list: Server1 Server2
3. Option to set the output directory Access and mapping user, etc.: Permissions: RO (Read only), RW (Read and write), Attention: File permissions are not only set in the configuration file, but also the permissions of the folder itself to support access to the Line user mapping option: All_squash maps all normal users of remote access and their groups to anonymous users or groups of users (Nfsnobody). Can more strictly control the client side of the permissions on the server impact;
No_all_squash and All_squash (default settings) Root_squash map root and group to anonymous users or groups of users (default settings); No_root_squash does not map the root user to an anonymous user, which allows the root user of the client to operate files in NFS with the same privileges as the server root user; Fsid set a specific ID for each NFS to facilitate tracking, which is important in the cluster; anonuid=xxx designate anonymous users of remote access as Local Users (UID=XXX); Anongid=xxx maps all user groups for remote access to anonymous user group accounts and designates the anonymous user group account as the local user group account (GID=XXX); Other options secure restricts clients from connecting to NFS servers from TCP/IP ports less than 1024 (default setting); Insecure allows clients to connect to the server from TCP/IP ports greater than 1024;
Sync writes data synchronously to the memory buffer and disk, which is inefficient, but can ensure data consistency; Async data is stored in memory buffer and written to disk when necessary, which can easily cause data loss;
Wdelay checks for write-related writes and, if so, executes them together, which can improve efficiency (default settings);
No_wdelay If there is a write operation will be implemented immediately, should be used in conjunction with the sync;
Subtree If the output directory is a subdirectory, the NFS server checks the permissions of its parent directory (the default setting);
No_subtree even if the output directory is a subdirectory, NFS server does not check the permissions of its parent directory, which can improve efficiency;

Log file:/var/log/messages
three. Configuration Steps
3.1.NFS server-side actions
1. Install nfs-utils:yum-y install nfs-utils* 2. Set up a shared directory:/etc/exports <directory> hosts1 ([r][w|o],[anonuid=xx,anongid= XX]) hosts2 ([R][w|o]) ... Indicates what permissions the directory has for which hosts (uid/gid means to access the path with that user ID), and the host can write in CIDR (for example, 192.168.1.0/24). Sample:/u01 * (rw)/u02 192.168.19.0/24 (rw) 192.168.10.10 (RO)/u03 192.168.100.61 (rw,anonuid=1000,anongid=1100)-->/ This example indicates that/u03 can be accessed by 100.61 hosts, and that the user and group IDs displayed on the server side of the client-side file are 1000 and 1100, respectively.
3. Start service services {RPCBIND|PORTMAP} Start|status service NFS Restart Chkconfig NFS on 4. Common commands: Exportfs [-aruv] [Host:/path]- R reloads all the paths in the exports file,-a exports file. -U stop sharing a path-V output details EXPORTFS-AUV means stop sharing, even if the file system already on the client mount is not visible to the clients; Exportfs-arv means to share all, if you finish the previous one and then execute this, you can see if the target side doesn't mount again

3.2.NFS Client Side action
1. Installation of Nfs-utils:yum-y install nfs-utils*
2. Commonly used commands showmount [-ADEHV] [host]-A view specifies all mounted nfs-d on [hosts] to view the directories mounted on the specified [hosts]-E attach [hosts] specified server, To view the exportlist of the specified server, on the server side you can specify localhost to view the shared list of this computer-H help Information-v details
3. Mount Mount-t Nfs-o Soft 192.168.100.110:/u01/u02/test01 by using the Mount command--> it is best to mount the Mount nfsserver://mnt-->nfsv4 with a soft link to Map all NFS paths on the NFSServer to the/MNT directory for access
4.NFS Persistence Mount If the NFS is required to be mounted on the client all the time, we need to consider making sure that the path can be mounted after each reboot of the machine. Normally, we will write the mount information of the node to/etc/fstab. However, if the system is not able to connect to the network for a long time, then we will receive a large number of errors. To circumvent the error, NFS mount information in fstab specifies the _netdev option, which controls whether the operating system mounts the NFS until the network is available, as follows: Nfsserver:/data/data NFS _netdev 0 0
5.NFS Automatic mount NFS automatic mount can solve the user through the OpenLDAP authentication landing system, login system to access their workspace, the workspace stored on the NFS server, Even users can access the same workspace when they log on to a different machine. Fstab can not be implemented at this time, automount implementation of this function process is as follows: 1. Start AutoFS Service; 2). Configure/etc/auto.master configuration file; # The following is the operating system sample file, AutoMount uses the automount-hosts mechanism to automatically monitor the/net directory, which means that all automatically mounted NFS paths can be mounted to/net for access. The Access step is: 1. When the AutoFS is started, the/net execution ls is empty; CD <nfsserver> you can see the directory shared under this Server for NFS (but the NFSServer subdirectory is not visible under/net) # Sample Auto.master file # This is a automounter map and it has the following format # key [-mount-options-separated-by-comma] Location # for details about the format look at AutoFS (5). #/misc   /etc/auto.misc # note:mounts done from a hosts map would be mounted with the #    ' Nosuid "and" Nodev options unless the "suid" and "Dev" #    options are explicitly. #/net   -hosts # Include The master map if it can be found using # Nsswitch sources. # # Note This if there are entries for/net Or/misc (as # above) in the included master Map no keys that are THe # same won't be seen as the "the" "the" "Key seen takes # precedence. # +auto.master 3). Configure the indirect file to specify the content that needs to be autofs mounted. 4. Configure an automatic mount instance () a). Create directory/data on NFS clients; b). Add the following in/etc/auto.master (Specify/data indirect file):/data  /etc/auto.data C). Edit Indirect file/etc/auto.data Add the following: Files  -RW  nfsserver:/data D). Restart the AutoFS service, after entering the/data LS to confirm that the directory is empty; e). In the/data directory, CD files will enter the AutoMount directory, which is the NFSServer/data directory content. 5. If you want to implement the purpose of mounting the home directory after the LDAP authentication described in 5, the implementation process is as follows: A./etc/exports will be edited and added to the NFS server:/home   * (rw) b). After starting the NFS service on the server and creating a new user, execute the following command to confirm that the shared path is correct: Showmount-e nfsserver C. Edit the client's Auto.master file and add the following to specify indirect file/home   /etc/auto.home d). Specify the configuration in the indirect file (* represents any directory,& representing the same directory as the client name): * &NBSP;-RW  nfsserver:/home/& E). Restart the client's AutoFS service to access the service-side home directory

four. Principle explanation 4.1. With regard to authority
The client side accesses the NFS folder in effect to access the server-side files as members of other groups, so we need to make the relevant settings: 1. Set the folder permissions to: chmod o+w </directory> 2 on the server side. Suppose you want to use it to do ogg, then we need to set up:<directory> hosts1 in the exports file on the source ([r][w|o],[anonuid=ogg user's Id,anongid=ogg user's group ID])

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.