Red Hat Enterprise Linux 5 Administration Unleashed

Network File System 295The SELinux implementation in Red Hat Enterprise Linux does not require the files sharedwith NFS to be labeled with a specific security context. However, if more than one filesharingprotocol is configured to share the same set of files such as FTP and Samba, the securitycontext of the files must be set to public_content_t or public_content_rw_t instead.Additional SELinux booleans must be enabled as well. Refer to the “Security Context forMultiple File-Sharing Protocols” section in Chapter 23 for complete instructions.Allowing NFS ConnectionsBefore configuring the NFS server, configure your firewall settings to allow the incomingconnections. While portmapper and the nfs daemon use static ports, NFS also employsfour additional services: statd, mountd, rquotad, and lockd. They are assigned a randomport by portmapper, which makes it difficult for firewall configuration. However, it ispossible to configure these four daemons to use static ports. Refer to the “Assigning StaticNFS Ports” section later in this chapter for details.13The portmapper service uses UDP and TCP port 111, and the nfs daemon uses UDP andTCP port 2049 by default. If custom IPTables rules are being used, refer to Chapter 24,“Configuring a Firewall,” for details on how to allow these ports.If the default security level is enabled instead of custom IPTables rules, use the SecurityLevel Configuration tool to allow NFS connections. Start it by selecting Administration,Security Level and Firewall from the System menu on the top panel of the desktop or byexecuting the system-config-securitylevel command. Enter the root password whenprompted if running as a user. In the Other ports area, click Add to specify each NFSport. Remember, the ports will differ depending on which ones you choose.TIPTo retrieve a list of clients connected to the NFS server, use the showmount commandfrom a shell prompt. To also show the directories the clients are connected to, use theshowmount -a command.Using a Graphical Tool to Configure the NFS ServerTo use a system as an NFS server, the nfs-utils RPM package must be installed. If it is notinstalled, install it with Red Hat Network as described in Chapter 3, “Operating SystemUpdates.” To configure it via the NFS Server Configuration graphical tool, the systemconfig-nfsRPM package must also be installed. If you prefer to edit the configuration filedirectly, skip to the later section “Configuring the NFS Server on the Command Line.”To start the tool, select Administration, Server Settings, NFS from the System menu onthe top panel of the desktop. Alternatively, execute the command system-config-nfsfrom a shell prompt.Root privileges are required to modify the NFS server settings, so you must have rootaccess to use this tool. If you are not root when you start the program, you will beprompted for the root password.All currently configured shares are shown each time the program is started as shown inFigure 13.1.