NFS is a referusion of Network File System. It is an integral part of the distributed computing system that can be shared and assembled on a heterogeneous network. NFS is developed by Sun, and has become a standard for document services (RFC1904, RFC1813). Its maximum function is that the computer can be shared through the network, so that it can also be seen as a file server (see Figure 1). NFS provides methods of communication between Windows and Linux and UNIX and Linux in addition to SAMBA.
Figure 1 NFS Server and Client PC Schematic
The Client End PC can mount the directory provided by NFS Server, and this directory after mounting, like local disk partitions, can use instructions related to disk, CD, MV, RM, DF. NFS has a port number belonging to its own protocol, but when data transfer or other related message is transmitted, NFS Server is used by the protocol called Remote Procedure Call, RPC to assist NFS Server itself. Operation. The NFS itself has not provided an agreement to provide information, but it can share the sharing of files. The reason is that NFS uses some other related transport protocols, and these transmissions protocols are remote process call (RPC). NFS can also be considered an RPC Server. It should be noted that the Client PC host to mount NFS Server also needs to start remote procedure calls synchronously. This way the Server end and the client end can perform data sharing based on the remote process call protocol. Using NFS Server requires starting at least two Daemons (system daemon), one for managing whether the Client PC can log in, and another file permission that can be used after logging in the host. The following: ◆ RPC.nfsd Its main function is to manage the client's permissions of the host, which contains the discrimination of the ID of the login. ◆ RPC.mountd Its main function is to manage NFS file systems. After the Client PC logs into the host smoothly by RPC.NFSD, the authentication of the use authority must be obtained before using the NFS Server provided. The program reads NFS / etc / exports to compare the permissions of the Client side PC. To activate NFS, there must be two system services, which are portmap and nfs-utils, respectively. NFS can actually be considered an RPC Server. Before you activate any RPC Server, you need to do a good job in the port. This job is responsible for the service of Portmap. NFS-Utils is a system service that provides rpc.nfsd and rpc.mountd and other relevant documentation, etc.
NFS Server end setting
The NFS Server end settings, first you need to confirm if the Linux host can support the NFS service, then set the user's source IP or host name and shared directory permissions. So how do you use this shared directory in Client PC? First check if Linux Server has an NFS directory that Linux Server is available in ShowMount. If you have a MOUNT in this machine, you can use the resources provided by the NFS Server host. 1. System requirements In addition to the two system daemon portmap and NFS-Utils, the kernel version is preferably above 2.2.18. In addition, if the kernel is recompiled, you must choose to support NFS.
2. ETC / EXPORTS editing / etc / exports file: # vi / etc / exports
/ usr / src / sys -maproot = daemon host2
/ usr / ports -ro -network 192.168.1.0
From the above example, you can see the format of the exports file, first of all, define the file directory to share, you must use an absolute path without using a symbolic connection. Behind the parameters for accessing restrictions on this directory for ensuring security. In the first line setting, shared the / usr / sys / src directory, but restrict the ROOT user equivalent to the DAEMON user on the machine to avoid illegal root rights on the client. Operation; Since the Host2 parameter is the host name, this limits only Host2 to share this / usr / sys / src directory; the third row setting shared / usr / ports directory, but limited to only one read, and only 192.168 .1.0 The computer on the network can access this shared directory. ◆ Maproot = Which user (0 is root) ◆ RW can be erasable when the mapping is mapped. ◆ RO read-only permissions. ◆ NO_ROOT_SQUSH When the user who logs in the NFS host uses the share of the share, if the user's permissions will be converted into anonymous users, usually its UID and GID becomes Nobody identity. ◆ Root_squash login NFS host uses the user of the shared directory, if it is root, then for this shared directory, it has root permissions. ◆ All_squash does not log in to the NFS user, and its identity will be converted into anonymous users, usually Nobody. ◆ AnonUID is usually nobody, of course, can also set the value of this UID, and the UID must exist in / etc / passwd. ◆ AnongID is an AnonUID, but it becomes a group ID. ◆ Sync data is synchronously writes to memory and hard drive. ◆ Async information will be premiere in memory, rather than directly writing hard drives. 3. Activate service Portmap and NFSD
# /etc/rc.d/init.d/portmap start
# /etc/rc.d/init.d/nfs start
After the portmap is activated, a service of SunRPC is 111. As for NFS, at least two system daemons are activated, and then the needs of the Client PC will be listened to whether the operation is successful with CAT / VAR / LOG / Messages:
#cat / var / log / messages
NOV 16 15:04:45 Cao Portmap: Portmap Startup successmeded
NOV 16 15:04:53 Cao NFS: Starting NFS Services: succeedededed
NOV 16 15:04:54 Cao NFS: rpc.rquotad startup succeeded
NOV 16 15:04:54 Cao NFS: rpc.mountd Startup succeeded
NOV 16 15:04:54 Cao NFS: rpc.nfsd startup succeeded
4.Exportfs If you modify the / etc / exports file, you do not need to reactivate NFS, just re-scan the file / etc / exports file, and then load the settings:
# exportfs [-aruv]
Parameter Description: -A All mount (or uninstall) / etc / exports file settings. -r re-mounted the settings in / etc / exports, in addition, the content of the / etc / exports and / var / lib / NFS / XTAB is synchronized. -u Uninstall a directory. -v At Export, the shared directory is displayed on the screen. 5. Check directory content shared by the directory / var / lib / NFS / XTAB test, view / var / lib / nfs / xtab this file: # vi / var / lib / nfs / xtab
/ HOME / CAO 192.168.0.1 (RW, Sync, Wdelay, Hide, Secure, Root_Squash,
NO_ALL_SQUSH, SUBTREE_CHECK, Secure_locks, Mapping = Identity, AnonUID = -2,
AnongID = -2)
This is the property of the shared directory presets the properties in NFS. 6. SHOWMOUNT
# Showmount [-ae] Hostname
Parameter Description: -a Displays the current host and client connection status on the screen. -e Displays the shared directory in / etc / exports of Hostname this machine. When you want to scan a directory of the NFS shared by a host, use the showmount -e ip (or host name hostname). 7. Observe the port number of activation
# netstat -utln
Active Internet Connections (ONLY Servers)
Proto Recv-q Send-Q Local Address Foreign Address State
TCP 0 0 0.0.0.0:111 0.0.0.0:0:0:0:111 0.0.0.0:0:4 Listen <== Portmap
TCP 0 0 0.0.0.0:817 0.0.0.0:0:0:0:817 == RPC.xxxx
TCP 0 0 0.0.0.0:1266 0.0.0.0:0:0:0:0:166 == RPC.xxxx
UDP 0 0 0.0.0.0:0:2049 0.0.0.0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:00
UDP 0 0 0.0.0.0:814 0.0.0.0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:00 <== RPC.xxxx
UDP 0 0 0.0.0.0:1327 0.0.0.0:0:0:0:0:0:0:1327 0.0.0.0:0:0:1327 0.0.0.0:0:0:1327 0.0.0.0:0:0:1327 0.0.0.0:0:0:1327 0.0.0.0:0:8 <== RPC.xxxx
udp 0 0 0.0.0.0:111 0.0.0.0:* <== portmap
The port on which NFS is 1049, and other ports are randomly generated by RPC Server other programs (such as rpc.mountd, rpc.rquotad, rpc.nfsd ...), that is, the port number will not be fixed, each time RESTART NFS will get a different port number.
8. Stop NFS services
# /etc/rc.d/init.d/portmap stop
Client End PC Settings
1. Scan the NFS Server Directory that can be used in the Client local side, and uses Mount to mount the directory shared by the remote host. Suppose the host name is www.cao.net, use ShowMount to view the directory that NFS Server can share. The / home / public is then mounted under / home / nfs / public: # Showmount -e www.cao.net
Export List for Localhost:
/ TMP *
/ home / linux * .cao.net
/ home / public (eveningone)
/ home / cao 192.168.0.1
2. Mount / Home / Public Directory first build this directory, then use the Mount instruction to mount the / home / public directory:
# MKDIR -P / Home / NFS / PUBLIC
# mount -t nfs cao.linux.org:/Home/public / Home / NFS / PUBLIC
Monkey format:
# mount -t nfs hostname (Orip): / Directory / Mount / Point
# df
FileSystem 1K-block Used Available Use% MOUNTED ON
/ DEV / HDA1 1904920 1235380 572776 68% /
/ DEV / HDB1 976344 115212 810736 13% / Backup
Www.cao.net:/Home/public 1904920 1235376 572776 69% / Home / NFS / PUBLIC
After mounting the information, as long as you enter the / home / nfs / public directory, it is equal to the NFS Server / PUBLIC directory of www.cao.net. 3. Uninstall Umount
# umount / home / nfs / public
When there is a Client online when there is a client online, it is recommended to turn off the portmap and NFS two system services before the NFS Server is turned off. If you can't get rid of these two system services correctly, you can find the PID with NetStat -UTLP, then use Kill to kill the process, so you can shut down normally.
Security advice
In order to ensure network security, it is best to use NFS to limit the range of use (if only 192.168.5.120 C address, and the IP address is 192.168.5.123 Mono my NFS Server):
# vi /etc/hosts.allow
Portmap: 192.168.5.120/255.255.255.248: allow
Portmap: 192.168.5.123: allow
# vi /etc/hosts.deny
Portmap: All: Deny
