Thursday, June 30, 2016

NFS –Network File Sharing

NFS

NFS –Network File Sharing

NFS –Network File Service

NFS PORT ------2049

NFS Run on UDP Protocol

NFS doesn’t ask to username & password

NFS used for Linux to Linux only

NFS fast and good performance
---------------------------------------------------------------------------------------------------------------------
SAMBA used for Linux to Linux and Linux to Windows 

SAMBA runs on TCP ----Port -------- 137/139/445

SAMBA ask to username & password
---------------------------------------------------------------------------------------------------------------------
How to get remote  Linux to Linux

[root@Tusharjahdav ~]#  ssh 192.168.5.x  ------Login Remote to Client System
---------------------------------------------------------------------------------------------------------------------
[root@Tusharjahdav ~]# ifconfig eth0:0 192.168.(Press Alt +D+$ )5.50 netmask 255.255.255.0

Alt +D+$ (command) -----Delete from curser (assume curser at before yellow and Alt+D+$ Enter after delete all yellow mark word deleted
---------------------------------------------------------------------------------------------------------------------
HOW TO SET HOSTNAME PERSISTANCE

[root@Tusharjahdav ~]#  vi /etc/sysconfig/network ---------change host name
NETWORKING=Yes
HOSTNAME=NFS_Server   ------------------change host name
wq!
---------------------------------------------------------------------------------------------------------------------
[root@Tusharjahdav ~]# hostname -----check host name
NFS.Server ----------------------------------------check after change host name
---------------------------------------------------------------------------------------------------------------------
TASK ------Installation & configuration of NFS Server

[root@Tusharjahdav ~]# yum install -y nfs_*   --------------installed nfs service

[root@Tusharjahdav ~]# rpm –qa | grep –i nfs  ----check installed or not nfs package
nfs-utils-1.0.12.9 ---------installed nfs package name

Create Folder for NFS Sharing for Client Systems

[root@Tusharjahdav ~]# mkdir /opt/datanfs  -------Create folder for sharing

[root@Tusharjahdav ~]# cd /opt/datanfs  --------------------go to dadanfs folder

[root@Tusharjahdav ~]# touch abc xyz 111 222 3333 444 555 ------create files

[root@Tusharjahdav ~]# /etc/init.d/nfs start -----NFS Server start or NFS port open

NFS START 4 SERVICES AND CON’T START SINGAL SERVICE

Starting NFS services: ------ok   ]    Main Services

Starting NFS quotas: ------ok    ]
Starting NFS deamon: ------ok   ]   Child Service 
Starting NFS mountd: ------ok   ]

[root@Tusharjahdav ~]# chkconfig nfs on -------service start persistence

[root@Tusharjahdav ~]# vi /etc/exports  ----Main | major | important  files of NFS                          
                                                                              (nfs doesn’t have config file)
/opt/datanfs  *(sync) ---------add this entry for datanfs folder sharing

(sync) --------under the bracket “(  )” called Permission

*(sync)  -----* means ----sharing to all network

[root@Tusharjahdav ~]#  exportfs  –a   -----re-read the file

[root@Tusharjahdav ~]# exportfs   –v   ------Display

   How to check port status (open)
[root@Tusharjahdav ~]# nc localhost 2049  ------to check NFS port is open or not
[root@Tusharjahdav ~]# telnet 127.0.0.1 2049 ---check port staus


---------------------------------------------------------------------------------------------------------------------

Server  -  IP  - 1.14
Client -  IP  -  1.74
rpm –qa | grep –i nfs
\\   (sluosh )
yum install -y nfs_*
//    (slash)
mkdir /opt/datanfs
Ping <server ip>
ping 192.168.1.14
cd /opt/datanfs
touch abc xyz 111 222 333
Check nfs port status
nc <server ip> <port>
nc 192.168.1.14 2049
mkdir /mnt/funny
cd /mnt/funny
touch abc xyz 123 dfg ab12
Disable Firewall
service iptable stop
chkconfig iptable off
/etc/init.d/nfs start
Chkconfig nfs on

vi /etc/exports

/opt/datanfs  *(sync)
/mnt/funny  *(sync)
wq!
Disable SElinux
vi /etc/selinux/config
SELINUX=Disable
               
                 enforceing  | enable
permission  | enable

exportfs  –a
reboot
exportfs  –v
Check SElinux status
Disable Firewall
service iptable stop
chkconfig iptable off

sestatus
Disable SElinux
vi /etc/selinux/config
SELINUX=Disable
                enforceing  | enable
permission  | enable

NFS RUN upon UDI
NFS PORT – 2049
telnet 192.168.1.14 2049
telnet 192.168.1.14 2049
nc 192.168.1.14 2049
nc 192.168.1.14 2049
NFS START 4 SERVICES
Services ]    main server
               quotas ]                   
daemon ] Child Service
           mounted ]
showmount   –e   <server ip>
showmount  –e  192.168.1.14
Create Folder for Sharing
mkdir /share
mount 192.168.1.14:/opt/funny  /share
df -h
exports ----major file | important file
vi /etc/exports
/opt/funny *(sync)
/mnt/soft   *(sync)
[ under the ( ) call permissions ]
How to mount permanent
vi /etc/fstab ---add below entry in fstab
192.168.1.14:/opt/funny   /share   nfs defaults,_netdev  0  0
wq!  ----save


exports –a   ----re-read
mount –a  ----to check

exports  -v  ----Display
df –h

Subnet Mask –used online calculator
24------All network
32 -----single ip
30 ------two ips
#*(sync)  …. *--sharing to all network
#192.168.1.15/32(sync) -access only 1pc
#192.168.1.0/30(sync) -access only 2pc
#192.168.1.0/24(sync) -access to .1.0 nw
#192.168.1.15/27(sync) -access only 30pc
#192.168.1.15/26(sync) -access only 60pc
#Sync-------permisssion
#  :  ----Seperation
cd /share -----check all files in share folder (all files from server)

#192.168.1.14:/opt/funny   /share   nfs defaults,_netdev  0  0
#_netdev  ---Permission
#nfs ----for network sharing (file system)
#_netdev--its put the mount in background server is not available and its works after resume network
#In network not support fsck/ext
File system permission


Ext, Ext2,ext3, ext4- file system doen’t
support NFS




#vi /etc/exports
/opt/funny  *(rw,sync)---rw-permission






exports –a   ----re-read


exports  -v  ----Display
Create folder in share drive
mkdir  ss
cd /share
ls –ld ss

Permissions rw
chmod 777 /opt/funny
ls –ld /opt/funny—check permission
                       HOW TO CREATE USER
1)     Application user    ||||     2) System user
Regular or Normal –(VLU)- Valid Linux Users
Example: sachin .harry, champu, john. Max
Application user -----linux Database – app user called system users
System user UID is below 99
Kernal identify the nfs  process bits UID | GID
root_squash ---(squash –to press / to separate
don't access as root
#su  - champu ---change user
#champu ###  cd /share
#touch file1 file2 file3 –cheate file
vi  / opt/funny
/opt/funny *(rw,sysnc,no_root_squash)
ls –ld --check file permission & user name

Nfs called unon UID / GUI
Go to the server & edit exports file

vi  / opt/funny
/opt/funny *(rw,sysnc,root_squash,all_squash)
                                     Disable root  &  All user






RPC   –Remote Procedure Call
RPC is parent services – which manage
child services
nfs, nis, mount, rquotad, rcpinfo –p, partmapper






Partmapper – its all are called rpc based services



check running rpc service detauts ecpinfo –p   < IP > or   <Localhost>
ecpinfo –p   127.0.0.1



ecpinfo –p   localhost

portmapper  port is fixed --- 111 –-con’t change

Portmapper assign ports to rcp base service  & portmapper portcon’t change


portmapper is serives
/etc/init.d/portmap restart


whener start nfs serive  before start
portmap serivce
How to secure NFS  ----UDP
#mount -o ptoto=tcp <seriver ip>:
<share folder path>
# mount –o proto=cp 192.168.1.14:/opt/funny  /share
mountd –is responsible for nfs clinet mount
rquotad – Remote Quota Deamon--
To manage quota over the network
Check HDD ERROR—
top  |  iostat  |  dmesg


nfsstat – check load ( to get the statistic
of the services ( version – V3 & V4)


How to secure NFS  ----UDP
1) root_squash  --Default permission
2) Run NFS over the TCP



Server Location of NFS
# cd /var/lib/nfs ---rootpath
# vi etab  - allias of exparts file
#rmtab ---to get nfs clinet mount details
xtab –used nfs kernel

nfsstat -c ---- program will show you the NFS version actually being used.


# nfsstat -s
Server rpc stats:
calls      badcalls   badfmt     badauth    badclnt
0          0          0          0          0  

rpcinfo -p localhost
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    ...
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
grep nfs /proc/mounts






You can also, run nfsstat -m to 
display statistics for each 
NFS mounted file

[root@localhost ~]# nfsstat -m
/mnt from 10.0.4.24:/opt/harry
 Flags: rw,relatime,vers=4,rsize=1048576,
wsize=1048576,namlen=255,
hard,proto=tcp,port=0,timeo=600,
retrans=2,sec=sys,clientaddr=10.0.4.32,minorversion=0,local_lock=none,addr=10.0.4.24


grep nfs /proc/mounts







No comments:

Post a Comment