http://jackxiang.com/index.php zh-cn http://jackxiang.com/post// jack <xdy108@126.com> Tue, 16 Aug 2016 09:18:49 +0000 http://jackxiang.com/post// 在阿里云上也申请了一个类似的NFS磁盘，但是挂载时是ROOT权限，我那个/home/git/.ssh想是git权限，于是提起工单：
jac***@aliyun.com :   能否有办法帮我实现101.200.228.135上的NAS的挂载后是/home/xiangdong/mnt git权限且755啊？现在是Root。 —————— 被挂载目录： /home/xiangdong/mnt Mount服务端： 1088d4bf4b-ldi58.cn-beijing.nas.aliyuncs.com 需求： 被挂载的目录是git用户，如下： drwxr-xr-x 11 git git 114688 Jun 11 20:04 mnt/ 挂载后是Root权限： drwxrwxrwt   4 root root  4096 6月  15 17:12 mnt #chown git mnt/ chown: 正在更改"mnt/" 的所有者: 不允许的操作~ 这样： sudo -u git -H mount -t nfs4 1088d4bf4b-ldi58.cn-beijing.nas.aliyuncs.com:/ /home/git/mnt/ mount: 只有 root 用户能使用“--types”选项 能否有办法帮我实现101.200.228.135上的NAS的挂载后是/home/xiangdong/mnt git权限且755啊？现在是Root。  

jac***@aliyun.com :   我是指的挂载的根目录不是Git，而不是里面的目录权限： 如，我挂载前的挂载点是： /home/xiangdong/mnt //它是git.git 755权限。 挂载命令挂载成功后： /home/xiangdong/mnt  //它变成了root 777权限。 我想要的结果是： /home/xiangdong/mnt  //与挂载前不变，还是git.git 755权限。挂载后变了。 与是我想用git用户去挂载，会提示： sudo -u git -H mount -t nfs4 1088d4bf4b-ldi58.cn-beijing.nas.aliyuncs.com:/ /home/git/mnt/ mount: 只有 root 用户能使用“--types”选项  

售后工程师 :    您好，这样不支持，mount后的目录权限有ans服务端决定，目前不支持修改。  
2017-07-06 23:42:54
售后工程师 :    您好，技术反馈这个是nas服务端决定的，目前我方设置的权限是777 root：root  

经实践：
mkdir -p /home/git/mnt
ll  -d /home/git/mnt/
drwxr-xr-x 2 root root 4096 Jul  8 23:52 /home/git/mnt/  #Linux root用户id号是0
挂载NFS:
mount -t nfs -o vers=3,tcp 10.71.15.98:/Vol-01/backup /home/git/mnt
ll  -d /home/git/mnt/
drwxr-xr-x 11 1000 1000 114688 Jun 11 20:04 /home/git/mnt/
变成1000了，这个值是NFS服务端设置的，但是阿里云是0，也就不是Git账户的ID了。它是0，root用户id号是0，不敢该RootID值为非0值。

推测其配置如下：
打开/etc/exports文件，在末尾加入：
/home/kevin *(rw,sync,no_root_squash)
注：nfs允许挂载的目录及权限，在文件/etc/exports中进行定义，各字段含义如下：
/home/kevin：要共享的目录
* ：允许所有的网段访问
rw ：读写权限
sync：资料同步写入内在和硬盘
no_root_squash：nfs客户端共享目录使用者权限


nfs中exports中no_root_squash的意义：
no_root_squash：登入 NFS 主机使用分享目录的使用者，如果是 root 的话，那么对于这个分享的目录来说，他就具有 root 的权限！这个项目『极不安全』，不建议使用！
root_squash：在登入 NFS 主机使用分享之目录的使用者如果是 root 时，那么这个使用者的权限将被压缩成为匿名使用者，通常他的 UID 与 GID 都会变成 nobody 那个系统账号的身份。

增加no_root_squash可以轻松获得NFS主机共享目录读写权限.

showmount -e
Export list for mainboard_virtualbox_docker_10_10_0_106:
/backup 10.10.0.91,10.10.0.90,10.10.0.89,10.10.0.88,10.10.0.77,10.10.0.72,10.10.0.71,10.10.0.70,10.10.0.69,10.10.0.67,10.10.0.66,10.10.0.65,10.10.0.64,10.10.0.63,10.10.0.62,10.10.0.61,10.10.0.60,10.10.0.59,10.10.0.58,10.10.0.57,10.10.0.56,10.10.0.46,10.10.0.45,10.10.0.44,10.10.0.33

配置完需要nfs重启一下
service nfs reload
systemctl restart nfs
=================================================================================
在文章后面有讲如何搭建NFS服务器：http://jackxiang.com/post/8299/

NFS, stands for Network File System, is a server-client protocol used for sharing files between linux/unix to unix/linux systems. NFS enables you to mount a remote share locally. You can then directly access any of the files on that remote share.

Scenario

In this how-to, I will be using two systems which are running with CentOS 7. The same steps are applicable for RHEL and Scientific Linux 7 distributions.



Here are mt testing nodes details.

NFS Server Hostname: server.unixmen.local
NFS Server IP Address: 192.168.1.101/24
NFS Client Hostname: client.unixmen.local
NFS Client IP Address: 192.168.1.102/24
Server Side Configuration

Install NFS packages in your Server system by using the following command:

yum install nfs-utils nfs-utils-lib
Enable and start NFS services:

systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
systemctl start rpcbind
systemctl start nfs-server
systemctl start nfs-lock
systemctl start nfs-idmap
Now, let us create some shared directories in server.


Create a shared directory named ‘/var/unixmen_share’ in server and let the client users to read and write files in that directory.

mkdir /var/unixmen_share
chmod 777 /var/unixmen_share/
Export shared directory on NFS Server:

Edit file /etc/exports,

vi /etc/exports
Add the following line:

/var/unixmen_share/     192.168.1.0/24(rw,sync,no_root_squash,no_all_squash)
where,

/var/unixmen_share – shared directory
192.168.1.0/24 – IP address range of clients
rw – Writable permission to shared folder
sync – Synchronize shared directory
no_root_squash – Enable root privilege
no_all_squash - Enable user’s authority
Restart the NFS service:

systemctl restart nfs-server
Client Side Configuration

Install NFS packages in your client system by using the following command:

yum install nfs-utils nfs-utils-lib
Enable and start NFS services:

systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
systemctl start rpcbind
systemctl start nfs-server
systemctl start nfs-lock
systemctl start nfs-idmap
Mount NFS shares On clients

Create a mount point to mount the shared folder ‘var/unixmen_share’ which we’ve created before in the server.

mkdir /var/nfs_share
Mount the share from server to client as shown below

mount -t nfs 192.168.1.101:/var/unixmen_share/ /var/nfs_share/
Sample Output:

mount.nfs: Connection timed out
Probably, it will show a connection timed out error which means that the firewall is blocking our NFS server. To access NFS shares from remote clients, we must allow the following nfs ports in the NFS server iptables/firewall.

From:
https://www.unixmen.com/setting-nfs-server-client-centos-7/ ]]> http://jackxiang.com/post//#blogcomment <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://jackxiang.com/post//#blogcomment