Basic NFS Server Configuration
NFS servers are relatively easy to configure. All you need to do is export a filesystem, either generally or to a specific host, and then mount that filesystem from a remote client. Of course, you’ll also need to open up the right ports in the firewall, and modify SELinux options as appropriate. NFS is controlled by a series of scripts, associated with a number of daemons. It also comes with a broad array of control commands.
NFS Service Scripts
Once appropriate packages are installed, they may be controlled by several different service scripts in the /etc/init.d directory:
| 配置文件 | 作用 |
|---|---|
| /etc/init.d/nfs | Control script for NFS; refers to /etc/sysconfig/nfs for basic configuration. Can control NFS services via rpc.nfsd, quotas via rpc.rquotad, the general security services daemon via rpc.svcgssd, and mounts via rpc. mountd. |
| /etc/init.d/nfslock | Control script for lock files and the statd daemon, which locks and provides status for files currently in use. |
| /etc/init.d/portreserve | Replacement for the portmap script; used to set up ports for RPC services. |
| /etc/init.d/rpcbind | RPC program number converter. |
| /etc/init.d/rpcgssd | Control script for RPC-related general security services. |
| /etc/init.d/rpcidmapd | Configuration for NFS user ID mapping to LDAP and Kerberos systems. |
| /etc/init.d/rpcsvcgssd | Control script for the server side of RPC-related general security services. |
To configure an NFS server, you’ll want to make sure all of these scripts are active in appropriate runlevels. As some of these scripts may not already be active, make sure to apply the following commands to start each of these scripts, and make sure they’re active upon reboot:
# /etc/init.d/ script start
# chkconfig script on
NFS Service Daemons
While the basic NFS control script (/etc/init.d/nfs) is fairly simple, that script includes a number of service daemons, each with its own function. These service daemons may be stored either in the /sbin or the /usr/sbin directories. All but rpc. statd are controlled by the NFS control script.
| 守护进程 | 作用 |
|---|---|
| rpc.idmapd | Works if /etc/idmapd.conf is configured. |
| rpc.mountd | Processes mount requests and verifies current exports. |
| rpc.nfsd | Supports client access with needed kernel threads. |
| rpc.rquotad | Works with quota information. |
| rpc.statd | Configures the status monitor, controlled by the /etc/init.d/nfslock script. |
NFS Control Commands and Files
NFS includes a wide variety of commands to set up exports, to show what’s available, to see what’s mounted, to review statistics, and more. Except for specialized mount commands, these commands are can be found in the /usr/sbindirectory.
The NFS mount commands are mount.nfs, mount.nfs4, umount.nfs, and
umount.nfs4. Functionally, they work like regular mount and umount commands.
As suggested by the extensions, they apply to filesystems shared via NFSv4 and other
NFS versions. Like other mount.*commands, they have functional equivalents. For
example, the mount.nfs4 command is functionally equivalent to the mount -t nfs4
command.
If you’re mounting a directory shared via NFSv2 or NFSv3, the mount.nfs and mount -t nfscommands are available for both systems.
The packages associated with NFS include a substantial number of commands in the /usr/sbin directory. The list of commands shown here are just the ones most commonly used to configure and test NFS.
| 命令 | 作用 |
|---|---|
| exportfs | The exportfs command can be used to manage directories shared through and configured in the /etc/exports file. |
| nfsiostat | A statistics command for input/output rates based on an existing mount point. Uses information from the /proc/self/mountstats file. |
| nfsstat | A statistics command for client/server activity based on an existing mount point. Uses information from the /proc/self/mountstats file. |
| showmount | The command most closely associated with a display of shared NFS directories, locally and remotely. |
Related commands associated with ACLs are available from the nfs4-acl-tools
RPM. They work only with filesystems mounted locally with the acl option, as
discussed in Chapter 6. The commands themselves are straightforward, as they set
(nfs4_setfacl), edit (nfs4_editfacl), and list (nfs4_getfacl) current ACLs of specified files. While these commands go beyond the basic operation of NFS, they are discussed in Chapter 4.
CentOS6.5
[root@server ~]# yum search all nfs4_acl_tools
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.sina.cn
Warning: No matches found for: nfs4_acl_tools
No Matches found
[root@server ~]# yum search all nfs4
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.sina.cn
============================================ Matched: nfs4 =============================================
nfs4-acl-tools.x86_64 : The nfs4 ACL tools
To review, on a /home directory mounted with the ACL option and then shared via NFS, I applied the nfs4_getfacl command on a file from the remote client and got the following output:
A::OWNER@:rwatTcCy
A::GROUP@:tcy
A::EVERYONE@:tcy
The ACLs either Allow (A) or Deny (D) the file owner (OWNER, GROUP, or EVERYONE). In this case, the extensive levels of permissions given to the owner of the directory are essentially complete and more fine-grained than regular rwx permissions. For example, write (w) and append (a) are both enabled on a normal Linux file with write permissions.
Perhaps the simplest way to edit these ACLs is with the nfs4_setfacl -e filename
command, which opens the current permissions in a text editor. For example, I opened
a file mounted via NFSv4 from a remote system with the following command:
$ nfs4_setfacl -e /test/michael/filename.txt
It opened the given NFSv4 ACLs in the default text editor for the user (normally
vi). When I deleted the append permissions for the owner of the file and then saved
the changes, it actually deleted both append and write permissions for the file, with the following result, the next time the nfs4_getfacl command was applied to the file:
D::OWNER@:wa
A::OWNER@:rtTcCy
A::GROUP@:rwatcy
A::EVERYONE@:rtcy
In addition, when the ls -l command is applied to the file, it’s clear that the file
owner no longer has write permissions.