[root@system1 ~]# yum install nfs-server nfs-secure [root@system1 ~]# systemctl status nfs-secure nfs-server [root@system1 ~]# systemctl enable nfs-server nfs-secure [root@system1 ~]# systemctl start nfs-server nfs-secure
// NFS 에서 사용할 mount 폴더 생성 [root@system1 ~]# mkdir /public [root@system1 ~]# mkdir /private
[root@system1 ~]# vi /etc/exports /public *.example.com(ro) // ro 옵션은 Read only /private *.example.com(rw,no_root_squash,sec=krb5p) // rw 옵션은 ReadWrite, [root@system1 ~]# exportfs -avr // exports 파일에서 설정한 내용 시스템에 적용 exporting *.example.com:/private exporting *.example.com:/public
[root@system1 ~]# firewall-cmd --permanent --add-service=nfs success [root@system1 ~]# firewall-cmd --reload success
[root@system2 ~]# yum install nfs-utils
[root@system2 ~]# mkdir /mnt/nfsmount [root@system2 ~]# mkdir /mnt/nfssecure
[root@system2 ~]# mount -t nfs 192.168.70.46:/public /mnt/nfsmount/ [root@system2 ~]# cd /mnt/nfsmount/ [root@system2 ~]# ls
[root@system2 ~]# vim /etc/fstab system1.example.com:/public /mnt/nfsmount nfs defaults,_netdev 0 0 system1.example.com:/private /mnt/nfssecure nfs defaults,_netdev,sec=krb5p 0 0
System1.example.com
[root@system1 ~]# useradd koov [root@system1 ~]# id koov uid=1001(koov) gid=1001(koov) groups=1001(koov) [root@system1 ~]# chown koov -R /private/ [root@system1 ~]# ls -ld /private/ drwxr-xr-x. 3 koov root 30 Jan 24 16:56 /private/
system2.example.com
[root@system2 secret]# id koov uid=1001(koov) gid=1001(koov) groups=1001(koov) [root@system2 ~]# mount -t nfs system1.example.com:/private /mnt/nfssecure/ [root@system2 ~]# cd /mnt/nfssecure [root@system2 nfssecure]# whoami root [root@system2 nfssecure]# touch TEST.txt touch: cannot touch ‘TEST.txt’: Permission denied [root@system2 ~]# su - koov Last login: Tue Jan 24 17:09:03 KST 2017 on pts/0 [koov@system2 ~]$ whoami koov [koov@system2 ~]$ cd /mnt/nfssecure/ [koov@system2 nfssecure]$ touch TEST.txt [koov@system2 nfssecure]$ ls TEST.txt