Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Network Services Overview: NFS ====== **General Information** This page covers the Network Services objectives, specifically for NFS. **Network Services Objectives** * Install the packages needed to provide the service * Configure SELinux to support the service * Use SELinux port labeling to allow services to use non-standard ports * Configure the service to start when the system is booted * Configure the service for basic operation * Configure host-based and user-based security for the service ---- ====== Lab Setup ====== The following virtual machines will be used: * server1.example.com (192.168.1.150) -> Perform all NFS client tests from here * server2.example.com (192.168.1.151) -> Install the NFS server here ---- ====== Install the packages needed to provide the service ====== Install the service <code bash> yum install nfs-utils </code> ---- ====== Configure SELinux to support the service ====== * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]]. * **IMPORTANT**: View all label types<code bash># Install package yum install setools-console # View all label types seinfo -t # Find NFS types seinfo -t | grep nfs </code> ---- ====== Use SELinux port labeling to allow services to use non-standard ports ====== Configuring the <service-name> with a non standard port and allowing port access with selinux. **NOTE**: "man semanage-port" has examples for allowing non-standard ports! ---- ====== Configure the service to start when the system is booted ====== Check Current Service Status <code bash> systemctl status nfs-server </code> * Also displays if the service is enabled or disabled \\ Enabling a service to start on boot <code bash> systemctl enable nfs-server </code> ---- ====== Configure the service for basic operation ====== Enable and Start the service <code bash> systemctl enable nfs-server systemctl start nfs-server </code> ---- ====== Configure host-based and user-based security for the service ====== ===== Firewall ===== Allow access through the firewall to the NFS service <code bash> firewall-cmd --permanent --add-service=nfs firewall-cmd --reload </code> \\ Allow access through the firewall to allow the showmount command from clients to work <code bash> firewall-cmd --permanent --add-service=rpc-bind firewall-cmd --permanent --add-service=mountd firewall-cmd --reload </code> ===== Host Based ===== Configure host based access in /etc/exports <code bash> /data-share *.example.com(ro) /data-share2 192.168.1.0/24(rw) </code> * Hostname based and network based * Others refused Export modifications<code bash>exportfs -var</code> ===== User Based ===== Default NFS security (sec=sys) is via IP addresses or hostname. [[linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares|Kerberos can be used to provide user authentication to NFS services]]. ---- linux_wiki/network_services_overview_nfs.txt Last modified: 2019/05/25 23:50(external edit)