Quick NFS configuration tutorial and Security Policy in Linux (1)

BKJIA: file sharing is implemented in multiple ways in Linux. NFS is one of them. The Network File System (NFS) Protocol was designed and implemented by Sun MicroSystem in 1980s to provide remote access to shared files. This Protocol uses the Client/Server model and uses the Remote Procedure Call Protocol (RPC Protocol) developed by Sun) program running on one computer to call a subroutine running on another remote machine, and the external data representation (XDR) provided by the program) data can be exchanged on computers on different platforms. This protocol can be run on TCP or UDP. On this basis, the RPC command is required for NFS to be confirmed during data transmission and re-transmitted as needed.

1. NFS principles

NFS is complex. It includes many components and interacts with each other through special protocols. Different components use different configuration files and status files in the operating system. Describes the main components and configuration files of NFS.

 
Figure Network File System Principle

NFS is divided into two parts: server and client. Each host has its own kernel-level service: eXternal Data Representation (XDR, eXternal Data Representation), Remote Procedure Call (RPC, Remote Procedure Call), I/O monitoring programs and lock monitoring programs. Each host also has its own user-level service. Both kernel-level services and user-level services depend on host functions: NFS clients or NFS servers. Of course, it depends on the configuration files of different functions used by each host. If it is a server, the/etc/exports configuration file is used. If it is a client, the/etc/fstab configuration file is used ). If a host is both a server and a client, it needs to run two services.

On the server side, the monitoring programs portmap, mountd, and nfsd will run in the background. The portmap monitor is used to register rpc-based services. When an RPC monitoring program is started, it tells the portmap monitoring program which port it listens on and what RPC service it performs. When a client sends an RPC request to the server, it will contact the portmap monitoring program to determine the port number to which the RPC message should be sent. The Mountd monitoring program is used to read the/etc/exportfs file on the server and create a host and Network List to export the local file system of the server. Therefore, the client is mounted) all requests are directed to the mountd Monitoring Program (daemon ). After verifying that the server has the permission to mount the requested file system, mountd returns a file handle for the requested mount point. The nfsd monitoring program is used by the server to process requests sent from the client. Because the server needs to process requests from multiple clients at the same time, by default, in Linux, eight nfsd threads are automatically started. Of course, if the NFS server is very busy, the system may start thirty threads according to the actual situation.

2. NFS Installation

In a network environment, run the following command to install NFS using yum:

#yum –y install nfs

3. Configure and use NFS

After NFS is installed, You need to configure it for normal use. The two steps are mainly server configuration and client configuration. The following describes them in detail.