當(dāng)前位置:首頁(yè) > IT技術(shù) > 其他 > 正文

實(shí)現(xiàn)NFS共享目錄非root用戶的讀寫(xiě)
2022-08-30 00:03:27

文檔課題:實(shí)現(xiàn)NFS共享目錄非root用戶的讀寫(xiě).
系統(tǒng):CentOS 7.9
服務(wù)器端:IP 192.168.133.190 + 主機(jī)名 prometheus
客戶端:IP 192.168.133.191 + 主機(jī)名 dbserver
1、用戶讀寫(xiě)
1.1、異常演示

[oracle@dbserver data]$ mkdir oracle

mkdir: cannot create directory ‘oracle’: Permission denied

[oracle@dbserver data]$ df -h

Filesystem?????????????? Size? Used Avail Use% Mounted on

devtmpfs???????????????? 4.7G???? 0? 4.7G?? 0% /dev

tmpfs??????????????????? 4.7G???? 0? 4.7G?? 0% /dev/shm

tmpfs??????????????????? 4.7G?? 13M? 4.7G?? 1% /run

tmpfs??????????????????? 4.7G???? 0? 4.7G?? 0% /sys/fs/cgroup

/dev/mapper/centos-root?? 89G? 9.2G?? 80G? 11% /

/dev/sda1?????????????? 1014M? 185M? 830M? 19% /boot

192.168.133.195:/data???? 20G?? 32M?? 20G?? 1% /nfs/data

tmpfs??????????????????? 959M?? 12K? 959M?? 1% /run/user/42

tmpfs??????????????????? 959M???? 0? 959M?? 0% /run/user/0

[oracle@dbserver data]$ pwd

/nfs/data

如上所示:oracle用戶在共享目錄下無(wú)法寫(xiě),以下實(shí)現(xiàn)客戶端NFS掛載的目錄非root用戶也能讀寫(xiě).

1.2、所有用戶

如果需要允許所有用戶具有讀寫(xiě)權(quán)限,服務(wù)器端修改共享目錄的基礎(chǔ)權(quán)限為777即可.

服務(wù)器端

[root@prometheus /]# mkdir /backup/

[root@prometheus /]# chmod 777 /backup/

[root@prometheus backup]# vi /etc/exports

/backup 192.168.133.191/24(rw,sync)

[root@prometheus /]# exportfs -r

客戶端

[root@dbserver mnt]# mount 192.168.133.190:/backup /mnt/backup

說(shuō)明:經(jīng)測(cè)試rman備份可以存放在此目錄中.

1.3、唯一用戶

說(shuō)明:客戶端root掛載,使用user1用戶(uid :1000)訪問(wèn),在NFS服務(wù)端識(shí)別uid為1000 的用戶訪問(wèn),如果服務(wù)器端有對(duì)應(yīng)的uid,則映射為對(duì)應(yīng)用戶,即:如果服務(wù)端uid 1000對(duì)應(yīng)為testuser1,則最后客戶端user1所對(duì)應(yīng)的權(quán)限實(shí)際為服務(wù)端testuser1的權(quán)限.

1.3.1、客戶端用戶

客戶端創(chuàng)建與服務(wù)器端相同UID的用戶.

服務(wù)器端

[root@prometheus /]# cat /etc/exports

/rmanbak 192.168.133.191/24(rw,sync)

[root@prometheus /]# exportfs -r

[root@prometheus /]# chown -R oracle:oinstall /rmanbak

[root@prometheus /]# id oracle

uid=1001(oracle) gid=1001(oinstall) groups=1001(oinstall),1002(dba),1003(oper)

客戶端

[root@dbserver mnt]# mkdir /mnt/rmanbak

[root@dbserver mnt]# mount 192.168.133.190:/rmanbak /mnt/rmanbak

[root@dbserver mnt]# df -h

Filesystem??????????????? Size? Used Avail Use% Mounted on

devtmpfs????????????????? 4.7G???? 0? 4.7G?? 0% /dev

tmpfs???????????????????? 4.7G???? 0? 4.7G?? 0% /dev/shm

tmpfs???????????????????? 4.7G?? 13M? 4.7G?? 1% /run

tmpfs? ???????????????????4.7G???? 0? 4.7G?? 0% /sys/fs/cgroup

/dev/mapper/centos-root??? 89G?? 30G?? 60G? 33% /

/dev/sda1??????????????? 1014M? 185M? 830M? 19% /boot

tmpfs???????????????????? 959M???? 0? 959M?? 0% /run/user/1100

tmpfs???????????????????? 959M?? 12K? 959M?? 1% /run/user/42

tmpfs???????????????????? 959M???? 0? 959M?? 0% /run/user/0

tmpfs???????????????????? 959M???? 0? 959M?? 0% /run/user/1101

192.168.133.190:/rmanbak? 119G?? 24G?? 96G? 20% /mnt/rmanbak

注意:此時(shí)在客戶端創(chuàng)建一個(gè)uid為1001的用戶

[root@dbserver home]# useradd -u 1001 -g oinstall -G dba,oper,asmdba leo

[root@dbserver home]# su - leo

[leo@dbserver ~]$ cd /mnt/rmanbak

[leo@dbserver rmanbak]$ touch hello.txt

[leo@dbserver rmanbak]$ ll

total 0

-rw-r--r-- 1 leo oinstall 0 Aug 29 15:11 hello.txt

[leo@dbserver rmanbak]$ id leo

uid=1001(leo) gid=1030(oinstall) groups=1030(oinstall),1031(dba),1032(oper),1021(asmdba)

[grid@dbserver rmanbak]$ touch hello1.txt

touch: cannot touch ‘hello1.txt’: Permission denied

結(jié)論:用戶leo可以在共享目錄寫(xiě),而grid用戶不能.

1.3.2、服務(wù)端用戶

現(xiàn)在實(shí)現(xiàn)在服務(wù)器端創(chuàng)建與客戶端oracle相同uid的用戶liujun,到時(shí)建立一個(gè)目錄劃分給用戶liujun用于客戶端的rman備份.

服務(wù)器端

[root@prometheus home]# useradd -u 1101 -g oinstall -G dba,oper liujun

[root@prometheus home]# chown -R liujun:oinstall /rmanbak

[root@prometheus home]# vi /etc/exports

[root@prometheus home]# cat /etc/exports

/rmanbak 192.168.133.191/24(rw,sync)

[root@prometheus home]# exportfs -r

客戶端

[root@dbserver home]# mkdir -p /mnt/rmanbak

[root@dbserver home]# mount 192.168.133.190:/rmanbak /mnt/rmanbak

[oracle@dbserver rmanbak]$ touch hello.txt

[oracle@dbserver rmanbak]$ ll

total 0

-rw-r--r-- 1 oracle oinstall 0 Aug 29 15:19 hello.txt

現(xiàn)在執(zhí)行rman備份

RMAN> backup as compressed backupset full database format '/mnt/rmanbak/2dbf_%d_%u_%p_%s' plus archivelog format '/mnt/rmanbak/3arc_%d_%u_%p_%s' delete all input;

結(jié)果:rman備份可存放在NFS掛載的共享目錄中,也就實(shí)現(xiàn)rman遠(yuǎn)端存儲(chǔ)的備份.?


本文摘自 :https://blog.51cto.com/u

開(kāi)通會(huì)員,享受整站包年服務(wù)立即開(kāi)通 >