Red Hat Enterprise Linux 5 Administration Unleashed

294CHAPTER 13Network File SharingFor example, if a file is owned by user ID 500 on the NFS server, the file is exported to theclients with that same user ID. If user ID 500 maps to the user bsf on the NFS server butmaps to the user akf on the remote client, user akf will have access to the file on theremote client. Thus, it is crucial that the NFS server and all its clients use the same userdatabase so the user and group IDs are identical no matter which machine is used to accessthe files. The administrator can assign identical user and group IDs on systems on thenetwork, but this can be a tedious and time-consuming task if the network has more thana few users. A more error-proof and manageable method is to use NIS as discussed inChapter 12, “Identity Management.”NOTENFS does not have its own log file. Instead, the commands used by NFS such asrpc.mountd to mount client requests are logged in the system log file /var/log/messages. Kernel messages from nfsd are also logged to this file.NFS and SELinuxIn Red Hat Enterprise Linux 5, NFS is protected by the default Security-Enhanced Linux(SELinux) policy, known as the targeted policy. Refer to Chapter 23, “Protecting AgainstIntruders with Security-Enhanced Linux” for more information on SELinux.By default, this targeted policy allows NFS connections to the server by setting thenfs_export_all_ro and nfs_export_all_rw SELinux booleans to 1.If you are sharing home directories over NFS while using SELinux, you must setuse_nfs_home_dirs boolean to 1 on each client connecting to the NFS server sharing thehome directories. Execute the following command as root:setsebool -P use_nfs_home_dirs boolean 1To verify that the setting has been changed, execute the following:getsebool use_nfs_home_dirs booleanIf enabled, the output should be the following:use_nfs_home_dirs --> onYou can also change this setting by running the SELinux Management Tool. Start it by selectingAdministration, SELinux Management from the System menu on the top panel of thedesktop or by executing the system-config-selinux command. Enter the root password whenprompted if running as a non-root user. Select Boolean from the list on the left. On the right,click the triangle icon next to NFS. The SELinux booleans affecting NFS appear. Click thecheck box next to Support NFS home directories. The change takes place immediately.TIPThe SELinux booleans that affect NFS are described in the nfs_selinux man page viewablewith the man nfs_selinux command.