RHCSA Rapid Track

Bookmark this page
P12345678910111213141516
PreviousNext

Lab: Accessing Network Storage with SMB

Performance Checklist

In this lab, you will install packages to support automounting CIFS shares and create three automounts.

Resources:
Files: samba.txt in each share directory, for testing.
Machines: desktopX and serverX

Outcomes

  • Installation of at least two packages to support automounting Samba shares.

  • Automount /shares/work with authenticated, RW access to your home directory on serverX.

  • Automount /shares/docs with RO guest access to the public share.

  • Automount /shares/cases with authenticated, RW access to restricted team share bakerst.

  • Available persistently after a reboot.

If you haven't already done so at start of the previous exercise:

  • Reset your serverX system.

  • Log into and set up your server system.

    [student@serverX ~]$ lab samba setup

Always perform this step:

  • Reset your desktopX system.

  • Log into desktopX and open a terminal.

Your company runs a Samba service on serverX to provide document sharing for both Red Hat Enterprise Linux and Microsoft Windows clients. The server contains a directory for each user to store their personal documents, a publicly available read-only directory for common documents, and a number of team directories to host collaborative documents.

You may need to perform some basic user and group administration on desktopX to ensure student can access files on all of the shares.

Here are the key details from serverX that you will need:

  • Username: student

  • Password: student

  • Group membership: bakerst, GID=10221

  • Domain: MYGROUP

  • Home shares are enabled and writeable.

    desktopX mount point: /shares/work

  • There is a share called public that only requires guest privileges to access.

    desktopX mount point: /shares/docs

  • Your team has a private, writeable share called bakerst that is only accessible to members of the bakerst group.

    desktopX mount point: /shares/cases

When you are done, reboot your desktopX machine, then run the command lab samba grade from your desktopX machine to verify your work.

  1. Install the two packages needed to automount a CIFS file system.

    [student@desktopX ~]$ sudo yum -y install cifs-utils autofs
Loaded plugins: langpacks
Resolving Dependencies
...
Complete!

  2. Add an auto.master.d configuration file that identifies the base directory and associated map file (use any name you like for the configuration file, but it must end with .autofs), and create the associated map file (use any name you like for the map file), ensuring proper authentication on each mount. As needed, you can create other configuration files to support the automount mapping configuration.

    1. Use vim to create and edit the /etc/auto.master.d/shares.autofs file.

      [student@desktopX ~]$ sudo vim /etc/auto.master.d/shares.autofs

      Add the following line:

      /shares  /etc/auto.shares

      Note

      This solution is using shares.autofs as the master map file and auto.shares as the map file, but the file names are not important.

    2. Use vim to create the auto.shares map file.

      [student@desktopX ~]$ sudo vim /etc/auto.shares

      Add the following lines:

      work   -fstype=cifs,credentials=/etc/me.cred  ://serverX/student
docs   -fstype=cifs,guest                     ://serverX/public
cases  -fstype=cifs,credentials=/etc/me.cred  ://serverX/bakerst

      Note

      An alternative to the credentials file (and the steps shown here to create and edit it) would be to substitute the credentials=/etc/me.cred entry in the auto.shares file with two entries, username=student,password=student, but that would be less secure.

    3. Use vim to create the credentials file.

      [student@desktopX ~]$ sudo vim /etc/me.cred

      Add the following lines:

      username=student
password=student
domain=MYGROUP

    4. Use chmod to secure the credentials file.

      [student@desktopX ~]$ sudo chmod 600 /etc/me.cred

      Note

      This step is not essential for this lab, but shown for completeness.

  3. Ensure that username student has the correct UID and GIDs to access each of the shares (Hint: bakerst). If necessary, add any new groups that are needed, modify student's group membership, or both.

    Note: If you add a new group to student's supplementary groups, then you will either need to exit the shell and start a new shell, or use newgrp groupname to switch to the newly added group. This is necessary because the environment Bash starts with does not get updated with student's new details.

    1. Use the groups command to check the current group memberships for the student user. 

      [student@desktopX ~]$ groups
student

      The student account does not belong to the bakerst group (GID 10221) and will need to be added.

    2. Check if the bakerst group exists on desktopX. Use grep to check the /etc/group file. 

      [student@desktopX ~]$ grep -e bakerst -e 10221 /etc/group

      The bakerst group does not exist either; it will need to be added first.

    3. Use groupadd to add the bakerst group with GID 10221.

      [student@desktopX ~]$ sudo groupadd -g 10221 bakerst

    4. Use usermod to add the bakerst group to student as a supplementary group.

      [student@desktopX ~]$ sudo usermod -aG bakerst student

      Note

      This approach is not typically the best solution to align UID and GID values, as there are mount options that can handle this. However, it is a suitable solution for this lab, and you get to practice some user and group administration skills.

    5. Use newgrp to switch to bakerst.

      [student@desktopX ~]$ newgrp bakerst

  4. Enable and start the automount service.

    [student@desktopX ~]$ sudo systemctl enable autofs
ln -s '/usr/lib/systemd/system/autofs.service'  ...
[student@desktopX ~]$ sudo systemctl start autofs

  5. Check that you can access each share and write to those shares you have write privileges on, work and cases.

    There is a file called samba.txt that contains the message "Success" in each of the share locations. Use cat samba.txt.

    Use echo testing > my.txt to test if you can write to a directory.

    1. Check you can read and write in work:

      [student@desktopX ~]$ cd /shares/work
[student@desktopX work]$ cat samba.txt
Success
[student@desktopX work]$ echo testing > my.txt

    2. Check you can read, but not write, in docs:

      [student@desktopX work]$ cd ../docs
[student@desktopX docs]$ cat samba.txt
Success
[student@desktopX docs]$ echo testing > my.txt
bash: my.txt: Permission denied

    3. Check you can read and write in cases:

      [student@desktopX docs]$ cd ../cases
[student@desktopX cases]$ cat samba.txt
Success
[student@desktopX cases]$ echo testing > my.txt

  6. When you are done, reboot your desktopX machine, then run the command lab samba grade from your desktopX machine to verify your work.

    1. [student@desktopX ~]$ sudo systemctl reboot
    2. [student@desktopX ~]$ lab samba grade
PreviousNext
Revision: rh199-7-d0984a3