Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Pagina 245
- Pagina / 282
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Chapter 18. Network File System (NFS) 245
This line states that any directory a user tries to access under the local /home directory (due to the
asterisk character) should result in an NFS mount on the server.domain.com system within its exported
/home filesystem. The mount options specify that each /home directory NFS mounts should use a
particular collection of settings. For more information on mount options, including the ones used in
this example, see Section 18.3.3.
18.3.3. Common NFS Mount Options
Beyond mounting a filesystem via NFS on a remote host, a number of different options may be speci-
fied at the time of the mount that can make it easier to use. These options can be utilized with manual
mount commands, /etc/fstab settings, and autofs, and other mounting methods.
The following options are the most popular for NFS mounts:
• hard or soft specifies whether the program using a file via an NFS connection should stop and
wait (hard) for the server to come back online if the host serving the exported filesystem is un-
available, or if it should report an error (soft).
If you specify hard, you will not be able to terminate the process waiting for the NFS communica-
tion to resume unless you also specify the intr option.
If you specify soft, you can set an additional timeo=
value option, where value specifies
the number of seconds to pass before the error is reported.
• intr allows NFS requests to be interrupted if the server goes down or cannot be reached.
• nolock is occasionally required when connecting to older NFS server. To require locking, use the
lock option.
• noexec does not permit the execution of binaries on the mounted filesystem. This is useful if your
Red Hat Linux system is mounting a non-Linux filesystem via NFS that contains binaries that will
not execute on your machine.
• nosuid does not allow set-user-identifier or set-group-identifier bits to take effect.
• rsize=8192 and wsize=8192 may speed up NFS communication for reads (rsize) and writes
(wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when
changing these values; some older Linux kernels and network cards may not work well with larger
block sizes.
• nfsvers=2 or nfsvers=3 specify which version of the NFS protocol to use.
Many more options are available on the mount man page, including options to be used when mounting
non-NFS filesystems.
18.4. Securing NFS
NFS works well for sharing entire filesystems with a large number of known hosts in a largely trans-
parent manner. Many users accessing files over an NFS mount may not be aware that the filesystem
they are using is not local to their system. However, with ease of use comes a variety of potential
security problems.
The following points should be considered when exporting NFS filesystems on a server or mount-
ing them on a client. Doing so will minimize NFS security risks and better protect your data and
equipment.
- Red Hat Linux 7.3 1
- The Official Red Hat Linux 1
- Reference Guide 1
- Table of Contents 3
- Introduction 7
- 1.2. For the More Experienced 9
- 2. Document Conventions 10
- Mail backupfiles mail reports 11
- [stephen@maturin stephen]$ 12
- 3. Using the Mouse 13
- 5. More to Come 13
- 6. Sign Up for Support 13
- System Reference 15
- Chapter 1 17
- File System Structure 17
- 1.2.1. FHS Organization 18
- /usr/local/sbin." 19
- /usr." 20
- 1.3. Special File Locations 21
- Chapter 2 23
- The /proc File System 23
- 2.2. Top-Level Files in /proc 24
- /proc File System 25 25
- /proc File System 26
- /proc File System 27 27
- /proc File System 29 29
- /proc File System 31 31
- /proc File System 33 33
- /proc File System 35 35
- 2.3. Directories in /proc 37
- /proc File System 39 39
- /proc File System 41 41
- /proc File System 43 43
- /proc File System 45 45
- /proc File System 47 47
- /proc File System 49 49
- /proc File System 51 51
- 2.4. Using sysctl 52
- 2.5. Additional Resources 52
- /proc File System 53 53
- Chapter 3 55
- /etc/lilo.conf 56
- 3.2.2. Init 58
- 3.2.3. SysV Init 60
- 3.3. Sysconfig Information 61
- • CLOCKMODE= 63
- DESKTOP="GNOME" 64
- LANG="en_US" 65
- • DEVICE= 68
- • ROOTDIR=" 68
- /dev/raw/raw1 /dev/sda1 70
- /dev/raw/raw2 8 5 70
- • CARDTYPE= 71
- /etc/sysconfig/ Directory 72
- 3.4. Init Runlevels 73
- 3.6. Shutting Down 74
- ELILO boot loader 75
- Chapter 4 77
- 4.1.2. GRUB Features 78
- 4.2. Terminology 79
- 4.2.2. File Names 80
- 4.3. Interfaces 81
- 4.4. Commands 82
- 4.6. Additional Resources 84
- 86 Chapter 4. GRUB 86
- Chapter 5 87
- The ext3 File System 87
- /sbin/fdisk /dev/hdb 88
- /sbin/mkfs -t ext3 /dev/hdbX 89
- /sbin/tune2fs -j /dev/hdbX 90
- -y /dev/hdb1 91
- Chapter 6 93
- Users and Groups 93
- 6.3. Standard Groups 94
- 6.4. User Private Groups 96
- /usr/lib/emacs/site-lisp 97
- 6.5. Shadow Utilities 98
- Chapter 7 99
- X Servers and Clients 99
- 7.2. The XFree86 Server 100
- 7.3.1. Window Managers 104
- 7.4. Runlevels 105
- 7.4.2. Runlevel 5: prefdm 106
- 7.5. Fonts 107
- 7.5.1. xfs Configuration 108
- 7.5.2. Adding Fonts 108
- 7.6. Additional Resources 109
- 7.6.2. Useful Websites 110
- 7.6.3. Related Books 110
- Security Reference 111
- Chapter 8 113
- 8.3. PAM Modules 114
- 8.4. PAM Module Control Flags 115
- 8.5. PAM Module Paths 116
- 8.6. PAM Module Arguments 116
- 8.8. PAM and Device Ownership 118
- 8.9. Additional Resources 119
- Chapter 9 121
- TCP Wrappers and xinetd 121
- 9.2.1. Formatting Rules 122
- 9.4. Additional Resources 128
- 9.4.2. Useful Websites 129
- Chapter 10 131
- SSH Protocol 131
- 10.3. Layers of SSH Security 132
- 10.3.2. Authentication 133
- 10.3.3. Connection 134
- 10.5.1. X11 Forwarding 135
- 10.5.2. Port Forwarding 135
- • telnet 136
- Chapter 10. SSH Protocol 137 137
- 138 Chapter 10. SSH Protocol 138
- Chapter 11 139
- Kerberos 139
- 11.3. Kerberos Terminology 140
- 11.4. How Kerberos Works 141
- 11.5. Kerberos and PAM 142
- 11.8. Additional Resources 145
- 146 Chapter 11. Kerberos 146
- Chapter 12 147
- 12.3. File Locations 150
- 12.4. Tripwire Components 151
- 12.6. Selecting Passphrases 152
- 12.9. Printing Reports 153
- /etc/hosts, type a 154
- 12.12. Tripwire and Email 156
- 12.13. Additional Resources 157
- Network Services Reference 159
- Chapter 13 161
- Network Scripts 161
- 13.1.2. Dialup Interfaces 162
- 13.1.3. Alias and Clone Files 164
- /sbin/service network action 165
- 13.3. Network Functions 166
- Chapter 14 167
- Firewalling with iptables 167
- 14.3.1. Tables 169
- 14.3.2. Structure 169
- 14.3.3. Commands 169
- 14.3.4. Parameters 170
- 14.3.5. Match Options 171
- 14.3.6. Target Options 173
- 14.3.7. Listing Options 174
- 14.5. Additional Resources 175
- Chapter 15 177
- 178 Chapter 15. Apache 178
- /sbin/service httpd start 179
- /sbin/service httpd stop 179
- /sbin/service httpd restart 179
- /sbin/service httpd reload 179
- 15.3.20. ClearModuleList 183
- 15.3.21. AddModule 183
- 15.3.22. ExtendedStatus 183
- 15.3.23. Port 183
- 15.3.24. User 183
- 15.3.25. Group 184
- 15.3.26. ServerAdmin 184
- 15.3.27. ServerName 184
- 15.3.28. DocumentRoot 184
- 15.3.29. Directory 184
- 15.3.30. Options 185
- 15.3.31. AllowOverride 185
- 15.3.32. Order 185
- 15.3.35. UserDir 186
- 15.3.36. DirectoryIndex 186
- 15.3.37. AccessFileName 186
- 15.3.33. Allow 186
- 15.3.34. Deny 186
- 15.3.44. ErrorLog 188
- 15.3.45. LogLevel 188
- 15.3.46. LogFormat 188
- 15.3.47. CustomLog 188
- 15.3.48. ServerSignature 189
- 15.3.49. Alias 189
- 15.3.50. ScriptAlias 189
- 15.3.51. Redirect 190
- 15.3.52. IndexOptions 190
- 15.3.53. AddIconByEncoding 190
- 15.3.54. AddIconByType 190
- 15.3.62. AddLanguage 192
- 15.3.63. LanguagePriority 192
- 15.3.64. AddType 192
- 15.3.65. AddHandler 192
- 15.3.66. Action 192
- 15.3.67. MetaDir 193
- 15.3.68. MetaSuffix 193
- 15.3.69. ErrorDocument 193
- 15.3.70. BrowserMatch 193
- 15.3.71. Location 193
- 15.3.72. ProxyRequests 195
- 15.3.73. ProxyVia 195
- 15.3.74. Cache Directives 195
- 15.3.75. NameVirtualHost 195
- 15.3.76. VirtualHost 196
- 15.3.77. SetEnvIf 196
- 15.5. Using Virtual Hosts 198
- 15.6. Additional Resources 200
- Chapter 16 201
- 16.1.2. POP 202
- 16.1.3. SMTP 202
- 16.2.1. Mail User Agent 203
- 16.2.2. Mail Transfer Agent 203
- 16.3. Sendmail 204
- /etc/sendmail.cf by running: 206
- FEATURE(’ldap_routing’)dnl 208
- 16.4. Fetchmail 209
- • daemon 210
- 16.5. Procmail 212
- 16.5.1. Procmail Configuration 213
- 16.5.2. Procmail Recipes 214
- /dev/null 217
- 16.6. Security 218
- 16.7. Additional Resources 219
- 16.7.2. Useful Websites 220
- 16.7.3. Related Books 220
- Chapter 17 221
- 17.2. BIND Configuration Files 222
- 17.2.1. /etc/named.conf 223
- • include " 224
- • key " 224
- • view " 225
- • zone " 226
- 17.2.2. Zone Files 227
- $ORIGIN domain.com 228
- 259200 3D 231
- 604800 1W 231
- 31536000 365D 231
- SOA records 231
- 17.3. Using rndc 233
- 17.3.2. Command Line Options 235
- 17.4. BIND Advanced Features 236
- 17.6. Additional Resources 237
- 17.6.2. Useful Websites 238
- 17.6.3. Related Books 238
- Chapter 18 239
- Network File System (NFS) 239
- 18.1.1. NFS and portmap 240
- 100003 3 udp 2049 nfs 241
- 100021 1 udp 1028 nlockmgr 241
- 100021 3 udp 1028 nlockmgr 241
- 100021 4 udp 1028 nlockmgr 241
- [root@bleach /]# 241
- 18.2.1. /etc/exports 242
- 18.3.1. /etc/fstab 243
- 18.3.2. autofs 244
- 18.4. Securing NFS 245
- 18.5. Additional Resources 246
- 18.5.2. Related Books 247
- Chapter 19 249
- 19.3. Uses for LDAP 250
- 19.4. LDAP Terminology 250
- 19.6. OpenLDAP Files 251
- 19.6.2. The schema Directory 252
- 19.9. OpenLDAP Setup Overview 254
- 19.11. Additional Resources 256
- 19.11.2. Useful Websites 257
- 19.11.3. Related Books 257
- Appendixes 259
- Appendix A 261
- A.2. CD-ROM Module Parameters 262
- A.3. SCSI parameters 264
- A.4. Ethernet Parameters 267
Prodotti e manuali riguardandi Software di system management Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
(6 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.022 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale