RHCE Objectives: Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service
  • Configure SELinux to support the service
  • Use SELinux port labeling to allow services to use non-standard ports
  • Configure the service to start when the system is booted
  • Configure the service for basic operation
  • Configure host-based and user-based security for the service
  • Provide network shares to specific clients
  • Provide networks hares suitable for group collaboration
  • Use Kerberos to control access to NFS network shares

Install: yum groupinstall “file-server”

firewall-cmd –permanent –add-service=nfs

firewall-cmd –reload

systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap

mkdir -p /home/tools; mkdir -p /home/guests; chmod 777 /home/tools; chmod 777 /home/guests

In the /etc exports file, add the two file systems to be shared

/home/tools client1(rw,no_root_squash)
/home/guests client2(rw,no_root_squash)

exportfs -avr

systemctl restart nfs-server

As always, selinux adds complexity to a simple task 🙂

You’ll need to change the context of the two file systems and set up the boolean values

semanage fcontext -a -t public_content_rw_t “/home/tools(/.*)?”
semanage fcontext -a -t public_content_rw_t “/home/guests(/.*)?”

semanage boolean -l | grep nfs

The last three need to be set on (last two should already be on)

setsebool -P use_nfs_home_dirs on

On the client side, install the nfs-utils package and then use

mount -t nfs server:/home/tools /mnt

To mount the share.

Group is the same, just create the group owned directory and add GUID (2770) to the file system.

This entry was posted in Computers and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *