Windows system >> Linux system Tutorial >> Linux Tutorial

NFS configuration and use of the basic tutorial

First, install:

[barlow@web01 ~]# yum -y install nfs-utils rpcbind

Second, permission description: NFS file system The permissions are mainly controlled by two parts: user UID and file /etc/exports, that is, when the UID of the client user exists in the client, directly use the UID of the server to the NFS system (root in some special cases) The following exceptions will be mentioned later). The /etc/exports file allows centralized control of NFS system permissions:

[barlow@web01 ~]#vim /etc/exports/home/public 192.168.8.0/24(ro) localhost(rw) * .ev.ncku.edu.tw(ro,sync)[share directory] [first host (permission)] [available host name] [available wildcard]

As for the host name setting, there are several Ways:

You can use the full IP or network segment, for example 192.168.8.10 or 192.168.8.0/24, or 192.168.8.0/255.255.255.0 can be

also The host name can be used, but this host name must be in /etc/hosts, or you can use DNS to find the name! Anyway, the point is that you can find the IP. If it is a host name, then he can support wildcards, such as * or ? are acceptable.

As for the permissions (that is, the parameters in the parentheses) Common parameters are:

Parameter value Description rw ro The permissions shared by this directory are readable and writable (read- Write) or read-only, but can eventually read or write, or related to the file system's rwx and identity. Sync async sync means that the data will be written to the memory and the hard disk synchronously. Async means that the data will be temporarily stored in the memory instead of being directly written to the hard disk! No_root_squash root_squash If the account of the NFS file system is root, how should the system determine the identity of this account? By default, the identity of the client root will be compressed to nfsnobody by the setting of root_squash, which will be more secure for the server system. But if you want to open the client to use the root identity to operate the server's file system, then you have to open no_root_squash! All_squash Regardless of the identity of the user who logged into NFS, his identity will be compressed into an anonymous user, usually nobody(nfsnobody)! Anonuid anongid anon means anonymous (anonymous) The UID setting of the anonymous user mentioned earlier by *_squash, usually nobody(nfsnobody), but you can set the value of this UID yourself! Of course, this UID must exist in your /etc/passwd! Anonuid refers to the UID and anongid is the group's GID.

Three, configuration: 1, preparation:

[barlow@web01 ~]# mkdir /home/public ##Create a directory for sharing [barlow@web01 ~]#chown Barlow /home/public ##Change the directory owner to barlow user[barlow@web01 ~]#service nfs start ##Start nfs service

2, Case 1: Let root keep the original root privileges < Br>

[barlow@web01 ~]# vim /etc/exports/home/public *(rw,no_root_squash)

# Anyone can use my /home/public to handle wildcards Host name, the focus is on no_root_squash

3, case two: the same directory, different host permissions are different

[barlow@web01 ~]# vim /etc/exports/home/public 192.168.8.0 /24(rw) *(ro)# Continue to accumulate later. Note that I divide the host and the domain into two segments (separated by spaces)

4, Case 3: Use for a single host

[barlow@web01 ~]# vim /etc/exports/home/public 192.168.100.10(rw)# Only 192.168.8.10 this host can access

I am here to shut down SELinux and firewall iptables Otherwise, there will be problems with NFS firewall configuration is particularly difficult, For connecting the port 111 and 2049 are fixed, the other will produce a lot of non-fixed port, there is no good way to achieve by iptables configuration. Fortunately, under RHEL/CentOS 6.x, there is a way to configure a fixed port, which is defined in /etc/sysconfig/nfs. There are many configuration files, but generally no adjustment is needed. Yes, as follows:

[barlow@web01 ~]# vim /etc/sysconfig/nfsRQUOTAD_PORT=1001LOCKD_TCPPORT=30001LOCKD_UDPPORT=30001MOUNTD_PORT=1002