- NFS Server
Verify filesystems
[root@linux64-server ~]# cat /proc/filesystems
nodev sysfs
nodev rootfs
nodev bdev
nodev proc
nodev cgroup
nodev cpuset
nodev tmpfs
nodev binfmt_misc
nodev debugfs
nodev securityfs
nodev sockfs
nodev usbfs
nodev pipefs
nodev anon_inodefs
nodev inotifyfs
nodev devpts
ext3
ext4
nodev ramfs
nodev hugetlbfs
iso9660
nodev mqueue
nodev rpc_pipefs
nodev autofs
nodev nfsd
Verify portmap tcp/udp port
[root@linux64-server ~]# cat /etc/services | grep 111
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
nfsd-status 1110/tcp # Cluster status info
Verify nfsd tcp/udp port
[root@linux64-server ~]# cat /etc/services | grep 2049
nfs 2049/tcp nfsd
nfs 2049/udp nfsd
Verify nfs functioning
[root@linux64-server ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 649 status
100024 1 tcp 652 status
100011 1 udp 980 rquotad
100011 2 udp 980 rquotad
100011 1 tcp 983 rquotad
100011 2 tcp 983 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 52604 nlockmgr
100021 3 udp 52604 nlockmgr
100021 4 udp 52604 nlockmgr
100021 1 tcp 34614 nlockmgr
100021 3 tcp 34614 nlockmgr
100021 4 tcp 34614 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 1003 mountd
100005 1 tcp 1006 mountd
100005 2 udp 1003 mountd
100005 2 tcp 1006 mountd
100005 3 udp 1003 mountd
100005 3 tcp 1006 mountd
Server exports file
By default, NFS shares change the root user to the nfsnobody user, an unprivileged user account. In this way, all root-created files are owned by nfsnobody, which prevents uploading of programs with the setuid bit set.
If no_root_squash is used, remote root users are able to change any file on the shared file system and leave trojaned applications for other users to inadvertently execute.
[root@linux64-server ~]# cat /etc/exports
/home 10.3.20.201(rw,sync) 10.3.23.202(rw,sync)
[root@linux64-server ~]# exportfs -a
Start daemons
[root@linux64-server ~]# chkconfig nfslock onShutting down NFS mountd: [ OK ][root@linux64-server ~]# service nfslock start Starting NFS statd: [ OK ][root@linux64-server ~]# chkconfig portmap on [root@linux64-server ~]# service portmap start Starting portmapper: [ OK ][root@linux64-server ~]# chkconfig nfs on [root@linux64-server ~]# service nfs restart
Shutting down NFS daemon: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down NFS services: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
- NFS Client
[root@linux64-client1 ~]# chkconfig nfslock on
[root@linux64-client1 ~]# service nfslock start
Starting NFS statd: [ OK ]
[root@linux64-client1 ~]# chkconfig portmap on
[root@linux64-client1 ~]# service portmap start
Starting portmapper: [ OK ]
[root@linux64-client1 ~]# chkconfig netfs on
[root@linux64-client1 ~]# service netfs start
Mounting other filesystems: [ OK ]
[root@linux64-client1 ~]# mv /home /home.save[root@linux64-client1 ~]mkdir /home
Manual mount
[root@linux64-client1 ~]# mount 10.3.20.100:/home /home
[root@linux64-client1 ~]# umount /home
Configure /etc/fstab automount
[root@linux64-client1 ~]# echo "10.3.20.100:/home /home nfs defaults 0 0" >> /etc/fstab
[root@linux64-client1 ~]# mount -a
[root@linux64-client1 ~]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
10.3.20.100:/home on /home type nfs (rw,addr=10.3.20.100)
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
10.3.20.100:/home on /home type nfs (rw,addr=10.3.20.100)
No comments:
Post a Comment