0610.md

0610

NFS

Server

$ sudo dnf install -y nfs-utils

$ dnf list nfs-utils

$ mkdir /nfs-share

$ vim /etc/exports

$ systemctl enable --now nfs-server

$ firewall-cmd --add-service=nfs --permanent

$ firewall-cmd --reload

# 顯示 export 清單
$ showmount -e localhost


$ ls -ld /nfs-share
# drwxr-xr-x. 2 root root 6 Jun 10 14:01 /nfs-share

$ chmod 755 /nfs-share

$ chown nobody /nfs-share

$ ls -ld /nfs-share
# drwxr-xr-x. 2 nobody root 6 Jun 10 14:01 /nfs-share

$ ll
# -rw-r--r--. 1 nobody nobody 0 Jun 10 14:32 test

/etc/exports

/nfs-share 10.6.53.0/24(rw)

Client

$ sudo dnf install -y nfs-utils

$ mount -t nfs,rw 10.6.53.6:/nfs-share /mnt

$ df -h
# 10.6.53.6:/nfs-share   17G  1.5G   16G   9% /mnt


$ cd /mnt

$ touch test

http client + nfs storage

• selinux

nfs server

$ mkdir /web-files

$ chown nobody /web-files

$ cd /web-files

$ echo "Hello, world!" > index.html

$ ll

$ vi /etc/exports

$ systemctl reload nfs-server

$ showmount -e localhost

httpd server

$ sudo dnf install -y httpd

$ mount -t nfs,ro -o context="system_u:object_r:httpd_sys_content_t:s0" 10.6.53.6:/web-files /var/www/html

$ vim /etc/fstab

$ mount -a

$ df -h

$ systemctl enable --now httpd

$ firewall-cmd --add-service=http --permanent

$ firewall-cmd --reload

$ curl http://localhost/index.html

# 檢查 selinux 錯誤
$ ausearch -m avc

$ setsebool -P httpd_use_nfs 1

/etc/exports

/web-files 10.6.53.0/24(ro)

/etc/fstab

10.6.53.6:/web-files /var/www/html nfs ro,context="system_u:object_r:httpd_sys_content_t:s0" 0 0