[環境]
三台 CentOS 7:
NFS Server (192.168.0.10)
Client (192.168.0.2)
Client (192.168.0.3)
[目的]
NFS Server (192.168.0.10) 建立兩個資料夾(/home/nfsA、/home/nfsB),
開放給兩個 Client(192.168.0.2、192.168.0.3) 存取。
[步驟]
- NFS Server
- 安裝 NFS
$ yum install nfs-utils
- 建立要分享的資料夾
$ mkdir /home/nfsA $ mkdir /home/nfsB
- 編輯設定檔,加入兩個要分享的資料夾,並設定兩個 Client(192.168.0.2、192.168.0.3) 有存取權限。
$ vi /etc/exports
設定檔內容/home/nfsA 192.168.0.2(rw,sync,no_root_squash,no_all_squash,no_subtree_check) 192.168.0.3(rw,sync,no_root_squash,no_all_squash,no_subtree_check) /home/nfsB 192.168.0.2(rw,sync,no_root_squash,no_all_squash,no_subtree_check) 192.168.0.3(rw,sync,no_root_squash,no_all_squash,no_subtree_check)
注意:
設定值 rw,sync,no_root_squash,no_all_squash,no_subtree_check,
請依個人環境需求設定,可用的設定值、效果,可用 man exports 查看。$ man exports ..... rw Allow both read and write requests on this NFS volume. The default is to disallow any request which changes the filesystem. This can also be made explicit by using the ro option. ..... sync Reply to requests only after the changes have been committed to stable storage (see async above). In releases of nfs-utils up to and including 1.0.0, the async option was the default. In all releases after 1.0.0, sync is the default, and async must be explicitly requested if needed. To help make system administrators aware of this change, exportfs will issue a warning if neither sync nor async is specified. ..... no_subtree_check This option disables subtree checking, which has mild security implications, but can improve reliability in some circumstances. If a subdirectory of a filesystem is exported, but the whole filesystem isn't then whenever a NFS request arrives, the server must check not only that the accessed file is in the appropriate filesystem (which is easy) but also that it is in the exported tree (which is harder). This check is called the subtree_check. In order to perform this check, the server must include some information about the location of the file in the "filehandle" that is given to the client. This can cause problems with accessing files that are renamed while a client has them open (though in many simple cases it will still work). subtree checking is also used to make sure that files inside directories to which only root has access can only be accessed if the filesystem is exported with no_root_squash (see below), even if the file itself allows more general access. As a general guide, a home directory filesystem, which is normally exported at the root and may see lots of file renames, should be exported with subtree checking disabled. A filesystem which is mostly readonly, and at least doesn't see many file renames (e.g. /usr or /var) and for which subdirectories may be exported, should probably be exported with subtree checks enabled. The default of having subtree checks enabled, can be explicitly requested with subtree_check. From release 1.1.0 of nfs-utils onwards, the default will be no_subtree_check as subtree_checking tends to cause more problems than it is worth. If you genuinely require subtree checking, you should explicitly put that option in the exports file. If you put neither option, exportfs will warn you that the change is pending. ..... root_squash Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does not apply to any other uids or gids that might be equally sensitive, such as user bin or group staff. (client 端使用 root 操作掛載的目錄時,NFS Server 會將 client 端的 root 對應成 NFS Server 上的匿名帳號) no_root_squash Turn off root squashing. This option is mainly useful for diskless clients. all_squash Map all uids and gids to the anonymous user. Useful for NFS-exported public FTP directories, news spool directories, etc. The opposite option is no_all_squash, which is the default setting. - 啟動服務
$ systemctl enable rpcbind $ systemctl enable nfs-server $ systemctl enable nfs-lock $ systemctl enable nfs-idmap $ systemctl start rpcbind $ systemctl start nfs-server $ systemctl start nfs-lock $ systemctl start nfs-idmap
- 開放防火牆
$ firewall-cmd --permanent --zone=public --add-service=nfs $ firewall-cmd --permanent --zone=public --add-service=mountd $ firewall-cmd --permanent --zone=public --add-service=rpc-bind $ firewall-cmd --reload $ firewall-cmd --list-all --zone=public
- Client
- 安裝 nfs-utils、libnfsidmap,啟動 rpcbind
$ yum install nfs-utils libnfsidmap $ systemctl enable rpcbind $ systemctl start rpcbind
- 掛載 NFS Server 資料夾
- 方法1:手動掛載
$ mkdir /mnt/nfsA $ mkdir /mnt/nfsB $ showmount -e 192.168.0.10 $ mount -t nfs 192.168.0.10:/home/nfsA /mnt/nfsA $ mount -t nfs 192.168.0.10:/home/nfsB /mnt/nfsB
- 方法2:使用 autofs 自動掛載
[安裝 autofs]$ yum install autofs $ systemctl enable autofs.service
[建立新檔案 /etc/auto.mymnt-nfsA,裡面寫掛載 192.168.0.10:/home/nfsA/ 的語法]$ vi /etc/auto.mymnt-nfsA
檔案內容* -rw,bg,soft,rsize=32768,wsize=32768 192.168.0.10:/home/nfsA/&
[建立新檔案 /etc/auto.mymnt-nfsB,裡面寫掛載 192.168.0.10:/home/nfsB/ 的語法]$ vi /etc/auto.mymnt-nfsB
檔案內容* -rw,bg,soft,rsize=32768,wsize=32768 192.168.0.10:/home/nfsB/&
[建立新檔案 /etc/auto.master.d/mymnt.autofs,裡面寫上面兩個掛載語法,要掛載到哪個路徑]$ vi /etc/auto.master.d/mymnt.autofs
檔案內容/mnt/nfsA /etc/auto.mymnt-nfsA /mnt/nfsB /etc/auto.mymnt-nfsB
[重啟 autofs]$ systemctl restart autofs
[掛載語法說明(以 /etc/auto.mymnt-nfsA 內容為例)]
* -rw,bg,soft,rsize=32768,wsize=32768 192.168.0.10:/home/nfsA/&
最前面的「*」,表示 client 端 /mnt/nfsA 下的所有目錄
最後面的「&」,表示 NFS Server 的 192.168.0.10:/home/nfsA 底下所有目錄
「&」對應到「*」
例如:192.168.0.10:/home/nfsA/abc 會掛載成 client 端的 /mnt/nfsA/abc
參考:
- https://dywang.csie.cyut.edu.tw/dywang/rhcsaNote/node63.html
自動掛載 autofs 的使用 - https://www.howtoforge.com/tutorial/setting-up-an-nfs-server-and-client-on-centos-7/
Setting Up an NFS Server and Client on CentOS 7.2 - https://blog.skywebster.com/how-to-setup-nfs-server-on-centos-7-rhel-7/
- https://www.opencli.com/linux/rhel-centos-7-install-nfs-server
RHEL / CentOS 7 安裝 NFS Server - Linux 技術手札 - https://www.cyut.edu.tw/~ywfan/netlab/20060912chapter17-nfs.htm
第 十五章 網路檔案系統
其他:
- https://geekpeach.net/zh-hant/%E5%9F%BA%E6%9C%AC-nfs-%E5%AE%89%E5%85%A8%E6%80%A7-nfs%E3%80%81no_root_squash-%E5%92%8C-suid
基本 NFS 安全性 – NFS、no_root_squash 和 SUID - GeekPeach.net - https://blog.csdn.net/qq_36357820/article/details/78488077
NFS /etc/exports参数解释_三支烟的博客-CSDN博客_/etc/exports - https://qizhanming.com/blog/2018/08/08/how-to-install-nfs-on-centos-7
CentOS 7 下 yum 安装和配置 NFS - Zhanming's blog - https://linux.onlinedoc.tw/2016/03/centos7rhel7-nfs-server.html
Linux • 無限: 在 CentOS7/RHEL7 上架設 NFS Server - https://www.796t.com/content/1535442980.html
解決clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to - 程式人生 - https://segmentfault.com/a/1190000008629932
linux运维 - 运维笔记:nfs网络文件系统相关_个人文章 - SegmentFault 思否 - https://linux.vbird.org/linux_server/centos6/0330nfs.php
鳥哥私房菜 - 第十三章、檔案伺服器之一:NFS 伺服器 - https://blog.csdn.net/zangjiaoshou/article/details/122063825
NFS client &挂载参数_zangjiaoshou的博客-CSDN博客 - https://www.cnblogs.com/yanling-coder/p/13028552.html#bgfg
nfs 挂载选项 - yanling0813 - 博客园 - https://www.cnblogs.com/f-ck-need-u/p/7305755.html
第3章 NFS基本应用 - 骏马金龙 - 博客园 - https://stackoverflow.com/questions/47967839/how-to-disable-nfs-client-caching
How to disable NFS client caching? - Stack Overflow - https://serverfault.com/questions/638601/nfs-caching-issue
NFS Caching Issue - Server Fault - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/storage_administration_guide/s1-nfs-client-config-options
9.5. Common NFS Mount Options Red Hat Enterprise Linux 6 | Red Hat Customer Portal
