1. File sharing service – NFS


1. NFS service foundation

1.1 working principle of NFS

NFS: network file system is a kernel based file system 
By using NFS, applications can access files on remote systems as if they were local files, which is based on remote procedure call (RPC)
RPC adopts C / S mode. The client application calls the local process (portmap), sends a call information with process parameters to the service process (portmap), and then waits for the response information 
On the server side, the portmap process stays asleep until the call information arrives When a call message arrives, the server obtains the process parameters, calculates the results, sends a reply message, and then waits for the next call message
Finally, the client invokes the local portmap process, receives the reply information, gets the result of the process, and then calls to continue.
1. File sharing service - NFS

Picture png
When a shared directory, such as / home / data, is set in the NFS server, other NFS clients with access to the NFS server can mount the / home / data to a mount point of their file system
This mount point can be defined by the client. After it is mounted, the client can access the mount point locally to access all the data of / home / data on the NFS server
If the server side is configured as read-only, the client can only read files If it is read-write permission, the client can read and write at the local mount point, and the file modification also occurs on the server side

1.2 NFS communication

NFS works on port 2049. In addition to port 2049, NFS also opens multiple random ports to provide services to clients. Multiple different ports are uniformly registered and scheduled through rpcbind service
[23:10:24 [email protected] ~]#grep 2049 /etc/services 
nfs             2049/tcp        nfsd shilp      # Network File System
nfs             2049/udp        nfsd shilp      # Network File System
nfs             2049/sctp       nfsd shilp      # Network File System
The client interacts with the server uniformly through the rpcbind service (Port: 111), and the NFS server will register the open random port in the rpcbind service 
The client invokes different functions on the NFS server through the rpcbind registry
NFS service depends on rpcbind service, so NFS startup depends on rpcbind However, after the centos7 version, the dependencies between the system services will be resolved automatically

Communication process between client and server:

1. The server starts the RPC service and opens port 111
2. The server starts NFS service and registers the random port number opened by itself with rpcbind
3. The client starts RPC and requests the server-side NFS port from the server-side RPC service
4. The RPC service on the server side notifies the client of the port number opened by NFS
5. The client establishes a connection with NFS by obtaining the port number of NFS and starts data transmission

1.3 NFS software

Software package: NFS utils (including server and client related tools)
Related software packages: rpcbind (must be installed), TCP_ Wrappers, installing NFS utils will automatically install these two packages
rpcbind.x86_64 0:0.2.0-49.el7              tcp_wrappers.x86_64 0:7.6-77.el7
Kernel support: NFS ko
Port: 2049 (NFSD). Other ports are allocated by portmap (111)
Note: starting with centos6, the portmap process is replaced by rpcbind

1.4 shared resource definition file

1. The / etc / exports file is provided by the system infrastructure package
[23:30:07 [email protected] ~]#rpm -qf /etc/exports
2. /etc/exports. d. Provided by NFS utils package
Both can define shared resources

1.5 service startup

[23:33:15 [email protected] ~]#systemctl enable --now nfs
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[23:35:08 [email protected] ~]#ss -ntl
State      Recv-Q Send-Q                                             Local Address:Port                                                            Peer Address:Port              
LISTEN     0      100                                                                                                                   *:*                  
LISTEN     0      64                                                             *:2049                                                                       *:*                  
LISTEN     0      128                                                            *:59524                                                                      *:*                  
LISTEN     0      128                                                            *:111                                                                        *:*                  
LISTEN     0      128                                                            *:20048                                                                      *:*                  
LISTEN     0      64                                                             *:34134                                                                      *:*                  
LISTEN     0      128                                                            *:22                                                                         *:*                  
LISTEN     0      100                                                        [::1]:25                                                                      [::]:*                  
LISTEN     0      64                                                          [::]:40607                                                                   [::]:*                  
LISTEN     0      64                                                          [::]:2049                                                                    [::]:*                  
LISTEN     0      128                                                         [::]:36940                                                                   [::]:*                  
LISTEN     0      128                                                         [::]:111                                                                     [::]:*                  
LISTEN     0      128                                                         [::]:20048                                                                   [::]:*                  
LISTEN     0      128                                                         [::]:22                                                                      [::]:* 

1.6 main processes of NFS

rpc. NFSD is the most important NFS process, which manages whether clients can log in
rpc. Mountd mounts and unmounts NFS file systems, including rights management
rpc. Lockd is unnecessary. Manage file locks to avoid simultaneous write errors
rpc. Statd is unnecessary. Check the file consistency and repair the file

2 NFS application

File sharing case

Server for NFS:
NFS client:

2.1 create a shared directory on the server

[23:42:51 [email protected] ~]#mkdir /data/nfsdir{1,2}
[23:44:14 [email protected] ~]#ls /data
nfsdir1  nfsdir2
[23:44:16 [email protected] ~]#touch /data/nfsdir1/a.txt
[23:45:11 [email protected] ~]#touch /data/nfsdir2/b.txt
[23:45:17 [email protected] ~]#tree /data
├── nfsdir1
│   └── a.txt
└── nfsdir2
    └── b.txt

2 directories, 2 files

2.2 share directories

  • Method 1: define in / etc / exports file
Share the / data / nfsdir1 directory. Everyone can remotely mount the directory (*). The following permission options are default (RO, sync, root_squash, no_all_squash) 
[23:45:19 [email protected] ~]#vim /etc/exports

/data/nfsdir1 *
  • Method 2: in / etc / export D directory The file definition at the end of exports. The file name doesn’t matter. The suffix must be exports
[23:48:05 [email protected] ~]#vim /etc/exports.d/test.exports

/Data / nfsdir2 * (RW) # note that there must be no space between the allowed host bit and the option bit

2.3 make configuration effective

Method 1: restart NFS service
systemctl restart nfs
Method 2: exportfs - R # the command to make the configuration file effective only The service will not be restarted and the user experience will not be affected
#The alert prompt can be ignored because nfsdir1 has no options set
[23:53:40 [email protected] ~]#exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning

2.4 viewing NFS share configuration

Exportfs - V (displays the directory shared through NFS on the current host, as well as the corresponding host with permissions and corresponding permissions)
[23:53:42 [email protected] ~]#exportfs -v
/data/nfsdir1   <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2   <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)

2.5 client remote mount

NFS client:
  • Use the showmount command to see what resources the remote server can use
Showmount comes from the NFS utils package, so you should also install the NFS utils package on the client
Showmount - e hostname can list the target host and the file list shared through NFS
[23:57:29 [email protected] ~]#showmount -e
Export list for
/data/nfsdir2 *
/data/nfsdir1 *
  • Create a WordPress directory and simulate mounting the shared directory of NFS to WordPress Save the data in WordPress and finally save it to the shared directory of NFS
[23:57:34 [email protected] ~]#mkdir /var/www/html/wordpress -pv
mkdir: created directory ‘/var/www’
mkdir: created directory ‘/var/www/html’
mkdir: created directory ‘/var/www/html/wordpress’
  1. Temporary mount

Mount the shared directory through the mount command. The mount command in NFS is actually called mount Nfs4, this package comes from NFS utils, so the client also needs to install the NFS utils package

[00:00:47 [email protected] ~]#mount
mount       mount.fuse  mount.nfs   mount.nfs4  mountpoint  mountstats  

Mount server IP: shared directory local directory
[00:01:56 [email protected] ~]#mount /var/www/html/wordpress


[00:02:02 [email protected] ~]#df -h
Filesystem                Size  Used Avail Use% Mounted on
devtmpfs                  476M     0  476M   0% /dev
tmpfs                     487M     0  487M   0% /dev/shm
tmpfs                     487M  7.7M  479M   2% /run
tmpfs                     487M     0  487M   0% /sys/fs/cgroup
/dev/sda2                  20G  1.6G   19G   8% /
/dev/sda5                  27G   33M   27G   1% /data
/dev/sda1                1014M  131M  884M  13% /boot
tmpfs                      98M     0   98M   0% /run/user/0   27G   33M   27G   1% /var/www/html/wordpress

[00:02:21 [email protected] ~]#ls /var/www/html/wordpress
Because nfsdir1 is the default permission, it can only be read, and the a.txt file cannot be modified

[00:02:37 [email protected] ~]#> /var/www/html/wordpress/a.txt 
-bash: /var/www/html/wordpress/a.txt: Read-only file system
Create another mount point and test nfsdir2. Since the permission is read-write permission, you can modify the b.txt file

[00:03:02 [email protected] ~]#mkdir /var/www/html/discuzz -pv
mkdir: created directory ‘/var/www/html/discuzz’
[00:03:53 [email protected] ~]#mount /var/www/html/discuzz/
[00:04:20 [email protected] ~]#ls /var/www/html/discuzz/
[00:04:25 [email protected] ~]#echo "test" > /var/www/html/discuzz/b.txt 
-bash: /var/www/html/discuzz/b.txt: Permission denied
Although dir2 has write permission, the modification fails and the permission is denied
[00:14:06 [email protected] ~]#ll /data
total 0
drwxrwxrwx 2 root root 19 Feb 11 23:45 nfsdir1
drwxrwxrwx 2 root root 19 Feb 11 23:45 nfsdir2
After modifying the operating system file permissions, the write operation can be completed
[15:36:23 [email protected] ~]#chmod  -R o+w  /data/nfsdir2
[00:04:43 [email protected] ~]#echo "test" > /var/www/html/discuzz/b.txt 
[00:14:24 [email protected] ~]#cat /var/www/html/discuzz/b.txt
On the client side, the file is created as root user, and the owner and group of the file are squeezed into nfsnobody (UID nfsnobody)
[15:36:27 [email protected] ~]#touch /var/www/html/discuzz/file1.txt
touch: cannot touch ‘/var/www/html/discuzz/file1.txt’: Permission denied

[15:40:04 [email protected] ~]#ll /data
total 4
drwxr-xr-x 6 mysql mysql 4096 Apr 22 13:17 mysql
drwxr-xr-x 2 root  root    19 Apr 22 13:26 nfsdir1
drwxr-xrw- 2 root  root    19 Apr 22 13:26 nfsdir2
[15:40:12 [email protected] ~]#ll /data/nfsdir2/
total 4
-rw-r--rw- 1 root root 5 Apr 22 15:36 b.txt
Server modification permission
[15:40:17 [email protected] ~]#chmod -R 777 /data/nfsdir2

Create the file on the client again
[15:41:53 [email protected] ~]#touch /var/www/html/discuzz/file1.txt
[15:42:24 [email protected] ~]#ll /var/www/html/discuzz/
total 4
-rwxrwxrwx 1 root      root      5 Apr 22 15:36 b.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Apr 22 15:42 file1.txt
Root squeeze: by default, files created by root at the mount point will be squeezed into nfsnobody users. Files are nfsnobody on both the client and server sides
[15:42:24 [email protected] ~]#ll /var/www/html/discuzz/
total 4
-rwxrwxrwx 1 root      root      5 Apr 22 15:36 b.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Apr 22 15:42 file1.txt
[15:53:57 [email protected] ~]#ll /data/nfsdir2
total 4
-rwxrwxrwx 1 root      root      5 Apr 22 15:36 b.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Apr 22 15:42 file1.txt

Reason analysis of modification failure:

  1. Although the NFS shared directory allows the client RW when it is set, this is at the NFS level, and the operating system level does not give the client write permission
  2. Write data to the shared directory with the root of the client. In fact, when it comes to the server, it is other users. Therefore, the root of the client is not the root of the server Here, when the client creates files in the shared directory, the user identity will be mapped to nfsnobody
To sum up, you want the client account to have write permissions in the shared directory. In addition to setting RW permissions in the / etc / exports file, you also need to give remote users read, write and execute (777) permissions for the entire directory at the file system level 
Directory read permission, you can LS see the contents of the directory
Directory write permission, you can create and delete files in the directory
Directory execution permission, you can enter the directory
File and directory permissions supplement:
If you want to enter a directory, you need x permission. If you only have X permission for a directory, you can only enter the directory. You can't view the directory content ls, create or delete files in the directory touch, etc
If you want to create and delete files in a directory, you must have Wx permission of the directory. If you have only Wx permission for a directory, you can enter the directory and create and delete files in the directory, but you cannot modify files If you want to modify a file, you need to have w permissions on the file itself
If you want to see the file list in a directory, you need RX permission. If you only have RX permission for a directory, you can LS view the directory file list and enter the directory, but you cannot create or delete files As for whether you can modify the contents of files in the directory, it depends on whether you have write permission to the file. At this time, if you don't w permission to the file, you can't modify the file

2.6 root_squash

  • When a file is created by accessing NFS from the client as root, it will be squeezed into an nfsnobody user

  • If an ordinary user accesses NFS from the client, it will be mapped to a person with the same user ID on the NFS server For example, on the client side, the ID of the admin user is 500 After connecting to NFS, it will be mapped to a user with user ID 500 on NFS. This user is not necessarily admin. It depends on the settings on the server
    If there is no corresponding user ID on the server, the user ID of the user on the client is mapped, that is, the ID number. Therefore, when using NFS, ensure that the permissions of the client and the server are consistent

Prone problems:

On different NFS clients (such as web servers), the user IDs of the same user name are not necessarily the same. Therefore, if the ID of the same user, such as admin, is 100 on web1 and 200 on web2, 100 will be mapped to the user name of 100 on NFS when accessing NFS, and 200 will be mapped to the user name of 200 on NFS when accessing NFS At this time, the same user admin accesses NFS through different servers. Different mapped users will lead to confusion of permissions and affect file management

For example, if a user sends an image to NFS through web1, and the system account on web1, such as Apache, has an ID of 100, accessing NFS will map to 100 users on NFS, then the owner and group of the uploaded image are the 100 users After that, the user wants to delete the picture. As a result, when connecting to the server, it is scheduled to web2, and Apache on web2 is 200iD. Connecting to NFS through 200iD will be mapped to the user with 200iD on NFS. It must be different from the user mapped during the first connection, so it has no permission to delete the picture But if the next visit is scheduled back to web1, it can be deleted again
Therefore, if the server accounts are not unified, it is likely to cause permission problems and failure of verification

How to unify user names and IDs of all machines:

  1. LDAP mode to realize centralized user account management

Instead of creating user accounts on each web machine, a unified shared service is created to store web server user accounts
There is a database in the LDAP server, which will build all user accounts in the database The NFS server takes the account number from the LDAP server for authentication

  1. In addition, the IDS in all containers should also be consistent. When making the basic image, ensure that the accounts are consistent. All upper layer business images integrate accounts from the basic image to ensure that all server accounts are consistent
  2. Web servers are connected with root and NFS, and set not to crush root
  3. Web servers use whatever they like, but access to NFS is uniformly squeezed into the same user

If you don’t want to crush root into an ordinary user, you just need to modify the shared configuration file of the corresponding directory on NFS. Here, take / data / nfsdir2 as an example

Restore the permissions of / data / nfsdir2 to the default 755

[00:54:46 [email protected] ~]#chmod 755 /data/nfsdir2
[00:54:54 [email protected] ~]#ll -d /data/nfsdir2
drwxr-xr-x 2 root root 36 Feb 12 00:16 /data/nfsdir2

Modify the shared profile of / data / nfsdir2

[00:54:58 [email protected] ~]#vim /etc/exports.d/test.exports 

/Data / nfsdir2 * (RW, no_root_squash) # there should be no space between the permission bits

[00:56:04 [email protected] ~]#exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning

[00:56:04 [email protected] ~]#exportfs -v
/data/nfsdir1   <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2   <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)

Test on client

[00:57:57  [email protected] -client /var/www/html/discuzz]#echo 111 > file1. Txt # file modified successfully
[00:58:02 [email protected] /var/www/html/discuzz]#cat file1.txt 
[00:59:19 [email protected] /var/www/html/discuzz]#touch file2.txt
-rw-r--r-- 1 root      root      0 Feb 12 00:59 file2. Txt # owner and group are both root

View the created file on the server side

[00:56:30 [email protected] ~]#ll /data/nfsdir2
total 8
-rw-r--r-- 1 root      root      0 Feb 12 00:59 file2. Txt # newly created files, the owner and group are also root

If no_ root_ Square and all_ If squash is set at the same time, the root will still be squeezed into nfsnobody

How to specify the user name after being squeezed- Modify shared directory matching file

[23:10:07 [email protected] /data/nfsdir2]#vim /etc/exports.d/test.exports 

/data/nfsdir2 *(rw,all_squash,anonuid=2,anongid=2)
After modification, both root and ordinary users will be pressed as uid = 2 and GID = 2 on NFS
root_ Square: the default option. The remote root user is mapped to the nfsnobody user, and the uid is 65534
no_ root_ Square: the remote root is mapped to the root user of the NFS server
all_ Square: all remote users, including root, become nfsnobody
no_ all_ Square: the default option is not to squeeze ordinary users, and the uid and GID of shared files are reserved

2.7 sync and async

Sync: synchronization. When data is requested, it is immediately written to the shared storage disk. It has low performance but high security
Async: asynchronous. Data is not written to the disk immediately after changes. It is written to the buffer first and then to the disk after a period of time. It has high performance but low security

2.8 mount permission settings

Configure IP addresses in the shared directory to control which IP hosts can be mounted
For the / data / nfsdir2 directory, can be mounted with read-write permission, and can be mounted with read-only permission
[01:17:43 [email protected] ~]#vim /etc/exports.d/test.exports 

[01:29:06 [email protected] ~]#exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning test. It has been mounted before. There is no need to mount it again
[01:22:38 [email protected] /var/www/html/discuzz]#touch testfile.txt
[01:22:45 [email protected] /var/www/html/discuzz]# test
[01:25:52 [email protected] ~]#mount /var/www/html/discuzz
[01:26:14 [email protected] ~]#df -h
Filesystem                Size  Used Avail Use% Mounted on
devtmpfs                  476M     0  476M   0% /dev
tmpfs                     487M     0  487M   0% /dev/shm
tmpfs                     487M  7.7M  479M   2% /run
tmpfs                     487M     0  487M   0% /sys/fs/cgroup
/dev/sda2                  20G  1.6G   19G   8% /
/dev/sda5                  27G   33M   27G   1% /data
/dev/sda1                1014M  131M  884M  13% /boot
tmpfs                      98M     0   98M   0% /run/user/0   27G   33M   27G   1% /var/www/html/discuzz
[01:28:06 [email protected] /var/www/html/discuzz]#echo 11 > testfile.txt 
-bash: testfile.txt: Read-only file system

NFS privilege hidden danger

Even if you do not have permission to mount a host, you can view the mount rules set by the NFS server through the showmount - e command In this way, you can modify your IP address to act as a machine that can be mounted, which is not safe

2.9 long term use, remote mount and lasting storage

Mount mounts are temporary, restart fails, and are saved for a long time. Write to the / etc / fstab file

Permanently mount the / data / nfsdir2 directory at
[01:33:17 [email protected] ~]#vim /etc/fstab                   /mnt                     nfs  _netdev     0 0   
_ Netdev: indicates that the network resource is mounted. When the server starts, read the fstab file for mounting. If the network and the remote server are disconnected during startup, the remote server cannot be connected
Then, the server will get stuck when starting. If this item is added, it will actively detect whether the network is unobstructed. If it is unobstructed, do not mount it first, and then troubleshoot after the server is started It avoids mounting failure due to network failure and server failure to start

Make mount effective: - A - A, - all mount all filesystems mentioned in fstab

[01:36:10 [email protected] ~]#mount -a

Exercise items:

1. File sharing service - NFS

Picture png

A DNS server is used to realize front-end scheduling. Three Linux Apache servers are used for web server and two Linux for NFS
Realize the client’s access to the web server. First, the DNS query returns the server IP randomly. The client can randomly schedule to different servers to access the same file resources

A DNS server
3 web servers
2 NFS servers
One client
2 MySQL as master and slave

2.10 stop all sharing and recovery of this machine

Stop: exportfs - AU
Restore: exportfs - A

2.11 specify the NFS mounted version

Centos7 is version 4.1 by default

mount -o vers=3
Confirm through mount

3 use autofs to realize automatic mounting

Effect: when accessing a folder, the preset mounting rules will be automatically triggered to display the contents of its directory

Leveraging autofs services

1. Use autofs
2. After installing autofs, use the built-in NFS mounting function, which is also applicable to temporarily mounting NFS and accessing data Convenient for testing

Case: setting the / data / net directory is the pre-determined mount directory. Mount the / data / nfsdir2 directory on NFS to the / net directory

  1. Install autofs software
[01:36:12 [email protected] ~]#yum -y install autofs
[01:59:41 [email protected] ~]#systemctl enable --now autofs.service
  1. Set rules
[01:50:11 [email protected] ~]#rpm -ql autofs
/etc/auto. Master # this file can define mounting logic
Relative path method: split the corresponding relationship between the file target to be mounted and the mounting point into two parts, auto Master writes only the parent directory of the mount point
The parent directory: / data -- > is written to / etc / auto The master file indicates that the / data directory of the local machine is the parent directory of the mount point. The specific directories to be mounted inside / data are determined by another file. You need to manually specify a sub configuration file to define which directory to mount to
The mount point is created automatically
/etc/auto. master:  /data /etc/test. Autofs (sub profile)
/etc/test.autofs: net
[02:00:01 [email protected] ~]#vim /etc/auto.master
/data /etc/test.autofs
[02:04:15 [email protected] ~]#vim /etc/test.autofs 
net -fstype=nfs,rw  
[02:05:08 [email protected] ~]#systemctl restart autofs
[02:07:56 [email protected] ~]#ll /data/net
total 16
-rwxrwxrwx 1 root      root      5 Feb 12 00:14 b.txt
-rw-r--r-- 1 nfsnobody nfsnobody 4 Feb 12 00:58 file1.txt
-rw-r--r-- 1 root      root      0 Feb 12 00:59 file2.txt
-rw-r--r-- 1 root      root      3 Feb 12 01:28 testfile.txt
-rw-r--r-- 1 root      root      3 Feb 12 01:28 test.txt
[02:08:18 [email protected] ~]#cd /data/net
[02:08:32 [email protected] /data/net]#touch filefile.txt
[02:08:36 [email protected] /data/net]#cat b.txt 

For NFS resources, using autofs requires that NFS grant local permissions

Autofs comes with NFS function. If you have permission, you can directly access NFS resources without mounting
However, NFS utils needs to be installed on the client as well
auto. The mapping relationship of NFS resources is pre-defined in the master file
/net    -hosts
As long as you access the / net directory and indicate the address of the NFS server, you can access the files with your own permissions on NFS
[02:16:12 [email protected] ~]#ls /net/
[02:16:21 [email protected] ~]#ls /net/
b.txt  file1.txt  file2.txt  filefile.txt  testfile.txt  test.txt
Absolute path method
Specify the parent directory and mount directory in the self configuration file
vim /etc/auto.master
/-     /etc/test.autofs
vim /etc/test.autofs
/data/net -fstype=nfs,rw 
[02:18:32 [email protected] ~]#systemctl restart autofs
[02:18:37 [email protected] ~]#ll /data/net
total 16
-rwxrwxrwx 1 root      root      5 Feb 12 00:14 b.txt
-rw-r--r-- 1 nfsnobody nfsnobody 4 Feb 12 00:58 file1.txt
-rw-r--r-- 1 root      root      0 Feb 12 00:59 file2.txt
-rw-r--r-- 1 root      root      0 Feb 12 02:08 filefile.txt
-rw-r--r-- 1 root      root      3 Feb 12 01:28 testfile.txt
-rw-r--r-- 1 root      root      3 Feb 12 01:28 test.txt

3.1 using autofs to automatically mount the user’s home directory - NFS server - client1 - client2
  • Step 1: install NFS utils on each of the three hosts
yum -y install nfs-utils
  • Step 2: install autofs on two clients
yum -y install autofs
  • Step 3: create a shared directory on NFS
[05:49:53 [email protected] ~]#mkdir -pv /data/home 
mkdir: created directory ‘/data/home’
  • Step 4: create a login user in NFS, admin
[05:52:41 [email protected] ~]#useradd -d /data/home/admin -u 1111 admin
  • Step 5: edit sharing rules on NFS
[05:53:31 [email protected] ~]#vim /etc/exports

/Data / home * (RW) # share the / data / home directory. All hosts can be mounted and have read-write permissions
[05:54:15 [email protected] ~]#exportfs -r
[05:55:15 [email protected] ~]#exportfs -v
/data/home      <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,root_squash,no_all_squash)
  • Step 6: client1 create an admin user instead of creating a home directory
[05:51:47 [email protected] ~]#useradd -M -u 1111 admin
  • Step 7: edit autofs rules
[05:56:19 [email protected] ~]#vim /etc/auto.master
/home /etc/auto.home
[05:57:16 [email protected] ~]#vim /etc/auto.home

* -fstype=nfs 
[05:57:50 [email protected] ~]#systemctl restart autofs
  • Step 8: turn on NFS for all three servers
systemctl enable --now nfs
  • Step 9: switch to admin user test
[06:04:18 [email protected] ~]#su - admin
Last login: Fri Feb 12 06:03:12 CST 2021 on pts/0
[06:04:20 [email protected] ~]$pwd
[06:02:01 [email protected] ~]#ll /data/home/
total 0
Drwx ------ 2 admin admin 62 Feb 12 05:53 admin # only admin has permission
  • Step 10: client1 creates a leader user, and the test can automatically mount the home directory
NFS: when creating NFS, specify the home directory under / data / home / leader
[06:11:26 [email protected] ~]#useradd -d /data/home/leader -u 3333 leader
Client1: when the client creates a user, do not create a home directory

[06:12:59 [email protected] ~]#useradd -M -u 3333 leader
[06:13:06 [email protected] ~]#su - leader
[06:13:10 [email protected] ~]$pwd
  • Step 11: at this time, only you can enter your own home directory
[06:13:11 [email protected] ~]$cd /home/admin
-bash: cd: /home/admin: Permission denied

[06:13:38 [email protected] ~]$ll /home
total 0
drwx------ 2 admin   admin   83 Feb 12 06:07 admin
drwx------ 2 leader  leader  62 Feb 12 06:11 leader
  • Step 12: create two users on client2 to test NFS auto mount
[15:25:12 [email protected] ~]#useradd -d /data/home/user2222 -u 2222 user2222
[15:29:47 [email protected] ~]#useradd -d /data/home/user4444 -u 4444 user4444
[15:33:25 [email protected] ~]#vim /etc/auto.master
/home /etc/auto.home 
[15:34:09 [email protected] ~]#vim /etc/auto.home 

* -fstype=nfs  
[15:29:56 [email protected] ~]#useradd -M -u 2222 user2222
[15:30:01 [email protected] ~]#useradd -M -u 4444 user4444