Hệ điều hành - Network file system
fsid=num – Forces the file handle and file
attributes settings on the wire to be num
• hard or soft — Specifies whether the program
using a file via an NFS connection should stop and
wait (hard) for the server to come back online, if
the host serving the exported file system is
unavailable, or if it should report an error (soft)
• noacl — Turns off all ACL processing
• nolock — Disables file locking
33 trang |
Chia sẻ: huyhoang44 | Lượt xem: 760 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Hệ điều hành - Network file system, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Đặng Thanh Bình
Network File System
Contents
• How It Works
• NFS Client Configuration
• autofs
• Common NFS Mount Options
• Starting and Stopping NFS
• NFS Server Configuration
• Securing NFS
• NFS and portmap
• Using NFS over TCP
Introduction
• A Network File System (NFS) allows remote hosts
to mount file systems over a network and
interact with those file systems as though they
are mounted locally.
• This enables system administrators to consolidate
resources onto centralized servers on the
network.
• This chapter focuses on fundamental NFS
concepts and supplemental information
HOW IT WORKS
How It Works
• Three versions of NFS:
– NFS version 2 (NFSv2) is older and is widely
supported.
– NFS version 3 (NFSv3) has more features, including
64bit file handles, Safe Async writes and more robust
error handling.
– NFS version 4 (NFSv4) works through firewalls and on
the Internet, no longer requires portmapper, supports
ACLs, and utilizes stateful operations
How It Works
• All versions of NFS can use Transmission Control
Protocol (TCP) running over an IP network, with
NFSv4 requiring it.
• NFSv2 and NFSv3 can use the User Datagram
Protocol (UDP) running over an IP network to
provide a stateless network.
• NFSv4 has no interaction with portmapper,
rpc.mountd, rpc.lockd, and rpc.statd, since
protocol support has been incorporated into the
v4 protocol.
How It Works
• TCP is the default transport protocol for NFS
under Red Hat Enterprise Linux.
• UDP can be used for compatibility purposes as
needed, but is not recommended for wide usage.
• All the RPC/NFS daemon have a '-p' command
line option that can set the port, making firewall
configuration easier.
Working Procedure
• Firstly, the client is granted access by TCP
wrappers
• Secondly, the NFS server refers to its
configuration file, /etc/exports, to determine
whether the client is allowed to access any of the
exported file systems.
• Once access is granted, all file and directory
operations are available to the user.
Notes
• In order for NFS to work with a default
installation of Red Hat Enterprise Linux with a
firewall enabled, IPTables with the default TCP
port 2049 must be configured.
• The NFS initialization script and rpc.nfsd process
now allow binding to any specified port during
system start up.
Required Services
• nfs: NFS server
• nfslock: a mandatory service that starts the
appropriate RPC processes to allow NFS clients to
lock files on the server
• portmap: accepts port reservations from local
RPC services
Required Services
• The following RPC processes facilitate NFS
services
– rpc.mountd
– rpc.nfsd
– rpc.lockd
– rpc.statd
– rpc.rquotad
– rpc.idmapd
NFS CLIENT CONFIGURATION
Mounting on the Client Side
• NFS shares are mounted on the client side using
the mount command
mount -t -o
:
– : nfs for NFSv2 or NFSv3, nfs4 for NFSv4.
– : a comma separated list of options for NFS
– : remote host
– : remote directory being mounted
– : local directory where the remote
file system is to be mounted
Mounting on the Client Side
• Mounting remote file systems automatically at
boot time
– Edit the /etc/fstab file
– Use autofs service
Using /etc/fstab
• The general syntax for the line in /etc/fstab is as
follows:
server:/usr/local/pub /pub nfs
rsize=8192,wsize=8192,timeo=14,intr
– The mount point /pub must exist on the client
machine before this command can be executed.
– After adding this line to /etc/fstab on the client
system, type the command mount /pub at a shell
prompt
– The mount point /pub is mounted from the server
Using /etc/fstab
• The /etc/fstab file is referenced by the netfs
service at boot time
• Lines referencing NFS shares have the same effect
as manually typing the mount command during
the boot process.
• A sample /etc/fstab line to mount an NFS export
:
0 0
AUTOFS
autofs
• Kernel-based automount utility
• Components of an automounter:
– A kernel module that implements a file system
– A user-space daemon performing all other functions
• autofs uses /etc/auto.master (master map) as its
default primary configuration file
• This can be changed to use another supported
network source and name using the autofs
configuration (in /etc/sysconfig/autofs) in
conjunction with Name Service Switch mechanism
autofs Configuration
• Configuration file: /etc/auto.master
• Lists autofs-controlled mount points on the system,
and their corresponding configuration files or
network sources known as automount maps.
• The format of the master map is as follows:
– mount-point is the autofs mount point e.g /home.
– map-name is the name of a map source which contains a
list of mount points, and the file system location from
which those mount points should be mounted
autofs Configuration
• Map file structure:
[]
• Samples:
autofs
• Run autofs
• View the status of the automount daemon
COMMON NFS MOUNT OPTIONS
Mount Options
• fsid=num – Forces the file handle and file
attributes settings on the wire to be num
• hard or soft — Specifies whether the program
using a file via an NFS connection should stop and
wait (hard) for the server to come back online, if
the host serving the exported file system is
unavailable, or if it should report an error (soft)
• noacl — Turns off all ACL processing
• nolock — Disables file locking
Mount Options
• nosuid — Disables set-user-identifier or set-
group-identifier bits
• noexec — Prevents execution of binaries on
mounted file systems
• tcp — Specifies for the NFS mount to use the
TCP protocol.
• udp — Specifies for the NFS mount to use the
UDP protocol
Mount Options
• Using soft mounts is not recommended as they
can generate I/O errors in very congested
networks or when using a very busy server.
STARTING AND STOPPING NFS
Starting and Stopping NFS
• To run an NFS server, the portmap service must
be running.
• To verify that portmap is active, type
Starting and Stopping NFS
• /sbin/service nfs start
• /sbin/service nfs stop
• /sbin/service nfs restart
• Only restart nfs if it is currently running
– /sbin/service nfs condrestart
• Reload the NFS server configuration file without
restarting the service
– /sbin/service nfs reload
NFS SERVER CONFIGURATION
Configuration File
• NFS configuration file: /etc/exports
• Structure of a line for an exported file system:
()
()...
– : the directory being exported
– : host or network to which the export is being
shared
– : options for that host or network
Configuration File
• Specifying host names:
– Single host
• Fully Qualified Domain Name, hostname, or IP address
–Wildcards: * or ?
• Should not be used with IP addresses; however, it is possible
for them to work accidentally if reverse DNS lookups fail
• Tend to be more exact than expected
– *.example.com as a wildcard allows sales.example.com to access
an exported file system, but not bob.sales.example.com
– *.example.com and *.*.example.com must be specified to allow
both
Configuration File
• Specifying host names:
– IP networks
– netgroups — Permits an NIS netgroup name, written
as @, to be used
Configuration File
• Sample of the simplest form of /etc/exports:
/exported/directory bob.example.com
• Cause no options specified, default options are
applied, including:
Các file đính kèm theo tài liệu này:
- 13_nfs_8381.pdf