【RHCE】第10题:配置NFS服务
【题目】
在system1配置NFS服务,要求如下:
- 以只读的方式共享目录 /public ,同时只能被 group8.example.com 域中的系统访问
- 以读写的方式共享目录 /protected ,同时只能被 group8.example.com 域中的系统访问
- 访问 /protected 需要通过kerberos安全加密,您可以使用下面URL提供的密钥 http://server.group8.example.com/http://server.group8.example.com/pub/keytabs/system1.keyteb
- 目录 /protected 应该包含名为 project 拥有人为 andres 的子目录
- 用户 andres 能以读写方式访问 /protected/project
yum install nfs-utils
mkidr /public
mkdir /protected
mkdir /protected/project
chown andres /protected/project
ls -ld /protected/project
vi /etc/exports
/public *.group8.example.com(ro)
/protected/project *.group8.example.com(rw,sec=krb5p)
exportfs -r
exportfs -v
yum install sssd krb5-workstation
wget -O /etc/krb5.keytab http://server.group8.example.com/pub/keytabs/system1.keyteb
firewall –permanent –add-service=nfs
firewall –permanent –add-service=mountd
firewall –permanent –add-service=rpc-bind
firewall –reload
firewall –list-all
ntpdate -u 172.24.8.254
systemctl enable nfs-server
systemctl enable nfs-secure-server
systemctl start nfs-server
systemctl start nfs-secure-server
su – andres
kinit
klist