Home | 简体中文 | 繁体中文 | 杂文 | 打赏(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎专栏 | Search | Email

第 71 章 File Share

目录

71.1. NFSv4
71.1.1. Ubuntu
71.1.1.1. NFSv4 server
71.1.1.2. NFSv4 client
71.1.2. CentOS
71.1.2.1. NFS Server Configuration
71.1.2.2. NFS Client Configuration
71.1.3. exports
71.1.3.1. Permission
71.1.3.2. Parameters
71.1.3.3. 实例参考
71.1.4. NFS For Windows
71.1.5. exportfs - maintain table of exported NFS file systems
71.2. Parallel NFS(pNFS)
71.3. Samba
71.3.1. install
71.3.1.1. Ubuntu
71.3.1.2. Samba
71.3.1.3. CentOS 7
71.3.1.4. firewall
71.3.1.5. SELinux Configuration
71.3.2. smb.conf
71.3.2.1. Security consideration
71.3.3. testparm - check an smb.conf configuration file for internal correctness
71.3.4. smbstatus - report on current Samba connections
71.3.5. smbpasswd - change a user's SMB password
71.3.6. nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names
71.3.7. smbfs/smbmount/smbumount
71.3.8. smbclient - ftp-like client to access SMB/CIFS resources on servers
71.3.8.1. 显示共享目录
71.3.8.2. 访问共享资源
71.3.8.3. 用户登录
71.3.9. smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
71.3.10. by Example
71.3.10.1. share
71.3.10.2. user
71.3.10.3. test
71.3.11. FAQ
71.3.11.1. smbd/service.c:make_connection_snum(1013)

71.1. NFSv4

71.1.1. Ubuntu

71.1.1.1. NFSv4 server

sudo apt-get install nfs-kernel-server
			

Configuration

vim /etc/exports
/www	 *(ro,sync,no_root_squash)
/home    *(rw,sync,no_root_squash)
/export       192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)
			

To start the NFS server

sudo /etc/init.d/nfs-kernel-server start
			

71.1.1.2. NFSv4 client

sudo apt-get install nfs-common
			

NFSv3

sudo mount example.hostname.com:/www /www
			

NFSv4

# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/ /mnt
# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/users /home/users
			

NFS Client Configuration

vim /etc/fstab
example.hostname.com:/ubuntu /local/ubuntu nfs rsize=8192,wsize=8192,timeo=14,intr
			

71.1.2. CentOS

71.1.2.1. NFS Server Configuration

yum install -y nfs-utils
		

过程 71.1. On the *SERVER* side

  1. stop & disable services

    service nfs stop
    service nfslock stop
    service rpcbind stop
    service rpcidmapd stop
    				
  2. /etc/fstab

    as root edit /etc/fstab and add nfs4 exports
    
    /www  /exports    none    bind    0 0
    				
  3. as root edit /etc/exports

    NFSv3

    /exports 		172.16.1.0/24 (rw,sync)
    				

    NFSv4

    /exports 		172.16.1.0/24(rw,sync,fsid=0,anonuid=99,anongid=99)
    /exports/neo	*(rs,sync)
    				
  4. reload exported filesystems

    # exportfs -rv
    				
  5. start required services

    chkconfig rpcbind on
    chkconfig nfs on
    chkconfig nfslock on
    chkconfig rpcidmapd on
    
    service rpcbind start
    service rpcidmapd start
    service nfs start
    service nfslock start
    				
  6. nfs status

    #  nfsstat
    Server rpc stats:
    calls      badcalls   badauth    badclnt    xdrcall
    171        0          0          0          0
    
    Server nfs v3:
    null         getattr      setattr      lookup       access       readlink
    3         1% 150      88% 0         0% 3         1% 2         1% 0         0%
    read         write        create       mkdir        symlink      mknod
    0         0% 0         0% 0         0% 0         0% 0         0% 0         0%
    remove       rmdir        rename       link         readdir      readdirplus
    0         0% 0         0% 0         0% 0         0% 0         0% 9         5%
    fsstat       fsinfo       pathconf     commit
    0         0% 3         1% 0         0% 0         0%
    				
    # watch nfsstat -c
    
    Every 2.0s: nfsstat -c                                                                                                                          Mon Sep 20 16:53:55 2010
    
    Client rpc stats:
    calls      retrans    authrefrsh
    286818929   1160       0
    
    Client nfs v4:
    null         read         write        commit       open         open_conf
    0         0% 37286763 13% 6         0% 1         0% 38990106 13% 17986485  6%
    open_noat    open_dgrd    close        setattr      fsinfo       renew
    6         0% 0         0% 38774539 13% 2172019   0% 16        0% 147       0%
    setclntid    confirm      lock         lockt        locku        access
    321       0% 321       0% 0         0% 0         0% 0         0% 62157123 21%
    getattr      lookup       lookup_root  remove       rename       link
    80553542 28% 8828991   3% 8         0% 5         0% 5         0% 0         0%
    symlink      create       pathconf     statfs       readlink     readdir
    0         0% 1         0% 0         0% 5         0% 0         0% 13933     0%
    server_caps  delegreturn
    24        0% 54556     0%
    				
  7. security

    # vi /etc/hosts.deny
    rpcbind:ALL
    
    # vi /etc/hosts.allow
    rpcbind:172.16.1.0/255.255.254.0
    				

NFS的队列大小下面将设置为较合理的值256K

# echo 262144 > /proc/sys/net/core/rmem_default
# echo 262144 > /proc/sys/net/core/rmem_max
# echo 262144 > /proc/sys/net/core/wmmen_default
# echo 262144 > /proc/sys/net/core/wmmen_max
		

过程 71.2. NFSv4

  1. /etc/exports

    # cat /etc/exports
    /www		172.16.1.2/32(ro,sync,fsid=0,anonuid=99,anongid=99)
    /www/logs	*(rw,sync)
    				

    注意,要通过NFS4共享一个目录,必须使用 fsid=0 的参数,使用fsid=0选项的时候只能共享一个目录,这个目录将成为NFS服务器的根目录。

  2. 启动NFS,v4 不需要rpcbind

    service rpcbind stop
    service rpcidmapd stop
    service nfs restart
    service nfslock stop
    				
  3. 查看 export 设置

    # exportfs
    /www          	172.16.1.2/32
    /www/logs     	172.16.1.0/24
    				
  4. mount NFSv4

    mount -t nfs4 172.16.1.15:/logs /mnt
    				
71.1.2.1.1. NFS 防火墙配置

查看NFS正在使用的端口

rpcinfo -p localhost			
			

vi /etc/sysconfig/nfs

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020
			
service nfs restart
			
iptables -I INPUT -m state --state NEW -p tcp \
    -m multiport --dport 111,892,2049,32803 -s 192.168.0.0/24 -j ACCEPT
 
iptables -I INPUT -m state --state NEW -p udp \
    -m multiport --dport 111,892,2049,32769 -s 192.168.0.0/24 -j ACCEPT		
			

71.1.2.2. NFS Client Configuration

CentOS 6 NFSv3 portmap 已经不存,已经被rpcbind替代

chkconfig rpcbind on
service rpcbind start
		

test nfs

mount 172.16.1.10:/exports /mnt
			

NFSv4

mount -t nfs4 -o ro,intr 172.16.1.10:/ /mnt
		
umount /mnt
		

过程 71.3. On the *CLIENT* side

  1. Mounting NFS File Systems using /etc/fstab

    The general syntax for the line in /etc/fstab is as follows:

    server:/usr/local/pub    /pub   nfs    rsize=8192,wsize=8192,timeo=14,intr
    				

    NFSv4

    server:/ /mount/point nfs4 rw,hard,intr,proto=tcp,port=2049,auto 0 0
    				
  2. mount all stuff from /etc/fstab

    # mount -a
    				
  3. rpcinfo

    rpcinfo -p
       program vers proto   port
        100000    2   tcp    111  portmapper
        100000    2   udp    111  portmapper
        100024    1   udp    707  status
        100024    1   tcp    710  status
        100021    1   udp  48233  nlockmgr
        100021    3   udp  48233  nlockmgr
        100021    4   udp  48233  nlockmgr
        100021    1   tcp  58065  nlockmgr
        100021    3   tcp  58065  nlockmgr
        100021    4   tcp  58065  nlockmgr
    				
  4. start required services

    centos 5.x

    chkconfig portmap on
    service portmap start
    				

    centos 6

    chkconfig rpcbind on
    service rpcbind start
    				
71.1.2.2.1. Using NFS over UDP

For example, on demand via the command line (client side):

mount -o udp shadowman.example.com:/misc/export /misc/local
			

When the NFS mount is specified in /etc/fstab (client side):

server:/usr/local/pub    /pub   nfs    rsize=8192,wsize=8192,timeo=14,intr,udp
			

71.1.3. exports

71.1.3.1. Permission

/etc/exports为:

/tmp     *(rw,no_root_squash)

/home/public 192.168.0.*(rw)   *(ro)

/home/test  192.168.0.100(rw)

/home/linux  *.example.com(rw,all_squash,anonuid=40,anongid=40)
			

71.1.3.2. Parameters

General Options

ro                      只读访问
rw                      读写访问
rsize					同时传输(读 )的数据块大小
wsize					同时传输(写)的数据块大小

sync                    所有数据在请求时写入共享
async                   NFS在写入数据前可以相应请求

secure                  NFS通过1024以下的安全TCP/IP端口发送
insecure                NFS通过1024以上的端口发送
wdelay                  如果多个用户要写入NFS目录,则归组写入(默认)
no_wdelay               如果多个用户要写入NFS目录,则立即写入,当使用async时,无需此设置。
hide                    在NFS共享目录中不共享其子目录
no_hide                 共享NFS目录的子目录
subtree_check           如果共享/usr/bin之类的子目录时,强制NFS检查父目录的权限(默认)
no_subtree_check        和上面相对,不检查父目录权限
			

User ID Mapping

all_squash              共享文件的UID和GID映射匿名用户anonymous,适合公用目录。
no_all_squash           保留共享文件的UID和GID(默认)
root_squash             root用户的所有请求映射成如anonymous用户一样的权限(默认)
no_root_squas           root用户具有根目录的完全管理访问权限
anonuid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的UID
anongid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的GID
			

71.1.3.3. 实例参考

只读挂载

172.16.2.5:/   /www/images   nfs4       ro,rsize=8192,wsize=8192,timeo=15,intr,noac
			

71.1.4. NFS For Windows

安装NFS服务,进入“控制面板”,点击“打开或关闭Windows功能”,再勾选“NFS 服务”,最后确定

启动NFS服务,控制面板\管理工具\Network File System 服务(NFS)

或者通过命令启动NFS服务

nfsadmin client [ComputerName] start
		

指定挂在用户ID,开始“运行”输入“regedit”回车,然后找到 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default,右键“新建”选择“DWORD(32为)值” 添加 AnonymousUid,AnonymousGid,然后双击 AnonymousUid,AnonymousGid编辑,选择十进制并输入用户ID。

重新启动NFS 服务,不需要重新启动计算机。

挂载文件系统

		
C:\Users\neo>mount \\192.168.2.15\www x:\
		
		

卸载文件系统

		
C:\Users\neo>umount x:

正在断开                x:      \\192.168.2.15\www
连接上存在打开的文件和/或未完成的目录搜索。

要继续此操作吗? (Y/N) [N]:Y

命令已成功完成。
		
		
[提示]提示

很不幸Microsoft Windows 目前尚不支持UTF-8字符集。

71.1.5. exportfs - maintain table of exported NFS file systems

# exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/www
# exportfs
/www          	172.16.0.0/24

# cat /var/lib/nfs/etab
/www	172.16.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=500,anongid=500)
		

reload /etc/exports

/usr/sbin/exportfs -r
		

To unexport the /usr/tmp directory:

# exportfs -u netkiller.github.com:/usr/tmp
		

To unexport all exports listed in /etc/exports:

# exportfs -au
		
#!/bin/bash
RETVAL=0

start()
{
	/usr/sbin/exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/backup
	mount /dev/sdb1 /backup
	RETVAL=$?
	echo
}

stop()
{
	exportfs -u 172.16.0.0/24:/backup
	umount /backup
	RETVAL=$?
}