配置 NFS Server 及 Client 来在局域网共享并公用文件夹

https://vitux.com/install-nfs-server-and-client-on-ubuntu/

https://help.ubuntu.com/community/SettingUpNFSHowTo

 

quick start：

nfs目录提供方即为nfs server，一下配置server：

1、安装 NFS Kernel Server

sudo apt install nfs-kernel-server

2、创建被共用的文件夹

sudo mkdir -p /mnt/sharedfolder

我们希望所有客户端都能访问该目录，所以将通过以下命令删除被共用文件夹的权限限制：

sudo chown -R nobody:nogroup /mnt/sharedfolder
sudo chmod -R 777 /mnt/sharedfolder

3、配置文件夹被公用时的权限，在文件 /etc/exports 里添加：

/mnt/sharedfolder clientIP(rw,sync,no_subtree_check)

如果要添加多个ip，则：

/mnt/sharedfolder client1IP(rw,sync,no_subtree_check)
/mnt/sharedfolder client2IP(rw,sync,no_subtree_check)

如果要添加某个子网的所有ip，则：

/mnt/sharedfolder subnetIP/24(rw,sync,no_subtree_check)

rw,sync,no_subtree_check 的意思：

rw：   客户端具有读写权限；

sync： 实时将变化写进磁盘，即文件一改变就sync，然后对端就立即可以使用新的文件；

no_subtree_check：  子目录放行；

4、正式共享文件夹：

sudo exportfs -a

为了让配置起效，可能需要：

sudo systemctl restart nfs-kernel-server

 

5、server 的防火墙部分开放给 client：

格式如下：

sudo ufw allow from [clientIP or clientSubnetIP] to any port nfs

示例：

sudo ufw allow from 192.168.100/24 to any port nfs

你可以检查view一下防火墙的设置：

sudo ufw status

 

1、client 的配置：

安装 NFS Common client：

sudo apt-get install nfs-common

2、client 预先为目录创建挂载点：

sudo mkdir -p /mnt/sharedfolder_client

3、挂载：

格式：

sudo mount serverIP:/exportFolder_server /mnt/mountfolder_client

示例：

sudo mount 192.168.100.5:/mnt/sharedfolder /mnt/sharedfolder_client

 

结束，现在文件夹已经公用了。

 

 

附加说明：

1、In order for the ID names to be automatically mapped, both the client and server require the /etc/idmapd.conf file to have the same contents with the correct domain names. Furthermore, this file should have the following lines in the Mapping section:

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

 

2、There are three configuration files that relate to an NFS server: /etc/default/nfs-kernel-server, /etc/default/nfs-common and /etc/exports.

　　(The only important option in /etc/default/nfs-kernel-server for now is NEED_SVCGSSD. It is set to "no" by default, which is fine, because we are not activating NFSv4 security this time.)

 

 

 

解决 mount.nfs: access denied by server while mounting 问题：

问题表现：

# mount -t nfs x.x.x.x:/share /mnt
mount.nfs: access denied by server while mounting x.x.x.x:/share

You can try running the mount command with the verbose option to get an detailed error on the issue.

# mount -t nfs -vvvv server.example.com:/share /mnt
mount.nfs: timeout set for Fri Mar 9 17:56:57 2018
mount.nfs: trying text-based options 'vers=4.1,addr=x.x.x.x,clientaddr=x.x.x.x'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=x.x.x.x,clientaddr=x.x.x.x'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=x.x.x.x'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying x.x.x.x prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying x.x.x.x prog 100005 vers 3 prot UDP port 300
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting server.example.com:/share

Solution

This is a generic issue with NFS mounting at client and can occur due to many issues. Below are some of the most commonly occuring issues.

1. Try mounting with NFSv3

Sometimes the NFS server may only support NFSv3 connections. By default the mount command uses NFSv4, which may result is the error. To avoid this specify the NFSv3 while mounting the share.

# mount -t nfs -o nfsvers=3 x.x.x.x:/share /mnt

2. Check /etc/exports for correct share options

Ensure /etc/exports is properly referring to the correct NFS client information for providing access. Some NFS servers require NFS client name to be resolvable to IP, thus it should be resolvable via DNS or specified in /etc/hosts of the NFS server.. The format of the /etc/exports file is:

dir client1 (options) [client2(options)...]

Client options include (defaults are listed first):
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.

Example :

# vi /etc/exports
/test nfs_client(rw)

3. Check NFS server permissions

– There could be issue with the NFS server sharing the NFS share. Try mounting the problematic share on another NFS client, to rule out the possibility of issue at NFS server.
– Set the permission as (ro,no_root_squash,sync) for nfs export on server end and run command:

# exportfs -r

Then try to mount the NFS share directory. If specifying the NFS client in /etc/exports by domain or hostname ensure the domain name maps to the correct IP, an incorrect entry in /etc/hosts for example could cause access to be denied.

4. Using tcpdump

In very rare cases, you may have to use the tcpdump to capture tcpdump of the mount operation. Run the below command first to start capturing the network packets. In another terminal start the NFS mount operation.

# tcpdump -s0 -i [eth#] host [nfs_server_ip] -w /tmp/tcpdump.pcap

 

解决 nfs服务器消失而导致下次nfs client挂载不上 的问题：

在client上执行：

umount -f -l /mnt/myfolder

-f Force unmount (in case of an unreachable NFS system). (Requires kernel 2.1.116 or later.)

-l Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore. (Requires kernel 2.4.11 or later.)

-f also exists on Solaris and AIX.