NFS
NFS
–Network File Sharing
NFS
–Network File Service
NFS
PORT ------2049
NFS
Run on UDP Protocol
NFS doesn’t
ask to username & password
NFS
used for Linux to Linux only
NFS
fast and good performance
---------------------------------------------------------------------------------------------------------------------
SAMBA
used for Linux to Linux and Linux to Windows
SAMBA
runs on TCP ----Port -------- 137/139/445
SAMBA
ask to username & password
---------------------------------------------------------------------------------------------------------------------
How
to get remote Linux to Linux
[root@Tusharjahdav ~]# ssh
192.168.5.x ------Login Remote to Client System
---------------------------------------------------------------------------------------------------------------------
[root@Tusharjahdav ~]# ifconfig eth0:0 192.168.(Press
Alt +D+$ )5.50 netmask 255.255.255.0
Alt +D+$ (command)
-----Delete from curser (assume curser at before yellow and Alt+D+$ Enter after delete all yellow
mark word deleted
---------------------------------------------------------------------------------------------------------------------
HOW
TO SET HOSTNAME PERSISTANCE
[root@Tusharjahdav ~]# vi
/etc/sysconfig/network ---------change host name
NETWORKING=Yes
HOSTNAME=NFS_Server ------------------change host name
wq!
---------------------------------------------------------------------------------------------------------------------
[root@Tusharjahdav ~]# hostname -----check host name
NFS.Server
----------------------------------------check after change host name
---------------------------------------------------------------------------------------------------------------------
TASK ------Installation &
configuration of NFS Server
[root@Tusharjahdav ~]# yum install -y nfs_*
--------------installed nfs service
[root@Tusharjahdav ~]# rpm –qa | grep –i nfs ----check
installed or not nfs package
nfs-utils-1.0.12.9
---------installed nfs package name
Create
Folder for NFS Sharing for Client Systems
[root@Tusharjahdav ~]# mkdir /opt/datanfs -------Create
folder for sharing
[root@Tusharjahdav ~]# cd /opt/datanfs
--------------------go to dadanfs folder
[root@Tusharjahdav ~]# touch abc xyz 111 222 3333 444 555 ------create files
[root@Tusharjahdav ~]# /etc/init.d/nfs start -----NFS Server start or NFS port open
NFS
START 4 SERVICES AND CON’T START SINGAL SERVICE
Starting
NFS services: ------ok ] Main Services
Starting
NFS quotas: ------ok ]
Starting
NFS deamon: ------ok ] Child Service
Starting
NFS mountd: ------ok ]
[root@Tusharjahdav ~]# chkconfig nfs on -------service start persistence
[root@Tusharjahdav ~]# vi /etc/exports ----Main | major
| important files of NFS
(nfs doesn’t have config file)
/opt/datanfs *(sync) ---------add this entry for datanfs
folder sharing
(sync)
--------under the bracket “( )” called
Permission
*(sync) -----* means ----sharing to all network
[root@Tusharjahdav ~]# exportfs
–a
-----re-read the file
[root@Tusharjahdav ~]# exportfs
–v ------Display
How to check port status (open)
[root@Tusharjahdav ~]# nc localhost 2049 ------to check
NFS port is open or not
[root@Tusharjahdav ~]# telnet 127.0.0.1 2049
---check port staus
---------------------------------------------------------------------------------------------------------------------
Server
- IP - 1.14
|
Client - IP
- 1.74
|
|
rpm –qa | grep –i nfs
|
\\
(sluosh )
|
|
yum install -y nfs_*
|
//
(slash)
|
|
mkdir /opt/datanfs
|
Ping <server ip>
ping 192.168.1.14
|
|
cd /opt/datanfs
|
||
touch abc xyz 111 222 333
|
Check nfs port status
nc <server ip> <port>
nc 192.168.1.14 2049
|
|
mkdir /mnt/funny
|
||
cd /mnt/funny
|
||
touch abc xyz 123 dfg ab12
|
Disable Firewall
service iptable stop
chkconfig iptable off
|
|
/etc/init.d/nfs start
|
||
Chkconfig nfs on
|
||
vi /etc/exports
/opt/datanfs *(sync)
/mnt/funny *(sync)
wq!
|
Disable SElinux
vi /etc/selinux/config
SELINUX=Disable
enforceing | enable
permission | enable
|
|
exportfs –a
|
reboot
|
|
exportfs –v
|
Check SElinux status
|
|
Disable Firewall
service iptable stop
chkconfig iptable off
|
sestatus
|
|
Disable SElinux
vi /etc/selinux/config
SELINUX=Disable
enforceing | enable
permission | enable
|
NFS RUN upon UDI
NFS PORT – 2049
|
|
telnet 192.168.1.14 2049
|
telnet 192.168.1.14 2049
|
|
nc 192.168.1.14 2049
|
nc 192.168.1.14 2049
|
|
NFS START 4 SERVICES
Services ] main server
quotas ]
daemon ] Child Service
mounted ]
|
showmount –e
<server ip>
showmount –e
192.168.1.14
|
|
Create Folder for Sharing
mkdir /share
mount 192.168.1.14:/opt/funny /share
df -h
|
||
exports ----major file | important
file
|
||
vi /etc/exports
/opt/funny *(sync)
/mnt/soft
*(sync)
[ under the ( ) call permissions ]
|
How to mount permanent
vi /etc/fstab ---add below entry in fstab
192.168.1.14:/opt/funny /share
nfs defaults,_netdev 0 0
wq!
----save
|
exports –a
----re-read
|
mount –a
----to check
|
|
exports
-v ----Display
|
df –h
|
|
Subnet Mask –used online calculator
24------All network
32 -----single ip
30 ------two ips
#*(sync) ….
*--sharing to all network
#192.168.1.15/32(sync) -access only 1pc
#192.168.1.0/30(sync) -access only 2pc
#192.168.1.0/24(sync) -access to .1.0 nw
#192.168.1.15/27(sync)
-access only 30pc
#192.168.1.15/26(sync)
-access only 60pc
#Sync-------permisssion
# : ----Seperation
|
cd /share -----check all files in share folder
(all files from server)
|
|
#192.168.1.14:/opt/funny /share
nfs defaults,_netdev 0 0
#_netdev
---Permission
#nfs ----for
network sharing (file system)
#_netdev--its put the mount in background server
is not available and its works after resume network
#In network not support fsck/ext
File system permission
|
||
Ext, Ext2,ext3, ext4- file system doen’t
support NFS
|
||
#vi /etc/exports
/opt/funny
*(rw,sync)---rw-permission
|
||
exports –a
----re-read
|
||
exports
-v ----Display
|
Create folder in share drive
mkdir ss
cd /share
ls –ld ss
|
|
Permissions rw
chmod 777 /opt/funny
ls –ld /opt/funny—check permission
|
||
HOW TO CREATE USER
1)
Application
user |||| 2) System user
Regular or Normal –(VLU)- Valid Linux Users
Example: sachin .harry, champu, john. Max
Application user -----linux Database – app user
called system users
System user UID is below 99
Kernal identify the nfs process bits UID | GID
|
||
root_squash ---(squash –to press / to separate
don't access as root
|
#su -
champu ---change user
#champu ###
cd /share
#touch file1 file2 file3 –cheate file
|
|
vi /
opt/funny
/opt/funny *(rw,sysnc,no_root_squash)
|
||
ls
–ld --check file permission & user name
|
||
Nfs called unon UID / GUI
|
Go to the server & edit exports file
|
|
vi /
opt/funny
/opt/funny
*(rw,sysnc,root_squash,all_squash)
Disable
root & All user
|
||
RPC –Remote Procedure Call
RPC
is parent services – which manage
child
services
nfs,
nis, mount, rquotad, rcpinfo –p, partmapper
|
||
Partmapper
– its all are called rpc based services
|
check running rpc service detauts ecpinfo –p <
IP > or <Localhost>
ecpinfo –p 127.0.0.1
|
|
ecpinfo –p localhost
|
|
portmapper port is fixed --- 111 –-con’t change
|
|
Portmapper
assign ports to rcp base service &
portmapper portcon’t change
|
|
portmapper is serives
/etc/init.d/portmap restart
|
|
whener start nfs serive before start
portmap serivce
|
How to secure NFS
----UDP
#mount -o ptoto=tcp <seriver ip>:
<share folder path>
# mount –o proto=cp 192.168.1.14:/opt/funny /share
|
mountd –is
responsible for nfs clinet mount
|
|
rquotad – Remote Quota Deamon--
To manage quota over the network
|
|
Check HDD ERROR—
top |
iostat | dmesg
|
|
nfsstat – check load ( to get the statistic
of the services ( version – V3 & V4)
|
|
How to secure NFS ----UDP
1) root_squash
--Default permission
2) Run NFS over the TCP
|
|
Server Location of NFS
# cd /var/lib/nfs ---rootpath
# vi etab -
allias of exparts file
#rmtab ---to get nfs clinet mount details
xtab –used nfs kernel
nfsstat -c ---- program will show you the NFS version actually being used.
|
|
You can also, run nfsstat -m to
display statistics for each NFS mounted file [root@localhost ~]# nfsstat -m /mnt from 10.0.4.24:/opt/harry Flags: rw,relatime,vers=4,rsize=1048576, wsize=1048576,namlen=255, hard,proto=tcp,port=0,timeo=600, retrans=2,sec=sys,clientaddr=10.0.4.32,minorversion=0,local_lock=none,addr=10.0.4.24
|
|
No comments:
Post a Comment