[CentOS7] NFS

server11# systemctl start nfs-server

server11# systemctl enable nfs-server

ln -s '/usr/lib/systemd/system/nfs-server.service' '/etc/systemd/system/nfs.target.wants/nfs-server.service'

server11# mkdir /nfsshare

server11# chown nfsnobody /nfsshare

server11# vi /etc/exports

/nfsshare desktop11(rw)

server11# exportfs -r

server11# firewall-cmd --permanent --add-service=nfs;firewall-cmd --add-service=nfs

server11# firewall-cmd --reload

desktop11# mkdir /mnt/nfsshare

desktop11# vi /etc/fstab

server11:/nfsshare /mnt/nfsshare nfs defaults 0 0

desktop11# mount -a

NFS - Kerberos

server11# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/server11.keytab

server11# vi /etc/sysconfig/nfs

#RPCNFSDARGS=""

RPCNFSDARGS="-V 4.2"

server11# systemctl start nfs-secure-server

server11# systemctl enable nfs-secure-server

ln -s '/usr/lib/systemd/system/nfs-secure-server.service' '/etc/systemd/system/nfs.target.wants/nfs-secure-server.service'

server11# mkdir /securenfs

server11# vi /etc/exports

/securenfs      desktop11(sec=krb5p,rw)

server11# exportfs -r

server11# firewall-cmd --permanent --add-service=nfs
server11# firewall-cmd --reload

desktop11# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop11.keytab

desktop11# systemctl start nfs-secure

desktop11# systemctl enable nfs-secure

ln -s '/usr/lib/systemd/system/nfs-secure.service' '/etc/systemd/system/nfs.target.wants/nfs-secure.service'

desktop11# mkdir /mnt/secureshare

desktop11# vi /etc/fstab

server11:/securenfs /mnt/secureshare nfs defaults,v4.2,sec=krb5p 0 0

desktop11# mount -a

server11# echo "Hello World" > /securenfs/testfile.txt

server11# chcon -t public_content_t /securenfs/testfile.txt

server11# chown ldapuser11:ldapuser11 /securenfs/testfile.txt

server11# chmod 644 /securenfs/testfile.txt

desktop11# ls -Z /mnt/secureshare

desktop11# ssh ldapuser11@desktop11

The authenticity of host 'desktop11 (172.25.11.10)' can't be established.
ECDSA key fingerprint is 65:4d:ac:8a:c9:58:82:b5:0c:91:c4:ef:a5:e6:f6:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'desktop11,172.25.11.10' (ECDSA) to the list of known hosts.
ldapuser11@desktop11's password:
Creating home directory for ldapuser11.

[ldapuser11@desktop11 ~]$ id

uid=1711(ldapuser11) gid=1711(ldapuser11) groups=1711(ldapuser11) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[ldapuser11@desktop11 ~]$ echo "I can write" >> /mnt/secureshare/testfile.txt

[ldapuser11@desktop11 ~]$ cat /mnt/secureshare/testfile.txt 

Hello World
I can write