1. Introduction to NFS Services
NFS stands for Network File System. A protocol for distributed file systems developed by Sun and published in 1984. Function is through the network to let different machines, different operating systems can share individual data with each other, so that the application program in the client through the network access in the server disk data, is a method to realize disk file sharing between unix-like systems.
The basic principle of NFS is to allow different clients and servers to share the same file system through a set of RPCS. NFS is independent of the operating system and allows systems with different hardware and operating systems to share files together.
NFS relies on THE RPC protocol for file transfer or information transfer. Remote Procedure Call (RPC) is a mechanism that enables clients to execute programs on other systems. NFS itself does not provide a protocol or capability for information transfer, but NFS allows us to share data over the network because NFS uses some other transport protocols. And these transport protocols use this RPC functionality. You can say that NFS itself is a program that uses RPC. Or NFS is also an RPC SERVER. Therefore, the RPC service must be enabled wherever NFS is used, whether NFS SERVER or NFS CLIENT. In this way, the SERVER and CLIENT can implement the mapping of PROGRAM ports (before centos5 and after rpcbind) through RPC. The relationship between RPC and NFS can be understood as follows: NFS is a file system, while RPC is responsible for the transfer of information.
Second, system environment
System platform: Centos7.3 As the Server, Centos6.9 as the client NFS Server IP address: 192.168.247.138 Client IP address: 192.168.247.130
Disable the firewall:
Disable the firewall:
[root@centos7:~]#systemctl stop firewalld.service
Copy the codeProhibit the automatic startup of the firewall:
[root@centos7:~]#systemctl disable firewalled.service
Copy the codeClose the SELinux:
3. Install the NFS service
NFS installation is very simple, requires only two packages, and is usually installed as the default package on your system, so you don’t need to install it.
- Nfs-utils -* : includes basic NFS commands and monitoring programs
- Rpcbind -* : supports secure NFS RPC service connections
Configure the NFS server
Configuring the NFS server is relatively easy. You only need to configure the NFS server in the corresponding configuration file and start the NFS server.
Common directories for NFS:
/etc/exports Main NFS service configuration file /usr/sbin/exportfs NFS service management commands /usr/sbin/showmount Client view commands /var/lib/nfs/etab Record the full permission of NFS shared directories /var/lib/nfs/xtab Record the client information that you have logged in to. The configuration file of the NFS service is /etc/exports, which is the main configuration file of NFS. You may need to set it up manually using Vim and then write the configuration to the file.Copy the codeThe configuration file of the NFS service is /etc/exports. This file is the main NFS configuration file, but there is no default value, so this file does not necessarily exist. It may have to be manually created using vim and then written into the file.
/etc/exports
< output directory > [Client 1 options (access, user mapping, others)] [Client 2 options (Access, user mapping, others)]Copy the codeDescription:
1. Output directory: An output directory is a directory that needs to be shared with clients in the NFS system. 2. Client: Client refers to the computer on the network that can access the NFS output directory. The client is usually specified in the following ways: Host at the specified IP address: 192.168.8.106 All hosts in the specified subnet: 192.168.0.0/24 or 192.168.0.0/255.255.255.0 specified host domain name: wj.bsmart.com, all of the specified domain host: *. Bsmart.com all hosts: * 3 options: Options are used to set access permissions, user mappings, and so on for the output directory. NFS has three types of options: 1) Access permission option: Set the output directory to read-only: ro Set the output directory to read and write: Rw 2) User mapping option all_squash: Map all common users and their owning groups to anonymous users or user groups (nfsnobody). No_all_squash: the value is reversed from all_squash (default setting). Root_squash: Maps user root and its owning group to an anonymous user or user group (the default setting). No_root_squash: The value is reversed from rootsquash. Anonuid = XXX: map all remote access users as anonymous users and specify the user as a local user (UID= XXX). Anongid = XXX: map all remote access user groups as anonymous user group accounts and specify the anonymous user group accounts as local user group accounts (GID= XXX). 3) Other options Secure: the client can only connect to the NFS server through TCP/IP ports smaller than 1024 (default). Insecure: Allow clients to connect to the server from TCP/IP ports greater than 1024; Sync: Synchronizes data to the memory buffer and disk. This mode is inefficient but ensures data consistency. Async: Stores data in the memory buffer before writing to disk when necessary. Wdelay: checks whether there are related write operations and executes them together to improve efficiency (default). No_wdelay: If there is a write operation, the operation is executed immediately and must be used together with sync. Subtree: If the output directory is a subdirectory, the NFS server checks the permissions of its parent directory (default setting). No_subtree: Even if the output directory is a subdirectory, the NFS server does not check the permission of the parent directory to improve efficiency.Copy the codeStart and stop the NFS server
With the exports file properly configured, you can start the NFS server.
1. Start the NFS server
In order for the NFS server to work properly, both rpcbind and NFS services need to be started, and rpcbind must start before NFS (although on demand on centos7).
Start the RPC service:
[root@centos7:~]#systemctl start rpcbind.service
Copy the codeStarting the NFS service:
[root@centos7:~]#systemctl start nfs-service
Copy the code2, set the boot
To set RPC autostart:
[root@centos7:~]#systemctl enable rpcbind.service
Copy the codeTo set NFS autostart:
[root@centos7:~]#systemctl enable nfs-service
Copy the code3. Query the STATUS of RPC and NFS
Viewing the RPC status:
[root@centos7:~]#systemctl status rpcbind.service
Copy the codeViewing NFS status:
[root@centos7:~]#systemctl status nfs-server
Copy the code4. Stop the NFS server
To stop the NFS service, you need to stop the NFS service first and then the rpcbind service. You do not need to stop the rpcbind service when other services, such as NIS, are needed in the system
[root@centos7:~]#systemctl stop nfs-server
[root@centos7:~]#systemctl stop rpcbind.service
Copy the codeSix, the instance,
NFS server configuration (on centos7) :
1. Share /app/ of the NFS Server to 192.168.247.0/24 with read and write permission
The details of the server file are as follows:
Set the location of the NFS service shared folder on /etc/exports:
/ root @ centos7: ~ # vim/etc/exports/app / 192.168.247.0/24 (rw)Copy the code
2. Restart the rpcbind and NFS services
[root@centos7:~]#systemctl restart rpcbind.service
[root@centos7:~]#systemctl restart nfs.service
Copy the code
3. On the server, run the showmount command to query the NFS share status
Client to NFS server:
Operations on the Client (centos6)
1. Disable the firewall
[root@centos6:~]#iptables -F
Copy the code2. Close SELinux
[root@centos6:~]#setenforce 0
Copy the codeCreate a directory on the client as a mount point:
[root@centos6:~]#mkdir bbb
Copy the code4. Mount the shared directory on the NFS server to the client
[root@centos6:~]#mount -t NFS 192.168.247.138:/app /root/ BBB Mount -t NFS server IP address: indicates the mount point of the resource client shared by the serverCopy the code5. You can see that the files you see on the client are the same as those on the server
If you cannot create files in /root/bbb directory, it indicates that the NFS server shared directory itself is not open to other users, you can change the shared directory on the server (because I have write permission here, so I will not take screenshots) :
[root@centos7:~]#chmod 777 -R /app
Copy the code7, create a file f2 in /root/bbb
The file I created as user root became user nfsnobody.
NFS has many default parameters. Open /var/lib/nfs/etab to view the shared /home/david/full permission Settings
[root@centos7:~]#cat /var/lib/nfs/etab
Copy the code
The default values are sync, wdelay, hide, and so on. No_root_squash allows root to retain permissions, root_squash maps root to nobody, and no_all_squash denies permissions to all users in the mount directory. Therefore, the owner of the file created by root is nfsnobody.
Let’s mount and write files using normal users
[root@centos6:~]#su - wang [wang@centos6 ~]$CD /app [wang@centos6 ~]$mkdir wang [wang@centos6 ~]$touch test1 [wang@centos6 ~]$exitCopy the codeAnalysis on permissions:
1). Check for ordinary users when the client is connected
A. If the compressed identity of a common user is specified, the identity of the client user is changed to the specified user.
B. If there is a user with the same name on the NFS server, the identity of the login account on the client is changed to that on the NFS server.
C. If no user name is specified, the user identity is compressed to nfsnobody.
2). Check root when the client connects
A. If no_root_squash is set, user root is compressed to root on the NFS server.
B. If all_squash, anonuid, and anongid are configured, the root user is compressed to a specified user.
C. If the value is not specified, the root user is compressed to nfsnobody.
D. If no_root_squash and all_squash are specified, users are compressed as nfsnobody. If anonuid and anongid are specified, users are compressed to specified users and groups.
8. On the client, unmount the mounted NFS shared directory
[root@centos6:~]#umount /root/bbb
Copy the code9. Enable automatic NFS file system mounting on the client
Format:
< server IP address >:< shared directory of the server > < client mount point > NFS < options (sync) > 0 0Copy the code
Save the Settings and exit, and restart the system.
Check whether the /app/wang user is automatically mounted:
The automatic mounting succeeded. Procedure
Ix. Relevant orders
1, the exportfs
If we changed /etc/exports after starting NFS, would we want to restart NFS? At this point, we can use the exportfs command to make the change take effect immediately. This command has the following format:
exportfs [-aruv]
/var/lib/nfs-xtab-u: /var/lib/nfs-xtab-u: /var/lib/nfs-xtab-u: /var/lib/nfs-xtab-u: /var/lib/nfs-xtab-u: /var/lib/nfs-xtab-u: /var/lib/nfs-xtab-u Unmount a single directory (used with -a to unmount all directories in /etc/exports files) -v: Prints detailed information to the screen when exporting.Copy the codeExample: exportfs-au: unmounts all shared directories. # exportfs-rv: shares all directories again and displays detailed information
2、showmount :
-a: displays information about directories connected to the client. -e: IP or hostname Displays directories shared with this IP addressCopy the code3, rpcinfo
View RPC execution information, which can be used to detect the running status of RPC. You can use rpcinfo -p to view the programs provided by the port on which RPC is enabled.