实验任务:
架设一台NFS服务器,并按照以下要求配置
1、开放/nfs/shared目录,供所有用户查询资料;
2、开放/nfs/upload目录,该目录为192.168.101/24网段的主机的数据上传目录,并将所有该网段主机上传文件的所属者和所属组映射为nfs-upload,其UID和GID为2001;
3、将/home/tom(该目录为uid=1111,gid=1111的tom用户的家目录)目录仅共享给192.168.101.134这台主机上的jerry用户,jerry对该目录具有访问、新建和删除文件的权限。
实验步骤:
服务端:192.168.101.200配置
#获取软件包,关闭防火墙
[root@sever ~]# yum install nfs-utils -y
[root@sever ~]# yum install rpcbind -y
[root@sever ~]# systemctl stop firewalld.service
[[root@sever ~]# setenforce 0
#修改配置文件
[root@sever ~]# vim /etc/exports
/nfs/shared *(ro)
/nfs/upload 192.168.101.0/24(rw,all_squash,anonuid=2001,anongid=2001)
/home/tom 192.168.101.134(rw)
#创建文件及用户
[root@server ~]# mkdir -pv /nfs/{shared,upload}
mkdir: created directory '/nfs'
mkdir: created directory '/nfs/shared'
mkdir: created directory '/nfs/upload'
[root@server ~]# useradd -u 2001 nfs-upload
[root@server ~]# useradd -u 1111 tom
[root@server ~]# id nfs-upload
uid=2001(nfs-upload) gid=2001(nfs-upload) groups=2001(nfs-upload)
[root@server ~]# id tom
uid=1111(tom) gid=1111(tom) groups=1111(tom)
#修改文件权限
[root@server ~]# chmod o+w /nfs/upload
[root@server ~]# chmod 700 /home/tom
#重新读取文件及测试
[root@server nfs]# exportfs -r
[root@server ~]# showmount -e 192.168.101.200
Export list for 192.168.101.200:
/nfs/shared *
/nfs/upload 192.168.101.0/24
/home/tom 192.168.101.134
客户端:192.168.101.134主机配置
#创建目录及jerry用户
[root@localhost ~]# mkdir -p /sever/{shared,upload,tom}
[root@localhost ~]# useradd -u 1111 jerry
[root@localhost ~]# id jerry
uid=1111(jerry) gid=1111(jerry) groups=1111(jerry)
#将客户端挂载到服务端
[root@localhost ~]# mount 192.168.101.200:/nfs/shared /sever/shared
[root@localhost ~]# mount 192.168.101.200:/nfs/upload /sever/upload
[root@localhost ~]# mount 192.168.101.200:/home/tom /sever/tom
#测试
[root@localhost ~]# ll /sever/tom #客户端主机root用户查看/tom文件
ls: cannot open directory '/sever/tom': Permission denied #无权限[root@localhost ~]# su - jerry #切换到jerry用户查看/tom文件
[jerry@localhost ~]$ ll /sever/tom
total 0 #查看成功
[jerry@localhost ~]$ ll /sever/shared
total 0
[jerry@localhost ~]$ touch /sever/upload/clint
[jerry@localhost ~]$