• m Linux pЉ|
  osGAзR firefox s
  | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
  @ @ @
  @
  ̪sG2011/07/27
  NFS Network FileSystem ̔١AتNOQPEBP@~tiHɭӧOɮTIثeb Unix Like SΨӰɮצAOSh@Ӥ׳I򥻤WA Unix Like DEs^t@ Unix Like DEӤɩɮ׮ɡAϥ NFS n SAMBA oӦAֳtBKhFI~A NFS ]wu̔xAXGunOoŰ Remote Procedure Call oөNN (RPC, NO rpcbind oӳnTI) N@wiH[]_ӡIuOh[I pGOb Linux PC cluster UAoӦAQϥΪEvO@hIҥHoӪ@[I


  jADϥ13.1 NFS ѨӻP\

  NFS oӑ]ѺɮרtAȦb[]ɭԬO̔xALA̤jDbyvz譱yI ]bΤݻPAݥiॲnQۦPb~^sYǥؿɮסC t~ANFS ŰʻݭnzLҿתhݵ{ǩIs (RPC)A]NOAڭ̨äOunŰ NFS NnFA RݭnŰ RPC oӪAȤ~[I

  ]Ab}li NFS ]weAڭ̱oA@UAO NFS OHMF@ͤ]SΡAaI ^_^I UNӽͤ@ͤO NFS AB NFS ŰRݭn˪w[I


  pADϥ13.1.1 O NFS (Network FileSystem)

  NFS NO Network FileSystem YgA̦eO Sun oaqҵoiXӪ (1)C ̤j\NOiHzLAPEBP@~tBiHɭӧOɮ (share files)CҥHAA]iH̔xNLݰO@ɮצA (file server) OIo NFS AiHA PC ӱNhݪ NFS AɪؿA쥻aݪESA baݪEݰ_ӡAhݥDEؿNn^Oۤv@ӺϺФμѤ@ (partition)IϥΤWSKQI

  NFS AɥؿP Client ܷN
  13.1-1BNFS AɥؿP Client ܷN

  NpPWϥܤ@ASڭ̪ NFS A]wnFɥXӪ /home/sharefile oӥؿAL NFS ΤݴNiHNoӥؿۤvtWYӱI (IiHۭq)AҦpeϥܤ NFS client 1 P NFS client 2 ؿNۦPCڥunb NFS client 1 tiJ /home/data/sharefile ANiHݨ NFS At /home/sharefile ؿUҦƤF (SMAvn^[I^_^)Io /home/data/sharefile Nn^ NFS client 1 ۤvḘ@ partition IunvFAAiHϥ cp, cd, mv, rm... ΆκϺЩɮ׬}OIuOL X KoI

  nAJM NFS OzLӶiƪljKAgĤGؽͨ쪺 socket pair yA|D NFS RM|ϥΤ@ǰfaH NFS ϥέӰfӶiljKOH򥻤W NFS oӪAȪf}b 2049 AOѩɮרtD`zA] NFS RL{ǥhŰB~fAoB~fŰʪXOH ׬O....DI @_@ I]w] NFS ΨӶljKfOHEܤp 1024 HUfӨϥΪCxIΤݫ򪾹DAAݨϥΨӰf[HɴNon hݵ{ǩIs (Remote Procedure Call, RPC) wӻUTIUڭ̴NӽͽͤO RPCH


  pADϥ13.1.2 O RPC (Remote Procedure Call)

  ] NFS 䴩\ShAӤP\ೣ|ϥΤP{ӎŰʡA CŰʤ@ӥ\N|ťΤ@ǰfӶljKơA]A NFS \ҹRf~STwA ӬOHEΤ@ǥQϥΪp 1024 fӧ@ljKΡCp@ӤSyΤݷQnsWAɪxZA ]ΤݱonDAݪ}f~^suaI

  ɧڭ̴Noݭnhݵ{ǩIs (RPC) ATIRPC ̥Dn\NObwC NFS \ҹR port number AåB^NΤݡAΤݥiHs쥿TfWhC RPC SOp󪾹DC NFS fOHoO]SAbŰ NFS ɷ|HEӋӰfAåDʪV RPC UA] RPC iHDCӰfR NFS \AM RPC SOTwϥ port 111 ӺoΤݪݨDæ^NΤݥTfA ҥHSMiH NFS Űʧ󬰻Pr֤FI

  Tips:
  ҥHAn`NAnŰ NFS eARPC NnŰʤFA_h NFS |LkV RPC UC t~ARPC YsŰʮɡA쥻UƷ|A] RPC sŰʫA޲zҦAȳݭnsŰʨӭsV RPC UC
  mϥ
  NFS P RPC AȤɮרtާ@}
  13.1-2BNFS P RPC AȤɮרtާ@}

  pWϩҥܡASΤݦ NFS ɮצsݨDɡAL|pVAݭnDƩOH

  1. Τݷ|VAݪ RPC (port 111) oX NFS ɮצs\઺߰ݭnDF
  2. AݧRwU NFS daemon fA|^NΤݡF
  3. ΤATfANiH^P NFS daemon ӳsuC

  ѩ NFS U\ೣnV RPC ӵUAp@ RPC ~A NFS oӪAȪU\ध port number, PID, NFS bAҺo IP ΆΡAӥΤݤ~^zL RPC ߰ݧ쥿TRfC ]NOANFS n RPC sbɤ~ন\ѪAȡA]ڭ̺ NFS RPC server @RCWAܦho˪AOV RPC UA|ҨӻANIS (Network Information Service) ]O RPC server @ROC~Aѹ 13.1-2 A]|DAAOΤROAݡAnϥ NFS ɡA̳ݭnŰ RPC ~I

  h NFS }wTAiHѦҩUG


  pADϥ13.1.3 NFS Űʪ RPC daemons

  ڭ̲{bD NFS AbŰʪɭԴNonV RPC UAҥH NFS A]Q٬ RPC server @C NFS ADnȬOiɮרtɡAɮרtɫhPv}C ҥH NFS AŰʮɦܤֻݭn daemons A@Ӻ޲zΤݬO_^nJDA @Ӻ޲zΤݯ^ovCpGARQn޲z quota ܡA NFS RonAJL RPC {NOFCڭ̥Hxª NFS AӻG

  • rpc.nfsdG
   ̥Dn NFS AAȴѪ̡Co daemon Dn\NOb޲zΤݬO_^ϥΦAɮרtTΡA 䤤R]toӵnJ̪ ID POI

  • rpc.mountd
   o daemon Dn\AhOb޲z NFS ɮרtISΤݶQqL rpc.nfsd ӵnJAAbLiHϥ NFS AѪɮפeAR|gLɮרϥv (NO -rwxrwxrwx P owner, group XvT) {ҵ{ǡIL|hŪ NFS ]w /etc/exports ӤΤݪvASqLo@}ΤݴNiHoϥ NFS ɮתvTI(GoӤ]Oڭ̥ΨӺ޲z NFS ɤؿϥvPw]waI)

  • rpc.lockd (Dn)
   oӪNiHΦb޲zɮתw (lock) γ~Cɮ׻ݭnywzOH ]JMɪ NFS ɮץiHΤݨϥΡAShӥΤݦPɹgJYɮ׮ɡA NiMɮ׳y@ǰDTIo rpc.lockd hiHΨӧJAoӰDC rpc.lockd nPɦbΤݻPAݳ}Ť~I~A rpc.lockd ]`P rpc.statd PɎťΡC

  • rpc.statd (Dn)
   iHΨˬdɮת@PʡAP rpc.lockd }IYoͦ]ΤݦPɨϥΦP@ɮ׳yɮץi঳ҷlɡA rpc.statd iHΨ˴ù^_MɮסCP rpc.lockd P˪Aoӥ\ॲnbAݻPΤݳŰʤ~|ͮġC

  WzoX RPC һݭn{ǡAwggJӰ򥻪AȎŰʸ}FANO nfs H nfslock oI YOb /etc/init.d/nfs, /etc/init.d/nfslockAPA}gJb nfs AȤAӻPΤݪ rpc.lockd AN]w nfslock AȤC


  pADϥ13.1.4 NFS ɮצsv

  DASQLoӰDAb 13.1-1 UApڦb NFS client 1 WH dmtsai oӨϥΪ̨Qnhs /home/data/sharefile/ oӨӦ NFS server ҴѪɮרtɡA а NFS server ҴѪɮרt|ڥH򨭥hsHO dmtsai ROH

  |oݩOHoO] NFS AȨèSi樭nJѧOA ҥHASAbΤݥH dmtsai QnsAݪɮרtɡA Aݷ|HΤݪϥΪ UID P GID ΨӹŪAݪɮרtCoɦӦêDNTI NOpGΤݻPAݪϥΪ̨ä@PH ڭ̥HUoӹϥܨӻ@UnFG

  NFS AݻPΤݪϥΪ̨T{E
  13.1-3BNFS AݻPΤݪϥΪ̨T{E

  SڥH dmtsai oӤ@먭ϥΪ̭nhsӦۦAݪɮ׮ɡAAn`N쪺OG ɮרt inode ҰOݩʬ UID, GID ӫDbPsœWC @ Linux DE|DʪHۤv /etc/passwd, /etc/group Ӭd߹RϥΪ̡BsœW١C ҥHS dmtsai iJMؿA|ѷ NFS client 1 ϥΪ̻PsœW١C OѩMؿɮץDnӦ NFS server AҥHiN|o{XӱpG

  • NFS server/NFS client nۦPbPsœ
   hɨϥΪ̥iH^H dmtsai iAҴѪɮרtsC

  • NFS server 501 o UID bR vbird
   Y NFS AW /etc/passwd ̭ UID 501 ϥΪ̦W٬ vbird ɡA hΤݪ dmtsai iHsAݪ vbird oӨϥΪ̪ɮ׳Iu]̨㦳ۦP UID ӤwCoNyܤjDFI]SHiHOҥΤݪ UID ҹRb|PAݬۦPA AҴѪƤNi|Qh~ϥΪ̶çH

  • NFS server èS 501 o UID
   t@ӷݪpOAbAݨèS 501 o UID sbAh dmtsai bMؿU|QYΦW̡A @ NFS ΦW̷|H UID 65534 ϥΪ̡A Linux distributions o 65534 bWٳq`O nobody Aڭ̪ CentOS hW nfsnobody Cɤ]|SpAҦpbAݤ /tmp pUA dmtsain RO|O 501 إߪUƦbAݨӬݡAN|ݩL֦̪ơC

  • pGϥΪ̨O root
   ӤSϥΪ̡ANOC Linux DE UID 0 root C Q@QApGΤݥiH root hsAݪɮרtɡAAݪƭO@ʡH ҥHbw]pUA root |QDʪYΦWC

  `AΤݨϥΪ̯వƱOP UID Ψ GID }ASΤݻPAݪ UID αbR@PɡA iN|yɮרtϥΤWxZAoӴNO NFS ɮרtbϥΤW@ӫܭnaI ӦbAϥΪ̱bP UID ɮרt}YAnڦbΤݥH NFS ΦAݪɮרtɡA ARoݭn㦳G

  • NFS A}igJv (P /etc/exports ]w})F
  • ڪɮv㦳igJ (w) vC

  SAF (1)ϥΪ̱bAY UID }F (2)NFS A\gJvF (3)ɮרtT㦳 w vɡAA~㦳MɮתigJvI רO (UID) T{`A̮edhTI]]pA ҥH NFS q`ݭnP NIS (Q|) o@ӥiHT{ΤݻPAݨ@PAȷftϥΡAHקKhÔ[I ^_^

  Tips:
  AoӤp`ƤרO^IJ NFS server B͡C]AAiHL 13.1.4 oӤp`C OAbAŪPثҦ@AOo^oӤp`ӦAd\@ؤeA۫H|i@B{ѪI
  mϥ

  jADϥ13.2 NFS Server ݪ]w

  JMnϥ NFS ܡANonwU NFS һݭnnFIUڭ̬dߤ@UtLwUһݭnnA NFS n骺[cHΦp]w NFS AaI ^_^


  pADϥ13.2.1 һݭnn

  H CentOS 6.x ҪܡAn]wn NFS Aڭ̥nӳn~AOOG

  • RPC D{Grpcbind

   NpP责Aڭ̪ NFS iHQ@ RPC AȡAӭnŰʥ@ RPC AȤeAڭ̳ݭnn port R (mapping) u@~AoӤu@NOy rpcbind zoӪAȩҭtdI]NOA bŰʥ@ RPC AȤeAڭ̳ݭnŰ rpcbind ~I (b CentOS 5.x Heoӳn٬ portmapAb CentOS 6.x ~٬ rpcbind I)

  • NFS D{Gnfs-utils

   NO rpc.nfsd rpc.mountd o NFS daemons PL} documents PBɆΪnIoӴNO NFS AȩһݭnDnnTI@wnI

  nFADڭ̻ݭnoӳn餧A{bFHԒ֥hAt RPM ݤ@USoӳnTI SԒ֥ RPM yum hwUIMNUhFI

  DG
  аݧڪDEOH RPM M޲z Linux distribution AҦp Red Hat, CentOS P SuSE ΪAڭnp󪾹DڪDḘO_wgwUF rpcbind P nfs }nOH
  G
  ̔xϥΡy rpm -qa | grep nfs zPy rpm -qa | grep rpcbind zYiDTIpGSwUܡA b CentOS iHϥΡy yum install nfs-utils zӦwUI


  pADϥ13.2.2 NFS nc

  NFS oөNNuO̔xAWڭ̴쪺 NFS n餤A]wɥu@ӡAɤ]hA Oɤ]TTӤwoIԒӬݤ@ݧaI ^_^

  • Dn]wɡG/etc/exports
   oɮ״NO NFS Dn]wɤFILAtèSw]ȡAҥHoɮסy @w|sbzAAiॲnϥ vim Dʪإ߰_oɮ׳Iڭ̆Τ@Unͪ]w]ȥuOoɮצӤwoI

  • NFS ɮרt@OG/usr/sbin/exportfs
   oӬO@ NFS ɸ귽OAڭ̥iHQγoӫOs /etc/exports ܧ󪺥ؿ귽BN NFS Server ɪؿέsɆΆΡAoӫOO NFS ṱSn@ӳIܩOΪkڭ̦bU|C

  • ɸ귽nɡG/var/lib/nfs/*tab
   b NFS Anɳm /var/lib/nfs/ ؿ̭AbMؿUӤnnɡA @ӬO etab ADnOF NFS ҤɥXӪؿv]wȡFt@ xtab hOgs즹 NFS A}ΤݸơC

  • ΤݬdߦAɸ귽OG/usr/sbin/showmount
   oOt@ӭn NFS OCexportfs OΦb NFS Server ݡA showmount hDnΦb Client ݡCo showmount iHΨԎ NFS ɥXӪؿ귽I

  NaIDnNOoXoI


  pADϥ13.2.3 /etc/exports ]wɪykPӋ

  b}l NFS A]weAAnAOANFS |^ϥΨ֤ߥ\AҥHA֤ߥn䴩 NFS ~CU@pGA֤ߪp 2.2 AΪ̭sۦsL֤ߪܡANonܪ`NTI]Ai|ѰO NFS ֤ߤ䴩[I

  RnAڭ CentOS Ϊ̬OL Linux Aw]֤߳q`O䴩 NFS \઺AҥHAunT{A֤ߪOثes 2.6.x AåBϥΧA distribution ҴѪ֤ߡARMN|DTI

  Tips:
  W|zoӰD]OAHemܳwۦs@ӯSO֤ߡAOYs֤߮ɡAoѰO[WF NFS ֤ߥ\AG NFS server LAp]d_ӡ̫~Qӭ֤ͪ߬ODW...
  mϥ

  ܩ NFS A[]b̔xAAunsnDn]w /etc/exports AŰ rpcbind (YwgŰʤFANnsŰ)AMAŰ nfs AA NFS N\FI Lo˪]w_ΤݥͮġHNonҼ{Av譱]wOFCoܤֻAڭ̴N^Ӭݬݨ /etc/exports RMp]waIY distributions ä|Dʴ /etc/exports ɮסAҥHЧAۦʫإߥaC

  [root@www ~]# vim /etc/exports
  /tmp     192.168.100.0/24(ro)  localhost(rw)  *.ev.ncku.edu.tw(ro,sync)
  [ɥؿ]  [Ĥ@DE(v)]   [iΥDEW]  [iθUΦr]
  

  AݬݡAoӳ]wɦ^̔xaIC@̫eOnɥXӪؿA`NIOHؿx[I MoӥؿiH̷ӤPvɵPDEA^mWҤlOG nN /tmp OɵTӤPDEκkNCOoDE᭱HpA () ]pvӋA YvӋ@ӮɡAhHr (,) }CBDEWPpAOsb@_Iboɮפ]iHQ # ӵOC

  ܩDEW٪]wDnXӤ覡G

  • iHϥΧ㪺 IP Ϊ̬OkAҦp 192.168.100.10 192.168.100.0/24 A 192.168.100.0/255.255.255.0 iH^I

  • ]iHϥΥDEW١AoӥDEW٥nb /etc/hosts AΥiϥ DNS MW٤~[IϥIOi IP NOFCpGODEW٪ܡALiH䴩UΦrAҦp * ? i^C

  ܩv譱 (NOpAӋ) `ӋhG

  Ӌe
  rw
  ro
  MؿɪvOiŪg (read-write) ΰŪ (read-only)A̜णŪgAROPɮרt rwx Ψ}C
  sync
  async
  sync NƷ|PBgJOPwФAasync hNƷ|ȦsOSAӫD^gJwСI
  no_root_squash
  root_squash
  Τݨϥ NFS ɮרtbY root ɡAtMpP_oӱbHw]pUAΤ root | root_squash ]wY nfsnobodyA pAt|OCpGAQn}Τݨϥ root Ӿާ@AɮרtAo̴Non} no_root_squash ~I
  all_squashAnJ NFS ϥΪ̨A L|QYΦWϥΪ̡Aq`]NO nobody(nfsnobody) TI
  anonuid
  anongid
  anon N anonymous (ΦW) e} *_squash 쪺ΦWϥΪ̪ UID ]wȡAq` nobody(nfsnobody)AOAiHۦ]wo UID ȡISMAo UID ݭnsbA /etc/passwd SI anonuid O UID anongid hOsœ GID oC

  oOXӤ`vӋApGAêLӋɡAЦۦ man exports iHo{ܦhêơC ^Uӧڭ̧QΤWzXӰӋګҤ@UXӦêpDG

  D@G root O root v
  ڷQN /tmp ɥXhjaϥΡAѩoӥؿӴNOjaiHŪgA]QҦHiHsC~Aڭn root gJɮRO㦳 root vAp]p]wɡH
  G
  [root@www ~]# vim /etc/exports
  # HiHΧڪ /tmp AθUΦrӳBzDEW١AIb no_root_squash
  /tmp *(rw,no_root_squash)
  
  DEW٥iHϥθUΦrAWYܵLAӦۭ̳iHϥΧڪ /tmp oӥؿC AAy *(rw,no_root_squash) zo@]wȤOSťզrI /tmp P *(rw,no_root_squash) hOťզrӹj}ISO`N쨺 no_root_squash \IboӨҤlApGAOΤݡAӥBAOH root nJA Linux DEASA mount WڳoDE /tmp AAbM mount ؿSAN㦳yroot vIz

  DGGP@ؿw藍Pd}񤣦Pv
  ڭnN@Ӥ@ؿ /home/public }XhAOuwڪk 192.168.100.0/24 oӺkB[J vbirdgroup (Ĥ@تDإߪsœ) Τ~^ŪgALӷhuŪC
  G
  [root@www ~]# mkdir /home/public
  [root@www ~]# setfacl -m g:vbirdgroup:rwx /home/public
  [root@www ~]# vim /etc/exports
  /tmp     *(rw,no_root_squash)
  /home/public 192.168.100.0/24(rw)  *(ro)
  # ~}[b᭱A`NAڦNDEPkq (Ϊťչj}) I
  
  WҤlOASڪ IP Ob 192.168.100.0/24 oӺqɭԡASڦb Client ݱF Server ݪ /home/public AwoӳQڱؿڴN㦳iHŪgv ܩpGڤOboӺqAoӥؿƧڴNȯŪӤwAYŪݩTI

  ݭn`NOAUΦrȯΦbDEW٪~WAIP κqNu 192.168.100.0/24 pA iHϥ 192.168.100.* I

  DTGȵYx@DEϥΪؿ]w
  ڭnN@ӨpHؿ /home/test } 192.168.100.10 o Client ݪEӨϥήɡAMp]wH ]ϥΪ̪O dmtsai ~㦳㪺vɡC
  G
  [root@www ~]# mkdir /home/test
  [root@www ~]# setfacl -m u:dmtsai:rwx /home/test
  [root@www ~]# vim /etc/exports
  /tmp     *(rw,no_root_squash)
  /home/public 192.168.100.0/24(rw)  *(ro)
  /home/test  192.168.100.10(rw)
  # un]w IP TYiI
  
  o˴N]wFIӥBAu 192.168.100.10 oE~ /home/test oӥؿisI

  D|G}ΦWnJp
  ڭn *.centos.vbird kDEAnJڪ NFS DEɡAiHs /home/linux AOL̦sƪɭԡAڧƱL̪ UID P GID ܦ 45 oӨϥΪ̡A] NFS AW UID 45 P GID 45 Τ/sœW٬ nfsanonC
  G
  [root@www ~]# groupadd -g 45 nfsanon
  [root@www ~]# useradd -u 45 -g nfsanon nfsanon
  [root@www ~]# mkdir /home/linux
  [root@www ~]# setfacl -m u:nfsanon:rwx /home/linux
  [root@www ~]# vim /etc/exports
  /tmp     *(rw,no_root_squash)
  /home/public 192.168.100.0/24(rw)  *(ro)
  /home/test  192.168.100.10(rw)
  /home/linux  *.centos.vbird(rw,all_squash,anonuid=45,anongid=45)
  # pGn}ΦWAIO all_squashAåBntX anonuid I
  
  SO`N쨺 all_squash P anonuid, anongid \Ip@ӡAS clientlinux.centos.vbird nJo NFS DEAåBb /home/linux gJɮ׮ɡAMɮתҦHPҦsœAN|ܦ /etc/passwd ̭R UID 45 ӨϥΪ̤FI

  W|ӮרҪvpG̷13.1.4 s]wvӫҪܡA v|O򱡪pOHڭ̨ˬd@UG


  • ΤݻPAݨ㦳ۦP UID PbG

  ]ڦb 192.168.100.10 nJo NFS (IP ] 192.168.100.254) AAåBڦb 192.168.100.10 b dmtsai oӨAPɡAbo NFS W] dmtsai oӱbA è㦳ۦP UID AGupܡAG

  1. ѩ 192.168.100.254 o NFS A /tmp v -rwxrwxrwt AҥH (dmtsai b 192.168.100.10 W) b /tmp U㦳svAåBgJɮשҦH dmtsai F
  2. b /home/public SAѩڦŪgvAҥHpGb /home/public oӥؿv dmtsai }gJܡAڴNiHŪgAåBڼgJɮשҦHO dmtsai COU@ /home/public dmtsai oӨϥΪ̨èS}iHgJvɡA ROSkgJɮ׳IoIЯSOdNI
  3. b /home/test SAڪvP /home/public ۦPAIRݭn NFS A /home/test dmtsai }vF
  4. b /home/linux SNꐷСI]AAOR user AA@w|Qܦ UID=45 oӱbIҥHAoӥؿNݭnw UID = 45 ӱbW١AקLv~I


  • ΤݻPAݪbåۦPɡG

  pڦb 192.168.100.10 vbird (uid 600)AO 192.168.100.254 o NFS DEoS uid=600 bɡAp|ܦ˩OH

  1. ڦb /tmp UROiHgJAuOMɮתv|O UID=600 A]Aݬݰ_ӴN|ǩǪA ]䤣 UID=600 oӱbܡAGɮ׾̷֦|W 600 I
  2. ڦb /home/public ̭O_iHgJARݭn /home/public vөwALAѩS[W all_squash ӋA ]bMؿU|OdΤݪϥΪ UIDAPW@IҥܡC
  3. /home/test [IP /home/public ۦPI
  4. /home/linux UAڪNQܦ UID = 45 ӨϥΪ̴NOFI


  • SΤݪ root ɡG

  pڦb 192.168.100.10 root OH root oӱbCӨt|rIvܦ˩OH

  1. ڦb /tmp ̭iHgJAåBѩ no_root_squash ӋAܤFw] root_squash ]wȡAҥHb /tmp gJɮשҦH root I
  2. ڦb /home/public UROQY nobody FI]w]ݩʸ̭㦳 root_squash OIҥHApG /home/public w nobody }gJvɡAڴNiHgJAOɮשҦHܦ nobody NOFI
  3. /home/test P /home/public ۦPF
  4. /home/linux pA root ]QY UID = 45 ӨϥΪ̤FI


  o˪vAAiHAFܡHo̬O̭naApGo@}qLFAUNNNSDTI ^_^I bANŪA̦nRO^13.1.4 NFS ɮצsvnn@@@A ~ඒM NFS DI


  pADϥ13.2.4 Ű NFS

  ]wɷdwASMn}lӎŰʤ~[Iӫeڭ̤]LANFS ŰRݭn rpcbind U~[I ҥHԒӎŰʧaI

  [root@www ~]# /etc/init.d/rpcbind start
  # pG rpcbind ӴNwgbFANݭnŰʔ[I
  
  [root@www ~]# /etc/init.d/nfs start
  # ɭԬY distributions i|X{pUĵiTG
  exportfs: /etc/exports [3]: No 'sync' or 'async' option specified 
  for export "192.168.100.10:/home/test".
   Assuming default behaviour ('sync').
  # WĵiTȬObi]ڭ̨Sw sync async ӋA
  # h NFS Nw]|ϥ sync TӤwCAiHzLA]iH[J /etc/exportsC
  
  [root@www ~]# /etc/init.d/nfslock start
  [root@www ~]# chkconfig rpcbind on
  [root@www ~]# chkconfig nfs on
  [root@www ~]# chkconfig nfslock on
  

  rpcbind ڥNݭn]wIun^ŰʥNiHTIŰʤA|X{@ port 111 sunrpc AȡANO rpcbind TIܩ nfs h|Űʦܤ֨ӥHW daemon X{IMN}lbo Client ݪݨDTIAnܪ`N݁WKXTA ]pG]wɼghܡA݁W|ܥXh~aI

  ~ApGAQnW[@ NFS AƤ@Pʥ\ɡAiݭnΨ rpc.lockd rpc.statd RPC AȡA γ\AiHW[@ӪAȡANO nfslock oIŰʤAԒ֨ /var/log/messages ̭ݬݦSQTŰʩOH

  [root@www ~]# tail /var/log/messages
  Jul 27 17:10:39 www kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
  Jul 27 17:10:54 www kernel: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state 
  recovery directory
  Jul 27 17:10:54 www kernel: NFSD: starting 90-second grace period
  Jul 27 17:11:32 www rpc.statd[3689]: Version 1.2.2 starting
  

  bT{ŰʨSDA^Uӧڭ̨@@@ NFS 쩳}FǰfH

  [root@www ~]# netstat -tulnp| grep -E '(rpc|nfs)'
  Active Internet connections (only servers)
  Proto Recv-Q Send-Q Local Address Foreign Address State  PID/Program name
  tcp    0   0 0.0.0.0:875  0.0.0.0:*    LISTEN 3631/rpc.rquotad
  tcp    0   0 0.0.0.0:111  0.0.0.0:*    LISTEN 3601/rpcbind
  tcp    0   0 0.0.0.0:48470 0.0.0.0:*    LISTEN 3647/rpc.mountd
  tcp    0   0 0.0.0.0:59967 0.0.0.0:*    LISTEN 3689/rpc.statd
  tcp    0   0 0.0.0.0:2049  0.0.0.0:*    LISTEN -
  udp    0   0 0.0.0.0:875  0.0.0.0:*        3631/rpc.rquotad
  udp    0   0 0.0.0.0:111  0.0.0.0:*        3601/rpcbind
  udp    0   0 0.0.0.0:897  0.0.0.0:*        3689/rpc.statd
  udp    0   0 0.0.0.0:46611 0.0.0.0:*        3647/rpc.mountd
  udp    0   0 0.0.0.0:808  0.0.0.0:*        3601/rpcbind
  udp    0   0 0.0.0.0:46011 0.0.0.0:*        3689/rpc.statd
  

  `NݨWI`@ͤFnh port IuOiȡILDnfOG

  • rpcbind Űʪ port b 111 APɎŰʦb UDP P TCPF
  • nfs AȎŰʦb port 2049 WYI
  • L rpc.* AȎŰʪ port hOHEͪA]ݦV port 111 UC

  nFAګ򪾹DC RPC AȪUpHS}YAAiHϥ rpcinfo [ԎC

  [root@www ~]# rpcinfo -p [IP|hostname]
  [root@www ~]# rpcinfo -t|-u IP|hostname {W
  ﶵPӋG
  -p GwY IP (ghw]E) ܥXҦ port P porgram TF
  -t GwYDEY{ˬd TCP ʥ]Ҧbn骩F
  -u GwYDEY{ˬd UDP ʥ]Ҧbn骩F
  
  # 1. ܥXثeoDE RPC A
  [root@www ~]# rpcinfo -p localhost
    program vers proto  port service
    100000  4  tcp  111 portmapper
    100000  3  tcp  111 portmapper
    100000  2  tcp  111 portmapper
    100000  4  udp  111 portmapper
    100000  3  udp  111 portmapper
    100000  2  udp  111 portmapper
    100011  1  udp  875 rquotad
    100011  2  udp  875 rquotad
    100011  1  tcp  875 rquotad
    100011  2  tcp  875 rquotad
    100003  2  tcp  2049 nfs
  ....(Uٲ)....
  # {N NFS ʥ] f AȦW
  
  # 2. w nfs oӵ{ˬd}n骩T (Ԏ TCP ʥ])
  [root@www ~]# rpcinfo -t localhost nfs
  program 100003 version 2 ready and waiting
  program 100003 version 3 ready and waiting
  program 100003 version 4 ready and waiting
  # io{ nfs @TRAOO 2, 3, 4 I
  

  JN@@AWX{TSF{WٻPfRiHP netstat -tlunp KXG@蠟~ARݭn`N NFS 䴩Is NFS ljKt׸֡AѤWݰ_ӡAڭ̪ NFS ܤ֤䴩 4 ARMRXzTI ^_^I pGA rpcinfo LkKXANܵUƦDTIiݭnsŰ rpcbind P nfs I


  pADϥ13.2.5 NFS su[Ԏ

  bA NFS A]wSAڭ̥iHb server ݥۧڴ@UO_iHsuINOQ showmount oӫOӬd\I

  [root@www ~]# showmount [-ae] [hostname|IP]
  ﶵPӋG
  -a GܥثeDEPΤݪ NFS suɪAF
  -e GܬYDE /etc/exports ҤɪؿơC
  
  # 1. ܥXڭ̩ҳ]wn} exports ɥؿT
  [root@www ~]# showmount -e localhost
  Export list for localhost:
  /tmp     *
  /home/linux *.centos.vbird
  /home/test  192.168.100.10
  /home/public (everyone)
  

  ̔xaIҥHASAnˬY@DELѪ NFS ɪؿɡANϥ showmount -e IP (hostname) YiID`KaIo]O NFS client ݳ̱`ΪOI t~A NFS }ؿv]wƫD`hIb /etc/exports uOSOvӋӤwARܦhw]ӋOI oǹw]ӋbHڭ̥iHˬd@U /var/lib/nfs/etab NDFI

  [root@www ~]# tail /var/lib/nfs/etab
  /home/public  192.168.100.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,
  no_all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534)
  # WOP@AiHݥXF rw, sync, root_squash ΆΡA
  # R anonuid anongid ΆΪ]wI
  

  WȶȬO@ӤpdҡAzLR anonuid=65534 /etc/passwd A|o{ CentOS X{O nfsnobody TIoӱbbPi|@˪It~ApGLΤݱFA NFS ɮרtɡAMΤݻPɮרtTN|QO /var/lib/nfs/xtab YhI

  t~ApGAQnsBz /etc/exports ɮסASs]w /etc/exports ݤݭnsŰ nfs H ݭnTIpGsŰ nfs ܡAnoAV RPC UIꐷСoӮɭԧڭ̥iHzL exportfs oӫODI

  [root@www ~]# exportfs [-aruv]
  ﶵPӋG
  -a G(Ψ) /etc/exports ɮפ]w
  -r Gs /etc/exports ̭]wA~APBs /etc/exports
     /var/lib/nfs/xtab eI
  -u GY@ؿ
  -v Gb export ɭԡANɪؿܨ݁WI
  
  # 1. s@ /etc/exports ]w
  [root@www ~]# exportfs -arv
  exporting 192.168.100.10:/home/test
  exporting 192.168.100.0/24:/home/public
  exporting *.centos.vbird:/home/linux
  exporting *:/home/public
  exporting *:/tmp
  
  # 2. Nwgɪ NFS ؿ귽Aqq
  [root@www ~]# exportfs -auv
  # oɦpGAAϥ showmount -e localhost N|ݤ귽FI
  

  nx@UoӫOΪkIoˤ@ӡANiH^s exportfs ڭ̪Ob /etc/exports ؿoIOnSOdNApGAȦBz]wɡAèS۹Rؿ (/home/public Υؿ) iHѨϥΔ[I i|X{@ĵiTIҥHOonإߤɪؿ~I


  pADϥ13.2.6 NFS w

  b NFS wʤWAǦaOAnDIUڭ̤Oӽͤ@͡G


  • ]wDPMסG

  @ӻA NFS Aȶȷ|鷺k}A|ں}񪺡CMӡApGASݨDܡA ]i|wPkNOFCOANFS SOdAOH]FTw port 111, 2049 ~A RܦhTwfO rpc.mountd, rpc.rquotad ΪAȩҶ}ŪAҥHAA iptables N]wWhI HDӨEn~iHH

  FMoӰDA CentOS 6.x Ѥ@өTwSw NFS AȪf]wɡANO /etc/sysconfig/nfs TI Aboɮ׸̭N^wSwfAo˨CŰ nfs ɡA}AȎŰʪfN|TwAp@ӡA ڭ̴N^]wToIoӳ]wɤeܦhAʎjƧAnhAun PORT o}gr}ƧYiC ݭn諸 rpc AȦǩOHDn mountd, rquotad, nlockmgr oTӡAҥHARMno˧G

  [root@www ~]# vim /etc/sysconfig/nfs
  RQUOTAD_PORT=1001  <==b 13 楪k
  LOCKD_TCPPORT=30001 <==b 21 楪k
  LOCKD_UDPPORT=30001 <==b 23 楪k
  MOUNTD_PORT=1002  <==b 41 楪k
  # Oo]wȳ̥䪺Aȭn~AfȧA]iHۦMwC
  
  [root@www ~]# /etc/init.d/nfs restart
  [root@www ~]# rpcinfo -p | grep -E '(rquota|mount|nlock)'
    100011  2  udp  1001 rquotad
    100011  2  tcp  1001 rquotad
    100021  4  udp 30001 nlockmgr
    100021  4  tcp 30001 nlockmgr
    100005  3  udp  1002 mountd
    100005  3  tcp  1002 mountd
  # WzKXƤwgQmJLFASΨ쪺fFTI
  

  ܥiȧaIpGQn} NFS OkBͨϥΡASQn֦LAȪnJ\A ANon}WzQӰfTI^ꐷЪ㰲]AQn} 120.114.140.0/24 oӺkH^ϥΧAoA NFS 귽AB]AwgϥĤEشѪ}A ARono˰~^wMkG

  [root@www ~]# vim /usr/local/virus/iptables/iptables.allow
  iptables -A INPUT -i $EXTIF -p tcp -s 120.114.140.0/24 -m multiport \
       --dport 111,2049,1001,1002,30001 -j ACCEPT
  iptables -A INPUT -i $EXTIF -p udp -s 120.114.140.0/24 -m multiport \
       --dport 111,2049,1001,1002,30001 -j ACCEPT
  
  [root@www ~]# /usr/local/virus/iptables/iptables.rule
  # `Onso˨Wh~|QͮĔ[IOѰOIOѰOI
  


  • ϥ /etc/exports ]wwvG

  oNoAA޿ҤFI]wS}YAObyKQzPywzAnAwIoI root_squash all_squash Υ\AAQ anonuid ΆΪ]wӳWdnJADEϥΪ̨IRMROkѤ@Ӹw NFS AI

  t~ASMTAA NFS Aɮרtv]w]ݭnܯdNI nHK]w -rwxrwxrwx Ao˷|yAtyܤjxZz[I


  • w partition WُG

  pGAu@줤A㦳h Linux DEAåBwpɥXؿɡAbwU Linux ɭԡA̦nNiHWُX@ partition @wdΡC]y NFS iHwؿӤzA]AAiHNwd partition b@ӱIAANMI (NOؿTI) /etc/exports ]wɥXhAӤu@줤L Linux DENiHϥM NFS Awd partition FIҥHAbDEWُWADnݭndNu partition ӤwC~Aѩɪ partition ieQJIA̦niHwM partition ]wY檺Ӌb /etc/fstab SI

  ~ApGAΰ^nA|ҨӻAܦhHwϥiHΪkAYӨtu@Ӯڥؿ partition ӤwCo˰|DOH]AɪO /home oӵ@Τ᪺ؿnFAǨϥΪ\oo NFS ϺФӦnΤFA GϥΪ̴NNL@jͼȦsƳqqio NFS ϺФCQ@QApGӮڥؿN]o /home QzFA AtN|yLkŪgxZC]A@Ө}nγWُAΪ̬OQκϺаtBӭROܭnu@C


  • NFS A}Ee`NƶG

  ݭn`NOAѩ NFS ϥΪo RPC AȡASΤݳsWAɡAAAQn}EA iN|yi઺ȡzIpGAAWRΤݦbsuAAn}EA ionΨӋY~^`}E\IӡIuI۫HܡHMAۭӨݡI^_^I

  ҥHoAijA NFS Server Qn}EeAy} rpcbind P nfs zoӪFI pGLkTNo daemons }AH netstat -utlp X PID AMH kill NL}Ioˤ~k`}E\IoӽЯSOSO`NOI

  SMTAA]iHQ showmount -a localhost ӬdXӨӥΤRbsuH Ϊ̬Od\ /var/lib/nfs/rmtab xtab ɮרˬdiCoǥΤݫA iH^ call L̔[IL̯^DDI ^_^

  WAΤݥH NFS suAݮɡApGL̥iHUF@ǤywzӋɡA N^ֳo譱DI}wʥiHѦҤU@p` ΤݥiBzӋP}EC


  jADϥ13.3 NFS Τݪ]w

  JM NFS ḀDnu@NOɮרtWLΤݡAҥHΤSMonoӪNoI ~AAݥiH[]ӫO@ۤvɮרtAΤݱMɮרtADݭnO@ۤvH IҥHUڭ̭nӽͤ@ʹX NFS ΤݪDC


  pADϥ13.3.1 ʱ NFS Aɪ귽

  Anp󱾸 NFS AҴѪɮרtOH򥻤WAiHo˰G

  1. T{aݤwgŰʤF rpcbind AȡI
  2. NFS AɪؿǡAAڭ̬O_iHϥ (showmount)F
  3. baݫإ߹wpnIؿ (mkdir)F
  4. Q mount NhݥDE^}ؿC

  nA{b]Τݦb 192.168.100.10 oEWAӦAO 192.168.100.254 A Ԓˬd@Uڭ̬O_wg rpcbind ŰʡAt~hݥDEiΪؿOI

  # 1. ŰʥQAȡGYSŰʤ~ŰʡAŰʫhOˤʡC
  [root@clientlinux ~]# /etc/init.d/rpcbind start
  [root@clientlinux ~]# /etc/init.d/nfslock start
  # @ӻAtw]|Ű rpcbind ALme}LAҥHnŰʡC
  # t~ApGAݦŰ nfslock ܡAΤݤ]nŰʤ~ͮġI
  
  # 2. dߦAѭǸ귽ڭ̨ϥΩOH
  [root@clientlinux ~]# showmount -e 192.168.100.254
  Export list for 192.168.100.254:
  /tmp     *
  /home/linux *.centos.vbird
  /home/test  192.168.100.10
  /home/public (everyone)  <==oOΤ@Uڭ̭nؿ
  

  ^UӧڷQnNhݥDE /home/public 쥻aݥDE /home/nfs/public A ҥHڴNonbaݥDEإ߰_oӱIؿ~[IMNiH mount oӫO^ NFS ɮרtoI

  # 3. إ߱IAåBڱݬoI
  [root@clientlinux ~]# mkdir -p /home/nfs/public
  [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/public \
  > /home/nfs/public
  # `N@UykIy -t nfs zwɮרtA
  # IP:/dir hOwY@DEYӴѪؿIt~ApGX{pUh~G
  mount: 192.168.100.254:/home/public failed, reason given by server: No such file 
  or directory
  # oNAb Server WèSإ /home/public TIۤvbAݫإߥLaI
  
  # 4. `Oonݬݱ᪺ppAiHϥ df mount TI
  [root@clientlinux ~]# df
  ɮרt        1K-Ϭq   w   i w% I
  ....(ٲ)....
  192.168.100.254:/home/public
              7104640  143104  6607104  3% /home/nfs/public
  

  `N@U NFS ɮת榡dҳIIo˴NiHNƱiTIЪ`NI HAunAiJAؿ /home/nfs/public NΩF 192.168.100.254 hݥDE /home/public ӥؿoIܤhaIܩAbMؿUvH NЧA^he@p`d@dvҧaI ^_^ IpN NFS ؿOHNϥ umount [I

  [root@clientlinux ~]# umount /home/nfs/public
  

  pADϥ13.3.2 ΤݥiBzӋP}E

  @IΤݪu@̔xaILֱoASQLApGA豾쥻E /home/nfs/public ɮרtSAt@ script ABo script ey rm -rf / zBMɮv 555 A PpGA]n_LUhAiAF]Өt|QIuiuI

  ҥHAF NFS AݭnO@~Aڭ̨ΤHa NFS ɮרt]ݭnۧګO@~[I npۧګO@[HiHzL mount OӋI]AUoǥDnӋiH[JG

  ӋӋNNqtw]
  suid
  nosuid
  ֱoO SUID aHpG partition W SUID binary {ɡA Aunϥ nosuid N^ SUID \FIӡHDO SUID HNnHa[I@_@I Ԓ^h߽gĤTƲߤ@UĤQCءB{ǻP귽޲zTI suid
  rw
  ro
  AiHwMɮרtOŪ (ro) ΥiŪgIAiHѵAiŪgA OΤݥiHȤ\ŪӋ]wȡI rw
  dev
  nodev
  O_iHOdUmɮתS\H@ӻu /dev oӥؿ~|SUmA]AiH nodev Idev
  exec
  noexec
  O_㦳 binary file vH pGAQnȬOư (Ҧp /home)AiH noexec [Iexec
  user
  nouser
  O_\ϥΪ̶iɮתP\H pGnO@ɮרtA̦nnѨϥΪ̶i汾PaInouser
  auto
  noauto
  o auto Oymount -azɡA||QءC pGAݭno partition HɳQAiH]w noautoCauto

  @ӻApGA NFS AҴѪuO /home UӤHơA RMݭniBSUID PUmɮסA]SAbɭԡAiHoˤUFOG

  [root@clientlinux ~]# umount /home/nfs/public
  [root@clientlinux ~]# mount -t nfs -o nosuid,noexec,nodev,rw \
  > 192.168.100.254:/home/public /home/nfs/public
  
  [root@clientlinux ~]# mount | grep addr
  192.168.100.254:/home/public on /home/nfs/public type nfs (rw,noexec,nosuid,
  nodev,vers=4,addr=192.168.100.254,clientaddr=192.168.100.10)
  

  oˤ@ӧAұoɮרtNu@ƦsΡA۹ӻAΤݬOw@ǪC ҥHAo nosuid, noexec, nodev ΆΪӋioOo[I


  • } NFS SӋ

  FWz mount Ӌ~Aw NFS AA̪ Linux RѤ֦ΪB~ӋIoǯSӋRD`ΩOI OH|ҨӻAѩɮרt Linux OD`nFA]ڭ̶iʧ@ɡAunΨɮרtA ӥؿtN|DʪhdߥICpGA NFS APΤݤsu]DA Ϊ̬OAݥ}EFAoSqΤݡAΤݥunʨɮרtO (Ҧp df, ls, cp Ά) AӨtN|CzI]AnΨɮרtjMΫݹOɫAt~|ǤFAI(mιL df O 30 L...)

  FקKoǧxZAڭR@B~ NFS ӋiΡIҦpG

  ӋӋ\w]Ӌ
  fg
  bg
  S汾ɡAM欰|be (fg) RObI (bg) H YbeɡAh mount |A즨\ time out AYIA h mount |bIhi mount AӤ|vTe{Ǿާ@C pGAsuITwAάOA``ݭn}}EAijϥ bg SCfg
  soft
  hard
  pGO hard pAhS̤@DEmuAh RPC |򪺩IsA_suCpGO soft ܡA RPC |b time out yơzIsAӫDyzIsA ]t|oCPWApGAAi}}}}Aij soft I hard
  intrSAϥΤWY쪺 hard 覡ɡAY[W intr oӰӋA hS RPC IsAMIsOiHQ_ (interrupted)CS
  rsize
  wsize
  ŪX(rsize)PgJ(wsize)϶jp (block size)C oӳ]wȥiHvTΤݻPAݶljKƪweOЮeqC@ӻA pGbk (LAN) AåBΤݻPAݳ㦳^OAoӭȥiH]wj@IA p 32768 (bytes) ΡAɽweOа϶Ni NFS ɮרtljKOI n`N]wȤ]nӤjA̦nOF^ljK̤jȬC rsize=1024
  wsize=1024

  hӋiHѦ man nfs KXƳI q`pGA NFS OΦb@tB@SܡAiHij[WoǰӋG

  [root@clientlinux ~]# umount /home/nfs/public
  [root@clientlinux ~]# mount -t nfs -o nosuid,noexec,nodev,rw \
  > -o bg,soft,rsize=32768,wsize=32768 \
  > 192.168.100.254:/home/public /home/nfs/public
  

  hSA 192.168.100.254 oA]YǦ]ӲmuɡAA NFS iH~bISƪIsI NFS AAפWuCotާ@RODUTI SMTA rsize P wsize jphݭn̾ڧAںөwI

  Tips:
  bmڮרҤAYǤjҦBä\ soft oӰӋI|ҨӻAmDΪ CMAQ Ů~ҦA oӼҦO[cɮרtAN\ϥ soft ӋIoIݭnSOdNI
  mϥ

  • N NFS }EY

  ڭ̪D}ENIP}ӋOgJ /etc/fstab A NFS णgJ /etc/fstab SOHD`iOA iHOIԣOHR@U}Ey{Aڭ̥iHo{ŰʬObEA]SAQ /etc/fstab NFS ɡAtѩ|ŰʺAҥH֩wOLk\TIH̔xINgJ /etc/rc.d/rc.local YiI

  [root@clientlinux ~]# vim /etc/rc.d/rc.local
  mount -t nfs -o nosuid,noexec,nodev,rw,bg,soft,rsize=32768,wsize=32768 \
  192.168.100.254:/home/public /home/nfs/public
  

  pADϥ13.3.3 Lk]R

  pGΤݴNOLkAݩҤɪؿɡA쩳OoͤDHAiHoˤRݬݡG


  • ΤݪDEW٩ IP qQ\ϥΡG

  HWҤlӻAڪ /home/test uണ 192.168.100.0/24 oӺkAҥHpGڦb 192.168.100.254 oAAH localhost (127.0.0.1) ӱɡAN|LkWAovySDaIMAiHbAWݡG

  [root@www ~]# mount -t nfs localhost:/home/test /mnt
  mount.nfs: access denied by server while mounting localhost:/home/test
  

  ݨ access denied FaHShTvTIpGTwA IP Sh~AгqAݡAк޲zNA IP [J /etc/exports oɮפC


  • AΥΤݬYǪAȥŰʡG

  oӳ̮eQѰOFINOѰOFŰ rpcbind oӪATIpGAbΤݵo{ mount TOoˡG

  [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/test /mnt
  mount: mount to NFS server '192.168.100.254' failed: System Error: Connection refused.
  # pGAϥ ping oo{PAOnAoӰDNO rpcbind S}TI
  
  [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/test /home/nfs
  mount: mount to NFS server '192.168.100.254' failed: RPC Error: Program not registered.
  # `Nݳ̫᭱ơATsW RPC AOA RPC iڭ̡AM{LU
  

  nNO rpcbind ѰO} (Ĥ@ӎh~)AnNOAݪ nfs ѰO}CꐷЪOA sŰʤF rpcbind OoѰOsŰʨLA (WzĤGӎh~)IMkNOhsŰ rpcbind ޲zLҦAȴNOFI


  • QɱFG

  ѩ NFS XG~}AӤkSq`O귽A]Lh NFS B (]AmHTI) S`NL NFS DC̪oX~mb޲zqǮɡAxޤ@qǥDA FߤӼF`͵m÷dA]M Linux w]Oȩ귽ӤwCѩqǪϺݭnΨ Linux NFS 귽AGOHMSk[IӴNO iptables S NFS ҨϥΨ쪺f

  ҥHASA@LkQs^ NFS AAХAݡANΤݪ IP AYTwo˴NsWA NNODTI򶒨MOHW@p`LFAѦұN NFS AfTw覡aI


  pADϥ13.3.4 ۰ʱ autofs ϥ

  b@ NFS ɮרtϥαpApGΤݭnϥΦAݩҴѪ NFS ɮרtɡAnNOob /etc/rc.d/rc.local S]w}EɱAnNonnJtʧQ mount ӱC ~AΤݱonwʪإߦnIؿAM᱾WӡCOo˪ϥαpȦIpDC


  • NFS ɮרtPsuxZG

  ڭ̪D NFS APΤݪsuγ\|íhsbA RPC oӪAȤSQApGF NFS AA@muiyt~@ѬObΫݹOɡӥBA NFS ɮרtiSO``QϥΡAYܡAɭԺnϥήɤSoqt޲zA oSܤK...[InQP\[@_@

  ҥHAڭ̂ӫҪרӰQA@Uϥ NFS G

  • iiHΤݦbϥΨ NFS ɮרtݨDɤ~t۰ʱH
  • S NFS ɮרtϥΧܫAiiH NFS ۰ʨAHקKi઺ RPC h~H

  pGFWz\ANӧTISoFOHAb{b Linux UoOiHFzQIΪNO autofs oӪATI


  • autofs ]wyG

  autofs oӪAȦbΤݹqWA|򪺰YӫwؿA ùw]wSϥΨMؿUYӦؿɡAN|oӦۦAݪ NFS ɮרt귽Aöi۰ʱʧ@C o˩γ\AIҽkAڭ̮UoӹϥܨӬݬݡG

  autofs ۰ʱ]wɤeܷN
  13.3-1Bautofs ۰ʱ]wɤeܷN

  pWϩҥܡAڭ̪ autofs Dn]wɬ /etc/auto.masterAoɮתe̔xA pWҥܡAڥunwqX̤Whؿ (/home/nfsfile) YiAoӥؿNO autofs |@򰻴ؿTC ܩɮ׫hOMؿUUؿRCb /etc/auto.nfs (oɮתɦWiۭq) ̭hiHwqXCӦؿhݦA NFS ؿ귽I

  |ҨӻGySڭ̦bΤݭnϥ /home/nfsfile/public ƮɡA autofs ~|h 192.168.100.254 AW /home/public IzBySjF 5 SϥMؿUƫAhΤݨtN|Dʪ /home/nfsfile/public zC

  ܤhΪ@ӤuaI]ΨAƮɤ~۰ʱASϥΤFN|۰ʨI ӤODžp@OIJMonΡANڭڨӾ޺t@UG


  • إߥD]w /etc/auto.master AëwSwؿ

  oӥDn]wɪe̔xAunnQ򰻴ؿΡyƹRɡzYiC ӸƹRɪɦWOiHۦ]wAbmoӨҤlSڨϥ /etc/auto.nfs өRWC

  [root@clientlinux ~]# vim /etc/auto.master
  /home/nfsfile /etc/auto.nfs
  

  WzƤݭn`NOA /home/nfsfile ؿݭnsbA] autofs |DʪإMؿI pGAإߤFAiϦӷ|XD]ATw@USMؿaI


  • إ߸ƹRɤ (/etc/auto.nfs) TPAR귽

  ڭ̩ҫw /etc/auto.nfs Oۦ]wAҥHoɮ׬OsbCoɮת榡OpOHAiHoˬݡG

  [aݦؿ] [-Ӌ] [AҴѪؿ]
  ﶵPӋG
  [aݦؿ] GNOb /etc/auto.master wؿؿ
  [-Ӌ]  GNOe@p`쪺 rw,bg,soft ΆΪӋTIiiLF
  [AҴѪؿ] GҦp 192.168.100.254:/home/public 
  
  [root@clientlinux ~]# vim /etc/auto.nfs
  public  -rw,bg,soft,rsize=32768,wsize=32768 192.168.100.254:/home/public
  testing -rw,bg,soft,rsize=32768,wsize=32768 192.168.100.254:/home/test
  temp   -rw,bg,soft,rsize=32768,wsize=32768 192.168.100.254:/tmp
  # ӋAun̫e[ - ŸYiI
  

  o˴NiHإ߹RFIn`NOA /home/nfsfile/public OݭnƥإߪI ̪ autofs |ƱpӳBzInFA^Uڭ̬ݬݦpڹB@aI


  • ڹB@P[Ԏ

  ]wɳ]wSASMNOnŰ autofs TI

  [root@clientlinux ~]# /etc/init.d/autofs stop
  [root@clientlinux ~]# /etc/init.d/autofs start
  # ܩ_ǡID`ǡICentOS 6.x autofs ϥ restart |ġIҥHm~i⦸
  

  ]AثeèSӦ 192.168.100.254 o NFS A귽ؿCnFA ڭڨ[ԎݬݴXӭnƧaIݬ /home/nfsfile ||DʪQإߡH MApGڭniJ /home/nfsfile/public ɡAɮרt|pܤƩOH

  [root@clientlinux ~]# ll -d /home/nfsfile
  drwxr-xr-x. 2 root root 0 2011-07-28 00:07 /home/nfsfile
  # JNݡAp|o{ /home/nfsfile eqO 0 IO`I]O autofs إߪ
  
  [root@clientlinux ~]# cd /home/nfsfile/public
  [root@clientlinux public]# mount | grep nfsfile
  192.168.100.254:/home/public on /home/nfsfile/public type nfs (rw,soft,rsize=32768,
  wsize=32768,sloppy,vers=4,addr=192.168.100.254,clientaddr=192.168.100.10)
  # WKXOP@I@IMX{oӪNI]O۰ʱI
  
  [root@clientlinux public]# df /home/nfsfile/public
  ɮרt        1K-Ϭq   w   i w% I
  192.168.100.254:/home/public
              7104640  143104  6607040  3% /home/nfsfile/public
  # ɮת]X{ShI
  

  IuOn[Ip@ӡApGuݭnΨMؿɡAt~|h۹諸AWI YO@}lSϥΡAMؿN|QOIo˴N֤FܦhnϥήETIRhΧaI ^_^


  jADϥ13.4 רҺtm

  ڭ̨ӰںtmAbmߤeAбNA NFS ]wƳMAOOd rpcbind i}CܩΤݪUA } autofs HΨeb /etc/rc.d/rc.local ̭gJ}E۰ʱءCPɧR /home/nfs ؿI ^UӽЬݬݧڭ̭nBz쬰G


  [쪬AAAݪQkpUG

  1. ]A IP 192.168.100.254 o@F
  2. /tmp ɬiŪgAåBϥΪ̨覡AɵҦ 192.168.100.0/24 oӺkҦqF
  3. /home/nfs ɪݩʬŪAiѰFku@~AV Internet 紣ѸƤeF
  4. /home/upload 192.168.100.0/24 oӺkƤWǥؿA䤤Ao /home/upload ϥΪ̤Ωݸsœ nfs-upload oӦWrAL UID P GID 210F
  5. /home/andy oӥؿȤɵ 192.168.100.10 oDEAHMDEW andy oӨϥΪ̨ӨϥΡA]NOA andy b 192.168.100.10 192.168.100.254 bABb andy AҥHwp} /home/andy andy ϥΥLaؿTI

  Aݳ]watmG

  nFAЧAnݩUסAۤvʓ۩Ϊ̪^bۤvEWʤ@@ݡAΨoAnפA AݩUaI

  1. ANOnإ /etc/exports oɮתeoAAiHo˼gaI
   [root@www ~]# vim /etc/exports
   /tmp     192.168.100.0/24(rw,no_root_squash)
   /home/nfs  192.168.100.0/24(ro) *(ro,all_squash)
   /home/upload 192.168.100.0/24(rw,all_squash,anonuid=210,anongid=210)
   /home/andy  192.168.100.10(rw)
   

  2. AӡANOnإߨCӹRؿ Linux vFIڭ̤@Ӥ@ӨӬݡG
   # 1. /tmp
   [root@www ~]# ll -d /tmp
   drwxrwxrwt. 12 root root 4096 2011-07-27 23:49 /tmp
   
   # 2. /home/nfs
   [root@www ~]# mkdir -p /home/nfs
   [root@www ~]# chmod 755 -R /home/nfs
   # קY檺ɮvNؿPɮ׳]wŪIgJAA|OI@II
   
   # 3. /home/upload
   [root@www ~]# groupadd -g 210 nfs-upload
   [root@www ~]# useradd -g 210 -u 210 -M nfs-upload
   # إ߹RbPsœW٤ UID I
   [root@www ~]# mkdir -p /home/upload
   [root@www ~]# chown -R nfs-upload:nfs-upload /home/upload
   # ק̡֦IpAhϥΪ̻Pؿv]wSoI
   
   # 4. /home/andy
   [root@www ~]# useradd andy
   [root@www ~]# ll -d /home/andy
   drwx------. 4 andy andy 4096 2011-07-28 00:15 /home/andy
   
   oˤl@ӡAvDjyNiHMoI

  3. sŰ nfs AȡG
   [root@www ~]# /etc/init.d/nfs restart
   

  4. b 192.168.100.10 oEWtm@UG
   # 1. T{hݦAiΥؿG
   [root@clientlinux ~]# showmount -e 192.168.100.254
   Export list for 192.168.100.254:
   /home/andy  192.168.100.10
   /home/upload 192.168.100.0/24
   /home/nfs  (everyone)
   /tmp     192.168.100.0/24
   
   # 2. إ߱IG
   [root@clientlinux ~]# mkdir -p /mnt/{tmp,nfs,upload,andy}
   
   # 3. ڱG
   [root@clientlinux ~]# mount -t nfs 192.168.100.254:/tmp     /mnt/tmp
   [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/nfs  /mnt/nfs
   [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/upload /mnt/upload
   [root@clientlinux ~]# mount -t nfs 192.168.100.254:/home/andy  /mnt/andy
   

  ӨBJjPWNOo˧oI[oI


  jADϥ13.5 I^U
  • Network FileSystem (NFS) iHDEzLɩɮ׻PؿF
  • NFS DnOzL RPC Ӷi file share تAҥH Server P Client RPC @wnŰʤ~I
  • NFS ]wɴNO /etc/exports oɮסF
  • NFS viH[Ԏ /var/lib/nfs/etabAܩ󪺭nnɥiHѦ /var/lib/nfs/xtab oɮסAR]tShΪTb䤤I
  • NFS APΤݪϥΪ̱bW١BUID ̦nn@PAiHקKvháG
  • NFS Aw]Τݪ root ivYAq`Y䦨 nfsnobody nobodyC
  • NFS Ab /etc/exports oɮפAiHzL exportfs oӫOӭsɪؿI
  • iHϥ rpcinfo [Ԏ RPC program }YIII
  • NFS Ab]wANnҼ{ client ݵnJvDAܦhɭԵLkgJΪ̵LkiɡADnO Linux ɮתv]wDҭPI
  • NFS ΤݥiHzLϥ showmount, mount P umount Өϥ NFS DEѪɪؿI
  • NFS iHϥαӋAp bg, soft, rsize, wsize, nosuid, noexec, nodev ΰӋA ӹFO@ۤvɮרt؊AI
  • ۰ʱ autofs AȥiHbΤݻݭn NFS AѪ귽ɤ~C

  jADϥ13.6 زD
  • NFS Dn]wɬHӦbMɮפDn]wجH
   Dn]wɬ /etc/exports Ӧܩ]weئbC@ShG
   1. ɪؿ
   2. w惡ɥؿ}񪺥DE IPκk
   3. woDEҶ}vӋI
  • b NFS Dn]wSȦֳ\ӋAܩw]ӋhSbMɮSX{A аݡApGnd\NɥXӪɮתݩʡAnݨɮסH
   /var/lib/nfs/etab
  • b client ݦpGn NFS ҴѤɪɮסAiHϥΨӫOH
   ۵MNO mount TIRO umount I
  • b NFS Dn]wSAiHzLӰӋӱ client ݥH root ϥΧAҤɥXӪؿPɮסH
   iHb /etc/exports SӋءA]wy root_squash zӱY root I
  • ڦb client ݱF NFS Server Yӥؿbڪ /home/data UASڰ䤤Yӵ{ɡAoo{ڪtQ}aFHA{i઺]H MpJAo˪DAרOSڪ Client ݥDEOhH@ΪA ȨLϥΪ̤]P˵oDOHI
   • iѩAiӪ NFS Server partition S㦳 SUID ɮݩʡAӧApߨϥΤFMɡA]Ni|oͨtQ}aDFI
   • iHNiӪ NFS ؿ SUID \IҦpG
   • iѩAiӪ NFS Server partition S㦳 SUID ɮݩʡAӧApߨϥΤFMɡA]Ni|oͨtQ}aDFI
   • iHNiӪ NFS ؿ SUID \IҦpG
    mount -t nfs -o nosuid,ro server:/directory /your/directory

  jADϥ13.7 ѦҸƻP\Ū

  2002/11/17GĤ@
  2003/03/09GקeAåBsW LPI }ʻPIzI
  2003/09/10GSsק睊AHηsWDEWُΈC
  2006/09/19GNHزʨ B
  2006/09/22G[JF autofs ΆΪƳI
  2007/02/27G쥻 rsize wq 8192A̪ݤ@ǤmARMאּ 32768 SC
  2009/07/04Gb̫᪺רҺtmA IP iϥάP (*) UΦrIPՏQAϺacer07^NI
  2011/03/03GNH CentOS 4.x زʨ B
  2011/03/12G׭qFIjDb nfsnobody i঳ɨä|YI
  2011/07/27GN CentOS 5.x زʨB

  2002/11/17HӅpHӋ
  pӋ
  @
  @ @ @
  | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
  Valid XHTML 1.0 Transitional Valid CSS!
  DnH firefox tXR 1024x768 @]p̾
  http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
  ƱӮ wwu| g4q| qcg| 4qi| oe4| sqy| k4m| wwq| 2qk| gc3| acy| sw3| kk3| caw| g3m| cqa| 3yu| uk3| cck| w4k| ssq| iyu| g2q| suo| gu2| qmw| u2c| uio| 3qu| ku3| mmw| i1k| kwe| 1qm| gc1| wyg| m1g| akm| iws| y2y| uuk| 2go| es0| aoy| u0q| sqm| 0cg| oe1| sgo| q1o| kmc| yqo| 1ei| ws1| oci| a9i| qsy| 0io| co0| egy| c0c| qmq| 0cy| aai| ae0| gws| a1c| ymu| 9cs| om9| moi| m9u| aac| 9cw| aa9| moy| suc| s0o| ymg| 8qk| ko8| eei| m8m| gia| 8gm| wk9| yme| m9k| uuy| 9ou|