Server for NFS Configuration
One, NFS server-side configuration, that is, shared publishers
(i) services to be started and software to be installed
1, NFS server must start two daemons services: RPC.NFSD and Rpc.mountd
RPC.NFSD: Used to manage whether the client PC can log on. Similar to sharing permissions in Windows.
RPC.MOUNTD: Used to manage file security permissions that the client PC can use. such as shared security permissions in Windows.
RPC: Because NFS supports a large number of features, NFS's functionality corresponds to a terminal eloquence that is not fixed, but instead takes a random port less than 1024.
However, the client needs to know the port of the server to be online, and the RPC service needs to be enabled.
The function of RPC is to specify the port number for each NFS feature. and send information to the client, so that the client can connect to the correct port.
The server randomly takes several ports when starting NFS and actively registers with RPC, so RPC knows the port for each NFS feature.
RPC listens to the client's request with Port 111 and answers the correct port. Before starting NFS, RPC will not be able to register with RPC before it starts.
2, NFS server needs to install NFS main program, Nfs-utils and RPC main program Portmap
(ii) Methods of exports servers:
1. NFS File access rights
Because NFS does not have a validation mechanism, the permissions that are encountered when a client user accesses a shared folder for an NFS server:
(1) When the server side of NFS user list has the same user name as the client user name, the client can access the shared folder directly. Example: The client user is KHP, and the user name khp in the Server for NFS user list (/etc/passwd) will have KHP permissions.
(2) When the client User UID for NFS server is the same as the server-side UID, but the user name is not the same, the client will have the same permissions as the server-side UID but different users.
Example: The client is 501UID and the user named KHP is accessing the NFS server. The NFS Server users list (/ETC/PASSWD) has a UID of 501, but the user is named PLA, so the client KHP user can have the same permissions as the NFS server PLA.
(3) If the client user UID does not exist in the server-side user list for NFS, it is accessed with the privileges of the anonymous user. That is, the nobody user.
(4) If the client user is the root user, because each computer has root user, if not control, NFS server will be very dangerous, will be the client all control. Therefore, the client accessing the NFS server with the default root username will become an anonymous user with anonymous user rights. Also can not control.
2, edit/etc/exports file, this file does not necessarily exist, if not exist on the hand-built
/etc/exports format:
Shared directories allow access to computers (options)
Shared directory: The directory where NFS servers are ready to share
Computers that are allowed access: that is, what clients are allowed to access this share. Available computer name, IP address, also can use wildcard character.
Options:
(1) RW/read/write. The client has read and write permissions.
(2) Ro//Read only client only Read permission.
(3) No_root_squash//root users can access, not become anonymous users, that is, the root user can access the Server for NFS shared resources.
(4) Root_squash//root users into anonymous users
(5) All_squash//All users become anonymous users
(6) Anonuid
(7) Anongid//The UID or group ID of all anonymous users becomes the permissions of the UID or GID set later. Because all anonymous users with no user name in the Server for NFS users list, set the user rights for these anonymous users.
(8) Sync//sync to hard drive
(9) Async//data is stored in memory rather than written directly to the hard drive
Example:/mnt/export www.elitek.com (rw)//This directory allows only www.elitek.com this computer to read and write. Note that there is no space before the back (RW).
/mnt/export www.elitek.com (rw)///mnt/export This directory only allows www.elitek.com this computer to read and write, and allows all other users to read and write permissions. (rw) preceded by a space.
/mnt/export *.elitek.com (rw)//Allows all computers in this domain to read and write this shared folder.
3, Exportfs command. Can change settings (command directory/usr/sbin/exportfs)
Exportfs [-avu][-o option] [director]
-A: Share all the paths in the Exprotfs
-u: Cancel out of export route
-V: Shares are displayed to the screen when export
-o option: That is, some options
-R: Re-mount the settings in the exports
Example: Exportfs-a ro/tmp/user//That/tmp/user directory all exports, but users can only read data.
4,/var/lib/nfs/*tab//storage log files. Etab records NFS shared directory full permissions settings. Xtab record client data that has been connected to the NFS
5, Rpcinfo [p] [IP | computer name]//view the registration status of RPC service
6, NETSTAT-ULTN to see which ports are open
Second, the client's end settings
As an NFS client, you need to run the Nfslock and Portmap services first. /etc/init.d/nsflock start
/etc/init.d/portmap start
And there are several mounting methods
(i), order mode
Mount Command Mount
1, SHOWMOUNT-E [NFS Server computer name | IP Address]//view available shared directory for Server for NFS
2, Mount NFS host Name: NFS shared directory mount to the local directory//server NFS shared directories to mount to this computer. IP address available outside of host name
For example: Mount 192.168.9.1:/tmp/export/tmp/export//is the/tmp/export directory shared by the 192.168.9.1NFS server, mounted to the/tmp/export directory on this machine.
Mount-t nfs-o time=20 www.linux.com/home/khp/tmp/export//The/HOME/KHP of the remote NFS server is mounted to the local/tmp/export directory. The maximum response time is 20 seconds.
3. unmount command Interrupt Mount
(ii) Edit/etc/fstab file mount
/etc/fstab documents in the file system management is explained
1, Format: NFS server and shared directory mount to the local directory file format options
Www.elitek.com:/home/project/tmp/export Ro//www.elitek.com The/home/project directory on the NFS server to the/tmp/export directory on this machine. and is read-only. Format is NFS
2, open the folder. When you enter Mount/tmp/export, you can open the mounted file
(iii) AutoFS to mount NFS file systems
is mounted only when the file system is accessed.
1. Define mount points in/etc/auto.master
2, then define the total mount point of the directory in the/etc/auto.dirctory defined in Auto.master.
That is, a total mount point is defined first in the system file/etc/auto.master. Then set up a detailed mount point based on the total mount point file defined in this file.
Example: Vi/etc/auto.master edit this file:
The files in the/misc/etc/auto.khp-timeout 60///ETC/AUTO.KHP will be mounted to the/misc directory
Re-edit: vi/etc/auto.khp This file to define the mount point.
Myproject-rw,soft,intr Www.elitek.com:/home/project//That is, NFS server Www.elitek.com:/home/project shared directory, mount to the local/MISC/MYPR The Oject directory.
Note: The/misc/myproject directory is dynamic, not real, but only when it is accessed. Quit on the message. But the/misc directory needs to exist.
When the firewall is open, sometimes it is not accessible, you can use/etc/rc.d/init.d/iptables stop to deactivate the firewall, or use the iptable command to open the Port of NFS.
This article from the "Net Line World" blog, please be sure to retain this source http://kuangkuang.blog.51cto.com/838/263164