知乎专栏 |
目录
# <file system> <mount point> <type> <options> <dump> <pass>
mount point
该字段描述希望的文件系统加载的目录,对于swap设备,该字段为none
file system
例如/dev/cdrom或/dev/sdb,除了使用设备名,你可以使用设备的UUID或设备的卷标签,例如,LABAL=root 或 UUID=7f91104e-8187-4ccf-8215-6e2e641f32e3
type
定义了该设备上的文件系统,系统可用文件系统
$ cat /proc/filesystems nodev sysfs nodev rootfs nodev bdev nodev proc nodev cgroup nodev cpuset nodev tmpfs nodev devtmpfs nodev debugfs nodev securityfs nodev sockfs nodev pipefs nodev anon_inodefs nodev inotifyfs nodev devpts ext3 ext2 ext4 nodev ramfs nodev hugetlbfs nodev ecryptfs nodev fuse fuseblk nodev fusectl nodev mqueue nodev rpc_pipefs nodev nfs nodev nfs4 reiserfs xfs jfs msdos vfat ntfs minix hfs hfsplus qnx4 ufs btrfs iso9660
options
选项 含义 defaults 使用默认设置。 等于rw,suid,dev,exec,auto,nouser,async, rw 挂载为读写权限 ro 以只读模式加载该文件系统 exec 是一个默认设置项,它使在那个分区中的可执行的二进制文件能够执行。 noexec 二进制文件不允许执行。 sync 不对该设备的写操作进行缓冲处理,这可以防止在非正常关机时情况下破坏文件系统,但是却降低了计算机速度 async 所有的I/O将以异步方式进行 user 允许普通用户加载该文件系统 nouser 只允许root用户挂载。这是默认设置。 quota 强制在该文件系统上进行磁盘定额限制 noauto 不再使用mount -a命令(例如系统启动时)加载该文件系统 noatime/nodiratime 禁止更新访问时间
dump
dump - 该选项被"dump"命令使用来检查一个文件系统应该以多快频率进行转储,若不需要转储就设置该字段为0
pass
该字段被fsck命令用来决定在启动时需要被扫描的文件系统的顺序,根文件系统"/"对应该字段的值应该为1,其他文件系统应该为2。若该文件系统无需在启动时扫描则设置该字段为0
noatime/nodiratime
/dev/sda2 /data ext3 defaults 0 2 /dev/sda2 /data ext3 defaults,noatime,nodiratime 0 2
mount -o remount /data mount -o noatime -o nodiratime -o remount /data
/etc/fstab 中添加
/opt/storage /var/lib/rancher/k3s/storage none defaults,bind 0 0
使用 lsblk 查看挂载情况
[root@master ~]# lsblk -a NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 931.5G 0 disk `-sda1 8:1 0 931.5G 0 part /var/lib/rancher/k3s/storage /opt nvme0n1 259:0 0 238.5G 0 disk |-nvme0n1p1 259:1 0 600M 0 part /boot/efi |-nvme0n1p2 259:2 0 1G 0 part /boot |-nvme0n1p3 259:3 0 64G 0 part [SWAP] `-nvme0n1p4 259:4 0 172.9G 0 part /
验证 noexec
root@logging ~# cd /opt/log/ root@logging /o/log# echo ls > dir.sh root@logging /o/log# chmod +x dir.sh root@logging /o/log# ./dir.sh fish: The file “./dir.sh” is not executable by this user
root@logging ~# touch netkiller.txt root@logging ~# stat netkiller.txt File: netkiller.txt Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd03h/64771d Inode: 816 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:27:48.282376191 +0800 Modify: 2023-01-13 15:27:48.282376191 +0800 Change: 2023-01-13 15:27:48.282376191 +0800 Birth: 2023-01-13 15:27:48.282376191 +0800 root@logging ~# cat netkiller.txt root@logging ~# stat netkiller.txt File: netkiller.txt Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd03h/64771d Inode: 816 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:28:00.979854433 +0800 Modify: 2023-01-13 15:27:48.282376191 +0800 Change: 2023-01-13 15:27:48.282376191 +0800 Birth: 2023-01-13 15:27:48.282376191 +0800
加入 noatime,nodiratime
root@logging ~# cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Nov 21 02:06:17 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=16ca8836-7ca9-454f-9a72-8efbae5edc51 / xfs defaults 0 0 UUID=D168-FFBD /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2 UUID=ec48f3c2-80c8-4ed1-be56-049a95c2b60e /opt/log xfs noatime,nodiratime,noexec 0 0
验证 noatime,nodiratime
root@logging /o/log# echo Helloworld > neo.txt root@logging /o/log# stat neo.txt File: neo.txt Size: 11 Blocks: 8 IO Block: 4096 regular file Device: fd11h/64785d Inode: 141 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:37:47.375940824 +0800 Modify: 2023-01-13 15:37:47.375940824 +0800 Change: 2023-01-13 15:37:47.375940824 +0800 Birth: 2023-01-13 15:37:47.375940824 +0800 root@logging /o/log# cat neo.txt Helloworld root@logging /o/log# stat neo.txt File: neo.txt Size: 11 Blocks: 8 IO Block: 4096 regular file Device: fd11h/64785d Inode: 141 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-01-13 15:37:47.375940824 +0800 Modify: 2023-01-13 15:37:47.375940824 +0800 Change: 2023-01-13 15:37:47.375940824 +0800 Birth: 2023-01-13 15:37:47.375940824 +0800
/etc/fstab btrfs 实例
neo@netkiller:~$ cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=d103e33f-7f9f-4911-918e-32eae42e229c / btrfs defaults,subvol=@ 0 1 # /home was on /dev/sda1 during installation UUID=d103e33f-7f9f-4911-918e-32eae42e229c /home btrfs defaults,subvol=@home 0 2 # /opt was on /dev/sda6 during installation UUID=63d0b776-3bbd-490f-8284-f148b255185e /opt btrfs noatime,nodiratime,noexec 0 2 # swap was on /dev/sda5 during installation UUID=ff8945bf-fa45-49e5-b3d2-bb833bc6dc9c none swap sw 0 0
背景如下:
我们的服务器通常有一个系统盘,用来安装操作系统,再挂在一个数据盘用来存储数据,这个数据盘有时是机械硬盘,为了提高IO性能,我们通常会禁止atime,为了提高安全性,我们还会禁止创建可执行文件。
noatime 禁止更新访问时间, nodiratime 禁止更新目录访问时间, noexec 禁止创建可执行文件
root@logging ~# cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Nov 21 02:06:17 2022 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # UUID=16ca8836-7ca9-454f-9a72-8efbae5edc51 / xfs defaults 0 0 UUID=D168-FFBD /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2 UUID=ec48f3c2-80c8-4ed1-be56-049a95c2b60e /opt/log xfs noatime,nodiratime,noexec 0 0