nfs 服务器
[root@ton public]#cat /etc/exports
/home/pub *(sync,ro)
/home/public 192.168.31.0/24(rw) *(ro) #目标主机可读写,其他主机只读
/home/test/ 192.168.31.224(rw)
/home/linux/ *.tontom.com(rw,all_squash,anonuid=45,anongid=45)
[root@ton home]#showmount -e localhost
Export list for localhost:
/home/pub *
/home/linux *.tontom.com
/home/public (everyone)
/home/test 192.168.31.224
注意 :先启动rpcbind服务再启动nfs服务
#/home/linux/ 权限讨论
[root@ton home]#setfacl -b /home/linux/
[root@ton home]#setfacl -m u:fire1:rx /home/linux/
#设置只读,这时虽然exports中设置有写的权限,但是在客户端root被压成id=45用户,均以fire1身份出现,表现为客户端只读
[root@ton home]#setfacl -m u:fire1:rwx /home/linux/
#这时配合exports的rw在客户端可写
#/home/public 权限讨论
[root@ton linux]#getfacl /home/public/
getfacl: Removing leading '/' from absolute path names
# file: home/public/
# owner: root
# group: root
user::rwx
group::r-x
group:tang:rwx
mask::rwx
other::r-x
客户端
[root@ton ~]#showmount -e localhost
clnt_create: RPC: Program not registered
[1]+ Done ntpdate 0.asia.pool.ntp.org > /dev/null
[root@ton ~]#service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: [ OK ]
Starting RPC idmapd: [ OK ]
[root@ton ~]#showmount -e 192.168.31.223
Export list for 192.168.31.223:
/home/pub *
/home/linux *.tontom.com
/home/public (everyone)
/home/test 192.168.31.224
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)
针对linux文件夹权限讨论
[root@ton mnt]#mount -t nfs 192.168.31.223:/home/linux /mnt/linux/
[root@ton mnt]#cd linux/
[root@ton linux]#touch hello.c #root以fire1身份执行
[root@ton linux]#ls -lah
total 8.0K
drwxrwxr-x 2 root root 4.0K Mar 14 21:55 .
drwxr-xr-x. 8 root root 4.0K Mar 14 21:54 ..
-rw-r--r-- 1 fire1 fire 0 Mar 14 21:55 hello.c
[root@ton linux]#who am i
tom pts/0 2022-03-14 21:29 (192.168.31.62)
[root@ton linux]#hostname
ton.tom
[root@ton linux]#su - tom #其他用户也能以fire1身份rwx
[tom@ton ~]$cd /mnt/linux/
[tom@ton linux]$ls
hello.c
[tom@ton linux]$touch test
[tom@ton linux]$ls -lah
total 8.0K
drwxrwxr-x 2 root root 4.0K Mar 14 21:59 .
drwxr-xr-x. 8 root root 4.0K Mar 14 21:54 ..
-rw-r--r-- 1 fire1 fire 0 Mar 14 21:55 hello.c
-rw-rw-r-- 1 fire1 fire 0 Mar 14 21:59 test
[root@ton ~]#userdel fire1
[root@ton ~]#cd /mnt/linux/
[root@ton linux]#ls
hello.c test
[root@ton linux]#touch first #删除fire1用户后,uid仍固定显示为45
[root@ton linux]#ls -lah
total 8.0K
drwxrwxr-x 2 root root 4.0K Mar 14 22:01 .
drwxr-xr-x. 8 root root 4.0K Mar 14 21:54 ..
-rw-r--r-- 1 45 fire 0 Mar 14 22:01 first
-rw-r--r-- 1 45 fire 0 Mar 14 21:55 hello.c
-rw-rw-r-- 1 45 fire 0 Mar 14 21:59 test
[root@ton linux]#su - fire1 #fire1用户对服务器进行读写
[fire1@ton ~]$ls
[fire1@ton ~]$cd /mnt/linux/
[fire1@ton linux]$ls
first hello.c test
[fire1@ton linux]$touch second
[fire1@ton linux]$ls -lah
total 8.0K
drwxrwxr-x 2 root root 4.0K Mar 14 22:17 .
drwxr-xr-x. 8 root root 4.0K Mar 14 21:54 ..
-rw-r--r-- 1 fire1 fire 0 Mar 14 22:01 first
-rw-r--r-- 1 fire1 fire 0 Mar 14 21:55 hello.c
-rw-r--r-- 1 fire1 fire 0 Mar 14 22:17 second
-rw-rw-r-- 1 fire1 fire 0 Mar 14 21:59 test
针对public权限讨论
[root@ton mnt]#mount -t nfs 192.168.31.223:/home/public /mnt/public
[root@ton public]#touch first
#root 这里虽然root有写的权限,但是在客户端被压成的nobody,仍没有权限写
touch: cannot touch `first': Permission denied
[root@ton public]#su - tom
#other
[tom@ton ~]$cd /mnt/public/
[tom@ton public]$ls
tom.txt tttt
[tom@ton public]$touch first
touch: cannot touch `first': Permission denied
[tom@ton public]$su - tom1
#user 在服务开启了tang组的读写权限,tang是tom1的属组
Password:
[tom1@ton ~]$cd /mnt/public/
[tom1@ton public]$touch first
[tom1@ton public]$ls -lah
total 8.0K
drwxrwxr-x 2 root root 4.0K Mar 14 22:50 .
drwxr-xr-x. 9 root root 4.0K Mar 14 22:45 ..
-rw-r--r-- 1 tom1 tang 0 Mar 14 22:50 first
-rw-r--r-- 1 root root 0 Mar 14 16:03 tom.txt
-rw-r--r-- 1 root root 0 Mar 14 17:27 tttt
autofs 自动挂载nfs
auto.master
/home/test /etc/auto.nfs --timeout=2
auto.nfs
public -rw 192.168.31.223:/home/public
[root@ton test]#service autofs restart
Stopping automount: [ OK ]
Starting automount: [ OK ]
[root@ton test]#mount
/dev/mapper/vg_ton-lv_root on / type ext4 (rw)
...
[root@ton test]#cd public #这里需直接cd,尽管看不到public文件夹
[root@ton public]#ls
tom.txt tttt
[root@ton public]#mount
/dev/mapper/vg_ton-lv_root on / type ext4 (rw)
...
192.168.31.223:/home/public on /home/test/public type nfs (rw,sloppy,vers=4,addr=192.168.31.223,clientaddr=192.168.31.224)
autofs.conf配置vim /etc/autofs.conf
browse_mode = yes #
这里设置成yes,则可以在未挂载对应nfs目录,显示挂载目录,解决上述看不到要挂载文件夹的问题,不过可能会降低安全性
timeout=300
可以对系统范围的所有 AutoFS media 限制自动卸载时间
timeout=0 #timeout为0时,表示设置为禁用卸载,fstab不可用的一种替代方案
[root@ton test]#ls #public是对应nfs目录
public
[root@ton test]#mount
/dev/mapper/vg_ton-lv_root on / type ext4 (rw)
...
[root@ton test]#ls -la
total 4
drwxr-xr-x 3 root root 0 Mar 14 20:05 .
drwxr-xr-x. 11 root root 4096 Mar 14 19:19 ..
dr-xr-xr-x 2 root root 0 Mar 14 20:05 public
[root@ton test]#cd public/
[root@ton public]#cd ..
[root@ton test]#ls -lah
total 8.0K
drwxr-xr-x 3 root root 0 Mar 14 20:05 .
drwxr-xr-x. 11 root root 4.0K Mar 14 19:19 ..
drwxrwxr-x 2 root root 4.0K Mar 14 17:27 public
[root@ton test]#mount
/dev/mapper/vg_ton-lv_root on / type ext4 (rw)
...
192.168.31.223:/home/public on /home/test/public type nfs (rw,sloppy,vers=4,addr=192.168.31.223,clientaddr=192.168.31.224)
|