博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Installing NFS on CentOS 6.2
阅读量:6329 次
发布时间:2019-06-22

本文共 8531 字,大约阅读时间需要 28 分钟。

Referrence:http://eduardo-lago.blogspot.de/2012/02/installing-nfs-on-centos-62.html

This is a how to install the NFS service on a Linux CentOS 6.2 box and making it accessible to others. The scenario is the following:

  • Grant read-only access to the /home/public directory to all networks
  • Grant read/write access to the /home/common directory to all networks 

At the end of this guide you will get:

  • A running NFS server with various LAN shared directories
  • A active set of firewall rules allowing the access to NFS ports
  • A permanently mounted NFS shared on a CentOS / Ubuntu client     

I assume you already have:

  • a fresh running Linux CentOS 6.2 server 
  • a sudoer user, named bozz on this guide
  • an accessible RPM repository / mirror
  • a Linux client with CentOS / Ubuntu

 

Steps

    1. Login as bozz user on the server
    2. Check if rpcbind is installed:
$ rpm -q rpcbindrpcbind-0.2.0-8.el6.x86_64
    1. if not, install it:
$ sudo yum install rpcbind
    1. Install NFS-related packages:
$ sudo yum install nfs-utils nfs-utils-lib
    1. Once installed, configure the nfs, nfslock and rpcbind to run as daemons:
$ sudo chkconfig --level 35 nfs on$ sudo chkconfig --level 35 nfslock on $ sudo chkconfig --level 35 rpcbind on
    1. then start the

rpcbind

    1. and

nfs

    1. daemons:
$ sudo service rpcbind start$ sudo service nfslock start $ sudo service nfs start

NFS daemons

  • rpcbind: (portmap in older versions of Linux) the primary daemon upon which all the others rely, rpcbind manages connections for applications that use the RPC specification. By default, rpcbind listens to TCP port 111 on which an initial connection is made. This is then used to negotiate a range of TCP ports, usually above port 1024, to be used for subsequent data transfers. You need to run rpcbind on both the NFS server and client. 
  • nfs: starts the RPC processes needed to serve shared NFS file systems. The nfs daemon needs to be run on the NFS server only. 
  • nfslock: Used to allow NFS clients to lock files on the server via RPC processes. The nfslock daemon needs to be run on both the NFS server and client.

 

    1. Test whether NFS is running correctly with the rpcinfo command. You should get a listing of running RPC programs that must include mountd, portmapper, nfs, and nlockmgr:

 

$ rpcinfo -p localhost   program vers proto   port  service    100000    4   tcp    111  portmapper    100000    3   tcp    111  portmapper    100000    2   tcp    111  portmapper    100000    4   udp    111  portmapper    100000    3   udp    111  portmapper    100000    2   udp    111  portmapper    100024    1   udp  40481  status    100024    1   tcp  49796  status    100011    1   udp    875  rquotad    100011    2   udp    875  rquotad    100011    1   tcp    875  rquotad    100011    2   tcp    875  rquotad    100003    2   tcp   2049  nfs    100003    3   tcp   2049  nfs    100003    4   tcp   2049  nfs    100227    2   tcp   2049  nfs_acl    100227    3   tcp   2049  nfs_acl    100003    2   udp   2049  nfs    100003    3   udp   2049  nfs    100003    4   udp   2049  nfs    100227    2   udp   2049  nfs_acl    100227    3   udp   2049  nfs_acl    100021    1   udp  32769  nlockmgr    100021    3   udp  32769  nlockmgr    100021    4   udp  32769  nlockmgr    100021    1   tcp  32803  nlockmgr    100021    3   tcp  32803  nlockmgr    100021    4   tcp  32803  nlockmgr    100005    1   udp    892  mountd    100005    1   tcp    892  mountd    100005    2   udp    892  mountd    100005    2   tcp    892  mountd    100005    3   udp    892  mountd    100005    3   tcp    892  mountd

 

    1.  

      The /etc/exports file is the main NFS configuration file, and it consists of two columns. The first column lists the directories you want to make available to the network. The second column has two parts. The first part lists the networks or DNS domains that can get access to the directory, and the second part lists NFS options in brackets. Edit /etc/exports and append the desired shares:
$ sudo nano /etc/exports
    1. then append:

 

/home/public *(ro,sync,all_squash)/home/common *(rw,sync,all_squash)
  • /home/public: directory to share  with read-only access to all networks
  • /home/common: directory to share with read/write access to all networks
  • *: allow access from all networks
  • ro: read-only access
  • rw: read/write access 
  • sync: synchronous access 
  • root_squash: prevents root users connected remotely from having root privileges and assigns them the user ID for the user nfsnobody. This effectively "squashes" the power of the remote root user to the lowest local user, preventing unauthorized alteration of files on the remote server. Alternatively, the no_root_squash option turns off root squashing. To squash every remote user, including root, use the all_squash option. To specify the user and group IDs to use with remote users from a particular host, use the anonuid and anongid options, respectively. In this case, a special user account can be created for remote NFS users to share and specify (anonuid=,anongid=), where is the user ID number and is the group ID number.

 

    1. Create the directories to be published with the correct permissions:
$ sudo mkdir -p /home/public$ sudo chown nfsnobody:nfsnobody /home/public$ sudo mkdir -p /home/common$ sudo chown nfsnobody:nfsnobody /home/common
    1. it should end like this:
$ ls -l /home/...drwxr-xr-x. 2 nfsnobody nfsnobody  4096 Feb 20 12:55 commondrwxr-xr-x. 7 nfsnobody nfsnobody  4096 Feb 17 14:44 public
    1. [OPTIONAL] Allow bozz user to locally write on the created directories by appending it  to nfsnobody group and granting write permissions to the group:
$ sudo usermod -a -G nfsnobody bozz$ sudo chmod g+w /home/public$ sudo chmod g+w /home/common
    1. it should end like this:
$ ls -l /home/...drwxrwxr-x. 2 nfsnobody nfsnobody  4096 Feb 20 12:40 commondrwxrwxr-x. 7 nfsnobody nfsnobody  4096 Feb 17 14:44 public
    1. Security issues. To allow remote access some firewall rules and other NFS settings must be changed. You need to open the following ports:
  • TCP/UDP 111 - RPC 4.0 portmapper
  • TCP/UDP 2049 - NFSD (nfs server)
  • Portmap static ports, Various TCP/UDP ports defined in /etc/sysconfig/nfs file.
the portmapper assigns each NFS service to a port dynamically at service startup time, but dynamic ports cannot be protected by

iptables

    1. . First, you need to configure NFS services to use fixed ports. Edit

/etc/sysconfig/nfs

    1. , enter:
$ sudo nano /etc/sysconfig/nfs
    1. and set:
LOCKD_TCPPORT=32803LOCKD_UDPPORT=32769MOUNTD_PORT=892RQUOTAD_PORT=875STATD_PORT=662STATD_OUTGOING_PORT=2020
    1. then restart nfs daemons:
$ sudo service rpcbind restart$ sudo service nfs restart
    1. update iptables rules by editing

/etc/sysconfig/iptables

    1. , enter:
$ sudo nano /etc/sysconfig/iptables
    1. and append the following rules:
-A INPUT -s 0.0.0.0/0 -m state --state NEW -p udp --dport 111 -j ACCEPT-A INPUT -s 0.0.0.0/0 -m state --state NEW -p tcp --dport 111 -j ACCEPT-A INPUT -s 0.0.0.0/0 -m state --state NEW -p tcp --dport 2049 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p tcp --dport 32803 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p udp --dport 32769 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p tcp --dport 892 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p udp --dport 892 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p tcp --dport 875 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p udp --dport 875 -j ACCEPT-A INPUT -s 0.0.0.0/0  -m state --state NEW -p tcp --dport 662 -j ACCEPT-A INPUT -s 0.0.0.0/0 -m state --state NEW -p udp --dport 662 -j ACCEPT
    1. restart iptables daemon:
$ sudo service iptables restart
    1. Mount NFS shared directories: Install client NFS packages first:   on Ubuntu client:
$ sudo apt-get install nfs-common
    1. on CentOS client:
$ sudo yum install nfs-utils nfs-utils-lib
    1. inquiry for the list of all shared directories:
$ showmount -e SERVERADDRESS
    1. mount server's

/home/public

    1. on client's

/public

    1. :
$ sudo mkdir -p /public$ sudo mount SERVERADDRESS:/home/public /public$ df -h
    1. mount server's

/home/common

    1. on client's

/common

    1. :
$ sudo mkdir -p /common$ sudo mount SERVERADDRESS:/home/common /common$ df -h
    1. Mount NFS automatically after reboot on the client. Edit /etc/fstab, enter:
$ sudo nano /etc/fstab
    1. append the following line:
#Directory                   Mount Point    Type   Options       Dump   FSCKSERVER_IP_ADDRESS:/home/public /public nfs hard 0 0SERVER_IP_ADDRESS:/home/common /common nfs hard 0 0
    1. to test the correctness of /etc/fstab before restarting, you can try to manually mount /public and /common:
$ sudo mount /public$ sudo mount /common

转载于:https://www.cnblogs.com/ericsun/archive/2012/06/27/2564553.html

你可能感兴趣的文章
ArcGIS地图投影转换
查看>>
Python re
查看>>
Linux基础命令---gzip
查看>>
忠告15:山姆。摩尔。沃尔顿:追逐着,并坚持不懈
查看>>
openstack-mikata之网络服务(controller安装部署)
查看>>
我的友情链接
查看>>
通过HAproxy实现动静分离
查看>>
Codeforces Round #256 (Div. 2) D. Multiplication Table 【二分】
查看>>
ARM汇编指令格式
查看>>
HDU-2044-一只小蜜蜂
查看>>
HDU-1394-Minimum Inversion Number
查看>>
jsonView谷歌插件
查看>>
df -h 卡住
查看>>
K-means算法(理论+opencv实现)
查看>>
第七天1
查看>>
[转] createObjectURL方法 实现本地图片预览
查看>>
Jquery中的Jquery.extend, Jquery.fn.extend,Jquery.prototype
查看>>
JavaScript—DOM编程核心.
查看>>
获得表字段名称和数据类型
查看>>
python 日志打印
查看>>