NFS: Network filing system permits directories and files to be shared and accessed across a network; the consumer remotely accesses the information that's keep on the server as if they were native files. NFS developed by Sun Microsystems.
Installing NFS:
If the NFS code isn't already put in on the system or not running, use revolutions per minute or yum to put in the code, ntsysv to alter the startup scripts. you'll manually begin the daemons by typing:
service nfs begin
The server should be running the subsequent daemons:
rpc.nfsd: The NFS daemon that Services consumer requests for filing system operations.
rpc.mountd: The remote Procedure decision (RPC) that answers a consumer request to mount a filing system.
rpc.rquotad: that handles user file quotas on exported volumes.
rpc.lockd and rpc.statd; that handle file protection.
Recent Linux distributions can have startup scripts for these daemons.
Setting Up AN NFS Server:
In order to line up AN NFS server you would like to edit the subsequent 3 configuration files:
/etc/exports NFS main configuration filing system.
/etc/hosts.allow Security file configuration
/etc/hosts.deny Security file configuration
Configuring /etc/exports:
It shows the files and directories square measure to be exported and that hosts will access them, and what quite access is allowed. a straightforward entry within the /etc/exports file can seem like this:
/directory host(option1,option2)
Where:
directory: The directory you wish to be shared. It should be full path name of the directory or file being exported. Note that if the directory isn't followed by a bunch or AN possibility, all hosts square measure granted read/write access to the directory. If a directory has been shared, then all directories among a similar filing system are shared still.
host: this can be the consumer machine that may have access to the present directory. The consumer machine may be listed by the DNS address of that specific machine (machine name) or by its information science address (e.g., computer10.nj180degree.net or 10.10.10.224), but mistreatment DNS address isn't counseled. Note if no host worth is such, the directory is exported to everybody.
Some valid host values:
- Individual host names on a similar domain or on completely different domain:.
/directory nathan.nj180degree.net
/directory nathan.nj180degree.net bob.nj180degree.com
- wildcards like *nj180degree.net suggests that each host within the nj180degree.net domain.
- information science address/mask like 192.168.1.0/255.255.255.0 for each host with AN address that begins with 192.168.1.
- One directory may be exported for multiple purchasers during a single line nonetheless they need a similar name because the server eg.
/directory -ro host1 host2 host3
options: Describes the sort of access that machine can have, the foremost necessary 2 choices to be employed in here:
- ro: The directory shared is browse only; the consumer has no writing permission. this can be the default.
- rw: consumer has browse and write access. Note once no possibility is enclosed within the exports file entry this selection are used as default.
Other options:
no_root_squash: If the user root request a file from the consumer machine it might be treated as if the request created by user no one on the server. If no_root_squash is chosen the foundation on the consumer machine can have precisely the same level of access to the files as root on the server.
no_subtree_check: If solely a part of a volume is exported, a routine known as subtree checking verifies that a file that's requested from the consumer is within the acceptable a part of the amount. If the complete volume is exported, disabling this check can speed up transfers.
sync: this selection is stop information corruption if the server reboots .
Note: async behavior tells a consumer machine that a file write is complete once NFS has finished handing the write over to the filesysytem. This behavior could cause information corruption if the server reboots.
Examples:
/usr 192.168.1.0/255.255.255.0(ro)
Directory “/usr”: browse solely permission for all IPs addresses among the network 192.168.1.0 with subnet mask 255.255.255.0
/home 192.168.1.0/255.255.255.0(rw)
Directory “/home” has browse and write permissions for all IPs addresses among the network 192.168.1.0 and subnet mask 255.255.255.0
/usr/man jack(rw) sherry(rw)
Directory “/usr/man” has browse and write permissions for individual users jack and fortified wine
/home/sales *.sales.nj180degree.net(rw)
Directory “/home/sales” has browse and write permissions for all users among sales sub domain purchasers.
Note: If you created changes to the file /etc/exports, the changes might not get in real time till you run the command exportfs -ra to force nfsd to re-read the /etc/exports file.
There square measure a handful a lot of strategies to assemble NFS through a graphical interface instead. i'll post a journal entry relating to the graphical strategies afterward this month.
Configuring etc/hosts.allow and /etc/hosts.deny
You can management and secure the NFS server by adding some entries in one among these 2 files or in each of them. These 2 files specify that computers on the network will use services on your machine. every line of the file contains one entry listing a service and a collection of machines. once the server gets letter of invitation from a machine, it will the following:
It 1st checks hosts.allow to examine if the machine matches an outline listed in there. If it does, then the machine is allowed access.
If the machine doesn't match AN entry in hosts.allow, the server then checks hosts.deny to examine if the consumer matches a list in there. If it will then the machine is denied access.
If the consumer matches no listings in either file, then it's allowed access.
An entry in hosts.allow or hosts.deny files could look like:
service: host [or network/netmask] , host [or network/netmask]
Configuring AN NFS Client:
After you bought the directories being exported by the server, produce {a native|an area|a neighborhood} directory on the consumer host to match those offered by the servers so attach NFS directories with the mount command to the local directories you simply created.
The following daemons ought to be running on the consumer box: portmap, lockd, statd to be able to mount the remote directory.
The Linux showmount command lists the directories that a server exports and also the purchasers allowable to mount those directories. solely users and teams WHO square measure granted permissions on the list will mount those directories Eg.
$ showmount --exports servername
/home 192.168.1.0/255.255.255.0(rw)
/usr 192.168.1.0/255.255.255.0(ro)
/usr/man jack(rw) sherry(rw)
/home/sales *.sales.nj180degree.net(rw)
To attach the remote nfs directory to the native one use mount command, notice the area between 2 methods :
$ mount servername:/home /home
$ mount servername: /home/sales /home/sales
Hint: the native directory’s name doesn’t have to be compelled to be a similar because the remote one, you will produce a neighborhood directory with completely different name such as:
$ mkdir /mnt/sydneybranch
$ mount servername:/mnt/salessydney /mnt/sydneybranch
Making the mount permanent:
A shared directory on a server may be mounted whenever a consumer is started, by listing it within the /etc/fstab file. nonetheless the /etc/fstab file could look therefore confusing to change. during this case examine the file /etc/mtab that lists any presently mounted directories to see the precise entry needed in /etc/fstab.
Mount a directory, and appearance at its entry in /etc/mtab. copy that entry and past it among /etc/fstab. Next time the system resuscitate the mount can mechanically occur.
0 comments:
Post a Comment