RHCE NW-Service Quickreference sheet

Service: NFS

Packages and Installation

Name Description
nfs-utils server files and utils
krb5-workstation kerberos troubleshooting tools

SELinux Hints
Boolean default description
use_nfs_home_dirs off allow user homes to be on nfs
nfs_export_all_rw on Allow nfs to export all rw
nfs_export_all_ro on Allow nfs to export all ro

types description
krb5_keytab_t context for krb5.keyfile
Systemd Services and Startup Config
daemon description
nfs-server normal nfs server
nfs client server
nfs-secure-server kerberos enabeld server
nfs-secure kerberos enabled client

task cmd

Security
Firewall Services/Ports
service ports
nfs tcp/2049(nfsv4)
mountd tcp/20048, udp/20048 (nfsv3)
rpc-bind tcp/111, udp/111 (nfsv3)
make rpc ports static in /etc/sysconfig/nfs:
MOUNTD_PORT=20048
list ports: rpcinfo -p

Host-based Security
in exports file
User-based Security
config description
all_squash change all users to nfsnobody
root_squash change root to nfsnobody(default)

use nfs acls:

• nfs4_getfacl/nfs4_setfacl

• man nfs4acl

Config Tasks
provide networkshares to specific clients
task cmd
add share to exports edit /etc/exports:
#dir #host(#options) [#host2(#options)]
default options: ro,sync,wdelay,root_squash
reread exports from file exportfs -r
unexport all share exportfs -u
list exports showmount -e [#ip]

provide networkshares for group collaboration

task cmd

use kerberos to control access to shares

task cmd

install key and enable edit /etc/krb5.conf

kerberos on server
start secure server
export share
list keys in keyfile
install key and enable
kerberos on client
enable secure client
copy keyfile to /etc/krb5.keyfile
ktadd nfs/server.name
systemctl start nfs-secure-server
use sec=kerb5 keyword
klist -ke
edit /etc/krb5.conf
copy keyfile to /etc/krb5.keyfile
ktadd host/client.name
systemctl enable nfs-secure