How to configure and manage NFS server on Linux/centos?
1 Basic understanding of NFS
NFS(Network File System)
That is, file operating system;NFS
Allows different computers in the network to share resources with each other.
1.1 NFS Overview
- A method of file sharing between systems
SUN
developed in 1980 ;UNIX&Linux
- It is a file system protocol that supports applications on the client side to access data located on the server disk through the network;
NFS
Only provides network file sharing and does not provide data transmission functions;NFS
The client and server need toRPC(Remote Procedure Calls)
implement data transmission;NFS
The access to the server directory is called export (export
), and the process of the client accessing the export directory is called mount (mount
) or import (import
).
1.2 NFS workflow
Step 1: To access NFS shared resources, the NFS client sends a query request, that is, the client RPC service sends a query request to the 111 port of the server RPC service through the network.
Step 2: The NFS server RPC finds the corresponding registered NFSdaemon port and notifies the client RPC;
Step 3: The NFS client obtains the port and directly stores data online with the NFSNFSdaemon.
Step 4: After the NFS client successfully stores the data, notify the user of the result.
2 Install and start the NFS service
2.1 Install NFS server
- In general, NFS has been installed on the system;
- First check whether NFS is installed. The following two are related dependency packages:
rpm -qa | grep nfs-utils
rpm -qa | grep rpcbind
- After checking, it is already installed:
- If the system does not have NFS dependency packages installed, you need to install them:
yum clean all
yum -y install nfs-utils rpcbind
2.2 Start NFS service
- Check NFS status:
systemctl status rpcbind.service
systemctl status nfs.service
- Start the NFS service:
systemctl start rpcbind.service
systemctl start nfs.service
- Check the status again, they are all started:
- Stop the NFS service:
systemctl stop nfs.service
- Restart the NFS service:
systemctl restart nfs.service
- Set the NFS service to start automatically at boot:
systemctl enable rpcbind.service
systemctl enable nfs.service
3 Configure NFS server and client
3.1 Configure NFS server
- The configuration file is in
/etc/exports
; - The format is:
共享目录 [客户端1(参数)] [客户端2(参数)]
Shared directory: The actual path (absolute path) required by the NFS server to be shared;
Client: A computer that can access the shared directory.
- Common forms of clients:
client | illustrate |
---|---|
192.168.1.111 |
Host with specified IP address |
192.168.1.0/24 |
All hosts on the specified subnet |
192.168.1.* |
All hosts on the specified subnet |
www.xxx.com |
Host of specified domain name |
*.xxx.com |
All hosts in the specified domain |
* |
All hosts |
Access permission parameters: access permission settings.
- Common access rights:
access permission | illustrate |
---|---|
ro |
read only |
rw |
Read and write |
User mapping parameters
- User mapping parameter table:
User mapping | illustrate |
---|---|
all_squash |
Map all remote access users to anonymous users or user groups ( nfsnobody ) |
no_all_squash |
Opposite of above (default setting) |
root_squash |
Set root user to… (default setting) |
no_root_squash |
Contrary to the above |
anonuid=xxx |
Convert the anonymous account to a local account ( UID=xxx ) |
anongid=xxx |
Configure the anonymous user group as a local user group (GID=xxx) |
Other parameters: control the output directory.
- Other commonly used parameters:
Other parameters | illustrate |
---|---|
secure |
Restrict clients to connect to NFS from TCP/IP ports less than 1024 |
insecure |
Word order client connects to NFS with a TCP/IP port greater than 1024 |
sync |
Synchronously write data to the memory buffer and disk |
async |
Save the data in the buffer first and then write it to disk when necessary |
wdelay |
Check if there are any related write operations |
no_wdelay |
A write operation is executed immediately, sync used in conjunction with |
subtree_check |
If the output directory is a subdirectory, the NFS server will check the permissions of the parent directory |
no_subtree_check |
If the output directory is a subdirectory, the NFS server does not check the permissions of the parent directory |
- For example
/mnt/temp
, give the directory only172.16.1.33
read and write permissions to the computer with the IP address:
/mnt/temp 172.16.1.33 (rw, sync)
- For example, give the directory read and write permissions
/mnt/temp01
only to the computers in the subnet , and give other computer mechanisms only read permissions:172.16.1.0/24
/mnt/temp0 172.16.1.0/24 (rw, async) * (ro)
3.2 Configure NFS client
- View NFS server information:
showmount [选项] (参数)
-d: Only display shared directories that have been loaded by the NFS client;
-e: Display all shared directories on the NFS server.
showmount -e 192.168.0.190
When using showmount, it is recommended to turn off the firewall and set SELinux to allow.
systemctl stop firewalld.service
setenforce 0
getenforce
- Mount the shared directory on the NFS server:
Mount the NFS shared directory locally:
mount -t NFS server IP: the output directory is mounted locally.
- for example:
mkdir /mnt/mytemp
mount -t nfs 192.168.0.190:/mnt/mytemp /mnt/mytemp
- Uninstall the NFS server:
umount 挂载点
- Automatically mount the NFS shared directory at startup:
192.168.0.190: /mnt/temp /mnt/mytemp nfs defaults 0 0
4 Practical examples
4.1 Basic requirements
- NFS server 192.168.0.190;
- Requirement 1: The shared directory /mnt/temp is allowed to be accessed by computers in the 192.168.0.0/24 network segment;
- Requirement 2: The shared directory /mnt/share is allowed to be accessed by user zhang, and the IP is 192.168.0.10;
- Requirement 3: The shared directory /mnt/upload allows the 192.168.0.0/24 network segment to be used as the upload directory, the group it belongs to is nfsupload, and the UID and GID are both 666;
- Requirement 4: The shared directory /mnt/nfs, except for user access in the 192.168.0.0/24 network segment, is read-only and can provide data content to the Internet;
4.2 Case implementation
- Install NFS service:
yum -y install rpcbind
yum -y install nfs-utils
- Create directory and test files:
# 创建目录:
mkdir -p /mnt/temp
mkdir -p /mnt/share
mkdir -p /mnt/upload
mkdir -p /mnt/nfs
# 创建测试文件
touch /mnt/temp/temp1.txt /mnt/temp/temp2.txt
touch /mnt/share/data1.txt /mnt/share/data2.txt
touch /mnt/upload/upload.txt
touch /mnt/nfs/nfs1.txt /mnt/nfs/nfs2.txt
- Set shared directory permission attributes:
# 要求1:
chmod 1777 /mnt/temp/
ll -d /mnt/temp/
# 要求2:
useradd zhang
passwd zhang
cat /etc/passwd | grep zhang
chmod 700 /mnt/share/
chown -R zhang:zhang /mnt/share/
ll -d /mnt/share/
# 要求3:
groupadd -g 666 nfsupload
useradd -g 666 -u 666 -M nfsupload
cat /etc/passwd | grep nfs
chown -R nfsupload:nfsupload /mnt/upload
ll -d /mnt/upload/
# 要求4:
ll -d /mnt/nfs/
- Edit
/etc/exports
:
/mnt/temp 192.168.0.0/24 (rw,no_root_squash)
/mnt/share 192.168.0.10 (rw)
/mnt/upload 192.168.0.0/24 (rw,all_squash,anonuid = 666,anongid = 666)
/mnt/nfs 192.168.0.0/24 (ro) * (rw,all_squash)
- Close the firewall, set Selinux to allow, and restart the NFS service:
systemctl stop firewalld.service
setenforce 0
getenforce
systemctl restart nfs
- NFS client installs client software:
yum -y install nfs-utils
- View the shared directories on the NFS server:
showmount -e 192.168.0.190
- Create a directory on the client machine and mount the NFS directory to the directory:
mkdir /mnt/ClientNFS
mount -t nfs 192.168.0.190:/mnt/nfs/ /mnt/ClientNFS/
- Just use the same method to mount other NFS directories;
- And create group 666 on the client machine:
groupaddd -g 666 nfsupload
useradd -g 666 -u 666 -M nfsupload
Please ignore the following content~
var code = "0f151890-7560-4e5d-85f0-4fde9477c52b"