CentOS7 under NFS service installation and configuration
System Environment: CentOS Linux release 7.4.1708 (Core) 3.10.0-693.el7.x86_64
Software Version: nfs-utils-1.3.0-0.48.el7_4.x86_64
Network environment to configure the DNS server, NFS server corresponding to the domain name is nfs.st.local, IP is 192.168.1.18. All the configuration process using the domain name.
First, install
nfs client and server are installed nfs-utils package is automatically installed rpcbind. It creates nfsnobody users and groups after installation, uid and gid are 65534.
# yum -y install nfs-utils
Second, configure ports
In addition to the main routine nfs port 2049 and the port 111 are fixed rpcbind, also use some random port, these ports will define the following configuration in order to configure the firewall
Vim # / etc / sysconfig / NFS # additional port configuration MOUNTD_PORT = 4001 STATD_PORT = 4002 LOCKD_TCPPORT = 4003 LOCKD_UDPPORT = 4003 RQUOTAD_PORT = 4004
Three, NFS permissions Description
1, ordinary users
When setting all_squash: when all visitors are mapped to anonymous user (nfsnobody)
When setting no_all_squash: Visitors are mapped to the same uid user on the server, so the client and server uid should establish a consistent user, otherwise it is mapped to nfsnobody. Except for root, because root_suqash is the default, unless you specify no_root_squash
2, root user
When setting root_squash: Visitors to the root user to access the NFS server, the user is mapped to nfsnobody
When setting no_root_squash: When guest access NFS server as the root user is mapped to the root user. When other users access to the same mapped to the corresponding user's uid, because no_all_squash is the default option
Option Description
ro: read-only shared directory
rw: shared directory readable and writable
all_squash: All Access users are mapped to anonymous users or user groups
no_all_squash (default): Access the user to match the local user, the match fails then mapped to anonymous user or user group
root_squash (default): the visiting root user mapped to an anonymous user or user group
no_root_squash: visiting the root user to keep root user access
anonuid = <UID>: Specifies the local UID of anonymous access to the user, the default is nfsnobody ( 65534)
anongid = <the GID>: Specifies the local user anonymous access to the user group GID, default nfsnobody is (65534)
Secure (default): only small to limit client tcp / ip server port 1024
in the insecure: allow the client from tcp / ip port greater than 1024 server
sync: synchronize data written to disk and memory buffers, low efficiency, but can ensure the consistency of data
async: the first data stored in the memory buffer, write only when necessary disk
wdelay (default): check for related write operation, if there is a write operation will be executed with these OK, this can increase the efficiency
no_wdelay: if a write operation is performed immediately, should cooperate with the sync using
subtree_check (default): If the output directory is a subdirectory, then the nfs server checks the parent directory permissions
no_subtree_check: even if the output directory is a subdirectory, nfs server does not check the permissions of the parent directory, which can improve efficiency
To nfsuser (uid = 1000) to create a shared directory, the default parameters rw
Mkdir # / var / NFS
# chown nfsuser. -R & lt / var / NFS # Vim / etc / exports / var / NFS 192.168.1.0/24(rw)
# # reload the exportfs -R & lt exports configuration
# exportfs -v # view shared parameter
/ var / nfs 192.168.1.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
exportfs Parameter Description
-a to mount all content or uninstall / etc / exports in
-r reread / Information etc / exports, and synchronize updates / etc / exports, / var / lib / nfs / xtab
-u Uninstall a single directory (and use -a uninstall all together / etc / exports file directory)
-v detailed output parameters share
Fourth, the firewall
# iptables -I INPUT 5 -p tcp -m tcp --dport 111 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 111 -j ACCEPT # iptables -I INPUT 5 -p tcp -m tcp --dport 2049 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 2049 -j ACCEPT # iptables -I INPUT 5 -p tcp -m tcp --dport 4001:4004 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 4001:4004 -j ACCEPT # iptables-save >/etc/sysconfig/iptables
Fifth, start the service
# systemctl start rpcbind.service # systemctl enable rpcbind.service # systemctl start nfs.service # systemctl enable nfs.service
Boot sequence must be rpcbind-> nfs, otherwise an error may occur
Six, Linux clients to mount
1, direct mount
# mount -t nfs nfs.st.local:/var/nfs /mnt
It can also be configured to mount write fstab file, the same as ordinary disk mount, the mount can also specify the permissions, but the type is nfs.
2, autofs mount
Yum the install the autofs -Y # # /etc/auto.master VI # adding a line / - /etc/auto.mount # VI /etc/auto.mount # adding a line / mnt -fstype = nfs, rw nfs.st.local : / var / nfs # start the service # systemctl start the autofs # systemctl enable the autofs
Seven, troubleshooting
1, nfs only mounted as nobody
At the same time modify the service, the client /etc/idmapd.conf the Domain to the same value, then restart rpcidmapd service, or restart all services
2, the client can not be uninstalled nfs directory
umount.nfs4: /var/nfs: device is busy
Performing fuser -km / var / nfs /, then the umount
reference
http://www.361way.com/rh254-nfs/4703.html
http://www.361way.com/nfs-mount-nobody/2616.html
https://www.server-world.info/en/note?os=CentOS_7&p=nfs&f=1
http://www.cnblogs.com/lykyl/archive/2013/06/14/3136921.html
System Environment: CentOS Linux release 7.4.1708 (Core) 3.10.0-693.el7.x86_64
Software Version: nfs-utils-1.3.0-0.48.el7_4.x86_64
Network environment to configure the DNS server, NFS server corresponding to the domain name is nfs.st.local, IP is 192.168.1.18. All the configuration process using the domain name.
First, install
nfs client and server are installed nfs-utils package is automatically installed rpcbind. It creates nfsnobody users and groups after installation, uid and gid are 65534.
# yum -y install nfs-utils
Second, configure ports
In addition to the main routine nfs port 2049 and the port 111 are fixed rpcbind, also use some random port, these ports will define the following configuration in order to configure the firewall
Vim # / etc / sysconfig / NFS # additional port configuration MOUNTD_PORT = 4001 STATD_PORT = 4002 LOCKD_TCPPORT = 4003 LOCKD_UDPPORT = 4003 RQUOTAD_PORT = 4004
Three, NFS permissions Description
1, ordinary users
When setting all_squash: when all visitors are mapped to anonymous user (nfsnobody)
When setting no_all_squash: Visitors are mapped to the same uid user on the server, so the client and server uid should establish a consistent user, otherwise it is mapped to nfsnobody. Except for root, because root_suqash is the default, unless you specify no_root_squash
2, root user
When setting root_squash: Visitors to the root user to access the NFS server, the user is mapped to nfsnobody
When setting no_root_squash: When guest access NFS server as the root user is mapped to the root user. When other users access to the same mapped to the corresponding user's uid, because no_all_squash is the default option
Option Description
ro: read-only shared directory
rw: shared directory readable and writable
all_squash: All Access users are mapped to anonymous users or user groups
no_all_squash (default): Access the user to match the local user, the match fails then mapped to anonymous user or user group
root_squash (default): the visiting root user mapped to an anonymous user or user group
no_root_squash: visiting the root user to keep root user access
anonuid = <UID>: Specifies the local UID of anonymous access to the user, the default is nfsnobody ( 65534)
anongid = <the GID>: Specifies the local user anonymous access to the user group GID, default nfsnobody is (65534)
Secure (default): only small to limit client tcp / ip server port 1024
in the insecure: allow the client from tcp / ip port greater than 1024 server
sync: synchronize data written to disk and memory buffers, low efficiency, but can ensure the consistency of data
async: the first data stored in the memory buffer, write only when necessary disk
wdelay (default): check for related write operation, if there is a write operation will be executed with these OK, this can increase the efficiency
no_wdelay: if a write operation is performed immediately, should cooperate with the sync using
subtree_check (default): If the output directory is a subdirectory, then the nfs server checks the parent directory permissions
no_subtree_check: even if the output directory is a subdirectory, nfs server does not check the permissions of the parent directory, which can improve efficiency
To nfsuser (uid = 1000) to create a shared directory, the default parameters rw
Mkdir # / var / NFS
# chown nfsuser. -R & lt / var / NFS # Vim / etc / exports / var / NFS 192.168.1.0/24(rw)
# # reload the exportfs -R & lt exports configuration
# exportfs -v # view shared parameter
/ var / nfs 192.168.1.0/24(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
exportfs Parameter Description
-a to mount all content or uninstall / etc / exports in
-r reread / Information etc / exports, and synchronize updates / etc / exports, / var / lib / nfs / xtab
-u Uninstall a single directory (and use -a uninstall all together / etc / exports file directory)
-v detailed output parameters share
Fourth, the firewall
# iptables -I INPUT 5 -p tcp -m tcp --dport 111 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 111 -j ACCEPT # iptables -I INPUT 5 -p tcp -m tcp --dport 2049 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 2049 -j ACCEPT # iptables -I INPUT 5 -p tcp -m tcp --dport 4001:4004 -j ACCEPT # iptables -I INPUT 5 -p udp -m udp --dport 4001:4004 -j ACCEPT # iptables-save >/etc/sysconfig/iptables
Fifth, start the service
# systemctl start rpcbind.service # systemctl enable rpcbind.service # systemctl start nfs.service # systemctl enable nfs.service
Boot sequence must be rpcbind-> nfs, otherwise an error may occur
Six, Linux clients to mount
1, direct mount
# mount -t nfs nfs.st.local:/var/nfs /mnt
It can also be configured to mount write fstab file, the same as ordinary disk mount, the mount can also specify the permissions, but the type is nfs.
2, autofs mount
Yum the install the autofs -Y # # /etc/auto.master VI # adding a line / - /etc/auto.mount # VI /etc/auto.mount # adding a line / mnt -fstype = nfs, rw nfs.st.local : / var / nfs # start the service # systemctl start the autofs # systemctl enable the autofs
Seven, troubleshooting
1, nfs only mounted as nobody
At the same time modify the service, the client /etc/idmapd.conf the Domain to the same value, then restart rpcidmapd service, or restart all services
2, the client can not be uninstalled nfs directory
umount.nfs4: /var/nfs: device is busy
Performing fuser -km / var / nfs /, then the umount
reference
http://www.361way.com/rh254-nfs/4703.html
http://www.361way.com/nfs-mount-nobody/2616.html
https://www.server-world.info/en/note?os=CentOS_7&p=nfs&f=1
http://www.cnblogs.com/lykyl/archive/2013/06/14/3136921.html