. There are many tools for file sharing under Linux. However, NFS (Network File System) is undoubtedly the most successful one so far. With the network file system, the shared directory on the file server can be mounted to the local operating system through the network. In this case, the user can operate the shared directory of the remote server on the local operating system as if it were a local partition.
So what is the use of NFS in the end? So far, the author has at least two functions through the NFS network file system, one is to build a file server for enterprises; the second is to deploy a Linux development and compilation platform.
Using the NFS network file system, it is easy to build a file sharing platform for enterprise users. Just deploy a Linux server and configure the NFS file system. Then set up some shared folders on the server according to the department or other rules, and configure the relevant permissions. For example, you can set up a user and a shared folder for each department, and then let each department read and write the folders of its own department. For other departments, the folder only has read access. Then on the client, you can mount the server's shared folder to the local host just like the mount partition. If an enterprise employee needs to operate on a shared file on a file server, it can be as easy as operating a local partition. And you can also configure the startup file to automatically mount the shared directory on the file server each time the client computer starts. In addition, Microsoft's operating system now supports this NFS network file system, so Microsoft's operating system can also hang on NFS shared files by creating "shortcuts". Therefore, the use of NFS network file system to achieve file sharing is not limited by the client. In addition, the system administrator does not have to set up a home directory in each Linux operating system. The Home directory can be placed on an NFS server and available everywhere on the network.
The NFS network file system can also be used to implement a cross-development platform for Linux system development. In the development process of embedding the Linux operating system, the program developer needs to perform all software development work on the Linux development server. After the development is completed, cross-compile and then download the executable file to the embedded system using FTP. However, this method is inefficient and cannot be debugged online. To this end, this Linux system development method is gradually being phased out. Program developers can now share a specific partition on a Linux server to an embedded target system to be debugged by creating an NFS network file system. At this point, the user can directly operate the shared directory of the Linux server on the embedded target system, and can also debug and modify the program online, which greatly facilitates the development of the software. Therefore, the NFS network file system is now an important part of the development of the embedded Linux operating system. With the help of the NFS file system, the efficiency of Linux operating system development can be greatly improved.
But to use this NFS network file system, Linux system administrators still need to spend some time. Specifically, when deploying an NFS network file system, you need to pay attention to the following aspects.
First, be careful about the security risks caused by the NFS network file system.
From the above description we can see that the essence of the NFS network file system is to share some directories on the server and then mount them on the client. In other words, it is implemented based on a shared directory. However, it is well known that sharing a directory poses a relatively large security risk to the server. To do this, when the administrator needs to share the directory on the server through NFS technology, for security reasons, you need to configure the /etc/exports file on the server to limit the access rights of the shared file. If you do not allow write access to the root directory; do not use wildcards; you can not delete the shared directory, etc.
The above picture is an example of the settings of the exports file. In the above example, it means that only 192.168.0.5 clients can access this shared folder, and only have read-only permissions for shared folders. In addition, the parameter root_squash indicates that the root directory is not allowed to be written. The specific settings of this document will be explained in detail in the latter part. The reason why the author put this permission issue out here is to make it clear that everyone can pay attention to the security of the NFS network shared file system.
Second, configure the /etc/exports file.
To implement a network shared file system on Linux, mainly by configuring the /etc/exports file in the system. When the Linux server is restarted, the operating system will automatically read this file, telling the operating system kernel to output the file system and related access control. As you can see from the diagram above, this configuration file mainly sets the shared directory, visitors, access rights and other parts.
The first part of the content is to define the file directory to be shared. Note that absolute paths must be used here, not symbolic links. For example, if there is a folder in the Linux system, the real save path is /dir/share. But for administrative convenience, users will create a shortcut (/home/user/Desktop/share) on their desktop. This shortcut is called symbolic link under the Linux operating system. Although they are actually equivalent, you can also access this Share folder via a shortcut, they all point to the same folder. However, when using a network file system to share a directory, an absolute path must be used. Otherwise, the system will not be able to find the shared directory correctly.
The second part is the restriction on accessing the host. Here, the system administrator can allow all hosts on the LAN to access the shared directory; or set a network segment or a few specific IPs to access. How to configure the specific needs requires the system administrator to judge according to the actual situation of the enterprise. If the NFS network file system is mainly used to implement a file server, in general, all employees of the enterprise need to access the NFS server. In this case, it can be defined by the form of an IP network, such as 192.168.1.0. If the NFS network file system is used to implement the development and compilation work of a Linux platform, then only certain specific IP addresses are allowed to be accessed. At this point you can specify a specific IP address or use a wildcard to achieve.
The third part is the specific permission issue. The importance of authority has been explained in the first point, and the author has not explained much here. Here I will talk about the specific issues of shared directory permissions configuration. The author believes that when configuring the permissions of the shared directory, it needs to be treated separately. First you need to consider the permissions of the normal shared directory. If the shared directory is read-only to the user, it is also allowed to write files to the shared directory. The parameter rw indicates that the user has read and write permissions to the shared directory; and ro indicates that the user has read-only access to the shared file. I used NFS to implement a file server for the enterprise. When configuring this privilege, the author allows employees in other departments to access the shared directory that is not the department in a read-only form; for users in this department, it can be accessed in the form of reading and writing.
Second, you need to pay attention to the special account root. By default, root is under control of access. If on this machine, the instant file owner has permission to control the root account, but the root account can still have full control over this file. For this reason, the system administrator needs to consider what to do if the user accessing the NFS server shared directory is root. For example, if the no_root_squash parameter is added, the user who logs in to the NFS host using the shared directory is root. At the time, its permissions will be converted to anonymous users. If you use root_squash, it means that if the user who logs in to the NFS server using the shared directory is root, then it has root privileges for this shared directory. It will also be said that even if the shared directory has strict permission restrictions (such as all users are read-only to this shared directory), the visitor still has full control over the shared directory. Usually, I recommend using the no_root_squash parameter to limit the permissions of the client's root account.
The third can set the working mode of the shared directory. For example, the parameter sync indicates that the file is synchronously written to the memory and the hard disk when the user creates a file in the shared directory on the client. The parameter async means that the file will be temporarily stored in the memory and then written to the hard disk when it is appropriate. Which method is used is mainly based on performance and security. Synchronous write to memory and hard disk security will be higher, if the NFS server suddenly power off or other unexpected reasons to restart the file will not be lost; but because the memory and hard disk efficiency is different, its performance will be slightly slower a little. If you store the data in memory instead of directly writing to the hard disk, you can improve the performance of the NFS server, but if the NFS server is shut down unexpectedly or restarted, data will be lost. Which method is used specifically requires the system administrator to weigh the pros and cons and choose the appropriate processing method.