NFS Flashcards
Provide Network Shares to Specific Clients - Server Installation and Configuration
yum install nfs-utils
mkdir /test1 /test2
getsebool -a | grep nfs_export
setsebool -P nfs_export_all_ro=1
setsebool -P nfs_export_all_rw=1
firewall-cmd –permanent –add-service=nfs
firewall-cmd –reload
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
vim /etc/exports
/test1 172.31.116.191(rw,no_root_squash)
exportfs -avr
Provide Network Shares to Specific Clients - Client Installation and Configuration
On client machine
yum install nfs-utils
systemctl enable rpcbind
systemctl start rpcbind
mkdir /test1 /test2
mount 172.31.113.110:/test1 /test1
mount 172.31.113.110:/test2 /test2
vim /etc/fstab
172.31.113.110:/test1 /test1 nfs _netdev,rw 0 0
Provide Network Shares Suitable for Group Collaboration
ON THE NFS SERVER
groupadd -g 7654 nfsdatagrp adduser user3 adduser user4 usermod -G nfsdatagrp user3 usermod -G nfsdatagrp user4
mkdir /nfssdata
chown nfsnobody:nfsdatagrp /nfssdata/
chmod g+s /nfssdata/
vim /etc/exports
/nfssdata 172.31.116.191(rw,no_root_squash)
exportfs -avr
ON THE CLIENT SERVER groupadd -g 7654 nfsdatagrp useradd user3 useradd user4 passwd user3 passwd user4 usermod -G nfsdatagrp user3 usermod -G nfsdatagrp user4 mkdir /nfssdata vim /etc/fstab 172.31.113.110:/nfssdata /nfssdata nfs defaults 0 0
Lecture: Use Kerberos to Control Access to NFS Network Shares - Quick NFS Setup
yum group install file-server
firewall-cmd –permanent –add-service nfs
firewall-cmd –reload
systemctl enable rpcbind nfs-server
mkdir /krbdata
chmod 777 /krbdata
ll -Z /
semanage fcontext -a -t public_content_rw_t “/krbdata(/.*)?”
restorecon -Rv /krbdata
semanage boolean -l | grep nfs
setsebool -P nfs_export_all_rw on
vim /etc/exports
/krbdata *(rw,no_root_squash)
exportfs -avr
systemctl start rpcbind
systemctl start nfs-server
exportfs -avr
showmount -e localhost
Lecture: Use Kerberos to Control Access to NFS Network Shares - Kerberos NFS Server and Client
ON NFS SERVER
kadmin
kadmin: addprinc -randkey host/we3kb3.mylabserver.com
kadmin: ktadd host/we3kb3.mylabserver.com
ktadmin: quit
vim /etc/ssh_config
(UNCOMMENT)
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
systemctl reload sshd
authconfig –enablekrb5 –update
kdmin
Kadmin: addprinc -randkey nfs/we3kb3.mylabserver.com
kadmin: ktadd nfs/we3kb3.mylabserver.com
kadmin: quit
authconfig –enablekrb5 –update
vim /etc/exports
/krbdata *(rw,no_root_squash,sec=krb5)
exportfs -avr
reboot
ON THE CLIENT
kadmin
kadmin: addprinc –randkey nfs/we3kb3.mylabserver.com@MYLANSERVER.COM
ktadd nfs/we3kb3.mylabserver.com
quit
systemctl enable nfs-client.target
systemctl start nfs-client.target
mkdir /krbtest
mount -t nfs4 we3kb3.mylabserver.com:/krbdata /krbtest