################nfs################

##################################

1.nfs准备

systemctl start nfs-server

systemctl enable nfs-server

systemctl stop firewalld

firewalld-cmd --permanent --add-service=nfs

firewalld-cmd --permanent --add-service=rpc-bind

firewalld-cmd --permanent --add-service=mountd

2.共享目录

systemctl start nfs-server

mkdir /public

chmod 777 /publc

 

 

vim /etc/exportfs

/public         *(sync)      ###public共享给所有人并数据同步

 nfs_public

 

/public         172.25.254.1(sync)  ###public只共享给172.25/254.1 主机

 nfs_public_02

 nfs_public_03

/public         *.example.com(sync) ###public之共享给example.com这个域

测试时先在102主机做解析

 nfs_enable_04

/public         172.25.254.101(ro,sync)   172.25.254.1(rw,sync)###public共享给101只可以读,共享给1主机可以读写

 

nfs_enable_05

nfs_permanent_06


 

/public         *(sync,no_root_squash)   ###public共享给所有人,当客户端使用root挂载时不转换用户身份

 nfs_public_07

 

/public         *(sync,anonuid=1001,anongid=1000) ###public共享给所有人以1001为uid,1000为gid

 nfs_enable_08

 

 

3.利用kerberos保护nfs输出

 

server上

 

开启kerberos认证,得到ldap用户

 

wget ://172.25.254.254/pub/keytabs/server1.kettab -O /etc/krb5.keytab

ktutil

ktutil:   rkt /etc/krb5.keytab

ktutil:   list

 

 

systemctl start nfs-secure-srever

systemctl enable nfs-secure-server

 

vim /etc/exports

/public                    *(rw,sec=krb5p)

 

exports -rv

 

desktop上

 

开启kerberos认证,得到ldap用户

 

wget  httpd://172.25.254.254/pub/keytabs/desktop1.kettab  -O /etc/krb5.keytab

 

ktutil

ktutil:   rkt /etc/krb5.keytab

ktutil:   list

 

systemctl start nfs-secure

systemctl enable nfs-secure

 

mount 172.25.254.102:/public      /mnt   -o sec=krb5p

 

 

su-student

cd /mnt        ### 没有进行kerberos认证,权力受限

su-ldapuser1

klist

 

ls /mnt      ###进行了kerberos认证,可以查看