How to configure and manage NFS server on Linux/centos?
1 Basic understanding of NFS
NFS(Network File System)That is, file operating system;NFSAllows different computers in the network to share resources with each other.
1.1 NFS Overview
- A method of file sharing between systems
SUNdeveloped in 1980 ;UNIX&Linux - It is a file system protocol that supports applications on the client side to access data located on the server disk through the network;
NFSOnly provides network file sharing and does not provide data transmission functions;NFSThe client and server need toRPC(Remote Procedure Calls)implement data transmission;NFSThe access to the server directory is called export (export), and the process of the client accessing the export directory is called mount (mount) or import (import).
1.2 NFS workflow
Step 1: To access NFS shared resources, the NFS client sends a query request, that is, the client RPC service sends a query request to the 111 port of the server RPC service through the network.
Step 2: The NFS server RPC finds the corresponding registered NFSdaemon port and notifies the client RPC;
Step 3: The NFS client obtains the port and directly stores data online with the NFSNFSdaemon.
Step 4: After the NFS client successfully stores the data, notify the user of the result.
2 Install and start the NFS service
2.1 Install NFS server
- In general, NFS has been installed on the system;
- First check whether NFS is installed. The following two are related dependency packages:
rpm -qa | grep nfs-utils
rpm -qa | grep rpcbind
- After checking, it is already installed:
- If the system does not have NFS dependency packages installed, you need to install them:
yum clean all
yum -y install nfs-utils rpcbind
2.2 Start NFS service
- Check NFS status:
systemctl status rpcbind.service
systemctl status nfs.service
- Start the NFS service:
systemctl start rpcbind.service
systemctl start nfs.service
- Check the status again, they are all started:
- Stop the NFS service:
systemctl stop nfs.service
- Restart the NFS service:
systemctl restart nfs.service
- Set the NFS service to start automatically at boot:
systemctl enable rpcbind.service
systemctl enable nfs.service
3 Configure NFS server and client
3.1 Configure NFS server
- The configuration file is in
/etc/exports; - The format is:
共享目录 [客户端1(参数)] [客户端2(参数)]
Shared directory: The actual path (absolute path) required by the NFS server to be shared;
Client: A computer that can access the shared directory.
- Common forms of clients:
| client | illustrate |
|---|---|
192.168.1.111 |
Host with specified IP address |
192.168.1.0/24 |
All hosts on the specified subnet |
192.168.1.* |
All hosts on the specified subnet |
www.xxx.com |
Host of specified domain name |
*.xxx.com |
All hosts in the specified domain |
* |
All hosts |
Access permission parameters: access permission settings.
- Common access rights:
| access permission | illustrate |
|---|---|
ro |
read only |
rw |
Read and write |
User mapping parameters
- User mapping parameter table:
| User mapping | illustrate |
|---|---|
all_squash |
Map all remote access users to anonymous users or user groups ( nfsnobody) |
no_all_squash |
Opposite of above (default setting) |
root_squash |
Set root user to… (default setting) |
no_root_squash |
Contrary to the above |
anonuid=xxx |
Convert the anonymous account to a local account ( UID=xxx) |
anongid=xxx |
Configure the anonymous user group as a local user group (GID=xxx) |
Other parameters: control the output directory.
- Other commonly used parameters:
| Other parameters | illustrate |
|---|---|
secure |
Restrict clients to connect to NFS from TCP/IP ports less than 1024 |
insecure |
Word order client connects to NFS with a TCP/IP port greater than 1024 |
sync |
Synchronously write data to the memory buffer and disk |
async |
Save the data in the buffer first and then write it to disk when necessary |
wdelay |
Check if there are any related write operations |
no_wdelay |
A write operation is executed immediately, syncused in conjunction with |
subtree_check |
If the output directory is a subdirectory, the NFS server will check the permissions of the parent directory |
no_subtree_check |
If the output directory is a subdirectory, the NFS server does not check the permissions of the parent directory |
- For example
/mnt/temp, give the directory only172.16.1.33read and write permissions to the computer with the IP address:
/mnt/temp 172.16.1.33 (rw, sync)
- For example, give the directory read and write permissions
/mnt/temp01only to the computers in the subnet , and give other computer mechanisms only read permissions:172.16.1.0/24
/mnt/temp0 172.16.1.0/24 (rw, async) * (ro)
3.2 Configure NFS client
- View NFS server information:
showmount [选项] (参数)
-d: Only display shared directories that have been loaded by the NFS client;
-e: Display all shared directories on the NFS server.
showmount -e 192.168.0.190
When using showmount, it is recommended to turn off the firewall and set SELinux to allow.
systemctl stop firewalld.service
setenforce 0
getenforce
- Mount the shared directory on the NFS server:
Mount the NFS shared directory locally:
mount -t NFS server IP: the output directory is mounted locally.
- for example:
mkdir /mnt/mytemp
mount -t nfs 192.168.0.190:/mnt/mytemp /mnt/mytemp
- Uninstall the NFS server:
umount 挂载点
- Automatically mount the NFS shared directory at startup:
192.168.0.190: /mnt/temp /mnt/mytemp nfs defaults 0 0
4 Practical examples
4.1 Basic requirements
- NFS server 192.168.0.190;
- Requirement 1: The shared directory /mnt/temp is allowed to be accessed by computers in the 192.168.0.0/24 network segment;
- Requirement 2: The shared directory /mnt/share is allowed to be accessed by user zhang, and the IP is 192.168.0.10;
- Requirement 3: The shared directory /mnt/upload allows the 192.168.0.0/24 network segment to be used as the upload directory, the group it belongs to is nfsupload, and the UID and GID are both 666;
- Requirement 4: The shared directory /mnt/nfs, except for user access in the 192.168.0.0/24 network segment, is read-only and can provide data content to the Internet;
4.2 Case implementation
- Install NFS service:
yum -y install rpcbind
yum -y install nfs-utils
- Create directory and test files:
# 创建目录:
mkdir -p /mnt/temp
mkdir -p /mnt/share
mkdir -p /mnt/upload
mkdir -p /mnt/nfs
# 创建测试文件
touch /mnt/temp/temp1.txt /mnt/temp/temp2.txt
touch /mnt/share/data1.txt /mnt/share/data2.txt
touch /mnt/upload/upload.txt
touch /mnt/nfs/nfs1.txt /mnt/nfs/nfs2.txt
- Set shared directory permission attributes:
# 要求1:
chmod 1777 /mnt/temp/
ll -d /mnt/temp/
# 要求2:
useradd zhang
passwd zhang
cat /etc/passwd | grep zhang
chmod 700 /mnt/share/
chown -R zhang:zhang /mnt/share/
ll -d /mnt/share/
# 要求3:
groupadd -g 666 nfsupload
useradd -g 666 -u 666 -M nfsupload
cat /etc/passwd | grep nfs
chown -R nfsupload:nfsupload /mnt/upload
ll -d /mnt/upload/
# 要求4:
ll -d /mnt/nfs/
- Edit
/etc/exports:
/mnt/temp 192.168.0.0/24 (rw,no_root_squash)
/mnt/share 192.168.0.10 (rw)
/mnt/upload 192.168.0.0/24 (rw,all_squash,anonuid = 666,anongid = 666)
/mnt/nfs 192.168.0.0/24 (ro) * (rw,all_squash)
- Close the firewall, set Selinux to allow, and restart the NFS service:
systemctl stop firewalld.service
setenforce 0
getenforce
systemctl restart nfs
- NFS client installs client software:
yum -y install nfs-utils
- View the shared directories on the NFS server:
showmount -e 192.168.0.190
- Create a directory on the client machine and mount the NFS directory to the directory:
mkdir /mnt/ClientNFS
mount -t nfs 192.168.0.190:/mnt/nfs/ /mnt/ClientNFS/
- Just use the same method to mount other NFS directories;
- And create group 666 on the client machine:
groupaddd -g 666 nfsupload
useradd -g 666 -u 666 -M nfsupload
Please ignore the following content~
var code = "0f151890-7560-4e5d-85f0-4fde9477c52b"