红帽全球峰会2.7. Configuring an NFSv4-only server
If you do not have any NFSv3 clients in your network, you can configure the NFS server to support only NFSv4 or specific minor protocol versions of it. Using only NFSv4 on the server reduces the number of ports that are open to the network.
Procedure
Install the
nfs-utilspackage:# dnf install nfs-utilsEdit the
/etc/nfs.conffile, and make the following changes:Disable the
vers3parameter in the[nfsd]section to disable NFSv3:[nfsd] vers3=nOptional: If you require only specific NFSv4 minor versions, uncomment all
vers4.<minor_version>parameters and set them accordingly, for example:[nfsd] vers3=n # vers4=y vers4.0=n vers4.1=n vers4.2=yWith this configuration, the server provides only NFS version 4.2.
重要If you require only a specific NFSv4 minor version, set only the parameters for the minor versions. Do not uncomment the
vers4parameter to avoid an unpredictable activation or deactivation of minor versions. By default, thevers4parameter enables or disables all NFSv4 minor versions. However, this behavior changes if you setvers4in conjunction with otherversparameters.
Disable all NFSv3-related services:
# systemctl mask --now rpc-statd.service rpcbind.service rpcbind.socketConfigure the
rpc.mountddaemon to not listen for NFSv3 mount requests. Create a/etc/systemd/system/nfs-mountd.service.d/v4only.conffile with the following content:[Service] ExecStart= ExecStart=/usr/sbin/rpc.mountd --no-tcp --no-udpReload the
systemdmanager configuration and restart thenfs-mountdservice:# systemctl daemon-reload # systemctl restart nfs-mountdOptional: Create a directory that you want to share, for example:
# mkdir -p /nfs/projects/If you want to share an existing directory, skip this step.
Set the permissions you require on the
/nfs/projects/directory:# chmod 2770 /nfs/projects/ # chgrp users /nfs/projects/These commands set write permissions for the
usersgroup on the/nfs/projects/directory and ensure that the same group is automatically set on new entries created in this directory.Add an export point to the
/etc/exportsfile for each directory that you want to share:/nfs/projects/ 192.0.2.0/24(rw) 2001:db8::/32(rw)This entry shares the
/nfs/projects/directory to be accessible with read and write access to clients in the192.0.2.0/24and2001:db8::/32subnets.Open the relevant ports in
firewalld:# firewall-cmd --permanent --add-service nfs # firewall-cmd --reloadEnable and start the NFS server:
# systemctl enable --now nfs-server
Verification
On the server, verify that the server provides only the NFS versions that you have configured:
# cat /proc/fs/nfsd/versions -3 +4 -4.0 -4.1 +4.2On a client, perform the following steps:
Install the
nfs-utilspackage:# dnf install nfs-utilsMount an exported NFS share:
# mount server.example.com:/nfs/projects/ /mnt/As a user which is a member of the
usersgroup, create a file in/mnt/:# touch /mnt/fileList the directory to verify that the file was created:
# ls -l /mnt/ total 0 -rw-r--r--. 1 demo users 0 Jan 16 14:18 file
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}