Exporting an NFSv4 Volume with ACLs

1 hour
  • 5 Learning Objectives

About this Hands-on Lab

A lot of the key enhancements to NFSv4 are related to security. Understanding how to implement these features is important for several advanced certifications. In this hands-on lab, we will review basic NFS concepts and explore NSF ACLs.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure a new NFS export for `/nfs` that is exported to all hosts with read and write access, `root squash` disabled, and `acl` enabled.
  1. Edit /etc/exports to contain the following line:

    /nfs/ *(rw,acl,no_root_squash) 
  • Run systemctl restart nfs-server.
Mount `localhost:/nfs` to `/mnt` on the local system.

Run mount -t nfs localhost:/nfs /mnt.

Create an ACL on `/mnt/nfstestfile` that grants the user `alice` read and write permission.

Run nfs4_setfacl -a A::alice@localdomain:RW /mnt/file.

Create an ACL on `/mnt/nfstestfile` that grants the user `bob` read and execute permission.

Run nfs4_setfacl -a A::bob@localdomain:RX /mnt/file.

Create an ACL on `/mnt/nfstestfile` that grants the user `everyone` read permission.

Run nfs4_setfacl -a A::EVERYONE@:R /mnt/nfstestfile.

Additional Resources

In an effort to improve security, you have been tasked with implementing more granular permissions on the file server. To do this, you must create a new NFS export on your test server that supports ACLs. You must export the existing /nfs to all hosts; the /nfs directory and its contents have already been configured for export. The export should be readable and writable by any host, have root squash disabled, and support use of ACLs. Once the export is properly configured, you will test it by mounting the volume locally to /mnt.

From the mounted directory, add new ACLs to the file nfstestfile to meet the following requirements:

(Note: All users belong to localdomain.)

  • Allow the user alice read, write, and execute access.

  • Allow the user bob read and execute access.

  • Allow the user everyone read access.

Please note all necessary packages have been installed on the test server for your convenience. You only need to create the export entry.

Summary tasks list:

  • Configure a new NFS export for /nfs that exports to all hosts with general read and write access, have root squash disabled, and acl enabled.

  • Mount localhost:/nfs to /mnt on the local system.

  • Add new ACL entries for the file /mnt/nfstestfile to meet the following requirements:

  • Allow the user alice read, write access.

  • Allow the user bob read and execute access.

  • Allow the user everyone read access.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?