Home | 簡體中文 | 繁體中文 | 雜文 | 打賞(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎專欄 | Search | Email

第 72 章 File Share

目錄

72.1. NFSv4
72.1.1. Ubuntu
72.1.1.1. NFSv4 server
72.1.1.2. NFSv4 client
72.1.2. CentOS
72.1.2.1. NFS Server Configuration
72.1.2.1.1. NFS 防火牆配置
72.1.2.2. NFS Client Configuration
72.1.2.2.1. Using NFS over UDP
72.1.3. exports
72.1.3.1. Permission
72.1.3.2. Parameters
72.1.3.3. 實例參考
72.1.4. NFS For Windows
72.1.5. exportfs - maintain table of exported NFS file systems
72.2. Parallel NFS(pNFS)
72.3. Samba
72.3.1. install
72.3.1.1. Ubuntu
72.3.1.2. Samba
72.3.1.3. CentOS 7
72.3.1.4. firewall
72.3.1.5. SELinux Configuration
72.3.2. smb.conf
72.3.2.1. Security consideration
72.3.3. testparm - check an smb.conf configuration file for internal correctness
72.3.4. smbstatus - report on current Samba connections
72.3.5. smbpasswd - change a user's SMB password
72.3.6. nmblookup - NetBIOS over TCP/IP client used to lookup NetBIOS names
72.3.7. smbfs/smbmount/smbumount
72.3.8. smbclient - ftp-like client to access SMB/CIFS resources on servers
72.3.8.1. 顯示共享目錄
72.3.8.2. 訪問共享資源
72.3.8.3. 用戶登錄
72.3.9. smbtar - shell script for backing up SMB/CIFS shares directly to UNIX tape drives
72.3.10. by Example
72.3.10.1. share
72.3.10.2. user
72.3.10.3. test
72.3.11. FAQ
72.3.11.1. smbd/service.c:make_connection_snum(1013)

72.1. NFSv4

72.1.1. Ubuntu

72.1.1.1. NFSv4 server

sudo apt-get install nfs-kernel-server
			

Configuration

vim /etc/exports
/www	 *(ro,sync,no_root_squash)
/home    *(rw,sync,no_root_squash)
/export       192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)
			

To start the NFS server

sudo /etc/init.d/nfs-kernel-server start
			

72.1.1.2. NFSv4 client

sudo apt-get install nfs-common
			

NFSv3

sudo mount example.hostname.com:/www /www
			

NFSv4

# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/ /mnt
# mount -t nfs4 -o proto=tcp,port=2049 nfs-server:/users /home/users
			

NFS Client Configuration

vim /etc/fstab
example.hostname.com:/ubuntu /local/ubuntu nfs rsize=8192,wsize=8192,timeo=14,intr
			

72.1.2. CentOS

72.1.2.1. NFS Server Configuration

yum install -y nfs-utils
		

過程 72.1. On the *SERVER* side

  1. stop & disable services

    service nfs stop
    service nfslock stop
    service rpcbind stop
    service rpcidmapd stop
    				
  2. /etc/fstab

    as root edit /etc/fstab and add nfs4 exports
    
    /www  /exports    none    bind    0 0
    				
  3. as root edit /etc/exports

    NFSv3

    /exports 		172.16.1.0/24 (rw,sync)
    				

    NFSv4

    /exports 		172.16.1.0/24(rw,sync,fsid=0,anonuid=99,anongid=99)
    /exports/neo	*(rs,sync)
    				
  4. reload exported filesystems

    # exportfs -rv
    				
  5. start required services

    chkconfig rpcbind on
    chkconfig nfs on
    chkconfig nfslock on
    chkconfig rpcidmapd on
    
    service rpcbind start
    service rpcidmapd start
    service nfs start
    service nfslock start
    				
  6. nfs status

    #  nfsstat
    Server rpc stats:
    calls      badcalls   badauth    badclnt    xdrcall
    171        0          0          0          0
    
    Server nfs v3:
    null         getattr      setattr      lookup       access       readlink
    3         1% 150      88% 0         0% 3         1% 2         1% 0         0%
    read         write        create       mkdir        symlink      mknod
    0         0% 0         0% 0         0% 0         0% 0         0% 0         0%
    remove       rmdir        rename       link         readdir      readdirplus
    0         0% 0         0% 0         0% 0         0% 0         0% 9         5%
    fsstat       fsinfo       pathconf     commit
    0         0% 3         1% 0         0% 0         0%
    				
    # watch nfsstat -c
    
    Every 2.0s: nfsstat -c                                                                                                                          Mon Sep 20 16:53:55 2010
    
    Client rpc stats:
    calls      retrans    authrefrsh
    286818929   1160       0
    
    Client nfs v4:
    null         read         write        commit       open         open_conf
    0         0% 37286763 13% 6         0% 1         0% 38990106 13% 17986485  6%
    open_noat    open_dgrd    close        setattr      fsinfo       renew
    6         0% 0         0% 38774539 13% 2172019   0% 16        0% 147       0%
    setclntid    confirm      lock         lockt        locku        access
    321       0% 321       0% 0         0% 0         0% 0         0% 62157123 21%
    getattr      lookup       lookup_root  remove       rename       link
    80553542 28% 8828991   3% 8         0% 5         0% 5         0% 0         0%
    symlink      create       pathconf     statfs       readlink     readdir
    0         0% 1         0% 0         0% 5         0% 0         0% 13933     0%
    server_caps  delegreturn
    24        0% 54556     0%
    				
  7. security

    # vi /etc/hosts.deny
    rpcbind:ALL
    
    # vi /etc/hosts.allow
    rpcbind:172.16.1.0/255.255.254.0
    				

NFS的隊列大小下面將設置為較合理的值256K

# echo 262144 > /proc/sys/net/core/rmem_default
# echo 262144 > /proc/sys/net/core/rmem_max
# echo 262144 > /proc/sys/net/core/wmmen_default
# echo 262144 > /proc/sys/net/core/wmmen_max
		

過程 72.2. NFSv4

  1. /etc/exports

    # cat /etc/exports
    /www		172.16.1.2/32(ro,sync,fsid=0,anonuid=99,anongid=99)
    /www/logs	*(rw,sync)
    				

    注意,要通過NFS4共享一個目錄,必須使用 fsid=0 的參數,使用fsid=0選項的時候只能共享一個目錄,這個目錄將成為NFS伺服器的根目錄。

  2. 啟動NFS,v4 不需要rpcbind

    service rpcbind stop
    service rpcidmapd stop
    service nfs restart
    service nfslock stop
    				
  3. 查看 export 設置

    # exportfs
    /www          	172.16.1.2/32
    /www/logs     	172.16.1.0/24
    				
  4. mount NFSv4

    mount -t nfs4 172.16.1.15:/logs /mnt
    				
72.1.2.1.1. NFS 防火牆配置

查看NFS正在使用的連接埠

rpcinfo -p localhost			
			

vi /etc/sysconfig/nfs

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020
			
service nfs restart
			
iptables -I INPUT -m state --state NEW -p tcp \
    -m multiport --dport 111,892,2049,32803 -s 192.168.0.0/24 -j ACCEPT
 
iptables -I INPUT -m state --state NEW -p udp \
    -m multiport --dport 111,892,2049,32769 -s 192.168.0.0/24 -j ACCEPT		
			

72.1.2.2. NFS Client Configuration

CentOS 6 NFSv3 portmap 已經不存,已經被rpcbind替代

chkconfig rpcbind on
service rpcbind start
		

test nfs

mount 172.16.1.10:/exports /mnt
			

NFSv4

mount -t nfs4 -o ro,intr 172.16.1.10:/ /mnt
		
umount /mnt
		

過程 72.3. On the *CLIENT* side

  1. Mounting NFS File Systems using /etc/fstab

    The general syntax for the line in /etc/fstab is as follows:

    server:/usr/local/pub    /pub   nfs    rsize=8192,wsize=8192,timeo=14,intr
    				

    NFSv4

    server:/ /mount/point nfs4 rw,hard,intr,proto=tcp,port=2049,auto 0 0
    				
  2. mount all stuff from /etc/fstab

    # mount -a
    				
  3. rpcinfo

    rpcinfo -p
       program vers proto   port
        100000    2   tcp    111  portmapper
        100000    2   udp    111  portmapper
        100024    1   udp    707  status
        100024    1   tcp    710  status
        100021    1   udp  48233  nlockmgr
        100021    3   udp  48233  nlockmgr
        100021    4   udp  48233  nlockmgr
        100021    1   tcp  58065  nlockmgr
        100021    3   tcp  58065  nlockmgr
        100021    4   tcp  58065  nlockmgr
    				
  4. start required services

    centos 5.x

    chkconfig portmap on
    service portmap start
    				

    centos 6

    chkconfig rpcbind on
    service rpcbind start
    				
72.1.2.2.1. Using NFS over UDP

For example, on demand via the command line (client side):

mount -o udp shadowman.example.com:/misc/export /misc/local
			

When the NFS mount is specified in /etc/fstab (client side):

server:/usr/local/pub    /pub   nfs    rsize=8192,wsize=8192,timeo=14,intr,udp
			

72.1.3. exports

72.1.3.1. Permission

/etc/exports為:

/tmp     *(rw,no_root_squash)

/home/public 192.168.0.*(rw)   *(ro)

/home/test  192.168.0.100(rw)

/home/linux  *.example.com(rw,all_squash,anonuid=40,anongid=40)
			

72.1.3.2. Parameters

General Options

ro                      只讀訪問
rw                      讀寫訪問
rsize					同時傳輸(讀 )的數據塊大小
wsize					同時傳輸(寫)的數據塊大小

sync                    所有數據在請求時寫入共享
async                   NFS在寫入數據前可以相應請求

secure                  NFS通過1024以下的安全TCP/IP連接埠發送
insecure                NFS通過1024以上的連接埠發送
wdelay                  如果多個用戶要寫入NFS目錄,則歸組寫入(預設)
no_wdelay               如果多個用戶要寫入NFS目錄,則立即寫入,當使用async時,無需此設置。
hide                    在NFS共享目錄中不共享其子目錄
no_hide                 共享NFS目錄的子目錄
subtree_check           如果共享/usr/bin之類的子目錄時,強制NFS檢查父目錄的權限(預設)
no_subtree_check        和上面相對,不檢查父目錄權限
			

User ID Mapping

all_squash              共享檔案的UID和GID映射匿名用戶anonymous,適合公用目錄。
no_all_squash           保留共享檔案的UID和GID(預設)
root_squash             root用戶的所有請求映射成如anonymous用戶一樣的權限(預設)
no_root_squas           root用戶具有根目錄的完全管理訪問權限
anonuid=xxx             指定NFS伺服器/etc/passwd檔案中匿名用戶的UID
anongid=xxx             指定NFS伺服器/etc/passwd檔案中匿名用戶的GID
			

72.1.3.3. 實例參考

只讀掛載

172.16.2.5:/   /www/images   nfs4       ro,rsize=8192,wsize=8192,timeo=15,intr,noac
			

72.1.4. NFS For Windows

安裝NFS服務,進入“控製麵板”,點擊“打開或關閉Windows功能”,再勾選“NFS 服務”,最後確定

啟動NFS服務,控製麵板\管理工具\Network File System 服務(NFS)

或者通過命令啟動NFS服務

nfsadmin client [ComputerName] start
		

指定掛在用戶ID,開始“運行”輸入“regedit”回車,然後找到 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default,右鍵“新建”選擇“DWORD(32為)值” 添加 AnonymousUid,AnonymousGid,然後雙擊 AnonymousUid,AnonymousGid編輯,選擇十進制並輸入用戶ID。

重新啟動NFS 服務,不需要重新啟動計算機。

掛載檔案系統

		
C:\Users\neo>mount \\192.168.2.15\www x:\
		
		

卸載檔案系統

		
C:\Users\neo>umount x:

正在斷開                x:      \\192.168.2.15\www
連接上存在打開的檔案和/或未完成的目錄搜索。

要繼續此操作嗎? (Y/N) [N]:Y

命令已成功完成。
		
		
[提示]提示

很不幸Microsoft Windows 目前尚不支持UTF-8字符集。

72.1.5. exportfs - maintain table of exported NFS file systems

# exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/www
# exportfs
/www          	172.16.0.0/24

# cat /var/lib/nfs/etab
/www	172.16.0.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=500,anongid=500)
		

reload /etc/exports

/usr/sbin/exportfs -r
		

To unexport the /usr/tmp directory:

# exportfs -u netkiller.github.com:/usr/tmp
		

To unexport all exports listed in /etc/exports:

# exportfs -au
		
#!/bin/bash
RETVAL=0

start()
{
	/usr/sbin/exportfs -o rw,all_squash,sync,anonuid=500,anongid=500 172.16.0.0/24:/backup
	mount /dev/sdb1 /backup
	RETVAL=$?
	echo
}

stop()
{
	exportfs -u 172.16.0.0/24:/backup
	umount /backup
	RETVAL=$?
}