Skip to main content

Exporting an NFSv4 Volume with ACLs

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

01:00:00

Difficulty

Advanced

A lot of the key enhancements to NFSv4 are related to security. Understanding how to implement these features is important for several advanced certifications. In this hands-on lab, we will review basic NFS concepts and explore NSF ACLs.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Exporting an NFSv4 Volume with ACLs

Introduction

A lot of the key enhancements to NFSv4 are related to security. Understanding how to implement these features is important for several advanced certifications. In this hands-on lab, we will review basic NFS concepts and explore NSF ACLs.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Configure a New NSF Export

  1. Escalate privileges to root.
    sudo su -
  2. Edit the /etc/exports file.
    vim /etc/exports
  3. Add the following line to the file:
    /nfs/ *(rw,acl,no_root_squash) 
  4. Press Esc, then typw :wq to exit the vim text editor.
  5. Restart the NFS server.
    systemctl restart nfs-server

Test the New Export

  1. Mount localhost:/nfs to /mnt on the local system.
    mount -t nfs localhost:/nfs /mnt
  2. Verify that this was successful.
    mount

Give the User alice Read-Write Access

  1. List the contents of the /mnt directory.
    ll /mnt
  2. Create an ACL on mnt/nsftestfile that gives alice the appropriate permissions.
    nfs4_setfacl -a A::alice@localdomain:RW /mnt/file

Give the User bob Read and Execute Permissions

  1. Create an ACL on mnt/nsftestfile that gives bob the appropriate permissions.
    nfs4_setfacl -a A::bob@localdomain:RX /mnt/file

Give Everyone Read Access

  1. Create an ACL on /mnt/nfstestfile that gives everyone the appropriate permissions.
    nfs4_setfacl -a A::EVERYONE@:R /mnt/nfstestfile
  2. Verify that all permissions have been configured properly.
    nfs4_getfacl /mnt/nfstestfile
  3. Run id <USER_NAME> for each user to verify the user IDs in each access control entry.

Conclusion

Congratulations, you've successfully completed this hands-on lab!