RHCE Objectives: Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
- Provide network shares to specific clients
- Provide networks hares suitable for group collaboration
- Use Kerberos to control access to NFS network shares
Install: yum groupinstall “file-server”
firewall-cmd –permanent –add-service=nfs
firewall-cmd –reload
systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
mkdir -p /home/tools; mkdir -p /home/guests; chmod 777 /home/tools; chmod 777 /home/guests
In the /etc exports file, add the two file systems to be shared
/home/tools client1(rw,no_root_squash)
/home/guests client2(rw,no_root_squash)
exportfs -avr
systemctl restart nfs-server
As always, selinux adds complexity to a simple task 🙂
You’ll need to change the context of the two file systems and set up the boolean values
semanage fcontext -a -t public_content_rw_t “/home/tools(/.*)?”
semanage fcontext -a -t public_content_rw_t “/home/guests(/.*)?”
semanage boolean -l | grep nfs
The last three need to be set on (last two should already be on)
setsebool -P use_nfs_home_dirs on
On the client side, install the nfs-utils package and then use
mount -t nfs server:/home/tools /mnt
To mount the share.
Group is the same, just create the group owned directory and add GUID (2770) to the file system.