---

O NFS ( Network FileSystem )
@
b}li NFS ]weAڭ̱oAѤ@UAO NFS OHMF@]SΡAaI ^_^Iҿת NFS NO Network FileSystem YgA̦eO Sun oaqҵoiXӪCL̤j\NOiHzLAPBP@~tΡBiHɭӧOɮ ( share file )AҥHAz]iH²檺NLݰO@ file server OIo NFS Server iHz PC ӱNݪ NFS DɪؿA쥻aݪAҥHAbaݪݰ_ӡAӻݥDؿNnOۤv@ӺϺФμѤ@ ( partition )IϥΤW۷KQI
@
Ϥ@BNFS DɥؿP Client ܷN
@ NpPWϥܤ@Aڭ̪ NFS Server ]wnFɥXӪ /home/sharefile oӥؿAL Client ݴNiHNoӥؿۤvtΤWYӱI(IiHۭqI)AҦpeϥܤ Personal Computer 1 P Personal Computer 2 ؿNۦPCڥunb Personal Computer 1 tΤiJ /home/data/sharefile ANiHݨ NFS Server tΤ /home/sharefile ؿUҦƤF (MAvnڡI^_^)Io /home/data/sharefile Nnڦۤv Personal Computer 1 ̭@ partition IunvFAziHϥ cp, cd, mv, rm... ϺЩɮ׬OIuOLXKoI
@
zγ\|ݰաGyxIo NFS OǥѤ˪wӶiǿ骺OHzM NFS ݩۤvwPϥΪ port number AObƶǰeΪ̨LTǻɭԡA NFS ϥΪhO@Ӻ٬ݵ{ǩIs( Remote Procedure Call, RPC )wӨU NFS B@I
@


---

O RPC ( Remote Procedure Call )
@
򤰻O RPC OHѦrWNӬݡyݵ{ǩIszNO@ǵ{( Program )b卤ݳsuɡAݭnΨ쪺{ǶܡHIOo˨SաI²檺ӻAڭ̦bϥάYǪAȨӶi卤ݳsuɭԡAǸTAҦpD IPBAȪ port numberBP쪺AȤ PID Aݭn޲zPIoǺ޲z port PAȬʪu@ANOo Remote Procedure Call, RPC ȤFI
@
nFApGڭ̱N NFS P RPC ̪ʳs_ӪܡAzӴNiHDG NFS AȨèSѸƶǻwAO NFS oڭ̶iɮתɡAo𫟺]ANO NFS ϥΨ@ǨLǿwIӳoǶǿ骺wANOϥΨoөҿת RPC \oIo]NOA NFS NOϥ RPC @ program NOFIոܤ@IA NFS ]iH@O@ RPC server աIPɭn`N쪺OAbYǪpA] NFS Server ݭnҰ RPC AȡAsaAn NFS partition Client A]ݭnPBҰ RPC ~Io Server ݻP Client ݤ~ǥ RPC wӶi program port I
@
OKI²檺A NFS ]iHݰO RPC server @ءA]LOϥγoبw program rI ^_^ I򬰤 NFS nϥ RPC OHoO] NFS iHQݰO@ɮרtΡA@ӪܡAzϥΪ̳su``ܤơAӥBzɮפeաBɪؿաA٦Lɮ׬TA]|``bܤơAoӮɭԡAϥoإiH program number P port number RPC N۷KFI]NOANFS Dnb޲zɥXӪؿAӦܩƪǻANNLᵹ RPC wӹB@NOFI
@
h NFS wTziHѦҩUG
@
• http://www.faqs.org/rfcs/rfc1094.html
• http://www.tldp.org/HOWTO/NFS-HOWTO/index.html
@


---

NFS Ұʪ RPC daemons
@
NFS server `@ݭnҥΨܤ֨ daemons A@Ӻ޲z Client O_iHnJDAt@Ӻ޲znJD᪺ Client ϥΪɮvIpGz٭n޲z quota ܡA NFS ٷ|۰ʪAJL RPC program OIڭ̳o̥H²檺觋ӳ]w NFSApUG

• rpc.nfsdGo daemon Dn\NOb޲z Client O_nJDvաA𫟺٥]toӵnJ̪ ID POI

• rpc.mountdGo daemon Dn\AhOb޲z NFS ɮרtέI Client ݶQqL rpc.nfsd ӵnJDAbLiHϥ NFS server ѪɮפeAٷ|gLɮרϥv ( NO -rwxrwxrwx P owner, group Xv ) {ҵ{ǡIL|hŪ NFS ]w /etc/exportsӤ Client vAqLo@A Client NiHoϥ NFS ɮתvաI(GoӤ]Oڭ̥ΨӺ޲z NFS ɤؿϥvPw]waI)

nҰ NFS ڭ̥nӮM~AOOG

• nfs-utils P nfs-utils-clients (ɫȦ@)
• portmap

• portmapG

NpP责Aڭ̪ NFS iHQ@ RPC server programAӭnҰʥ@ RPC server program eAڭ̳ݭnn port ( mapping ) u@~AoӤu@NOy portmap zoӪAȩҭtdI]NOAbҰʥ@ RPC server eAڭ̳ݭnҰ portmap ~OIo portmap 쩳bFOHNpPoӪAȪW١AINO@ port mapping ڡI|ӨҤlӻG Client ݹըӨϥ RPC server ҴѪAȮɡAѩ Client ݭno@ӥiHs port ~ϥ RPC server ҴѪAȡA]A Client N|h portmap yޡIiiHq@UAڭ port number AnڥiH RPC paIzoӮɭ portmap N۰ʪNۤv޲z port mapping i Client AnLiHsW server OIҥHoGyҰ NFS eAХҰ portmap Iz

• nfs-utilsG

NO rpc.nfsd rpc.mountd o NFS daemons PL documents PBɵMIoӴNO NFS DnMաI@wnI

nFADڭ̻ݭnoӮM󤧫A{bFHI֥hztΥ RPM ݤ@USoӮMաISܻ֥ RPM hw˳IMNUhFI
@

DG аݧڪDOH RPM M޲z Linux distribution AҦp Red Hat, Mandrake P OpenLinux Aڭnp󪾹DڪḒO_wgwˤF portmap P nfs MOH G ²檺ϥ rpm -qa | grep nfs P rpm -qa | grep portmap YiDաI

---

NFS M󵲺c
@
NFS oөNNuO²AWڭ̴쪺 NFS M󤤡A]wɥu@ӡAɤ]hAOɤ]TTӤwoIӬݤ@ݧaI ^_^
@
• /etc/exportsGoɮ״NO NFS Dn]wɤFILAtΨèSw]ȡAҥHoɮסy@w|sbzAҥHznϥ vi Dʪإ߰_oɮ׳Iڭ̵@Unͪ]w]ȥuOoɮצӤwoI

@
• /usr/sbin/exportfsGoӬO@ NFS ɸ귽OAڭ̥iHQγoӫOs /etc/exports ܧ󪺥ؿ귽BN NFS Server ɪؿέsɵAoӫOO NFS tθ̭۷n@ӳIܩOΪkڭ̦bU|AСC

@
• /usr/sbin/showmountGoOt@ӭn NFS OCexportfs OΦb NFS Server ݡA showmount hDnΦb Client ݡCo showmount iHΨӹ NFS ɥXӪؿ귽I

@
• /var/lib/nfs/xtabGoɮ׫hODn NFS ɫIڭ̪ NFS ɥXؿ귽A쩳 Client ݴgsWڭ̪ NFS DOHINOݳoɮתeYioI ^_^
@
NaIDnNOoXoI
@


---

DWޥij
@
pGzu@ҤA㦳h Linux DAåBwpɥXؿɡAbw Linux distribution ɭԡA̦niHWX@ partition @wdΡC]y NFS iHwؿӤzA]AziHNwd partition b@ӱIAANӱI(NOؿաI) /etc/exports ]wɥXhAӤu@ҤL Linux DNiHϥθ NFS Dwd partition FIҥHAbDWWADnݭndNu partition ӤwC~Aѩɪ partition ieQJIA̦niHw partition ]wY檺ѼƦb /etc/fstab I
@


---

]wy{(/etc/exports)
@
ڭ̦bz NFS yLF@UAzIݰ_ӦnI@I]IOH] portmap un@ scripts NiHҰʡA NFS un]w@ɮ״NiHQB@I໡²OIIo NFS uOL X ӤӤ.....²Fb}l NFS eAڭ̥H Windows tηy귽ɡzӻ@UӬy{aG
@
1. b Windows Server WA}ɮ`ޡAbYӥؿWkܱҰʸ귽ɡF
2. b귽ɪeAݭn]wyϥΪvz( H Windows 2000 )F
3. b Client ݻݭnnJ Windows server ɡAݭnҰʡyWھFzӴMiΪWɪؿAMIӥؿAYiHnJ Windows server ɡAhiH̾ڨBJ@vϥθӥؿUɮסI
@
ISI NFS Ӭy{]thOoˡG
@
• AݭnT{@Uz Linux DO_iH䴩 NFS oAȡAMA]w@UϥΪ̪ӷIPΥDW٥HΤɥXhؿvAOAҰ NFS YiN]wؿLɥXhFI
• b Client ݫϥγoӤɥXӪؿHNOH showmount o{ˬd Linux Server O_iHϥΪ NFS ؿApGܡANNL mount bWApGiH mount ANiHϥ NFS DѪ귽FI
@
IGM²aIҥHUڭ̴NӤ@Ӥ@ӨBJ@U NFS ]woG
@
1. tλݨD
2. /etc/exports
3. vD
4. ҰʪA portmap, nfsd
5. exportfs
6. ؿ /var/lib/nfs/xtab
7. showmount
8. [Ұʪ port number
@
OKICөNNӳشNӽͤ@ͧaG

• tλݨDG

ӡINFS ̧CwݨDܡHIz~|FIo̪ݨDOynݨDzաIݭnOG
1. Fڭ̤wg쪺ӮMy portmap P nfs-utils zݭnsb~F
2. z֤ߪ̦n 2.2.xx HnI
3. ~ApGssĶL֤ߡAzݡy@wnܡzNFS 䴩~I
ثeApGzϥΪOwˮɭԪ Linux distribution w]֤߮ɡAzΤӾߡA]tΤwgw]䴩 NFS oIҥHUNNziHIOApGzwgssĶL֤ߡAåBDzOsĶ ( ҦpDť~աBոլݷsANյӽsĶz֤߮ɡAҥHS`NoӶت ) AoӮɭԽЮXy Linux pе -- ¦Dz߽gznnAŪ@My֤߽sĶzI

• /etc/exportsG

nFAwgT{y@OKzAڭ̴NunӪ NFS աIoӪFu²檺աAun@ɮ״NiHdwFINOs /etc/exports oɮסAЪ`NAoɮצpGsbAЦۦإIåBAɦWngFIoɮתe²աAڭ̦CXLWhG
@

[root@test root]# vi /etc/exports [ɪؿ]  [DW1IP1(Ѽ1,Ѽ2)] [DW2IP2(Ѽ3,Ѽ4)]

@
WWhOo˪G[ɪؿ]DnOnɵ[DW1][DW2]AOѵo̪vä@ˡA𫟺ADW1vOѼ1PѼ2Aܩ󵹥DW2 Client vhOѼ3PѼ4CnFA򨺭ӡyvz]NOyѼơzDnǩOH

• rwGiŪgvF
• roGŪvF
• no_root_squashGnJ NFS DϥΤɥؿϥΪ̡ApGO root ܡAoӤɪؿӻALN㦳 root vIoӶءywzAijϥΡI
• root_squashGbnJ NFS DϥΤɤؿϥΪ̦pGO root ɡAoӨϥΪ̪vNQYΦWϥΪ̡Aq`L UID P GID |ܦ nobody ӨtαbF
• all_squashG׵nJ NFS ϥΪ̨AL|QYΦWϥΪ̡Aq`]NO nobody աI
• anonuidGe *_squash 쪺ΦWϥΪ̪ UID ]wȡAq` nobodyAOziHۦ]wo UID ȡIMAo UID ݭnsbz /etc/passwd I
• anongidGP anonuid AOܦ group ID NOFI
• syncGƦPBgJOPwзF
• asyncGƷ|ȦsOAӫDgJwСI

jPѼƴNOoXoIڭ̨Ӱ]XӨҤlnFG

• Ҥ@GڭnN /tmp ɥXhjaϥΡAѩoӥؿӴNOjaiHŪgA]ڭnҦHiHsC~Aڭn root gJɮ٬O㦳 root vIziHogI

[root@test root]# vi /etc/exports /tmp  *(rw,no_root_squash)

oˤ@ӡALרӦۭ(*UΦrIܸUOKI)iHϥΧڪ /tmp oӥؿCЪ`NA *(rw,no_root_squash) SťզrI /tmp P *(rw,no_root_squash) hOťզrӹj}ISO`N쨺 no_root_squash \IboӨҤlApGzO client ݡAӥBzOH root nJz Linux DAz mount WڳoD /tmp Azb mount ؿAN㦳yroot vIz
@
• ҤGGڭnN@Ӥ@ؿ /home/public }XhAOuwڪϰ 192.168.0.0/24 oӺiHŪgALHhuŪG

[root@test root]# vi /etc/exports /tmp@@@@@*(rw,no_root_squash) /home/public@192.168.0.*(rw)@@ *(ro) /home/public@192.168.0.0/24(rw)@*(ro)

Ъ`NAbWҤlA˼ƨ檺榡iHAΡIҥHung@YiIWҤlOAڪ IP Ob 192.168.0.0/24 oӺqɭԡAڦb Client ݱF Server ݪ /home/public AwoӳQڱؿڴN㦳iHŪgvܩpGڤOboӺqAoӥؿƧڴNȯŪӤwAYŪݩʰաI
@
• ҤTGڭnN@ӨpHؿ /home/test } 192.168.0.100 o Client ݪӨϥΡAڴNݳogG

[root@test root]# vi /etc/exports /tmp@@@@@*(rw,no_root_squash) /home/public@192.168.0.*(rw)@@ *(ro) /home/test@@192.168.0.100(rw)

o˴N]wFIӥBAu 192.168.0.100 o~ /home/test oӥؿisI
@
• ҥ|Gڭn *.linux.org 쪺DAnJڪ NFS DɡAiHs /home/linux AOL̦sƪɭԡAڧƱL̪ UID P GID ܦ 40 oӨϥΪ̡G

[root@test root]# vi /etc/exports /tmp@@@@@*(rw,no_root_squash) /home/public@192.168.0.*(rw)@@ *(ro) /home/test@@192.168.0.100(rw) /home/linux@ *.linux.org(rw,all_squash,anonuid=40,anongid=40)

SO`N쨺 all_squash P anonuid, anongid \Ip@ӡA test.linux.org nJo NFS DAåBb /home/linux gJɮ׮ɡAɮתҦHPҦsաAN|ܦ /etc/passwd ̭ UID 40 ӨϥΪ̤FI

• vDG

LץɭԡAvDOݭnҼ{쪺Iڭ̨Ӭݬݭإߪ /etc/exports ɮתeG

[root@test root]# vi /etc/exports /tmp@@@@@*(rw,no_root_squash) /home/public@192.168.0.*(rw)@@ *(ro) /home/test@@192.168.0.100(rw) /home/linux@ *.linux.org(rw,all_squash,anonuid=40,anongid=40)

]ڦb 192.168.0.100 nJo NFS ( IP ] 192.168.0.2 ) DAåBڦb 192.168.0.100 b test oӨAPɡAbo NFS W] test oӱbAGupܡAG
1. ѩ 192.168.0.2 o NFS D /tmp v -rwxrwxrwt AҥH ( test b 192.168.0.100 W ) b /tmp U㦳svAåBgJɮשҦH test F
2. b /home/public AѩڦŪgvAҥHpGb /home/public oӥؿv test }gJܡAڴNiHŪgAåBڼgJɮשҦHO test COU@ /home/public test oӨϥΪ̨èS}iHgJvɡA٬OSkgJɮ׳IoIЯSOdNI
3. b /home/test AڪvP /home/public ۦPAIٻݭn NFS D /home/test test }vF
4. b /home/linux N·СI]ױzO user Az@w|Qܦ UID=40 oӱbIҥHAoӥؿNݭnw UID = 40 ӱbW١AקLv~I
@
򰲦pڦb 192.168.0.100 test2 AO 192.168.0.2 o NFS DoS test2 oӱbɡAp|ܦ˩OH
1. ڦb /tmp U٬OiHgJAOgJɮשҦHܦ nobody FF
2. ڦb /home/public ̭O_iHgJAٻݭn /home/public vөwALAϥڪNQܦ nobody FNOF
3. /home/test [IP /home/public ۦPI
4. /home/linux UAڪNQܦ UID = 40 ӨϥΪ̴NOFI
@
򰲦pڦb 192.168.0.100 root OH root oӱbCӨtγ|rIIvܦ˩OH
1. ڦb /tmp ̭iHgJAåBѩ no_root_squash ѼơAܤFw] root_squash ]wȡAҥHb /tmp gJɮשҦH root I
2. ڦb /home/public U٬OQY nobody FI]w]ݩʸ̭㦳 root_squash OIҥHApG /home/public w nobody }gJvɡAڴNiHgJAOɮשҦHܦ nobody NOFI
3. /home/test P /home/public ۦPF
4. /home/linux pA root ]QY UID = 40 ӨϥΪ̤FI
@
o˪vѤAziHAѤFܡHo̬O̭naApGo@qLFAUNNNSDաI ^_^

• ҰʪA portmap, nfsd

nFA]wOK]SvD ( D]SYAiHƫbnn˵Pק@fI) AAӦ۵MNOҰʥLoIpҰʩOH²檺ܡALOKUhI

[root@test root]# /etc/rc.d/init.d/portmap start<==Ұ portmap I [root@test root]# /etc/rc.d/init.d/nfs start@@ <==Ұ NFS

portmap ڥNݭn]wIunҰʥLNiHաIҰʤA|X{@ port 111 sunrpc AINO portmap աIܩ nfs h|Ұʦܤ֨ӥHW daemon X{IMN}lbť Client ݪݨDաIҰʤAл֨ /var/log/messages ̭ݬݦSQTҰʩOH

[root@test root]# vi /var/log/messages Nov 16 15:04:45 test portmap: portmap startup succeeded Nov 16 15:04:53 test nfs: Starting NFS services:  succeeded Nov 16 15:04:54 test nfs: rpc.rquotad startup succeeded Nov 16 15:04:54 test nfs: rpc.mountd startup succeeded Nov 16 15:04:54 test nfs: rpc.nfsd startup succeeded

n`X{WrˤA~OTҰʳI

• exportfsG

nFApGڭ̭קF /etc/exports oɮפAO_ݭnsҰ nfs OHAäݭnAunϥ exportfs sˤ@ /etc/exports oɮסAåBsN]wJYiI]ANnAѤ@U exportfs ΪkFG

ykG [root@test root]# exportfs [-aruv] ѼƻG -a G(Ψ) /etc/exports ɮפ]w -r Gs /etc/exports ̭]wA~APBs /etc/exports @@ /var/lib/nfs/xtab eI -u GY@ؿ -v Gb export ɭԡANɪؿܨùWI dҡG [root@test root]# exportfs -rv  <==s export @I exporting 192.168.0.100:/home/test exporting 192.168.0.*:/home/public exporting *.linux.org:/home/linux exporting *:/home/public exporting *:/tmp reexporting 192.168.0.100:/home/test to kernel [root@test root]# exportfs -au <==FI

nx@UoӫOΪkIoˤ@ӡANiHs export ڭ̪Ob /etc/exports ؿoI

• ؿ /var/lib/nfs/xtab

 nFAzQNzؿɥXhAz򪾹DCӥؿvOHnѰOFA]ڭ̦۷hw]ݩʩOI]AoӮɭԴNoݭn@UzҤɪؿeoIݤ@U /var/lib/nfs/xtab oɮקaILIoˡG

[root@test root]# vi /var/lib/nfs/xtab /home/test  192.168.0.100(rw,sync,wdelay,hide,secure,root_squash, no_all_squash,subtree_check,secure_locks,mapping=identity,anonuid=-2, anongid=-2)

ݨSHoӴNO /home/test oӤɥXhؿw] NFS ̭ݩʰաIoݩʪAYӤ_ǪANO anonuid=-2 oӡA uid=-2 OHIꥦON 65536 - 2 ȡA]NO 65534 UID աIӤ@U /etc/passwd AzN|o{AzIӨNO nobody աI

• showmountG

showmount UWqANOݬݦSiH mount OIΩOH

ykG [root@test root]# showmount [-ae] hostname -a GbùWܥثeDP Client ҳsWӪϥΥؿA -e G hostname o /etc/exports ̭ɥؿI dҡG [root@test root]# showmount -e localhost Export list for localhost: /tmp         * /home/linux  *.linux.org /home/public (everyone) /home/test   192.168.0.100

²aIҥHAznˬY@DLѪ NFS ɪؿɡANϥ showmount -e IP(hostname)YiID`KaI

• [Ұʪ port numberG

OKIӬݬݧڭ̱Ұ NFS A쩳ҰʤFh֪ port OHn`NOAڭ̦Ұ portmap P nfs scripts I

[root@test root]# netstat -utln  Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN <==Ӧ portmap tcp        0      0 0.0.0.0:817             0.0.0.0:*               LISTEN <==Ӧ rpc.xxxx  tcp        0      0 0.0.0.0:1266            0.0.0.0:*               LISTEN <==Ӧ rpc.xxxx udp        0      0 0.0.0.0:2049            0.0.0.0:*@@@@@@@@@@@<==NO nfs port udp        0      0 0.0.0.0:814             0.0.0.0:*@@@@@@@@@@@<==Ӧ rpc.xxxx udp        0      0 0.0.0.0:1327            0.0.0.0:*@@@@@@@@@@@<==Ӧ rpc.xxxx udp        0      0 0.0.0.0:111             0.0.0.0:*@@@@@@@@@@@<==Ӧ portmap

`NݨWI`@ͤFnh port IuOiȡI`N nfs ۤvҶ}Ҫ port ANO 2049 port աIӴNO NFS Dnͪ port oCL rpc.xxxx port SOqӨӡH NFS server beڭ̴NLFALO RPC server @ءA NFS ѩ󴣨ѤFh program ( Ҧp rpc.mountd, rpc.rquotad, rpc.nfsd... ) A]NݭnҰʦh port FIӥBo port OyHͪzA]NO port number |OTwաIC restart nfs |o줣@˪ port number OI Client ݫ򪾹DnsW port өIsݭn program OHINO sunrpc ( port 111 ) portmap AȩҲͪ port number \ΰաIClient |s sunrpc port hDӨ쨺 port hIsһݭn{IҥHoA rpc.xxxx daemon ۵MNݭnTw port number oI

OKIoˤ@ӡA Server ݪ]wN OK աI
@


---

RPC server OG
@
nFAJMڭ̪Do NFS ϥΪO RPC oөNNAҥHMnD RPC C port bFrIoӮɭԡANणD rpcinfo oӫOFIӽͤ@ͳoӫOΪkaI
@

ykG [root@test root]# rpcinfo [-p] hostname(orIP) -p GܩҦ port P program TI dҡG [root@test root]# rpcinfo -p test.linux.org    program vers proto   port     100000    2   tcp    111  portmapper     100000    2   udp    111  portmapper     100011    1   udp   1014  rquotad     100011    2   udp   1014  rquotad     100011    1   tcp   1017  rquotad     100011    2   tcp   1017  rquotad     100003    2   udp   2049  nfs     100003    3   udp   2049  nfs     100021    1   udp   1339  nlockmgr     100021    3   udp   1339  nlockmgr     100021    4   udp   1339  nlockmgr     100005    1   udp   1340  mountd     100005    1   tcp   1271  mountd     100005    2   udp   1340  mountd     100005    2   tcp   1271  mountd     100005    3   udp   1340  mountd     100005    3   tcp   1271  mountd

@
o˴NiHDC port number ҹ program oIz]NDo RPC server ѵz program OFIMFAno rpcinfo iHTʧ@Az portmap ouʰ_Ӥ~oI[ooI

ݥDG
nFA Server ݤwg]wAۤUӦ۵MNOnϥ Client ݳsW Server oIsW Server BJO˩OH

1. ˥iHϥΪ Server ؿF
2. b Client aݫإ mount pointF
3. ϥ mount NݥDɪؿiӡF
4. ioͪDѨM(QױFIH)C

OKաIҥHڭ̱oD@Uڭ̪ḒH]ڪDW٬O test.linux.org AڭnDYǤǥ NFS ɥXӪؿANL showmount @UoI
@

[root@test root]# showmount -e test.linux.org Export list for localhost: /tmp         * /home/linux  *.linux.org /home/public (everyone) /home/test   192.168.0.100

@
MOH]ڭnN /home/public bڪ /home/nfs/public UAڴNooӥؿ~rIMAQ mount oӫOӱ /home/public oӥؿIIoˡG
@

[root@test root]# mkdir -p /home/nfs/public <==إ public oӥؿA[ -p iHW[ؿ [root@test root]# mount -t nfs test.linux.org:/home/public /home/nfs/public 榡G [root@test root]# mount -t nfs hostname(orIP):/directory /mount/point [root@test root]# df Filesystem           1K-blocks      Used Available Use% Mounted on /dev/hda1              1904920   1235380    572776  69% / /dev/hdb1               976344    115212    810736  13% /backup test.linux.org:/home/public                        1904920   1235376    572776  69% /home/nfs/public <==oӬOݥDeq

@
`N@U NFS ɮת榡dҳIIo˴NiHNƱiӰաIЪ`NIHAunziJzؿ /home/nfs/public NF test.linux.org ݥD /home/public ӥؿoIܤaIpN NFS ؿOHNϥ umount ڡI
@

[root@test root]# umount /home/nfs/public

@
ioͪDG
q`Lk]UoXӡG

1. ϥΪ̪vGHWҤlӻAڪ /home/test uണ 192.168.0.0/24 oӺAҥHApGڦb test.linux.org oAH localhost ӱɡAN|LkWAovSDaIziHոլݡG

[root @test root]# mount -t nfs localhost:/home/test /home/nfs mount: localhost:/home/test failed, reason given by server: Permission denied

ҥHoIpGzo{WܪTɡANܱzDviJӥؿoIpGTwz IP S~AЦ^ /etc/exports oɮפAwzۤv IP ӶiץaI
@
2. ѰOҰ portmap G

oӳ̮eQѰOFINOѰOFҰ portmap oӪAȰաIpGzo{z mount TOoˡG

[root@test root]# mount -t nfs localhost:/home/test /home/nfs mount: RPC: Port mapper failure - RPC: Unable to receive

Ϊ̬OG

[root@test root]# mount -t nfs localhost:/home/test /home/nfs mount: RPC: Program not registered

NN portmap ҰʧaIIåB]ݭnN nfs sҰʳI

[root@test root]# /etc/rc.d/init.d/portmap start [root@test root]# /etc/rc.d/init.d/nfs restart

@
3. QױFG

oӤ]ܮeѰOFINOs]w@UzAo]tFⳡA]A iptables P TCP_Wrappers I]ڭ̱ҰʤF portmap AoӪF観ӸƻݭnɥXӡA@ӬO port 111 ݭnѥXhA]z iptables WhAݭn}o port IIo˪Xrn[Jz iptables rules G

iptables -A INPUT -p TCP --dport 111 -j ACCEPT iptables -A INPUT -p UDP --dport 111 -j ACCEPT

pGzwg}Fo port svAo٬OLks\AӴNO TCP_Wrappers DFIˬd@Uz /etc/hosts.deny YO_oG

[root@test root]# vi /etc/hosts.deny ALL: ALL

GupܡAѩ portmap O portmap o daemon ұҰʪAҥHzNnb /etc/hosts.allow ̭[Jo@G

[root@test root]# vi /etc/hosts.allow portmap: ALL

Ϊ̬ON ALL 令zҷQnLϥ NFS YiIo˻iHAѤFܡHYQi@BAѤ@UAаѦҫe`LG²ظmC

ݭn`NOAѩ NFS ϥΪo RPC b client ݳsWDɡAzDQnAiN|yi઺ȡzIpGz Server W٦ Client bsuAznAionƭY~`\IӡIuI۫HܡHMzۭӨոլݡI ^_^IҥHoAijz NFS Server QneAy portmap P nfs zoӪFIpGLkTNo daemons AH netstat -utlp X PID AMH kill NLIoˤ~k`\IoӽЯSOSO`NOI

nFI@Ǫ`NƶFAAөOHFISO̭nw]w譱DFI NFS iH]wwa観̩OH٤֩OHѥ~ӤiHoˬݡG

1. iptables ]wF
2. TCP_Wrappers ]wF
3. /etc/exports v]wC

𪺰򥻷аѦҡy²ظmz@A̦nNӽg峹LݧA_hٯuAѩUbFI]zwgݧӽguFAۤUӧڭ̴Non@B@B۫إߨoI

• ϥ iptables jdsuG

]ڭ̪ NFS DnOw鷺}ӤwAӹ~udzN}AYO 140.0.0.0/8 AziHϥγo˪ykG

iptables -A INPUT -i eth0 -p TCP -s 192.168.0.0/24 --dport 111 -j ACCEPT iptables -A INPUT -i eth0 -p UDP -s 192.168.0.0/24 --dport 111 -j ACCEPT iptables -A INPUT -i eth0 -p TCP -s 140.0.0.0/8    --dport 111 -j ACCEPT iptables -A INPUT -i eth0 -p UDP -s 140.0.0.0/8    --dport 111 -j ACCEPT

oˤjPWNiH 192.168.0.0/24 o C Class P 140.0.0.0/8 o A Class zḒӡAӨLsuNz쥻 iptables AөwI
@
• ϥ TCP_Wrappers ӪdG

ƹWApGzop]w iptables ܡA]SYAڭ̥iHϥ TCP_Wrappers I]nϥ NFS NnqL portmap o@( ]nϥ RPC աI )Aӳo portmap iHǥ TCP_Wrappers Ӻ޲zIIӦnFINNLsud򭭨poIڭ̥iHb /etc/hosts.allow ̭WwsW NFS DD IP PW١A]Du 192.168.0.0/24 o C class 140.116.44.125 oӥDAHΫ᭱O ncku.edu.tw iHsWڪ NFS DAڥiHgoˡG

[root@test root]# vi /etc/hosts.allow portmap: 192.168.0.0/255.255.255.0  portmap: 140.116.44.125  portmap: .ncku.edu.tw  [root@test root]# vi /etc/hosts.deny portmap: ALL

Io˥iN]wnoI²檺aI
@
• ϥ /etc/exports ]wwvG

oNoAz޿ҤFI]wSYAObyKQzPywzAnzIoI root_squash all_squash \AAQ anonuid ]wӳWdnJzDϥΪ̨I٬OkѤ@Ӹw NFS DI

• Client ݱDG

򥻤WAb Client ݱɭԡAF߷|p߭ NFS ݱiӪ㦳 SUID vɮת{Ioӫܥi|M`tΪwOI] SUID ӴNOܦwIҥHOAzo root ]iHN NFS ҤɪؿHwpiӡIҦpG

[root@test root]# mount -t nfs -o nosuid,ro hostname:/directory /mount/point

nosuid ]O@ӫܤܳI

q`ڭ̳|ijAnҰ NFS Server AYϭnҰʡA̦n]OwYӽdӶiؿɡIåBAynϥΪ̼hŨӺ޲zz|n@dzIUڭ̴NӹڪbzWd@²檺 NFS server aI

]ҡG

1. ]ڪ Linux D 192.168.0.100 o@F
2. wpN /tmp HiŪgAåBϥΪ̨觋ɵҦ 192.168.0.0/24 oӺ줤Ҧ Linux u@F
3. wp} /home/nfs oӥؿAϥΪݩʬŪAiѰF줺u@~AV~紣ѸƤeF
4. wp} /home/upload 192.168.0.0/24 oӺ쪺ƤWǥؿA𫟺Ao /home/upload ϥΪ̤Ωݸsլ nfs-upload oӦWrAL UID P GID 210F
5. wpN /home/andy oӥؿȤɵ 192.168.0.50 o Linux DAHѸӥDW andy oӨϥΪ̨ӨϥΡA]NOA andy b 192.168.0.50 192.168.0.100 bABb andy AҥHwp} /home/andy andy ϥΥLaؿաI

atmG
nFAбznݩUסAۤvʵΪ̪bۤvWʤ@@ݡAoznפAbݩUaI

• ANOnإ /etc/exports oɮתeoAziHo˼gaI

[root @test root]# vi /etc/exports /tmp@@@@@192.168.0.*(rw,no_root_squash) /home/nfs@ @192.168.0.*(ro)  *(ro,all_squash) /home/upload@192.168.0.*(rw,all_squash,anonuid=210,anongid=210) /home/andy@@192.168.0.50(rw)

jNOoˤlaIziHۦլݬݡI
@
• AӡANOnإߨCӹؿ Linux vFIڭ̤@Ӥ@ӨӬݡG

1. /tmp [root @test root]# ll /  drwxrwxrwt    6 root     root         4096 Nov 16 09:07 tmp 2. /home/nfs [root @test root]# mkdir -p /home/nfs            <==إߩһݭnؿ [root @test root]# chmod 755 -R /home/nfs      <==קY檺ɮv NؿPɮ׳]wŪIgJAA|OI@II 3. /home/upload [root @test root]# groupadd -g 210 nfs-upload  <==إߩһݭn 210 oӸs [root @test root]# useradd -g 210 -u 210 -M nfs-upload <==إ߻ݭnϥΪ̦W [root @test root]# mkdir -p /home/upload       <==إ߰_ؿFI [root @test root]# chown -R nfs-upload:nfs-upload /home/upload <==ק̡֦I pAhϥΪ̻Pؿv]woI 4. /home/andy [root @test root]# ll /home drwx------    3 andy     andy         4096 Oct 28 13:37 andy

oˤl@ӡAvDjNiHѨMoI
@
• Ұ portmap P nfs AȡG

[root @test root]# /etc/rc.d/init.d/portmap start [root @test root]# /etc/rc.d/init.d/nfs start

@
• b 192.168.0.50 oWtm@UG

1. T{iΥؿ [andy @linux50 andy]$ showmount -e 192.168.0.100 Export list for 192.168.0.100: /tmp         192.168.0.* /home/nfs    (everyone) /home/upload 192.168.0.* /home/andy   192.168.0.50 2. إ߱IG [andy @linux50 andy]$ mkdir -p /home/zzz/tmp [andy @linux50 andy]$ mkdir -p /home/zzz/nfs [andy @linux50 andy]$ mkdir -p /home/zzz/upload [andy @linux50 andy]$ mkdir -p /home/zzz/andy 3. ڱG [andy @linux50 andy]$ su   <==q` Linux u\ root ӱI [root @linux50 andy]# mount -t nfs 192.168.0.100:/tmp /home/zzz/tmp [root @linux50 andy]# mount -t nfs 192.168.0.100:/home/nfs /home/zzz/nfs [root @linux50 andy]# mount -t nfs 192.168.0.100:/home/upload /home/zzz/upload [root @linux50 andy]# mount -t nfs 192.168.0.100:/home/andy /home/zzz/andy [root @linux50 andy]# exit

ӨBJjPWNOo˧oI[oI

• Network FileSystem (NFS) iHDzLɩɮ׻PؿF
• NFS DnOzL RPC Ӷi file share تAҥH Server P Client RPC @wnҰʤ~I
• NFS DiHsu Client ݪnJPvF
• NFS ]wɴNO /etc/exports oɮסF
• NFS nnɥiHѦ /var/lib/nfs/xtab oɮסA٥]t۷hΪTb𫟺I
• NFS DneAаȥ portmap P nfs server A_hLkQ\F
• NFS Db /etc/exports oɮפAiHzL exportfs oӫOӭsɪؿI
• iHϥ rpcinfo [ RPC program YIII
• NFS Db]wANnҼ{ client ݵnJvDAܦhɭԵLkgJΪ̵LkiɡADnO Linux ɮתv]wDҭPI
• NFS ]wiHzL RPC Dn port AYO 111 o port Ӻ޲zI~AizL TCP_Wrappers Ӻ޲zI
• NFS Τݥun\ mount NFS DɪؿAϥΤWNnۤv partition @F
• NFS ΤݥiHzLϥ showmount, mount P umount Өϥ NFS DѪɪؿI

b LPI http://www.lpi.org ̭쪺A NFS ҸDwaAub LPI level 1 102 A̭ topic 113 Networking Services Aĥ|IA² NFS ]wCjժOyժ̻A NFS ]wBҰʻPYzܩ|Ҫɮ׻POi঳oǡG

• /etc/exports
• /etc/fstab
• mount
• umount

• http://www.faqs.org/rfcs/rfc1094.html
• http://www.tldp.org/HOWTO/NFS-HOWTO/index.html
• man exports

• NFS Dn]wɬHӦbɮפDn]wجH
• b NFS Dn]wɷȦֳ\ѼƻAܩw]ѼƻhSbɮ׷X{AаݡApGnd\ԲӪɥXӪɮתݩʡAnݨɮסH
• pGwgҰʤF nfs oӦAAOoSקLDn]wɡAаݥiHϥΨӫOӭsɥXӪؿP client v]wȡH
• b client ݦpGn NFS ҴѤɪɮסAiHϥΨӫOH
• b NFS Dn]wɷAiHzLӰѼƨӱ client ݥH root ϥαzҤɥXӪؿPɮסH
• ڦb client ݱF NFS Server Yӥؿbڪ /home/data UAڰ𫟺Yӵ{ɡAoo{ڪtγQ}aFHz{i઺]HӦpJAo˪DAרOڪ Client ݥDOhH@ΪҡAȨLϥΪ̤]P˵oDOHI

eѦҸѵ