RHCE Objectives: Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
- Provide network shares to specific clients
- Provide network shares suitable for group collaboration.
Install is a bit more involved, at least for the testing part: yum groupinstall “file-server”, plus samba-client and samba-winbind
firewall-cmd –permanent –add-service=samba
systemctl enable smb
systemctl enable nmb
systemctl enable winbind
systemctl start smb
systemctl start nmb
systemctl start winbind
Setting it up is easy enough. in /etc/samba/smb.conf:
Uncomment ‘netbios name’
Update interfaces with interfaces on system
Everything should already be set.
Add a new shared entry at the end
browseable = yes
path = /shared
valid users = your user
writable = yes
Make the directory and set it 777 (mkdir /shared, chmod 777 /shared, touch /shared/test
The selinux part is as always the harder part.
If semanage not there, install setroubleshoot-server
semanage fcontext –list | grep samba gives you some. Set up samba_share_t for the new shared filesystem
semanage fcontext -a -t samba_share_t “/shared(/.*)?”
restorecon -R /shared
And add the user to the password file.
smbpasswd -a your user. It’ll ask for your new password.
Use smbclient to access the share //localhost/shared -U user%password
Group access is similar but a few extra options are needed for management
valid users = @group
create mode = 0660
directory mode = 0770
Change the group for /shared to group (chgrp /shared group)