nfs-srv
with an IP address of 192.168.1.1
, and a client with a hostname of nfs-client
and an IP address of 192.168.1.100
. Both hosts are on the same subnet (192.168.1.0/24). This is an example only and assumes that the nfs-utils package is installed, that the SELinux targeted policy is used, and that SELinux is running in enforced mode.
nfs-srv
.
setsebool
command to disable read/write mounting of NFS file systems:
setsebool -P nfs_export_all_rw off
Note
-P
option if you do not want setsebool
changes to persist across reboots.
rpm -q nfs-utils
to confirm the nfs-utils package is installed. The nfs-utils package provides support programs for using NFS and should be installed on a NFS server and on any clients in use. If this package is not installed, install it by running yum install nfs-utils
as the root user.
mkdir /myshare
as the root user to create a new top-level directory to share using NFS.
touch /myshare/file1
as the root user to create a new empty file in the shared area. This file will be accessed later by the client.
/myshare
directory full Linux access rights for all users:
# chmod -R 777 /myshare
Warning
/etc/exports
file and add the following line to the top of the file:
/myshare 192.168.1.100(rw)
/myshare
, the host or network range that nfs-srv
will share to (in this case the IP address of a single host, nfs-client
at 192.168.1.100
), and finally the share permissions. Read and write permissions are given here, as indicated by (rw)
.
MOUNTD_PORT
,STATD_PORT
,LOCKD_TCPPORT
and LOCKD_UDPPORT
variables. Changing the port numbers in this file is not required for this example.
service nfs start
as the root user to start NFS and its related services:
# service nfs start Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ]
exportfs -rv
as the root user:
# exportfs -rv exporting 192.168.1.100:/myshare
showmount -e
as the root user to show all exported file systems:
# showmount -e Export list for nfs-srv: /myshare 192.168.1.100
nfs-srv
has been configured to allow NFS communications to nfs-client
at 192.168.1.100
, and full Linux file systems permissions are active. If SELinux were disabled, the client would be able to mount this share and have full access over it. However, as the nfs_export_all_rw
Boolean is disabled, the client is currently not able to mount this file system, as shown below. This step should be performed on the client, nfs-client
:
[nfs-client]# mkdir /myshare [nfs-client]# mount.nfs 192.168.1.1:/myshare /myshare mount.nfs: access denied by server while mounting 192.168.1.1:/myshare/
nfs-srv
:
[nfs-srv]# setsebool -P nfs_export_all_rw on
nfs-client
:
[nfs-client]# mount.nfs 192.168.1.1:/myshare /myshare [nfs-client]# [nfs-client]# ls /myshare total 0 -rwxrwxrwx. 1 root root 0 2009-04-16 12:07 file1 [nfs-client]#