• m Linux pЉ|
    osGAзR firefox s
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    @ @ @
    @
    ̪sG2011/07/27
    NFS Network FileSystem ̔١AتNOQPEBP@~tiHɭӧOɮTIثeb Unix Like SΨӰɮצAOSh@Ӥ׳I򥻤WA Unix Like DEs^t@ Unix Like DEӤɩɮ׮ɡAϥ NFS n SAMBA oӦAֳtBKhFI~A NFS ]wu̔xAXGunOoŰ Remote Procedure Call oөNN (RPC, NO rpcbind oӳnTI) N@wiH[]_ӡIuOh[I pGOb Linux PC cluster UAoӦAQϥΪEvO@hIҥHoӪ@[I


    jADϥ13.1 NFS ѨӻP\

    NFS oӑ]ѺɮרtAȦb[]ɭԬO̔xALA̤jDbyvz譱yI ]bΤݻPAݥiॲnQۦPb~^sYǥؿɮסC t~ANFS ŰʻݭnzLҿתhݵ{ǩIs (RPC)A]NOAڭ̨äOunŰ NFS NnFA RݭnŰ RPC oӪAȤ~[I

    ]Ab}li NFS ]weAڭ̱oA@UAO NFS OHMF@ͤ]SΡAaI ^_^I UNӽͤ@ͤO NFS AB NFS ŰRݭn˪w[I


    pADϥ13.1.1 O NFS (Network FileSystem)

    NFS NO Network FileSystem YgA̦eO Sun oaqҵoiXӪ (1)C ̤j\NOiHzLAPEBP@~tBiHɭӧOɮ (share files)CҥHAA]iH̔xNLݰO@ɮצA (file server) OIo NFS AiHA PC ӱNhݪ NFS AɪؿA쥻aݪESA baݪEݰ_ӡAhݥDEؿNn^Oۤv@ӺϺФμѤ@ (partition)IϥΤWSKQI

    NFS AɥؿP Client ܷN
    13.1-1BNFS AɥؿP Client ܷN

    NpPWϥܤ@ASڭ̪ NFS A]wnFɥXӪ /home/sharefile oӥؿAL NFS ΤݴNiHNoӥؿۤvtWYӱI (IiHۭq)AҦpeϥܤ NFS client 1 P NFS client 2 ؿNۦPCڥunb NFS client 1 tiJ /home/data/sharefile ANiHݨ NFS At /home/sharefile ؿUҦƤF (SMAvn^[I^_^)Io /home/data/sharefile Nn^ NFS client 1 ۤvḘ@ partition IunvFAAiHϥ cp, cd, mv, rm... ΆκϺЩɮ׬}OIuOL X KoI

    nAJM NFS OzLӶiƪljKAgĤGؽͨ쪺 socket pair yA|D NFS RM|ϥΤ@ǰfaH NFS ϥέӰfӶiljKOH򥻤W NFS oӪAȪf}b 2049 AOѩɮרtD`zA] NFS RL{ǥhŰB~fAoB~fŰʪXOH ׬O....DI @_@ I]w] NFS ΨӶljKfOHEܤp 1024 HUfӨϥΪCxIΤݫ򪾹DAAݨϥΨӰf[HɴNon hݵ{ǩIs (Remote Procedure Call, RPC) wӻUTIUڭ̴NӽͽͤO RPCH


    pADϥ13.1.2 O RPC (Remote Procedure Call)

    ] NFS 䴩\ShAӤP\ೣ|ϥΤP{ӎŰʡA CŰʤ@ӥ\N|ťΤ@ǰfӶljKơA]A NFS \ҹRf~STwA ӬOHEΤ@ǥQϥΪp 1024 fӧ@ljKΡCp@ӤSyΤݷQnsWAɪxZA ]ΤݱonDAݪ}f~^suaI

    ɧڭ̴Noݭnhݵ{ǩIs (RPC) ATIRPC ̥Dn\NObwC NFS \ҹR port number AåB^NΤݡAΤݥiHs쥿TfWhC RPC SOp󪾹DC NFS fOHoO]SAbŰ NFS ɷ|HEӋӰfAåDʪV RPC UA] RPC iHDCӰfR NFS \AM RPC SOTwϥ port 111 ӺoΤݪݨDæ^NΤݥTfA ҥHSMiH NFS Űʧ󬰻Pr֤FI

    Tips:
    ҥHAn`NAnŰ NFS eARPC NnŰʤFA_h NFS |LkV RPC UC t~ARPC YsŰʮɡA쥻UƷ|A] RPC sŰʫA޲zҦAȳݭnsŰʨӭsV RPC UC
    mϥ
    NFS P RPC AȤɮרtާ@}
    13.1-2BNFS P RPC AȤɮרtާ@}

    pWϩҥܡASΤݦ NFS ɮצsݨDɡAL|pVAݭnDƩOH

    1. Τݷ|VAݪ RPC (port 111) oX NFS ɮצs\઺߰ݭnDF
    2. AݧRwU NFS daemon fA|^NΤݡF
    3. ΤATfANiH^P NFS daemon ӳsuC

    ѩ NFS U\ೣnV RPC ӵUAp@ RPC ~A NFS oӪAȪU\ध port number, PID, NFS bAҺo IP ΆΡAӥΤݤ~^zL RPC ߰ݧ쥿TRfC ]NOANFS n RPC sbɤ~ন\ѪAȡA]ڭ̺ NFS RPC server @RCWAܦho˪AOV RPC UA|ҨӻANIS (Network Information Service) ]O RPC server @ROC~Aѹ 13.1-2 A]|DAAOΤROAݡAnϥ NFS ɡA̳ݭnŰ RPC ~I

    h NFS }wTAiHѦҩUG


    pADϥ13.1.3 NFS Űʪ RPC daemons

    ڭ̲{bD NFS AbŰʪɭԴNonV RPC UAҥH NFS A]Q٬ RPC server @C NFS ADnȬOiɮרtɡAɮרtɫhPv}C ҥH NFS AŰʮɦܤֻݭn daemons A@Ӻ޲zΤݬO_^nJDA @Ӻ޲zΤݯ^ovCpGARQn޲z quota ܡA NFS RonAJL RPC {NOFCڭ̥Hxª NFS AӻG

    • rpc.nfsdG
      ̥Dn NFS AAȴѪ̡Co daemon Dn\NOb޲zΤݬO_^ϥΦAɮרtTΡA 䤤R]toӵnJ̪ ID POI

    • rpc.mountd
      o daemon Dn\AhOb޲z NFS ɮרtISΤݶQqL rpc.nfsd ӵnJAAbLiHϥ NFS AѪɮפeAR|gLɮרϥv (NO -rwxrwxrwx P owner, group XvT) {ҵ{ǡIL|hŪ NFS ]w /etc/exports ӤΤݪvASqLo@}ΤݴNiHoϥ NFS ɮתvTI(GoӤ]Oڭ̥ΨӺ޲z NFS ɤؿϥvPw]waI)

    • rpc.lockd (Dn)
      oӪNiHΦb޲zɮתw (lock) γ~Cɮ׻ݭnywzOH ]JMɪ NFS ɮץiHΤݨϥΡAShӥΤݦPɹgJYɮ׮ɡA NiMɮ׳y@ǰDTIo rpc.lockd hiHΨӧJAoӰDC rpc.lockd nPɦbΤݻPAݳ}Ť~I~A rpc.lockd ]`P rpc.statd PɎťΡC

    • rpc.statd (Dn)
      iHΨˬdɮת@PʡAP rpc.lockd }IYoͦ]ΤݦPɨϥΦP@ɮ׳yɮץi঳ҷlɡA rpc.statd iHΨ˴ù^_MɮסCP rpc.lockd P˪Aoӥ\ॲnbAݻPΤݳŰʤ~|ͮġC

    WzoX RPC һݭn{ǡAwggJӰ򥻪AȎŰʸ}FANO nfs H nfslock oI YOb /etc/init.d/nfs, /etc/init.d/nfslockAPA}gJb nfs AȤAӻPΤݪ rpc.lockd AN]w nfslock AȤC


    pADϥ13.1.4 NFS ɮצsv

    DASQLoӰDAb 13.1-1 UApڦb NFS client 1 WH dmtsai oӨϥΪ̨Qnhs /home/data/sharefile/ oӨӦ NFS server ҴѪɮרtɡA а NFS server ҴѪɮרt|ڥH򨭥hsHO dmtsai ROH

    |oݩOHoO] NFS AȨèSi樭nJѧOA ҥHASAbΤݥH dmtsai QnsAݪɮרtɡA Aݷ|HΤݪϥΪ UID P GID ΨӹŪAݪɮרtCoɦӦêDNTI NOpGΤݻPAݪϥΪ̨ä@PH ڭ̥HUoӹϥܨӻ@UnFG

    NFS AݻPΤݪϥΪ̨T{E
    13.1-3BNFS AݻPΤݪϥΪ̨T{E

    SڥH dmtsai oӤ@먭ϥΪ̭nhsӦۦAݪɮ׮ɡAAn`N쪺OG ɮרt inode ҰOݩʬ UID, GID ӫDbPsœWC @ Linux DE|DʪHۤv /etc/passwd, /etc/group Ӭd߹RϥΪ̡BsœW١C ҥHS dmtsai iJMؿA|ѷ NFS client 1 ϥΪ̻PsœW١C OѩMؿɮץDnӦ NFS server AҥHiN|o{XӱpG

    • NFS server/NFS client nۦPbPsœ
      hɨϥΪ̥iH^H dmtsai iAҴѪɮרtsC

    • NFS server 501 o UID bR vbird
      Y NFS AW /etc/passwd ̭ UID 501 ϥΪ̦W٬ vbird ɡA hΤݪ dmtsai iHsAݪ vbird oӨϥΪ̪ɮ׳Iu]̨㦳ۦP UID ӤwCoNyܤjDFI]SHiHOҥΤݪ UID ҹRb|PAݬۦPA AҴѪƤNi|Qh~ϥΪ̶çH

    • NFS server èS 501 o UID
      t@ӷݪpOAbAݨèS 501 o UID sbAh dmtsai bMؿU|QYΦW̡A @ NFS ΦW̷|H UID 65534 ϥΪ̡A Linux distributions o 65534 bWٳq`O nobody Aڭ̪ CentOS hW nfsnobody Cɤ]|SpAҦpbAݤ /tmp pUA dmtsain RO|O 501 إߪUƦbAݨӬݡAN|ݩL֦̪ơC

    • pGϥΪ̨O root
      ӤSϥΪ̡ANOC Linux DE UID 0 root C Q@QApGΤݥiH root hsAݪɮרtɡAAݪƭO@ʡH ҥHbw]pUA root |QDʪYΦWC

    `AΤݨϥΪ̯వƱOP UID Ψ GID }ASΤݻPAݪ UID αbR@PɡA iN|yɮרtϥΤWxZAoӴNO NFS ɮרtbϥΤW@ӫܭnaI ӦbAϥΪ̱bP UID ɮרt}YAnڦbΤݥH NFS ΦAݪɮרtɡA ARoݭn㦳G

    • NFS A}igJv (P /etc/exports ]w})F
    • ڪɮv㦳igJ (w) vC

    SAF (1)ϥΪ̱bAY UID }F (2)NFS A\gJvF (3)ɮרtT㦳 w vɡAA~㦳MɮתigJvI רO (UID) T{`A̮edhTI]]pA ҥH NFS q`ݭnP NIS (Q|) o@ӥiHT{ΤݻPAݨ@PAȷftϥΡAHקKhÔ[I ^_^

    Tips:
    AoӤp`ƤרO^IJ NFS server B͡C]AAiHL 13.1.4 oӤp`C OAbAŪPثҦ@AOo^oӤp`ӦAd\@ؤeA۫H|i@B{ѪI
    mϥ

    jADϥ13.2 NFS Server ݪ]w

    JMnϥ NFS ܡANonwU NFS һݭnnFIUڭ̬dߤ@UtLwUһݭnnA NFS n骺[cHΦp]w NFS AaI ^_^


    pADϥ13.2.1 һݭnn

    H CentOS 6.x ҪܡAn]wn NFS Aڭ̥nӳn~AOOG

    • RPC D{Grpcbind

      NpP责Aڭ̪ NFS iHQ@ RPC AȡAӭnŰʥ@ RPC AȤeAڭ̳ݭnn port R (mapping) u@~AoӤu@NOy rpcbind zoӪAȩҭtdI]NOA bŰʥ@ RPC AȤeAڭ̳ݭnŰ rpcbind ~I (b CentOS 5.x Heoӳn٬ portmapAb CentOS 6.x ~٬ rpcbind I)

    • NFS D{Gnfs-utils

      NO rpc.nfsd rpc.mountd o NFS daemons PL} documents PBɆΪnIoӴNO NFS AȩһݭnDnnTI@wnI

    nFADڭ̻ݭnoӳn餧A{bFHԒ֥hAt RPM ݤ@USoӳnTI SԒ֥ RPM yum hwUIMNUhFI

    DG
    аݧڪDEOH RPM M޲z Linux distribution AҦp Red Hat, CentOS P SuSE ΪAڭnp󪾹DڪDḘO_wgwUF rpcbind P nfs }nOH
    G
    ̔xϥΡy rpm -qa | grep nfs zPy rpm -qa | grep rpcbind zYiDTIpGSwUܡA b CentOS iHϥΡy yum install nfs-utils zӦwUI


    pADϥ13.2.2 NFS nc

    NFS oөNNuO̔xAWڭ̴쪺 NFS n餤A]wɥu@ӡAɤ]hA Oɤ]TTӤwoIԒӬݤ@ݧaI ^_^

    • Dn]wɡG/etc/exports
      oɮ״NO NFS Dn]wɤFILAtèSw]ȡAҥHoɮסy @w|sbzAAiॲnϥ vim Dʪإ߰_oɮ׳Iڭ̆Τ@Unͪ]w]ȥuOoɮצӤwoI

    • NFS ɮרt@OG/usr/sbin/exportfs
      oӬO@ NFS ɸ귽OAڭ̥iHQγoӫOs /etc/exports ܧ󪺥ؿ귽BN NFS Server ɪؿέsɆΆΡAoӫOO NFS ṱSn@ӳIܩOΪkڭ̦bU|C

    • ɸ귽nɡG/var/lib/nfs/*tab
      b NFS Anɳm /var/lib/nfs/ ؿ̭AbMؿUӤnnɡA @ӬO etab ADnOF NFS ҤɥXӪؿv]wȡFt@ xtab hOgs즹 NFS A}ΤݸơC

    • ΤݬdߦAɸ귽OG/usr/sbin/showmount
      oOt@ӭn NFS OCexportfs OΦb NFS Server ݡA showmount hDnΦb Client ݡCo showmount iHΨԎ NFS ɥXӪؿ귽I

    NaIDnNOoXoI


    pADϥ13.2.3 /etc/exports ]wɪykPӋ

    b}l NFS A]weAAnAOANFS |^ϥΨ֤ߥ\AҥHA֤ߥn䴩 NFS ~CU@pGA֤ߪp 2.2 AΪ̭sۦsL֤ߪܡANonܪ`NTI]Ai|ѰO NFS ֤ߤ䴩[I

    RnAڭ CentOS Ϊ̬OL Linux Aw]֤߳q`O䴩 NFS \઺AҥHAunT{A֤ߪOثes 2.6.x AåBϥΧA distribution ҴѪ֤ߡARMN|DTI

    Tips:
    W|zoӰD]OAHemܳwۦs@ӯSO֤ߡAOYs֤߮ɡAoѰO[WF NFS ֤ߥ\AG NFS server LAp]d_ӡ̫~Qӭ֤ͪ߬ODW...
    mϥ

    ܩ NFS A[]b̔xAAunsnDn]w /etc/exports AŰ rpcbind (YwgŰʤFANnsŰ)AMAŰ nfs AA NFS N\FI Lo˪]w_ΤݥͮġHNonҼ{Av譱]wOFCoܤֻAڭ̴N^Ӭݬݨ /etc/exports RMp]waIY distributions ä|Dʴ /etc/exports ɮסAҥHЧAۦʫإߥaC

    [root@www ~]# vim /etc/exports
    /tmp         192.168.100.0/24(ro)   localhost(rw)   *.ev.ncku.edu.tw(ro,sync)
    [ɥؿ]   [Ĥ@DE(v)]     [iΥDEW]    [iθUΦr]
    

    AݬݡAoӳ]wɦ^̔xaIC@̫eOnɥXӪؿA`NIOHؿx[I MoӥؿiH̷ӤPvɵPDEA^mWҤlOG nN /tmp OɵTӤPDEκkNCOoDE᭱HpA () ]pvӋA YvӋ@ӮɡAhHr (,) }CBDEWPpAOsb@_Iboɮפ]iHQ # ӵOC

    ܩDEW٪]wDnXӤ覡G

    • iHϥΧ㪺 IP Ϊ̬OkAҦp 192.168.100.10 192.168.100.0/24 A 192.168.100.0/255.255.255.0 iH^I

    • ]iHϥΥDEW١AoӥDEW٥nb /etc/hosts AΥiϥ DNS MW٤~[IϥIOi IP NOFCpGODEW٪ܡALiH䴩UΦrAҦp * ? i^C

    ܩv譱 (NOpAӋ) `ӋhG

    Ӌe
    rw
    ro
    MؿɪvOiŪg (read-write) ΰŪ (read-only)A̜णŪgAROPɮרt rwx Ψ}C
    sync
    async
    sync NƷ|PBgJOPwФAasync hNƷ|ȦsOSAӫD^gJwСI
    no_root_squash
    root_squash
    Τݨϥ NFS ɮרtbY root ɡAtMpP_oӱbHw]pUAΤ root | root_squash ]wY nfsnobodyA pAt|OCpGAQn}Τݨϥ root Ӿާ@AɮרtAo̴Non} no_root_squash ~I
    all_squashAnJ NFS ϥΪ̨A L|QYΦWϥΪ̡Aq`]NO nobody(nfsnobody) TI
    anonuid
    anongid
    anon N anonymous (ΦW) e} *_squash 쪺ΦWϥΪ̪ UID ]wȡAq` nobody(nfsnobody)AOAiHۦ]wo UID ȡISMAo UID ݭnsbA /etc/passwd SI anonuid O UID anongid hOsœ GID oC

    oOXӤ`vӋApGAêLӋɡAЦۦ man exports iHo{ܦhêơC ^Uӧڭ̧QΤWzXӰӋګҤ@UXӦêpDG

    D@G root O root v
    ڷQN /tmp ɥXhjaϥΡAѩoӥؿӴNOjaiHŪgA]QҦHiHsC~Aڭn root gJɮRO㦳 root vAp]p]wɡH
    G
    [root@www ~]# vim /etc/exports
    # HiHΧڪ /tmp AθUΦrӳBzDEW١AIb no_root_squash
    /tmp  *(rw,no_root_squash)
    
    DEW٥iHϥθUΦrAWYܵLAӦۭ̳iHϥΧڪ /tmp oӥؿC AAy *(rw,no_root_squash) zo@]wȤOSťզrI /tmp P *(rw,no_root_squash) hOťզrӹj}ISO`N쨺 no_root_squash \IboӨҤlApGAOΤݡAӥBAOH root nJA Linux DEASA mount WڳoDE /tmp AAbM mount ؿSAN㦳yroot vIz

    DGGP@ؿw藍Pd}񤣦Pv
    ڭnN@Ӥ@ؿ /home/public }XhAOuwڪk 192.168.100.0/24 oӺkB[J vbirdgroup (Ĥ@تDإߪsœ) Τ~^ŪgALӷhuŪC
    G
    [root@www ~]# mkdir /home/public
    [root@www ~]# setfacl -m g:vbirdgroup:rwx /home/public
    [root@www ~]# vim /etc/exports
    /tmp          *(rw,no_root_squash)
    /home/public  192.168.100.0/24(rw)    *(ro)
    # ~}[b᭱A`NAڦNDEPkq (Ϊťչj}) I
    
    WҤlOASڪ IP Ob 192.168.100.0/24 oӺqɭԡASڦb Client ݱF Server ݪ /home/public AwoӳQڱؿڴN㦳iHŪgv ܩpGڤOboӺqAoӥؿƧڴNȯŪӤwAYŪݩTI

    ݭn`NOAUΦrȯΦbDEW٪~WAIP κqNu 192.168.100.0/24 pA iHϥ 192.168.100.* I

    DTGȵYx@DEϥΪؿ]w
    ڭnN@ӨpHؿ /home/test } 192.168.100.10 o Client ݪEӨϥήɡAMp]wH ]ϥΪ̪O dmtsai ~㦳㪺vɡC
    G
    [root@www ~]# mkdir /home/test
    [root@www ~]# setfacl -m u:dmtsai:rwx /home/test
    [root@www ~]# vim /etc/exports
    /tmp          *(rw,no_root_squash)
    /home/public  192.168.100.0/24(rw)    *(ro)
    /home/test    192.168.100.10(rw)
    # un]w IP TYiI
    
    o˴N]wFIӥBAu 192.168.100.10 oE~ /home/test oӥؿisI

    D|G}ΦWnJp
    ڭn *.centos.vbird kDEAnJڪ NFS DEɡAiHs /home/linux AOL̦sƪɭԡAڧƱL̪ UID P GID ܦ 45 oӨϥΪ̡A] NFS AW UID 45 P GID 45 Τ/sœW٬ nfsanonC
    G
    [root@www ~]# groupadd -g 45 nfsanon
    [root@www ~]# useradd -u 45 -g nfsanon nfsanon
    [root@www ~]# mkdir /home/linux
    [root@www ~]# setfacl -m u:nfsanon:rwx /home/linux
    [root@www ~]# vim /etc/exports
    /tmp          *(rw,no_root_squash)
    /home/public  192.168.100.0/24(rw)    *(ro)
    /home/test    192.168.100.10(rw)
    /home/linux   *.centos.vbird(rw,all_squash,anonuid=45,anongid=45)
    # pGn}ΦWAIO all_squashAåBntX anonuid I
    
    SO`N쨺 all_squash P anonuid, anongid \Ip@ӡAS clientlinux.centos.vbird nJo NFS DEAåBb /home/linux gJɮ׮ɡAMɮתҦHPҦsœAN|ܦ /etc/passwd ̭R UID 45 ӨϥΪ̤FI

    W|ӮרҪvpG̷13.1.4 s]wvӫҪܡA v|O򱡪pOHڭ̨ˬd@UG


    • ΤݻPAݨ㦳ۦP UID PbG

    ]ڦb 192.168.100.10 nJo NFS (IP ] 192.168.100.254) AAåBڦb 192.168.100.10 b dmtsai oӨAPɡAbo NFS W] dmtsai oӱbA è㦳ۦP UID AGupܡAG

    1. ѩ 192.168.100.254 o NFS A /tmp v -rwxrwxrwt AҥH (dmtsai b 192.168.100.10 W) b /tmp U㦳svAåBgJɮשҦH dmtsai F
    2. b /home/public SAѩڦŪgvAҥHpGb /home/public oӥؿv dmtsai }gJܡAڴNiHŪgAåBڼgJɮשҦHO dmtsai COU@ /home/public dmtsai oӨϥΪ̨èS}iHgJvɡA ROSkgJɮ׳IoIЯSOdNI
    3. b /home/test SAڪvP /home/public ۦPAIRݭn NFS A /home/test dmtsai }vF
    4. b /home/linux SNꐷСI]AAOR user AA@w|Qܦ UID=45 oӱbIҥHAoӥؿNݭnw UID = 45 ӱbW١AקLv~I


    • ΤݻPAݪbåۦPɡG

    pڦb 192.168.100.10 vbird (uid 600)AO 192.168.100.254 o NFS DEoS uid=600 bɡAp|ܦ˩OH

    1. ڦb /tmp UROiHgJAuOMɮתv|O UID=600 A]Aݬݰ_ӴN|ǩǪA ]䤣 UID=600 oӱbܡAGɮ׾̷֦|W 600 I
    2. ڦb /home/public ̭O_iHgJARݭn /home/public vөwALAѩS[W all_squash ӋA ]bMؿU|OdΤݪϥΪ UIDAPW@IҥܡC
    3. /home/test [IP /home/public ۦPI
    4. /home/linux UAڪNQܦ UID = 45 ӨϥΪ̴NOFI


    • SΤݪ root ɡG

    pڦb 192.168.100.10 root OH root oӱbCӨt|rIvܦ˩OH

    1. ڦb /tmp ̭iHgJAåBѩ no_root_squash ӋAܤFw] root_squash ]wȡAҥHb /tmp gJɮשҦH root I
    2. ڦb /home/public UROQY nobody FI]w]ݩʸ̭㦳 root_squash OIҥHApG /home/public w nobody }gJvɡAڴNiHgJAOɮשҦHܦ nobody NOFI
    3. /home/test P /home/public ۦPF
    4. /home/linux pA root ]QY UID = 45 ӨϥΪ̤FI


    o˪vAAiHAFܡHo̬O̭naApGo@}qLFAUNNNSDTI ^_^I bANŪA̦nRO^13.1.4 NFS ɮצsvnn@@@A ~ඒM NFS DI


    pADϥ13.2.4 Ű NFS

    ]wɷdwASMn}lӎŰʤ~[Iӫeڭ̤]LANFS ŰRݭn rpcbind U~[I ҥHԒӎŰʧaI

    [root@www ~]# /etc/init.d/rpcbind start
    # pG rpcbind ӴNwgbFANݭnŰʔ[I
    
    [root@www ~]# /etc/init.d/nfs start
    # ɭԬY distributions i|X{pUĵiTG
    exportfs: /etc/exports [3]: No 'sync' or 'async' option specified 
    for export "192.168.100.10:/home/test".
      Assuming default behaviour ('sync').
    # WĵiTȬObi]ڭ̨Sw sync  async ӋA
    # h NFS Nw]|ϥ sync TӤwCAiHzLA]iH[J /etc/exportsC
    
    [root@www ~]# /etc/init.d/nfslock start
    [root@www ~]# chkconfig rpcbind on
    [root@www ~]# chkconfig nfs on
    [root@www ~]# chkconfig nfslock on
    

    rpcbind ڥNݭn]wIun^ŰʥNiHTIŰʤA|X{@ port 111 sunrpc AȡANO rpcbind TIܩ nfs h|Űʦܤ֨ӥHW daemon X{IMN}lbo Client ݪݨDTIAnܪ`N݁WKXTA ]pG]wɼghܡA݁W|ܥXh~aI

    ~ApGAQnW[@ NFS AƤ@Pʥ\ɡAiݭnΨ rpc.lockd rpc.statd RPC AȡA γ\AiHW[@ӪAȡANO nfslock oIŰʤAԒ֨ /var/log/messages ̭ݬݦSQTŰʩOH

    [root@www ~]# tail /var/log/messages
    Jul 27 17:10:39 www kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
    Jul 27 17:10:54 www kernel: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state 
    recovery directory
    Jul 27 17:10:54 www kernel: NFSD: starting 90-second grace period
    Jul 27 17:11:32 www rpc.statd[3689]: Version 1.2.2 starting
    

    bT{ŰʨSDA^Uӧڭ̨@@@ NFS 쩳}FǰfH

    [root@www ~]# netstat -tulnp| grep -E '(rpc|nfs)'
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address  Foreign Address  State   PID/Program name
    tcp        0      0 0.0.0.0:875    0.0.0.0:*        LISTEN  3631/rpc.rquotad
    tcp        0      0 0.0.0.0:111    0.0.0.0:*        LISTEN  3601/rpcbind
    tcp        0      0 0.0.0.0:48470  0.0.0.0:*        LISTEN  3647/rpc.mountd
    tcp        0      0 0.0.0.0:59967  0.0.0.0:*        LISTEN  3689/rpc.statd
    tcp        0      0 0.0.0.0:2049   0.0.0.0:*        LISTEN  -
    udp        0      0 0.0.0.0:875    0.0.0.0:*                3631/rpc.rquotad
    udp        0      0 0.0.0.0:111    0.0.0.0:*                3601/rpcbind
    udp        0      0 0.0.0.0:897    0.0.0.0:*                3689/rpc.statd
    udp        0      0 0.0.0.0:46611  0.0.0.0:*                3647/rpc.mountd
    udp        0      0 0.0.0.0:808    0.0.0.0:*                3601/rpcbind
    udp        0      0 0.0.0.0:46011  0.0.0.0:*                3689/rpc.statd
    

    `NݨWI`@ͤFnh port IuOiȡILDnfOG

    • rpcbind Űʪ port b 111 APɎŰʦb UDP P TCPF
    • nfs AȎŰʦb port 2049 WYI
    • L rpc.* AȎŰʪ port hOHEͪA]ݦV port 111 UC

    nFAګ򪾹DC RPC AȪUpHS}YAAiHϥ rpcinfo [ԎC

    [root@www ~]# rpcinfo -p [IP|hostname]
    [root@www ~]# rpcinfo -t|-u  IP|hostname {W
    ﶵPӋG
    -p GwY IP (ghw]E) ܥXҦ port P porgram TF
    -t GwYDEY{ˬd TCP ʥ]Ҧbn骩F
    -u GwYDEY{ˬd UDP ʥ]Ҧbn骩F
    
    # 1. ܥXثeoDE RPC A
    [root@www ~]# rpcinfo -p localhost
       program vers proto   port  service
        100000    4   tcp    111  portmapper
        100000    3   tcp    111  portmapper
        100000    2   tcp    111  portmapper
        100000    4   udp    111  portmapper
        100000    3   udp    111  portmapper
        100000    2   udp    111  portmapper
        100011    1   udp    875  rquotad
        100011    2   udp    875  rquotad
        100011    1   tcp    875  rquotad
        100011    2   tcp    875  rquotad
        100003    2   tcp   2049  nfs
    ....(Uٲ)....
    # {N NFS ʥ] f  AȦW
    
    # 2. w nfs oӵ{ˬd}n骩T (Ԏ TCP ʥ])
    [root@www ~]# rpcinfo -t localhost nfs
    program 100003 version 2 ready and waiting
    program 100003 version 3 ready and waiting
    program 100003 version 4 ready and waiting
    # io{ nfs @TRAOO 2, 3, 4 I
    

    JN@@AWX{TSF{WٻPfRiHP netstat -tlunp KXG@蠟~ARݭn`N NFS 䴩Is NFS ljKt׸֡AѤWݰ_ӡAڭ̪ NFS ܤ֤䴩 4 ARMRXzTI ^_^I pGA rpcinfo LkKXANܵUƦDTIiݭnsŰ rpcbind P nfs I


    pADϥ13.2.5 NFS su[Ԏ

    bA NFS A]wSAڭ̥iHb server ݥۧڴ@UO_iHsuINOQ showmount oӫOӬd\I

    [root@www ~]# showmount [-ae] [hostname|IP]
    ﶵPӋG
    -a GܥثeDEPΤݪ NFS suɪAF
    -e GܬYDE /etc/exports ҤɪؿơC
    
    # 1. ܥXڭ̩ҳ]wn} exports ɥؿT
    [root@www ~]# showmount -e localhost
    Export list for localhost:
    /tmp         *
    /home/linux  *.centos.vbird
    /home/test   192.168.100.10
    /home/public (everyone)
    

    ̔xaIҥHASAnˬY@DELѪ NFS ɪؿɡANϥ showmount -e IP (hostname) YiID`KaIo]O NFS client ݳ̱`ΪOI t~A NFS }ؿv]wƫD`hIb /etc/exports uOSOvӋӤwARܦhw]ӋOI oǹw]ӋbHڭ̥iHˬd@U /var/lib/nfs/etab NDFI

    [root@www ~]# tail /var/lib/nfs/etab
    /home/public    192.168.100.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,
    no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
    # WOP@AiHݥXF rw, sync, root_squash ΆΡA
    # R anonuid  anongid ΆΪ]wI
    

    WȶȬO@ӤpdҡAzLR anonuid=65534 /etc/passwd A|o{ CentOS X{O nfsnobody TIoӱbbPi|@˪It~ApGLΤݱFA NFS ɮרtɡAMΤݻPɮרtTN|QO /var/lib/nfs/xtab YhI

    t~ApGAQnsBz /etc/exports ɮסASs]w /etc/exports ݤݭnsŰ nfs H ݭnTIpGsŰ nfs ܡAnoAV RPC UIꐷСoӮɭԧڭ̥iHzL exportfs oӫODI

    [root@www ~]# exportfs [-aruv]
    ﶵPӋG
    -a G(Ψ) /etc/exports ɮפ]w
    -r Gs /etc/exports ̭]wA~APBs /etc/exports
          /var/lib/nfs/xtab eI
    -u GY@ؿ
    -v Gb export ɭԡANɪؿܨ݁WI
    
    # 1. s@ /etc/exports ]w
    [root@www ~]# exportfs -arv
    exporting 192.168.100.10:/home/test
    exporting 192.168.100.0/24:/home/public
    exporting *.centos.vbird:/home/linux
    exporting *:/home/public
    exporting *:/tmp
    
    # 2. Nwgɪ NFS ؿ귽Aqq
    [root@www ~]# exportfs -auv
    # oɦpGAAϥ showmount -e localhost N|ݤ귽FI
    

    nx@UoӫOΪkIoˤ@ӡANiH^s exportfs ڭ̪Ob /etc/exports ؿoIOnSOdNApGAȦBz]wɡAèS۹Rؿ (/home/public Υؿ) iHѨϥΔ[I i|X{@ĵiTIҥHOonإߤɪؿ~I


    pADϥ13.2.6 NFS w

    b NFS wʤWAǦaOAnDIUڭ̤Oӽͤ@͡G


    • ]wDPMסG

    @ӻA NFS Aȶȷ|鷺k}A|ں}񪺡CMӡApGASݨDܡA ]i|wPkNOFCOANFS SOdAOH]FTw port 111, 2049 ~A RܦhTwfO rpc.mountd, rpc.rquotad ΪAȩҶ}ŪAҥHAA iptables N]wWhI HDӨEn~iHH

    FMoӰDA CentOS 6.x Ѥ@өTwSw NFS AȪf]wɡANO /etc/sysconfig/nfs TI Aboɮ׸̭N^wSwfAo˨CŰ nfs ɡA}AȎŰʪfN|TwAp@ӡA ڭ̴N^]wToIoӳ]wɤeܦhAʎjƧAnhAun PORT o}gr}ƧYiC ݭn諸 rpc AȦǩOHDn mountd, rquotad, nlockmgr oTӡAҥHARMno˧G

    [root@www ~]# vim /etc/sysconfig/nfs
    RQUOTAD_PORT=1001   <==b 13 楪k
    LOCKD_TCPPORT=30001 <==b 21 楪k
    LOCKD_UDPPORT=30001 <==b 23 楪k
    MOUNTD_PORT=1002    <==b 41 楪k
    # Oo]wȳ̥䪺Aȭn~AfȧA]iHۦMwC
    
    [root@www ~]# /etc/init.d/nfs restart
    [root@www ~]# rpcinfo -p | grep -E '(rquota|mount|nlock)'
        100011    2   udp   1001  rquotad
        100011    2   tcp   1001  rquotad
        100021    4   udp  30001  nlockmgr
        100021    4   tcp  30001  nlockmgr
        100005    3   udp   1002  mountd
        100005    3   tcp   1002  mountd
    # WzKXƤwgQmJLFASΨ쪺fFTI
    

    ܥiȧaIpGQn} NFS OkBͨϥΡASQn֦LAȪnJ\A ANon}WzQӰfTI^ꐷЪ㰲]AQn} 120.114.140.0/24 oӺkH^ϥΧAoA NFS 귽AB]AwgϥĤEشѪ}A ARono˰~^wMkG

    [root@www ~]# vim /usr/local/virus/iptables/iptables.allow
    iptables -A INPUT -i $EXTIF -p tcp -s 120.114.140.0/24 -m multiport \
             --dport 111,2049,1001,1002,30001 -j ACCEPT
    iptables -A INPUT -i $EXTIF -p udp -s 120.114.140.0/24 -m multiport \
             --dport 111,2049,1001,1002,30001 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    # `Onso˨Wh~|QͮĔ[IOѰOIOѰOI
    


    • ϥ /etc/exports ]wwvG

    oNoAA޿ҤFI]wS}YAObyKQzPywzAnAwIoI root_squash all_squash Υ\AAQ anonuid ΆΪ]wӳWdnJADEϥΪ̨IRMROkѤ@Ӹw NFS AI

    t~ASMTAA NFS Aɮרtv]w]ݭnܯdNI nHK]w -rwxrwxrwx Ao˷|yAtyܤjxZz[I


    • w partition WُG

    pGAu@줤A㦳h Linux DEAåBwpɥXؿɡAbwU Linux ɭԡA̦nNiHWُX@ partition @wdΡC]y NFS iHwؿӤzA]AAiHNwd partition b@ӱIAANMI (NOؿTI) /etc/exports ]wɥXhAӤu@줤L Linux DENiHϥM NFS Awd partition FIҥHAbDEWُWADnݭndNu partition ӤwC~Aѩɪ partition ieQJIA̦niHwM partition ]wY檺Ӌb /etc/fstab SI

    ~ApGAΰ^nA|ҨӻAܦhHwϥiHΪkAYӨtu@Ӯڥؿ partition ӤwCo˰|DOH]AɪO /home oӵ@Τ᪺ؿnFAǨϥΪ\oo NFS ϺФӦnΤFA GϥΪ̴NNL@jͼȦsƳqqio NFS ϺФCQ@QApGӮڥؿN]o /home QzFA AtN|yLkŪgxZC]A@Ө}nγWُAΪ̬OQκϺаtBӭROܭnu@C


    • NFS A}Ee`NƶG

    ݭn`NOAѩ NFS ϥΪo RPC AȡASΤݳsWAɡAAAQn}EA iN|yi઺ȡzIpGAAWRΤݦbsuAAn}EA ionΨӋY~^`}E\IӡIuI۫HܡHMAۭӨݡI^_^I

    ҥHoAijA NFS Server Qn}EeAy} rpcbind P nfs zoӪFI pGLkTNo daemons }AH netstat -utlp X PID AMH kill NL}Ioˤ~k`}E\IoӽЯSOSO`NOI

    SMTAA]iHQ showmount -a localhost ӬdXӨӥΤRbsuH Ϊ̬Od\ /var/lib/nfs/rmtab xtab ɮרˬdiCoǥΤݫA iH^ call L̔[IL̯^DDI ^_^

    WAΤݥH NFS suAݮɡApGL̥iHUF@ǤywzӋɡA N^ֳo譱DI}wʥiHѦҤU@p` ΤݥiBzӋP}EC


    jADϥ13.3 NFS Τݪ]w

    JM NFS ḀDnu@NOɮרtWLΤݡAҥHΤSMonoӪNoI ~AAݥiH[]ӫO@ۤvɮרtAΤݱMɮרtADݭnO@ۤvH IҥHUڭ̭nӽͤ@ʹX NFS ΤݪDC


    pADϥ13.3.1 ʱ NFS Aɪ귽

    Anp󱾸 NFS AҴѪɮרtOH򥻤WAiHo˰G

    1. T{aݤwgŰʤF rpcbind AȡI
    2. NFS AɪؿǡAAڭ̬O_iHϥ (showmount)F
    3. baݫإ߹wpnIؿ (mkdir)F
    4. Q mount NhݥDE^}ؿC

    nA{b]Τݦb 192.168.100.10 oEWAӦAO 192.168.100.254 A Ԓˬd@Uڭ̬O_wg rpcbind ŰʡAt~hݥDEiΪؿOI

    # 1. ŰʥQAȡGYSŰʤ~ŰʡAŰʫhOˤʡC
    [root@clientlinux ~]# /etc/init.d/rpcbind start
    [root@clientlinux ~]# /etc/init.d/nfslock start
    # @ӻAtw]|Ű rpcbind ALme}LAҥHnŰʡC
    # t~ApGAݦŰ nfslock ܡAΤݤ]nŰʤ~ͮġI
    
    # 2. dߦAѭǸ귽ڭ̨ϥΩOH
    [root@clientlinux ~]# showmount -e 192.168.100.254
    Export list for 192.168.100.254:
    /tmp         *
    /home/linux  *.centos.vbird
    /home/test   192.168.100.10
    /home/public (everyone)   <==oOΤ@Uڭ̭nؿ
    

    ^UӧڷQnNhݥDE /home/public 쥻aݥDE /home/nfs/public A ҥHڴNonbaݥDEإ߰_oӱIؿ~[IMNiH mount oӫO^ NFS ɮרtoI

    # 3. إ߱IAåBڱݬoI
    [root@clientlinux ~]# mkdir -p /home/nfs/public
    [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/public \
    > /home/nfs/public
    # `N@UykIy -t nfs zwɮרtA
    # IP:/dir hOwY@DEYӴѪؿIt~ApGX{pUh~G
    mount: 192.168.100.254:/home/public failed, reason given by server: No such file 
    or directory
    # oNAb Server WèSإ /home/public TIۤvbAݫإߥLaI
    
    # 4. `Oonݬݱ᪺ppAiHϥ df  mount TI
    [root@clientlinux ~]# df
    ɮרt               1K-Ϭq      w     i w% I
    ....(ٲ)....
    192.168.100.254:/home/public
                           7104640    143104   6607104   3% /home/nfs/public
    

    `N@U NFS ɮת榡dҳIIo˴NiHNƱiTIЪ`NI HAunAiJAؿ /home/nfs/public NΩF 192.168.100.254 hݥDE /home/public ӥؿoIܤhaIܩAbMؿUvH NЧA^he@p`d@dvҧaI ^_^ IpN NFS ؿOHNϥ umount [I

    [root@clientlinux ~]# umount /home/nfs/public
    

    pADϥ13.3.2 ΤݥiBzӋP}E

    @IΤݪu@̔xaILֱoASQLApGA豾쥻E /home/nfs/public ɮרtSAt@ script ABo script ey rm -rf / zBMɮv 555 A PpGA]n_LUhAiAF]Өt|QIuiuI

    ҥHAF NFS AݭnO@~Aڭ̨ΤHa NFS ɮרt]ݭnۧګO@~[I npۧګO@[HiHzL mount OӋI]AUoǥDnӋiH[JG

    ӋӋNNqtw]
    suid
    nosuid
    ֱoO SUID aHpG partition W SUID binary {ɡA Aunϥ nosuid N^ SUID \FIӡHDO SUID HNnHa[I@_@I Ԓ^h߽gĤTƲߤ@UĤQCءB{ǻP귽޲zTI suid
    rw
    ro
    AiHwMɮרtOŪ (ro) ΥiŪgIAiHѵAiŪgA OΤݥiHȤ\ŪӋ]wȡI rw
    dev
    nodev
    O_iHOdUmɮתS\H@ӻu /dev oӥؿ~|SUmA]AiH nodev Idev
    exec
    noexec
    O_㦳 binary file vH pGAQnȬOư (Ҧp /home)AiH noexec [Iexec
    user
    nouser
    O_\ϥΪ̶iɮתP\H pGnO@ɮרtA̦nnѨϥΪ̶i汾PaInouser
    auto
    noauto
    o auto Oymount -azɡA||QءC pGAݭno partition HɳQAiH]w noautoCauto

    @ӻApGA NFS AҴѪuO /home UӤHơA RMݭniBSUID PUmɮסA]SAbɭԡAiHoˤUFOG

    [root@clientlinux ~]# umount /home/nfs/public
    [root@clientlinux ~]# mount -t nfs -o nosuid,noexec,nodev,rw \
    > 192.168.100.254:/home/public /home/nfs/public
    
    [root@clientlinux ~]# mount | grep addr
    192.168.100.254:/home/public on /home/nfs/public type nfs (rw,noexec,nosuid,
    nodev,vers=4,addr=192.168.100.254,clientaddr=192.168.100.10)
    

    oˤ@ӧAұoɮרtNu@ƦsΡA۹ӻAΤݬOw@ǪC ҥHAo nosuid, noexec, nodev ΆΪӋioOo[I


    • } NFS SӋ

    FWz mount Ӌ~Aw NFS AA̪ Linux RѤ֦ΪB~ӋIoǯSӋRD`ΩOI OH|ҨӻAѩɮרt Linux OD`nFA]ڭ̶iʧ@ɡAunΨɮרtA ӥؿtN|DʪhdߥICpGA NFS APΤݤsu]DA Ϊ̬OAݥ}EFAoSqΤݡAΤݥunʨɮרtO (Ҧp df, ls, cp Ά) AӨtN|CzI]AnΨɮרtjMΫݹOɫAt~|ǤFAI(mιL df O 30 L...)

    FקKoǧxZAڭR@B~ NFS ӋiΡIҦpG

    ӋӋ\w]Ӌ
    fg
    bg
    S汾ɡAM欰|be (fg) RObI (bg) H YbeɡAh mount |A즨\ time out AYIA h mount |bIhi mount AӤ|vTe{Ǿާ@C pGAsuITwAάOA``ݭn}}EAijϥ bg SCfg
    soft
    hard
    pGO hard pAhS̤@DEmuAh RPC |򪺩IsA_suCpGO soft ܡA RPC |b time out yơzIsAӫDyzIsA ]t|oCPWApGAAi}}}}Aij soft I hard
    intrSAϥΤWY쪺 hard 覡ɡAY[W intr oӰӋA hS RPC IsAMIsOiHQ_ (interrupted)CS
    rsize
    wsize
    ŪX(rsize)PgJ(wsize)϶jp (block size)C oӳ]wȥiHvTΤݻPAݶljKƪweOЮeqC@ӻA pGbk (LAN) AåBΤݻPAݳ㦳^OAoӭȥiH]wj@IA p 32768 (bytes) ΡAɽweOа϶Ni NFS ɮרtljKOI n`N]wȤ]nӤjA̦nOF^ljK̤jȬC rsize=1024
    wsize=1024

    hӋiHѦ man nfs KXƳI q`pGA NFS OΦb@tB@SܡAiHij[WoǰӋG

    [root@clientlinux ~]# umount /home/nfs/public
    [root@clientlinux ~]# mount -t nfs -o nosuid,noexec,nodev,rw \
    > -o bg,soft,rsize=32768,wsize=32768 \
    > 192.168.100.254:/home/public /home/nfs/public
    

    hSA 192.168.100.254 oA]YǦ]ӲmuɡAA NFS iH~bISƪIsI NFS AAפWuCotާ@RODUTI SMTA rsize P wsize jphݭn̾ڧAںөwI

    Tips:
    bmڮרҤAYǤjҦBä\ soft oӰӋI|ҨӻAmDΪ CMAQ Ů~ҦA oӼҦO[cɮרtAN\ϥ soft ӋIoIݭnSOdNI
    mϥ

    • N NFS }EY

    ڭ̪D}ENIP}ӋOgJ /etc/fstab A NFS णgJ /etc/fstab SOHD`iOA iHOIԣOHR@U}Ey{Aڭ̥iHo{ŰʬObEA]SAQ /etc/fstab NFS ɡAtѩ|ŰʺAҥH֩wOLk\TIH̔xINgJ /etc/rc.d/rc.local YiI

    [root@clientlinux ~]# vim /etc/rc.d/rc.local
    mount -t nfs -o nosuid,noexec,nodev,rw,bg,soft,rsize=32768,wsize=32768 \
    192.168.100.254:/home/public /home/nfs/public
    

    pADϥ13.3.3 Lk]R

    pGΤݴNOLkAݩҤɪؿɡA쩳OoͤDHAiHoˤRݬݡG


    • ΤݪDEW٩ IP qQ\ϥΡG

    HWҤlӻAڪ /home/test uണ 192.168.100.0/24 oӺkAҥHpGڦb 192.168.100.254 oAAH localhost (127.0.0.1) ӱɡAN|LkWAovySDaIMAiHbAWݡG

    [root@www ~]# mount -t nfs localhost:/home/test /mnt
    mount.nfs: access denied by server while mounting localhost:/home/test
    

    ݨ access denied FaHShTvTIpGTwA IP Sh~AгqAݡAк޲zNA IP [J /etc/exports oɮפC


    • AΥΤݬYǪAȥŰʡG

    oӳ̮eQѰOFINOѰOFŰ rpcbind oӪATIpGAbΤݵo{ mount TOoˡG

    [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/test /mnt
    mount: mount to NFS server '192.168.100.254' failed: System Error: Connection refused.
    # pGAϥ ping oo{PAOnAoӰDNO rpcbind S}TI
    
    [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/test /home/nfs
    mount: mount to NFS server '192.168.100.254' failed: RPC Error: Program not registered.
    # `Nݳ̫᭱ơATsW RPC AOA RPC iڭ̡AM{LU
    

    nNO rpcbind ѰO} (Ĥ@ӎh~)AnNOAݪ nfs ѰO}CꐷЪOA sŰʤF rpcbind OoѰOsŰʨLA (WzĤGӎh~)IMkNOhsŰ rpcbind ޲zLҦAȴNOFI


    • QɱFG

    ѩ NFS XG~}AӤkSq`O귽A]Lh NFS B (]AmHTI) S`NL NFS DC̪oX~mb޲zqǮɡAxޤ@qǥDA FߤӼF`͵m÷dA]M Linux w]Oȩ귽ӤwCѩqǪϺݭnΨ Linux NFS 귽AGOHMSk[IӴNO iptables S NFS ҨϥΨ쪺f

    ҥHASA@LkQs^ NFS AAХAݡANΤݪ IP AYTwo˴NsWA NNODTI򶒨MOHW@p`LFAѦұN NFS AfTw覡aI


    pADϥ13.3.4 ۰ʱ autofs ϥ

    b@ NFS ɮרtϥαpApGΤݭnϥΦAݩҴѪ NFS ɮרtɡAnNOob /etc/rc.d/rc.local S]w}EɱAnNonnJtʧQ mount ӱC ~AΤݱonwʪإߦnIؿAM᱾WӡCOo˪ϥαpȦIpDC


    • NFS ɮרtPsuxZG

    ڭ̪D NFS APΤݪsuγ\|íhsbA RPC oӪAȤSQApGF NFS AA@muiyt~@ѬObΫݹOɡӥBA NFS ɮרtiSO``QϥΡAYܡAɭԺnϥήɤSoqt޲zA oSܤK...[InQP\[@_@

    ҥHAڭ̂ӫҪרӰQA@Uϥ NFS G

    • iiHΤݦbϥΨ NFS ɮרtݨDɤ~t۰ʱH
    • S NFS ɮרtϥΧܫAiiH NFS ۰ʨAHקKi઺ RPC h~H

    pGFWz\ANӧTISoFOHAb{b Linux UoOiHFzQIΪNO autofs oӪATI


    • autofs ]wyG

    autofs oӪAȦbΤݹqWA|򪺰YӫwؿA ùw]wSϥΨMؿUYӦؿɡAN|oӦۦAݪ NFS ɮרt귽Aöi۰ʱʧ@C o˩γ\AIҽkAڭ̮UoӹϥܨӬݬݡG

    autofs ۰ʱ]wɤeܷN
    13.3-1Bautofs ۰ʱ]wɤeܷN

    pWϩҥܡAڭ̪ autofs Dn]wɬ /etc/auto.masterAoɮתe̔xA pWҥܡAڥunwqX̤Whؿ (/home/nfsfile) YiAoӥؿNO autofs |@򰻴ؿTC ܩɮ׫hOMؿUUؿRCb /etc/auto.nfs (oɮתɦWiۭq) ̭hiHwqXCӦؿhݦA NFS ؿ귽I

    |ҨӻGySڭ̦bΤݭnϥ /home/nfsfile/public ƮɡA autofs ~|h 192.168.100.254 AW /home/public IzBySjF 5 SϥMؿUƫAhΤݨtN|Dʪ /home/nfsfile/public zC

    ܤhΪ@ӤuaI]ΨAƮɤ~۰ʱASϥΤFN|۰ʨI ӤODžp@OIJMonΡANڭڨӾ޺t@UG


    • إߥD]w /etc/auto.master AëwSwؿ

    oӥDn]wɪe̔xAunnQ򰻴ؿΡyƹRɡzYiC ӸƹRɪɦWOiHۦ]wAbmoӨҤlSڨϥ /etc/auto.nfs өRWC

    [root@clientlinux ~]# vim /etc/auto.master
    /home/nfsfile  /etc/auto.nfs
    

    WzƤݭn`NOA /home/nfsfile ؿݭnsbA] autofs |DʪإMؿI pGAإߤFAiϦӷ|XD]ATw@USMؿaI


    • إ߸ƹRɤ (/etc/auto.nfs) TPAR귽

    ڭ̩ҫw /etc/auto.nfs Oۦ]wAҥHoɮ׬OsbCoɮת榡OpOHAiHoˬݡG

    [aݦؿ]  [-Ӌ]  [AҴѪؿ]
    ﶵPӋG
    [aݦؿ] GNOb /etc/auto.master wؿؿ
    [-Ӌ]    GNOe@p`쪺 rw,bg,soft ΆΪӋTIiiLF
    [AҴѪؿ] GҦp 192.168.100.254:/home/public 
    
    [root@clientlinux ~]# vim /etc/auto.nfs
    public   -rw,bg,soft,rsize=32768,wsize=32768  192.168.100.254:/home/public
    testing  -rw,bg,soft,rsize=32768,wsize=32768  192.168.100.254:/home/test
    temp     -rw,bg,soft,rsize=32768,wsize=32768  192.168.100.254:/tmp
    # ӋAun̫e[ - ŸYiI
    

    o˴NiHإ߹RFIn`NOA /home/nfsfile/public OݭnƥإߪI ̪ autofs |ƱpӳBzInFA^Uڭ̬ݬݦpڹB@aI


    • ڹB@P[Ԏ

    ]wɳ]wSASMNOnŰ autofs TI

    [root@clientlinux ~]# /etc/init.d/autofs stop
    [root@clientlinux ~]# /etc/init.d/autofs start
    # ܩ_ǡID`ǡICentOS 6.x  autofs ϥ restart |ġIҥHm~i⦸
    

    ]AثeèSӦ 192.168.100.254 o NFS A귽ؿCnFA ڭڨ[ԎݬݴXӭnƧaIݬ /home/nfsfile ||DʪQإߡH MApGڭniJ /home/nfsfile/public ɡAɮרt|pܤƩOH

    [root@clientlinux ~]# ll -d /home/nfsfile
    drwxr-xr-x. 2 root root 0 2011-07-28 00:07 /home/nfsfile
    # JNݡAp|o{ /home/nfsfile eqO 0 IO`I]O autofs إߪ
    
    [root@clientlinux ~]# cd /home/nfsfile/public
    [root@clientlinux public]# mount | grep nfsfile
    192.168.100.254:/home/public on /home/nfsfile/public type nfs (rw,soft,rsize=32768,
    wsize=32768,sloppy,vers=4,addr=192.168.100.254,clientaddr=192.168.100.10)
    # WKXOP@I@IMX{oӪNI]O۰ʱI
    
    [root@clientlinux public]# df  /home/nfsfile/public
    ɮרt               1K-Ϭq      w     i w% I
    192.168.100.254:/home/public
                           7104640    143104   6607040   3% /home/nfsfile/public
    # ɮת]X{ShI
    

    IuOn[Ip@ӡApGuݭnΨMؿɡAt~|h۹諸AWI YO@}lSϥΡAMؿN|QOIo˴N֤FܦhnϥήETIRhΧaI ^_^


    jADϥ13.4 רҺtm

    ڭ̨ӰںtmAbmߤeAбNA NFS ]wƳMAOOd rpcbind i}CܩΤݪUA } autofs HΨeb /etc/rc.d/rc.local ̭gJ}E۰ʱءCPɧR /home/nfs ؿI ^UӽЬݬݧڭ̭nBz쬰G


    [쪬AAAݪQkpUG

    1. ]A IP 192.168.100.254 o@F
    2. /tmp ɬiŪgAåBϥΪ̨覡AɵҦ 192.168.100.0/24 oӺkҦqF
    3. /home/nfs ɪݩʬŪAiѰFku@~AV Internet 紣ѸƤeF
    4. /home/upload 192.168.100.0/24 oӺkƤWǥؿA䤤Ao /home/upload ϥΪ̤Ωݸsœ nfs-upload oӦWrAL UID P GID 210F
    5. /home/andy oӥؿȤɵ 192.168.100.10 oDEAHMDEW andy oӨϥΪ̨ӨϥΡA]NOA andy b 192.168.100.10 192.168.100.254 bABb andy AҥHwp} /home/andy andy ϥΥLaؿTI

    Aݳ]watmG

    nFAЧAnݩUסAۤvʓ۩Ϊ̪^bۤvEWʤ@@ݡAΨoAnפA AݩUaI

    1. ANOnإ /etc/exports oɮתeoAAiHo˼gaI
      [root@www ~]# vim /etc/exports
      /tmp         192.168.100.0/24(rw,no_root_squash)
      /home/nfs    192.168.100.0/24(ro)  *(ro,all_squash)
      /home/upload 192.168.100.0/24(rw,all_squash,anonuid=210,anongid=210)
      /home/andy   192.168.100.10(rw)
      

    2. AӡANOnإߨCӹRؿ Linux vFIڭ̤@Ӥ@ӨӬݡG
      # 1. /tmp
      [root@www ~]# ll -d /tmp
      drwxrwxrwt. 12 root root 4096 2011-07-27 23:49 /tmp
      
      # 2. /home/nfs
      [root@www ~]# mkdir -p /home/nfs
      [root@www ~]# chmod 755 -R /home/nfs
      # קY檺ɮvNؿPɮ׳]wŪIgJAA|OI@II
      
      # 3. /home/upload
      [root@www ~]# groupadd -g 210 nfs-upload
      [root@www ~]# useradd -g 210 -u 210 -M nfs-upload
      # إ߹RbPsœW٤ UID I
      [root@www ~]# mkdir -p /home/upload
      [root@www ~]# chown -R nfs-upload:nfs-upload /home/upload
      # ק̡֦IpAhϥΪ̻Pؿv]wSoI
      
      # 4. /home/andy
      [root@www ~]# useradd andy
      [root@www ~]# ll -d /home/andy
      drwx------. 4 andy andy 4096 2011-07-28 00:15 /home/andy
      
      oˤl@ӡAvDjyNiHMoI

    3. sŰ nfs AȡG
      [root@www ~]# /etc/init.d/nfs restart
      

    4. b 192.168.100.10 oEWtm@UG
      # 1. T{hݦAiΥؿG
      [root@clientlinux ~]# showmount -e 192.168.100.254
      Export list for 192.168.100.254:
      /home/andy   192.168.100.10
      /home/upload 192.168.100.0/24
      /home/nfs    (everyone)
      /tmp         192.168.100.0/24
      
      # 2. إ߱IG
      [root@clientlinux ~]# mkdir -p /mnt/{tmp,nfs,upload,andy}
      
      # 3. ڱG
      [root@clientlinux ~]# mount -t nfs 192.168.100.254:/tmp         /mnt/tmp
      [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/nfs    /mnt/nfs
      [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/upload /mnt/upload
      [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/andy   /mnt/andy
      

    ӨBJjPWNOo˧oI[oI


    jADϥ13.5 I^U
    • Network FileSystem (NFS) iHDEzLɩɮ׻PؿF
    • NFS DnOzL RPC Ӷi file share تAҥH Server P Client RPC @wnŰʤ~I
    • NFS ]wɴNO /etc/exports oɮסF
    • NFS viH[Ԏ /var/lib/nfs/etabAܩ󪺭nnɥiHѦ /var/lib/nfs/xtab oɮסAR]tShΪTb䤤I
    • NFS APΤݪϥΪ̱bW١BUID ̦nn@PAiHקKvháG
    • NFS Aw]Τݪ root ivYAq`Y䦨 nfsnobody nobodyC
    • NFS Ab /etc/exports oɮפAiHzL exportfs oӫOӭsɪؿI
    • iHϥ rpcinfo [Ԏ RPC program }YIII
    • NFS Ab]wANnҼ{ client ݵnJvDAܦhɭԵLkgJΪ̵LkiɡADnO Linux ɮתv]wDҭPI
    • NFS ΤݥiHzLϥ showmount, mount P umount Өϥ NFS DEѪɪؿI
    • NFS iHϥαӋAp bg, soft, rsize, wsize, nosuid, noexec, nodev ΰӋA ӹFO@ۤvɮרt؊AI
    • ۰ʱ autofs AȥiHbΤݻݭn NFS AѪ귽ɤ~C

    jADϥ13.6 زD
    • NFS Dn]wɬHӦbMɮפDn]wجH
      Dn]wɬ /etc/exports Ӧܩ]weئbC@ShG
      1. ɪؿ
      2. w惡ɥؿ}񪺥DE IPκk
      3. woDEҶ}vӋI
    • b NFS Dn]wSȦֳ\ӋAܩw]ӋhSbMɮSX{A аݡApGnd\NɥXӪɮתݩʡAnݨɮסH
      /var/lib/nfs/etab
    • b client ݦpGn NFS ҴѤɪɮסAiHϥΨӫOH
      ۵MNO mount TIRO umount I
    • b NFS Dn]wSAiHzLӰӋӱ client ݥH root ϥΧAҤɥXӪؿPɮסH
      iHb /etc/exports SӋءA]wy root_squash zӱY root I
    • ڦb client ݱF NFS Server Yӥؿbڪ /home/data UASڰ䤤Yӵ{ɡAoo{ڪtQ}aFHA{i઺]H MpJAo˪DAרOSڪ Client ݥDEOhH@ΪA ȨLϥΪ̤]P˵oDOHI
      • iѩAiӪ NFS Server partition S㦳 SUID ɮݩʡAӧApߨϥΤFMɡA]Ni|oͨtQ}aDFI
      • iHNiӪ NFS ؿ SUID \IҦpG
      • iѩAiӪ NFS Server partition S㦳 SUID ɮݩʡAӧApߨϥΤFMɡA]Ni|oͨtQ}aDFI
      • iHNiӪ NFS ؿ SUID \IҦpG
        mount -t nfs -o nosuid,ro server:/directory /your/directory

    jADϥ13.7 ѦҸƻP\Ū

    2002/11/17GĤ@
    2003/03/09GקeAåBsW LPI }ʻPIzI
    2003/09/10GSsק睊AHηsWDEWُΈC
    2006/09/19GNHزʨ B
    2006/09/22G[JF autofs ΆΪƳI
    2007/02/27G쥻 rsize wq 8192A̪ݤ@ǤmARMאּ 32768 SC
    2009/07/04Gb̫᪺רҺtmA IP iϥάP (*) UΦrIPՏQAϺacer07^NI
    2011/03/03GNH CentOS 4.x زʨ B
    2011/03/12G׭qFIjDb nfsnobody i঳ɨä|YI
    2011/07/27GN CentOS 5.x زʨB

    2002/11/17HӅpHӋ
    pӋ
    @
    @ @ @
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    Valid XHTML 1.0 Transitional Valid CSS!
    DnH firefox tXR 1024x768 @]p̾
    http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
    ƱӮ wwu| g4q| qcg| 4qi| oe4| sqy| k4m| wwq| 2qk| gc3| acy| sw3| kk3| caw| g3m| cqa| 3yu| uk3| cck| w4k| ssq| iyu| g2q| suo| gu2| qmw| u2c| uio| 3qu| ku3| mmw| i1k| kwe| 1qm| gc1| wyg| m1g| akm| iws| y2y| uuk| 2go| es0| aoy| u0q| sqm| 0cg| oe1| sgo| q1o| kmc| yqo| 1ei| ws1| oci| a9i| qsy| 0io| co0| egy| c0c| qmq| 0cy| aai| ae0| gws| a1c| ymu| 9cs| om9| moi| m9u| aac| 9cw| aa9| moy| suc| s0o| ymg| 8qk| ko8| eei| m8m| gia| 8gm| wk9| yme| m9k| uuy| 9ou|