NFS

Question 1

Provide Network Shares to Specific Clients - Server Installation and Configuration

Answer 1

yum install nfs-utils

mkdir /test1 /test2

getsebool -a | grep nfs_export

setsebool -P nfs_export_all_ro=1
setsebool -P nfs_export_all_rw=1

firewall-cmd –permanent –add-service=nfs
firewall-cmd –reload

systemctl enable rpcbind
systemctl enable nfs-server

systemctl start rpcbind
systemctl start nfs-server

vim /etc/exports
/test1 172.31.116.191(rw,no_root_squash)

exportfs -avr

Question 2

Provide Network Shares to Specific Clients - Client Installation and Configuration

Answer 2

On client machine

yum install nfs-utils

systemctl enable rpcbind
systemctl start rpcbind
mkdir /test1 /test2

mount 172.31.113.110:/test1 /test1
mount 172.31.113.110:/test2 /test2

vim /etc/fstab
172.31.113.110:/test1 /test1 nfs _netdev,rw 0 0

Question 3

Provide Network Shares Suitable for Group Collaboration

Answer 3

ON THE NFS SERVER

groupadd -g 7654 nfsdatagrp
adduser user3
adduser user4
usermod -G nfsdatagrp user3
usermod -G nfsdatagrp user4

mkdir /nfssdata
chown nfsnobody:nfsdatagrp /nfssdata/

chmod g+s /nfssdata/

vim /etc/exports
/nfssdata 172.31.116.191(rw,no_root_squash)

exportfs -avr

ON THE CLIENT SERVER
 groupadd -g 7654 nfsdatagrp
useradd user3
useradd user4
passwd user3
passwd user4
usermod -G nfsdatagrp user3
usermod -G nfsdatagrp user4
mkdir /nfssdata
 vim /etc/fstab
172.31.113.110:/nfssdata        /nfssdata       nfs     defaults        0 0

Question 4

Lecture: Use Kerberos to Control Access to NFS Network Shares - Quick NFS Setup

Answer 4

yum group install file-server
firewall-cmd –permanent –add-service nfs
firewall-cmd –reload

systemctl enable rpcbind nfs-server

mkdir /krbdata
chmod 777 /krbdata

ll -Z /

semanage fcontext -a -t public_content_rw_t “/krbdata(/.*)?”
restorecon -Rv /krbdata

semanage boolean -l | grep nfs

setsebool -P nfs_export_all_rw on

vim /etc/exports
/krbdata *(rw,no_root_squash)

exportfs -avr

systemctl start rpcbind
systemctl start nfs-server

exportfs -avr

showmount -e localhost

Question 5

Lecture: Use Kerberos to Control Access to NFS Network Shares - Kerberos NFS Server and Client

Answer 5

ON NFS SERVER

kadmin

kadmin: addprinc -randkey host/we3kb3.mylabserver.com
kadmin: ktadd host/we3kb3.mylabserver.com
ktadmin: quit

vim /etc/ssh_config

(UNCOMMENT)

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

systemctl reload sshd

authconfig –enablekrb5 –update

kdmin

Kadmin: addprinc -randkey nfs/we3kb3.mylabserver.com

kadmin: ktadd nfs/we3kb3.mylabserver.com
kadmin: quit

authconfig –enablekrb5 –update

vim /etc/exports
/krbdata *(rw,no_root_squash,sec=krb5)

exportfs -avr

reboot

ON THE CLIENT

kadmin
kadmin: addprinc –randkey nfs/we3kb3.mylabserver.com@MYLANSERVER.COM
ktadd nfs/we3kb3.mylabserver.com
quit

systemctl enable nfs-client.target
systemctl start nfs-client.target

mkdir /krbtest

mount -t nfs4 we3kb3.mylabserver.com:/krbdata /krbtest