环境
nps 192.168.42.171(服务端)
client 192.168.42.67(客户端)
一.关闭系统防火墙和selinux
查看系统防火墙的状态,可以看到防火墙是开着的
[root@linuxidc ~]#systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2017-06-03 09:38:00 CST; 8s ago
Docs: man:firewalld(1)
Main PID: 24067 (firewalld)
CGroup: /system.slice/firewalld.service
└─24067 /usr/bin/python -Es /usr/sbin/firewalld –nofork –nopid
Jun 03 09:37:58 linuxidc systemd[1]: Starting firewalld - dynamic firewall daemon…
Jun 03 09:38:00 linuxidc systemd[1]: Started firewalld - dynamic firewall daemon.
关闭防火墙
[root@linuxidc ~]#systemctl stop firewalld
再次查看防火墙,可以看到已经关闭了
[root@linuxidc ~]#systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Jun 01 11:33:35 localhost systemd[1]: Starting firewalld - dynamic firewall daemon…
Jun 01 11:33:44 localhost systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 03 09:11:32 linuxidc systemd[1]: Stopping firewalld - dynamic firewall daemon…
Jun 03 09:11:34 linuxidc systemd[1]: Stopped firewalld - dynamic firewall daemon.
Jun 03 09:37:58 linuxidc systemd[1]: Starting firewalld - dynamic firewall daemon…
Jun 03 09:38:00 linuxidc systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 03 09:38:34 linuxidc systemd[1]: Stopping firewalld - dynamic firewall daemon…
Jun 03 09:38:36 linuxidc systemd[1]: Stopped firewalld - dynamic firewall daemon.
查看selinux的运行模式,现在为强制模式
[root@linuxidc share]#getenforce
Enforcing
把selinux设为许可模式
[root@linuxidc share]#setenforce 0
再次查看selinux的运行模式,已经变为许可模式
[root@linuxidc share]#getenforce
Permissive
要想禁用selinux,则需要编辑selinux的配置文件,把SELINUX设置成disabled,然后重启生效
[root@linuxidc share]#vi /etc/sysconfig/selinux
[root@linuxidc share]#cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
二、yum 安装
yum -y install nfs-utils rpcbind
nfs 的配置文件 /etc/expots
默认为空
vi /etc/exports
/opt/test/ 192.168.42.0/24(rw,no_root_squash,no_all_squash,sync,anonuid=501,anongid=501)
三、使配置生效
exportfs -r
注:配置文件说明:
/opt/test 为共享目录
192.168.42.0/24 可以为一个网段,一个IP,也可以是域名,域名支持通配符 如: *.qq.com
rw:read-write,可读写;
ro:read-only,只读;
sync:文件同时写入硬盘和内存;
async:文件暂存于内存,而不是直接写入内存;
no_root_squash:NFS客户端连接服务端时如果使用的是root的话,那么对服务端分享的目录来说,也拥有root权限。显然开启这项是不安全的。
root_squash:NFS客户端连接服务端时如果使用的是root的话,那么对服务端分享的目录来说,拥有匿名用户权限,通常他将使用nobody或nfsnobody身份;
all_squash:不论NFS客户端连接服务端时使用什么用户,对服务端分享的目录来说都是拥有匿名用户权限;
anonuid:匿名用户的UID值,可以在此处自行设定。
anongid:匿名用户的GID值。
开机自启
systemctl enable rpcbind.service
systemctl enable nfs-server.service
四、启动 nfs
systemctl start rpcbind.service
systemctl start nfs.service
五、客户端挂载:
showmount -e 192.168.42.171 #查看可挂载
Export list for 192.168.42.171:
/opt/test 192.168.42.0/24
客户端挂载
mount -t nfs 192.168.42.171:/opt/test /mnt
无提示 既为成功
客户端在挂载的时候遇到的一个问题如下,可能是网络不太稳定,NFS默认是用UDP协议,换成TCP协议即可:
mount -t nfs 192.168.42.171:/opt/test /mnt -o proto=tcp -o nolock