Resolution: NFS server configuration command

In the NFS service settings, we can find that two adjustments are required. On the one hand, it is the server, and on the other hand, it is the setting and use of the client. In this case, we will first look at the server configuration details. Let's take a look at the specific steps for creating the NFS service.

Server Configuration

1. Create a shared directory

 
 

  
  
# mkdir /home/share  
  
  
# chown nobody.nogroup /home/share 
 
 

2. Create or modify the/etc/exports configuration file

The content of this file is very simple. Each row consists of the throw path, the list of Customer names, and access options followed by each customer name: [shared directory] [host name or IP address (parameter, parameters)]

The parameters are optional. If no parameter is specified, nfs uses the default option. the default sharing options are sync, ro, root_squash, and no_delay. if the host name or IP address is empty, it indicates that the shared IP address is used to provide services to any client. when the same directory is shared to multiple clients but the permissions provided to each client are not the same, you can: [shared directory] [host name 1 or IP1 (parameter 1, parameter 2)] [host name 2 or IP2 (parameter 3, parameter 4)]

Below are some common NFS sharing parameters:

 
 

  
  
Ro read-only access
  
  
Rw read/write access
  
  
Sync all data written for sharing upon request
  
  
Async NFS can request data before writing data
  
  
Secure NFS is sent through the secure TCP/IP ports below 1024
  
  
Insecure NFS is sent over port 1024
  
  
Wdelay if multiple users want to write data to the NFS Directory, write data to the group by default)
  
  
No_wdelay if multiple users want to write data to the NFS Directory, write the data immediately. This setting is not required when async is used.
  
  
Hide does not share its subdirectories in the NFS shared directory.
  
  
No_hide shares the subdirectory of the NFS Directory
  
  
Subtree_check if sub-directories such as/usr/bin are shared, force NFS to check the permission of the parent directory by default)
  
  
No_subtree_check is opposite to the above. The parent directory permission is not checked.
  
  
All_squash: The UID and GID of the shared file are mapped to the anonymous user anonymous, which is suitable for public directories.
  
  
No_all_squash retains the UID and GID of the shared file by default)
  
  
Root_squash all requests of the root user are mapped to the same permissions as those of the anonymous user by default)
  
  
The no_root_squas root user has full management access permissions to the root directory.
  
  
Anonuid = xxx specifies the UID of an anonymous user in the NFS server/etc/passwd file
  
  
Anongid = xxx specifies the GID of anonymous users in the NFS server/etc/passwd file
 
 

The configuration file/etc/exports is as follows:

 
 

  
  
$ cat /etc/exports  
  
  
/home/share 192.168.102.15(rw,sync) *(ro) 
 
 

Configuration Description: grant read and write permissions to 192.168.102.15. Other machines only have read-only permissions.

3. Restart the NFS service.

 
 

  
  
# /etc/init.d/nfs-kernel-server restart 
 
 

4. View NFS resource sharing on the client

 
 

  
  
# showmount -e 192.168.102.47  
  
  
Export list for 192.168.102.47:  
  
  
/home/share (everyone) 
 
 

5. Use the mount command to mount shared resources.

Load shared resources on client 192.168.102.15

 
 

  
  
# Mount 192.168.102.47:/home/share/mnt
  
  
# Cd/mnt
  
  
# Echo '000000'> 12345
  
  
You can find that the shared directory on the server is writable.
  
  
# Umount/mnt
  
  
Load shared resources on client 192.168.102.61
  
  
# Mount 192.168.102.47:/home/share/mnt
  
  
# Cd/mnt
  
  
# Ls
  
  
123
  
  
# Touch321
  
  
Touch: cannot touch '000000': Permission denied
  
  
# Echo '000000'> 123455
  
  
-Bash: 123: Permission denied
 
 

You can find that only the read permission is available for the server shared directory, which is consistent with the permission settings on the server. Do we need to restart the nfs service every time we modify the configuration file? At this time, we can use the exportfs command to re-scan the/etc/exports file to make the change take effect immediately.

For example:

 
 

  
  
# Exportfs-au Uninstall all shared directories
  
  
# Exportfs-rv share all directories again and output details
 
 

The exportfs command is provided by the software package nfs-kernel-server. For more information about the exportfs command, see:

Man exportfs

For instructions on the Chinese manual, see here: How do we know what permissions are released when resources are shared? In this case, we can view the/var/lib/nfs/etab file, which is generated by the exportfs command according to/etc/exports.

 
 

  
  
# cat /var/lib/nfs/etab  
  
  
/home/share     192.168.102.15(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)  
  
  
/home/share     *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534) 
 
 

Now let's check which ports are enabled on the NFS server:

 
 

  
  
tonybox:/home/share# lsof -i|grep rpc  
  
  
portmap   1931 daemon    3u  IPv4   4289       UDP *:sunrpc  
  
  
portmap   1931 daemon    4u  IPv4   4290       TCP *:sunrpc (LISTEN)  
  
  
rpc.statd 3206  statd    3u  IPv4   7081       UDP *:1029  
  
  
rpc.statd 3206  statd    6u  IPv4   7072       UDP *:838  
  
  
rpc.statd 3206  statd    7u  IPv4   7085       TCP *:1031 (LISTEN)  
  
  
rpc.mount 3483   root    6u  IPv4   7934       UDP *:691  
  
  
rpc.mount 3483   root    7u  IPv4   7937       TCP *:694 (LISTEN)