Server-side Configuration for NFS

Source: Internet
Author: User
Tags root access nfsd

Server-side configuration
1 Creating a shared directory
# Mkdir/home/share
# chown Nobody.nogroup/home/share
2 Creating or modifying a/etc/exports configuration file
The content of this file is very simple, and each row consists of the throw path, the list of client names, and the access options immediately following each customer name:
[Shared directory] [Host name or IP (parameters, parameters)]
Where parameters are optional, NFS uses the default option when no parameters are specified. The default sharing option is Sync,ro,root_squash,no_delay.
When the host name or IP address is empty, it represents a share to any client service.
When you share the same directory to multiple clients, but do not provide the same permissions for each client, you can:
[Shared directory] [Hostname 1 or IP1 (parameter 1, parameter 2)] [Hostname 2 or IP2 (parameter 3, parameter 4)]
Here are some common parameters for NFS sharing:
RO read-only access
RW Read-Write access
Sync all data is written to share on request
Async NFS can request the data before writing it
Secure NFS is sent over a secured TCP/IP port below 1024
Insecure NFS is sent over 1024 ports
Wdelay If multiple users are writing to the NFS directory, the group is written to (default)
No_wdelay if more than one user wants to write to the NFS directory, it is written immediately and does not require this setting when using Async.
Hide does not share its subdirectories in the NFS shared directory
No_hide subdirectories for shared NFS directories
Subtree_check if you share a subdirectory such as/usr/bin, Force NFS to check the permissions of the parent directory (default)
No_subtree_check and above, do not check parent directory permissions
All_squash shared file UID and GID mapping anonymous user anonymous, suitable for common directories.
No_all_squash preserve the UID and GID of shared files (default)
Root_squash all requests from the root user are mapped to the same permissions as the anonymous user (default)
No_root_squas Root user has full administrative access to the root directory
Anonuid=xxx specifying the UID of an anonymous user in an NFS server/etc/passwd file
Anongid=xxx specify GID for anonymous users in NFS server/etc/passwd files
The configuration file/etc/exports content is as follows:
$ cat/etc/exports
/home/share 192.168.102.15 (rw,sync) * (RO)
Configuration Note: The 192.168.102.15 is given read and write permissions, and the other machines have read-only permissions.

3 Iptables Firewall
If our NFS server is behind a firewall, you need to include the following policy in the fire-protection strategy:
-A input-p tcp-m state--state new-m multiport--dport 111,2049,4001,32764:32767-j ACCEPT
-A input-p udp-m state--state new-m multiport--dport 111,2049,4001,32764:32767-j ACCEPT

=======================================

Nfs:network A service that shares files in file System,linux.

Using NFS requires RPC (Remoteprocedure call), RPC can specify the port number for each NFS feature, and after restarting RPC, all NFS feature services managed by RPC need to be re-registered to RPC.

Setting up NFS requires installing the Nfs-utils and Portmap programs, using RPM–Q to see if the installation

nfs-utils : provide RPC.NFSD and rpc.mountd with two daemon and other document documentation.

RPC.NFSD : manages whether the client can log in to the host and identify the login ID.

Rpc.mountd : Manage NFS File system, read/etc/exports compare client to get corresponding permission.

Portmap: port mapping; Do port mapping work before starting RPC.

There are two configuration files for NFS:

/etc/exports: NFS configuration file

/var/lib/nfs/*tab: Server log placement path for NFS, Etab record shared directory full permission setting value, Xtab record related client data connected to this NFS host

Two commands:

/usr/sbin/exportfs: Maintaining NFS shared resources, re-sharing the/etc/exports change directory, or uninstalling or re-sharing the NFSServer shared directory

/usr/sbin/showmount: View directory resources shared by NFS server on client

/etc/exports configuration file

First, you need to manually edit the/etc/exports configuration file

The shared directory must use absolute path, the permission section according to different permissions to share to different hosts, in parentheses is the location of the set permissions parameters, permissions more than one, use, separated, host name and parentheses together.

Host name Settings can use the network segment: 192.168.1.0/24 or full ip:192.168.1.23 can also use the host name, but this host name needs to exist in/etc/hosts or use DNS can be found, locate the IP, Hostname supports wildcard characters, such as *?

/mnt/sda4/share/a 192.168.23.129 (rw)

Set up shared directory/mnt/sda4/share/a, only 192.168.23.129 hosts allow access to this shared directory with read and write access

/mnt/sda4/share/b 192.168.23.129 (rw) * (RO)

Set the shared directory/mnt/sda4/share/b,192.168.23.129 can read and write to this shared directory, other hosts can only read the shared directory

/MNT/SDA4/SHARE/C 192.168.23.129 (No_root_squash)

Set the shared directory/mnt/sda4/share/c, only 192.168.23.129 can access and read and write, root login with root permissions

/MNT/SDA4/SHARE/D 192.168.23.0/24 (rw)

Set up shared directory/mnt/sda4/share/d, only hosts with 192.168.23.0/24 network segments can access and read and write this directory file

/mnt/sda4/share/e * (rw,all_squash,anonuid=500,anongid=500)

Set the shared directory/mnt/sda4/share/e, all hosts allow access to this shared directory, with read and write permissions, but when they access the shared directory, their UID, GID is set to 500. NFSServer host UID, gid=500 permissions have been set

The permission parameters are described below:

Rw: read-write permission to read and write

Ro: read-only read-only permission

No_root_squash: Users who log in to the NFS host using the shared directory, if user root, have root access to this shared directory and are not recommended for use.

Root_squash: Users who log in to the NFS host using the shared directory, if user root, this user right will be compressed into an anonymous user, whose UID and GID will be compressed to the identity of the Nobody (Nfsnobody) system account.

All_squash: Regardless of the identity of the user who logged on to NFS, the identity is converted to an anonymous user, the nobody.

anonuid: Anonymous, that is nobody, you can set this UID value yourself, but this UID must exist in/etc/passwd.

anongid: With Anonuid, become group ID.

Sync: Data synchronously written to memory and hard disk

Async: Data is staged in memory, not directly to the hard disk

Permission Description:

1.NFS Server and NFS client have the same UID and account

If NFSServer and nfsclient have the same shared file account and the same UID, the client will have/etc/exports permissions when logging in to NFSServer

2.NFS Server and NFS client have different accounts

If NFSClient does not own the NFSServer shared file account, or if the NFSClient account does not exist in the NFSServer, can read and write to the shared directory, need to view NFSServer permissions, its identity will become anonymous users nobody

3.NFS client's identity is root

By default, the root identity of the client is compressed into an anonymous user nobody

Start NFS

Starting NFS simply starts the Portmap and NFS services. If you need to initiate a data consistency check, you need to start the Nfslock service.

Use Netstat–tnlu to see which ports are open for NFS. Portmap Port for Port 111,nfs is 2049

[Email protected] share]# rpcinfo-p

Program version Protocol port service name

100000 2 TCP 111 Portmapper

100000 2 UDP 111 Portmapper

100024 1 UDP 695 Status

100003 2 UDP 2049 NFS

100021 1 UDP 46017 nlockmgr

......................................................

If the rpcinfo–p data cannot be output, there is a problem registering the data, restarting Portmap and NFS.

Client to see which NFS services are provided by the server and can use the Showmount

# SHOWMOUNT-E shows the directory data shared by the/etc/exports of a host

# SHOWMOUNT-A Displays the current host and client NFS online sharing status

# SHOWMOUNT-E

Export list for Localhost.localdomain:

/MNT/SDA4/SHARE/E *

/MNT/SDA4/SHARE/D 192.168.23.0/24

/MNT/SDA4/SHARE/C 192.168.23.129

/mnt/sda4/share/b (Everyone)

/mnt/sda4/share/a 192.168.23.129

You need to scan the NFS shared directory provided by a host and use Showmount–e IP (hostname) to

View/var/lib/nfs/etab to view nfsserver directory permissions settings

# Cat/var/lib/nfs/etab

/mnt/sda4/share/a 192.168.23.129 (rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_ check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)

..................................................................

If you do not need to restart NFS after modifying the/etc/exports file, simply re-scan the file/etc/exports and reload the settings again;

Exportfs:

-A: Mount All (or uninstall) the settings in the/etc/exports file.

-R: Re-mount the settings in the/etc/exports while simultaneously updating the contents of/etc/exports and/var/lib/nfs/xtab.

-U: Uninstalls a directory.

-V: Displays the shared directory on the screen when you export.

To re-mount the/etc/exports: #exportfs –arv

Uninstall all/etc/exports settings: #exportfs –AUV

Client Configuration:

# mkdir-p/mnt/share/client/b

# mount-t Nfs192.168.23.128:/mnt/sda4/share/b/mnt/share/client/b

# DF

File system 1k-block already used% mount point available

/dev/sda2                                                               5952284    3158868  2486176 56%               /

/dev/sda1                                                               101086     11481   84386                    12%     /boot

Tmpfs 127720 0 127720 0%/dev/shm

192.168.23.128:/mnt/sda4/share/b 3905632 73408 3633824 2%/mnt/share/client/b

Set the boot mount to boot

Modify the/etc/fstab file

192.168.23.128:/mnt/sda4/share/e/mnt/share/client/e NFS DEFAULTS,RW 0 0

You can also use AutoFS to set up auto-mount when required by the client, do not need to automatically unload after several minutes, and set some parameters when the/etc/fstab or the client is mounted manually to facilitate client use.

From:http://www.cnblogs.com/cabin/archive/2010/10/26/1861286.html

Server-side Configuration for NFS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.