限制 NFS 共享访问特定 IP 或主机并限制其他 IP 或主机的使用

tag-icon tag-icon linux nfs suse nfsv4
限制 NFS 共享访问特定 IP 或主机并限制其他 IP 或主机的使用

我已经创建了一个共享文件夹/data01/分享在一台 Suse Gnu/Linux 上,还为主机(客户端)机器创建了条目/etc/出口 /data01/share 10.241.200.53(读写,同步,no_root_squash,no_subtree_check)。但我得到这个之后导出文件系统-a

exportfs: No options for /data01/share  10.241.200.53(rw,sync,no_root_squash,no_subtree_check) : suggest (sync) to avoid warning
exportfs: /etc/exports [2]: Neither 'subtree_check' or 'no_subtree_check' specified for export ":/data01/share  10.241.200.53(rw,sync,no_root_squash,no_subtree_check)".
Assuming default behaviour ('no_subtree_check').
NOTE: this default has changed since nfs-utils version 1.0.x

exportfs: Failed to stat /data01/share  10.241.200.53(rw,sync,no_root_squash,no_subtree_check): No such file or directory

猫 /etc/os-release

NAME="SLES"
VERSION="12-SP3"
VERSION_ID="12.3"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp3"

systemctl 状态 nfs-server.service

nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/nfs-server.service.d
           └─nfsserver.conf
        /run/systemd/generator/nfs-server.service.d
           └─order-with-mounts.conf
   Active: active (exited) since Wed 2019-07-24 02:32:03 EDT; 2h 34min ago
 Main PID: 2562 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 512)
   CGroup: /system.slice/nfs-server.service

Jul 24 02:32:03 OPT001CORE0002 systemd[1]: Starting NFS server and services...
Jul 24 02:32:03 OPT001CORE0002 systemd[1]: Started NFS server and services.

猫 /etc/exports

# See the exports(5) manpage for a description of the syntax of this file.
# This file contains a list of all directories that are to be exported to
# other computers via NFS (Network File System).
# This file used by rpc.nfsd and rpc.mountd. See their manpages for details
# on how make changes in this file effective.

/data01/share  10.241.200.53(rw,sync,no_root_squash,no_subtree_check)

ls -la /data01/共享

total 0
drwxrwxrwx 4 acmuser acmgrp 36 Jul 24 04:18 .
drwxr-xr-x 6 acmuser acmgrp 65 Jul 24 04:16 ..
drwxrwxrwx 3 acmuser acmgrp 18 Jul 24 04:18 support
drwxrwxrwx 5 acmuser acmgrp 45 Jul 24 04:17 upgrade

答案1

只需将选项 subtree_check 添加到 /etc/exports 中,如下所示:

# cat /etc/exports
/views_raw      10.143.3.44(rw,sync,no_root_squash,subtree_check)

重新启动 NFS 服务

# systemctl restart nfs-server
# exportfs -av

相关内容