A lot of the key enhancements to NFSv4 are related to security. Understanding how to implement these features is important for several advanced certifications. In this hands-on lab, we will review basic NFS concepts and explore NSF ACLs.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure a new NFS export for `/nfs` that is exported to all hosts with read and write access, `root squash` disabled, and `acl` enabled.
Edit
/etc/exports
to contain the following line:/nfs/ *(rw,acl,no_root_squash)
- Run
systemctl restart nfs-server
.
- Mount `localhost:/nfs` to `/mnt` on the local system.
Run
mount -t nfs localhost:/nfs /mnt
.- Create an ACL on `/mnt/nfstestfile` that grants the user `alice` read and write permission.
Run
nfs4_setfacl -a A::alice@localdomain:RW /mnt/file
.- Create an ACL on `/mnt/nfstestfile` that grants the user `bob` read and execute permission.
Run
nfs4_setfacl -a A::bob@localdomain:RX /mnt/file
.- Create an ACL on `/mnt/nfstestfile` that grants the user `everyone` read permission.
Run
nfs4_setfacl -a A::EVERYONE@:R /mnt/nfstestfile
.