Professional Documents
Culture Documents
Service: NFS
SELinux Hints
Boolean default description
use_nfs_home_dirs off allow user homes to be on nfs
nfs_export_all_rw on Allow nfs to export all rw
nfs_export_all_ro on Allow nfs to export all ro
types description
krb5_keytab_t context for krb5.keyfile
Systemd Services and Startup Config
daemon description
nfs-server normal nfs server
nfs client server
nfs-secure-server kerberos enabeld server
nfs-secure kerberos enabled client
task cmd
Security
Firewall Services/Ports
service ports
nfs tcp/2049(nfsv4)
mountd tcp/20048, udp/20048 (nfsv3)
rpc-bind tcp/111, udp/111 (nfsv3)
make rpc ports static in /etc/sysconfig/nfs:
MOUNTD_PORT=20048
list ports: rpcinfo -p
Host-based Security
in exports file
User-based Security
config description
all_squash change all users to nfsnobody
root_squash change root to nfsnobody(default)
• man nfs4acl
Config Tasks
provide networkshares to specific clients
task cmd
add share to exports edit /etc/exports:
#dir #host(#options) [#host2(#options)]
default options: ro,sync,wdelay,root_squash
reread exports from file exportfs -r
unexport all share exportfs -u
list exports showmount -e [#ip]