nfs
环境
角色 | IP | 系统版本 | 备注 |
---|
server | 192.168.100.230 | Rocky9.3 | 服务器端 |
chilent | 192.168.100.240 | Rocky9.3 | 客户端 |
关闭防火墙和selinux
服务器端
[root@server ~]# systemctl disable --now firewalld
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@server ~]# vim /etc/selinux/config
SELINUX=disable
[root@server ~]# setenforce 0
客户端
[root@client ~]# systemctl disable --now firewalld
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
[root@client ~]# vim /etc/selinux/config
SELINUX=disable
[root@client ~]# setenforce 0
```
## 安装nfs-utils
### 服务器端
//安装并启用
```
[root@server ~]# yum -y install nfs-utils
[root@server ~]# systemctl enable --now nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
[root@server ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; preset: disabled)
Active: active (exited) since Tue 2023-12-12 01:32:34 EST; 20s ago
Process: 34097 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 34098 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 34115 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/>
Main PID: 34115 (code=exited, status=0/SUCCESS)
CPU: 26ms
Dec 12 01:32:34 server systemd[1]: Starting NFS server and services...
Dec 12 01:32:34 server systemd[1]: Finished NFS server and services.
[root@server ~]#
```
### 客户端
//安装不用启动
```
[root@client ~]# yum -y install nfs-utils
```
## 测试服务器输出目录
### 服务器
配置挂载点 设置权限
```
[root@server ~]# mkdir /data
[root@server ~]# vim /etc/exports
[root@server ~]# cat /etc/exports
/data 192.168.100.240(rw) //共享目录/data,运行192.168.100.240可读可写
[root@server ~]#
[root@server ~]# systemctl restart nfs-server
//设置目录的权限
//默认情况下,当客户端访问NFS服务器时,若远程访问的用户是root用户,则NFS服务器会将其映射成一个本地的匿名用户(该用户为nobody),并将其所属的用户组也映射成匿名用户组(该用户组也为nobody),如此有助于提高系统的安全性。
[root@server ~]# setfacl -m u:nobody:rwx /data
[root@server ~]# getfacl /data
getfacl: Removing leading '/' from absolute path names
# file: data
# owner: root
# group: root
user::rwx
user:nobody:rwx
group::r-x
mask::rwx
other::r-x
[root@server ~]#
```
### 客户端
//可以查看到
```
[root@client ~]# showmount -e 192.168.100.230
Export list for 192.168.100.230:
/data *
[root@client ~]#
```
## 自动挂载
### 客户端
```
[root@client ~]# vim /etc/fstab
192.168.100.230:/data /nfs nfs defaults,_netdev 0 0
[root@client ~]# mkdir /nfs
[root@client ~]# systemctl daemon-reload
[root@client ~]# mount -a
[root@client ~]#
[root@client ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs tmpfs 867M 0 867M 0% /dev/shm
tmpfs tmpfs 347M 7.2M 340M 3% /run
/dev/mapper/rl-root xfs 17G 4.2G 13G 25% /
/dev/sda1 xfs 960M 301M 660M 32% /boot
tmpfs tmpfs 174M 96K 174M 1% /run/user/0
/dev/sr0 iso9660 9.8G 9.8G 0 100% /run/media/root/Rocky-9-3-x86_64-dvd
192.168.100.230:/data nfs4 17G 4.4G 13G 26% /nfs
[root@client ~]#
```
## 测试
### 客户端
```
[root@client ~]# cd /nfs/
[root@client nfs]# ls
[root@client nfs]# mkdir aaa
[root@client nfs]#
```
### 服务器端
```
[root@server ~]# ll /data
total 0
drwxr-xr-x. 2 nobody nobody 6 Dec 12 02:10 aaa
[root@server ~]#
```
## 将客户端所有用户映射为一个
### 服务器端
[root@server ~]# useradd tom
[root@server ~]# id tom
uid=1002(tom) gid=1002(tom) groups=1002(tom)
[root@server ~]# cat /etc/exports
/data 192.168.100.240(rw,anonuid=1002,anongid=1002,all_squash)
[root@server ~]# exportfs -r
[root@server ~]# setfacl -m u:tom:rwx /data/
## 测试
### 客户端
[root@client nfs]# mkdir bbb
[root@client nfs]# ls
aaa bbb
[root@client nfs]# ll
total 0
drwxr-xr-x. 2 nobody nobody 6 Dec 12 02:10 aaa
drwxr-xr-x. 2 1002 1002 6 Dec 12 03:00 bbb
[root@client nfs]#
### 服务器端
[root@server ~]# ll /data/
total 0
drwxr-xr-x. 2 nobody nobody 6 Dec 12 02:10 aaa
drwxr-xr-x. 2 tom tom 6 Dec 12 03:00 bbb
[root@server ~]#