Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
50.2.3. Managing NFS Home Directories
In Red Hat Enterprise Linux 5, most targeted daemons do not interact with user data and are not affected by NFS-mounted home directories. One exception is the Apache HTTP Server. For example, CGI scripts that are on the mounted file system have the
nfs_t
type, which is not a type that httpd_t
is allowed to execute.
If you are having problems with the default type of
nfs_t
, try mounting the home directories with a different context:
mount -t nfs -o context=user_u:object_r:user_home_dir_t \
fileserver.example.com:/shared/homes/ /home
Warning
Section 50.2.9, “Specifying the Security Context of Entire File Systems” explains how to mount a directory so that
httpd
can execute scripts. If you do this for user home directories, it gives the Apache HTTP Server increased access to those directories. Remember that a mountpoint label applies to the entire mounted file system.
Future versions of the SELinux policy address the functionality of NFS.