linux_wiki:network_services_overview_nfs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:network_services_overview_nfs [2016/10/01 22:54]
billdozor [Firewall] 		linux_wiki:network_services_overview_nfs [2019/05/25 23:50] (current)
Line 12: Line 12:
   * Configure the service for basic operation   * Configure the service for basic operation
   * Configure host-based and user-based security for the service   * Configure host-based and user-based security for the service
 +
 +----
 +
 +====== Lab Setup ======
 +
 +The following virtual machines will be used:
 +  * server1.example.com (192.168.1.150) -> Perform all NFS client tests from here
 +  * server2.example.com (192.168.1.151) -> Install the NFS server here
  
 ---- ----
Line 27: Line 35:
  
   * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].   * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].
 +  * **IMPORTANT**: View all label types<code bash># Install package
 +yum install setools-console
 +
 +# View all label types
 +seinfo -t
 +
 +# Find NFS types
 +seinfo -t | grep nfs
 +</code>
  
 ---- ----
Line 42: Line 59:
 Check Current Service Status Check Current Service Status
 <code bash> <code bash>
-systemctl status <service-name>+systemctl status nfs-server
 </code> </code>
   * Also displays if the service is enabled or disabled   * Also displays if the service is enabled or disabled
Line 49: Line 66:
 Enabling a service to start on boot Enabling a service to start on boot
 <code bash> <code bash>
-systemctl enable <service-name>+systemctl enable nfs-server
 </code> </code>
  
Line 58: Line 75:
 Enable and Start the service Enable and Start the service
 <code bash> <code bash>
-systemctl enable <service-name> +systemctl enable nfs-server 
-systemctl start <service-name>+systemctl start nfs-server
 </code> </code>
  
Line 68: Line 85:
 ===== Firewall ===== ===== Firewall =====
  
-Allow access through the firewall+Allow access through the firewall to the NFS service
 <code bash> <code bash>
 firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-service=nfs
 +firewall-cmd --reload
 +</code>
 +
 +\\
 +Allow access through the firewall to allow the showmount command from clients to work
 +<code bash>
 +firewall-cmd --permanent --add-service=rpc-bind
 +firewall-cmd --permanent --add-service=mountd
 firewall-cmd --reload firewall-cmd --reload
 </code> </code>
Line 76: Line 101:
 ===== Host Based ===== ===== Host Based =====
  
 +Configure host based access in /etc/exports
 +<code bash>
 +/data-share  *.example.com(ro)
  
 +/data-share2  192.168.1.0/24(rw)
 +</code>
 +  * Hostname based and network based
 +  * Others refused
 +
 +Export modifications<code bash>exportfs -var</code>
 ===== User Based ===== ===== User Based =====
 +
 +Default NFS security (sec=sys) is via IP addresses or hostname.
 +
 +[[linux_wiki:use_kerberos_to_control_access_to_nfs_network_shares|Kerberos can be used to provide user authentication to NFS services]].
  
 ---- ----
  
  • linux_wiki/network_services_overview_nfs.1475376891.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)