network-nfs.html

FreeBSD操作系统的详细使用手册

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Network File System (NFS)</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD Handbook" href="index.html" />
<link rel="UP" title="Network Servers" href="network-servers.html" />
<link rel="PREVIOUS" title="The inetd Super-Server" href="network-inetd.html" />
<link rel="NEXT" title="Network Information System (NIS/YP)" href="network-nis.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD Handbook</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="network-inetd.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 23 Network Servers</td>
<td width="10%" align="right" valign="bottom"><a href="network-nis.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="NETWORK-NFS" name="NETWORK-NFS">23.3 Network File System
(NFS)</a></h1>

<i class="AUTHORGROUP"><span class="CONTRIB">Reorganized and enhanced by</span> Tom
Rhodes.</i> <i class="AUTHORGROUP"><span class="CONTRIB">Written by</span> Bill
Swingle.</i> 

<p>Among the many different filesystems that FreeBSD supports is the Network File System,
also known as <acronym title="Network File System" class="ACRONYM">NFS</acronym>.
<acronym title="Network File System" class="ACRONYM">NFS</acronym> allows a system to
share directories and files with others over a network. By using <acronym
title="Network File System" class="ACRONYM">NFS</acronym>, users and programs can access
files on remote systems almost as if they were local files.</p>

<p>Some of the most notable benefits that <acronym class="ACRONYM">NFS</acronym> can
provide are:</p>

<ul>
<li>
<p>Local workstations use less disk space because commonly used data can be stored on a
single machine and still remain accessible to others over the network.</p>
</li>

<li>
<p>There is no need for users to have separate home directories on every network machine.
Home directories could be set up on the <acronym class="ACRONYM">NFS</acronym> server and
made available throughout the network.</p>
</li>

<li>
<p>Storage devices such as floppy disks, CDROM drives, and <span
class="TRADEMARK">Zip</span>&reg; drives can be used by other machines on the network.
This may reduce the number of removable media drives throughout the network.</p>
</li>
</ul>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN33453" name="AEN33453">23.3.1 How <acronym
class="ACRONYM">NFS</acronym> Works</a></h2>

<p><acronym class="ACRONYM">NFS</acronym> consists of at least two main parts: a server
and one or more clients. The client remotely accesses the data that is stored on the
server machine. In order for this to function properly a few processes have to be
configured and running.</p>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> In FreeBSD 5.X, the <b class="APPLICATION">portmap</b> utility has been
replaced with the <b class="APPLICATION">rpcbind</b> utility. Thus, in FreeBSD 5.X the
user is required to replace every instance of <b class="APPLICATION">portmap</b> with <b
class="APPLICATION">rpcbind</b> in the forthcoming examples.</p>
</blockquote>
</div>

<p>The server has to be running the following daemons:</p>

<div class="INFORMALTABLE"><a id="AEN33480" name="AEN33480"></a>
<table border="0" frame="void" width="100%" class="CALSTABLE">
<col width="25%" />
<col width="75%" />
<thead>
<tr>
<th>Daemon</th>
<th>Description</th>
</tr>
</thead>

<tbody>
<tr>
<td><b class="APPLICATION">nfsd</b></td>
<td>The <acronym class="ACRONYM">NFS</acronym> daemon which services requests from the
<acronym class="ACRONYM">NFS</acronym> clients.</td>
</tr>

<tr>
<td><b class="APPLICATION">mountd</b></td>
<td>The <acronym class="ACRONYM">NFS</acronym> mount daemon which carries out the
requests that <a href="http://www.FreeBSD.org/cgi/man.cgi?query=nfsd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">nfsd</span>(8)</span></a> passes on to
it.</td>
</tr>

<tr>
<td><b class="APPLICATION">portmap</b></td>
<td>The portmapper daemon allows <acronym class="ACRONYM">NFS</acronym> clients to
discover which port the <acronym class="ACRONYM">NFS</acronym> server is using.</td>
</tr>
</tbody>
</table>
</div>

<p>The client can also run a daemon, known as <b class="APPLICATION">nfsiod</b>. The <b
class="APPLICATION">nfsiod</b> daemon services the requests from the <acronym
class="ACRONYM">NFS</acronym> server. This is optional, and improves performance, but is
not required for normal and correct operation. See the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=nfsiod&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">nfsiod</span>(8)</span></a> manual page
for more information.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="NETWORK-CONFIGURING-NFS" name="NETWORK-CONFIGURING-NFS">23.3.2
Configuring <acronym class="ACRONYM">NFS</acronym></a></h2>

<p><acronym class="ACRONYM">NFS</acronym> configuration is a relatively straightforward
process. The processes that need to be running can all start at boot time with a few
modifications to your <tt class="FILENAME">/etc/rc.conf</tt> file.</p>

<p>On the <acronym class="ACRONYM">NFS</acronym> server, make sure that the following
options are configured in the <tt class="FILENAME">/etc/rc.conf</tt> file:</p>

<pre class="PROGRAMLISTING">
portmap_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
</pre>

<p><b class="APPLICATION">mountd</b> runs automatically whenever the <acronym
class="ACRONYM">NFS</acronym> server is enabled.</p>

<p>On the client, make sure this option is present in <tt
class="FILENAME">/etc/rc.conf</tt>:</p>

<pre class="PROGRAMLISTING">
nfs_client_enable="YES"
</pre>

<p>The <tt class="FILENAME">/etc/exports</tt> file specifies which filesystems <acronym
class="ACRONYM">NFS</acronym> should export (sometimes referred to as ``share''). Each
line in <tt class="FILENAME">/etc/exports</tt> specifies a filesystem to be exported and
which machines have access to that filesystem. Along with what machines have access to
that filesystem, access options may also be specified. There are many such options that
can be used in this file but only a few will be mentioned here. You can easily discover
other options by reading over the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=exports&sektion=5"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">exports</span>(5)</span></a> manual
page.</p>

<p>Here are a few example <tt class="FILENAME">/etc/exports</tt> entries:</p>

<p>The following examples give an idea of how to export filesystems, although the
settings may be different depending on your environment and network configuration. For
instance, to export the <tt class="FILENAME">/cdrom</tt> directory to three example
machines that have the same domain name as the server (hence the lack of a domain name
for each) or have entries in your <tt class="FILENAME">/etc/hosts</tt> file. The <var
class="OPTION">-ro</var> flag makes the exported filesystem read-only. With this flag,
the remote system will not be able to write any changes to the exported filesystem.</p>

<pre class="PROGRAMLISTING">
/cdrom -ro host1 host2 host3
</pre>

<p>The following line exports <tt class="FILENAME">/home</tt> to three hosts by IP
address. This is a useful setup if you have a private network without a <acronym
class="ACRONYM">DNS</acronym> server configured. Optionally the <tt
class="FILENAME">/etc/hosts</tt> file could be configured for internal hostnames; please
review <a href="http://www.FreeBSD.org/cgi/man.cgi?query=hosts&sektion=5"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">hosts</span>(5)</span></a> for more
information. The <var class="OPTION">-alldirs</var> flag allows the subdirectories to be
mount points. In other words, it will not mount the subdirectories but permit the client
to mount only the directories that are required or needed.</p>

<pre class="PROGRAMLISTING">
/home  -alldirs  10.0.0.2 10.0.0.3 10.0.0.4
</pre>

<p>The following line exports <tt class="FILENAME">/a</tt> so that two clients from
different domains may access the filesystem. The <var class="OPTION">-maproot=root</var>
flag allows the <tt class="USERNAME">root</tt> user on the remote system to write data on
the exported filesystem as <tt class="USERNAME">root</tt>. If the <var
class="LITERAL">-maproot=root</var> flag is not specified, then even if a user has <tt
class="USERNAME">root</tt> access on the remote system, he will not be able to modify
files on the exported filesystem.</p>

<pre class="PROGRAMLISTING">
/a  -maproot=root  host.example.com box.example.org
</pre>

<p>In order for a client to access an exported filesystem, the client must have
permission to do so. Make sure the client is listed in your <tt
class="FILENAME">/etc/exports</tt> file.</p>

<p>In <tt class="FILENAME">/etc/exports</tt>, each line represents the export information
for one filesystem to one host. A remote host can only be specified once per filesystem,
and may only have one default entry. For example, assume that <tt
class="FILENAME">/usr</tt> is a single filesystem. The following <tt
class="FILENAME">/etc/exports</tt> would be invalid:</p>

<pre class="PROGRAMLISTING">
/usr/src   client
/usr/ports client
</pre>

<p>One filesystem, <tt class="FILENAME">/usr</tt>, has two lines specifying exports to
the same host, <tt class="HOSTID">client</tt>. The correct format for this situation
is:</p>

<pre class="PROGRAMLISTING">
/usr/src /usr/ports  client
</pre>

<p>The properties of one filesystem exported to a given host must all occur on one line.
Lines without a client specified are treated as a single host. This limits how you can
export filesystems, but for most people this is not an issue.</p>

<p>The following is an example of a valid export list, where <tt
class="FILENAME">/usr</tt> and <tt class="FILENAME">/exports</tt> are local
filesystems:</p>

<pre class="PROGRAMLISTING">
# Export src and ports to client01 and client02, but only
# client01 has root privileges on it
/usr/src /usr/ports -maproot=root    client01
/usr/src /usr/ports               client02
# The client machines have root and can mount anywhere
# on /exports. Anyone in the world can mount /exports/obj read-only
/exports -alldirs -maproot=root      client01 client02
/exports/obj -ro
</pre>

<p>You must restart <b class="APPLICATION">mountd</b> whenever you modify <tt
class="FILENAME">/etc/exports</tt> so the changes can take effect. This can be
accomplished by sending the HUP signal to the <tt class="COMMAND">mountd</tt>
process:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd
class="USERINPUT">kill -HUP `cat /var/run/mountd.pid`</kbd>
</pre>

<p>Alternatively, a reboot will make FreeBSD set everything up properly. A reboot is not
necessary though. Executing the following commands as <tt class="USERNAME">root</tt>
should start everything up.</p>

<p>On the <acronym class="ACRONYM">NFS</acronym> server:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">portmap</kbd>
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">nfsd -u -t -n 4</kbd>
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">mountd -r</kbd>
</pre>