linux guide

If we have logical volume we can dynamicly add or remove diskspace to or from it. Any disk partitions to used as physical volumes need to have their partition types set to 8e, Linux LVM. After creating Primary Volu me, we must create a Volume Group with any name.After that we will create Logical Volume. Not only to the Logical Volume, we can extend or reduce the size of a Volume Group.
Lets start -
Create a Partition of LVM type using fdisk and reboot the system. –

fdisk /dev/hda
n
(define/accept the first cylinder)
(define the last cylinder) +100M
n
(define/accept the first cylinder)
(define the last cylinder) +150M
p (check the newly created partitions at the bottom, note down the partition no.
We are assuming /dev/hda10 and /dev/hda11 are created)
t
10 (partition no)
l ( to list codes - please note the code for Linux LVM, it is 8e)
8e
t
11 (partition no)
8e
w ( to write to partition table and exit from fdisk)

reboot ( reboot your system)

Initialize the LVM Configuration Files
vgscan

Initialize the LVM partitions as physical volumes.
pvcreate /dev/hda10 /dev/hda11

Create Vouume Group.
vgcreate vg1 /dev/ hda10
Here, vg1 is volume group name

Create Logical Volume.

lvcreate -L 50M -n lvm1 vg1
Here, lvm1 is logical volume name

Make filesystem.

mkfs /dev/vg1/lvm1
Mount the newly created logical volume to a directory, say /lvmone
mount /dev/vg1/lvm1 /lvmone

Check the volume size.

lvdisplay /dev/vg1/lvm1


If you want to resize it, first unmount the partion and run
e2fsadm -L+25M /dev/vg1/lvm1

Check the volume size once again. If you want to reduce the partition size run -
e2fsadm -L-20M /dev/vg1/lvm1

Run the following command to see the volume group size and space left on it.
vgdisplay

To extend the volume group size

vgextend vg1 /dev/hda11

Run ‘vgdisplay’ once again to check the volume group size, allocated space and free space.

Labels: command, configuration, edit, file system, guide to linux, instalation, Linux, linux administrator guide, linux config, lvm.LOGICAL VOLUME MANAGER, pocket linux guide, red hat linux guide

To Change owner of a file
chown user_name file_name
Example: You want to make gautam as owner of beragautam.tx
chown gautam beragautam.tx

To change owner and group of a file
chown user_name.group_name file_name

You can also use this command as follows –
chown user_nam:group_name file_name
(Please note, you can use either “:” or “.”)

If you want to assign a file would be used by a group use the following command.
chgrp special atanu.tx
Here group name is special and file name is beragautam.tx

What is a group?
A group is used to represent users, who have similar characteristics,exercise similar tasks and
enjoy similar permission and environment in a network. Now think about the situation here.
You have a group of users who need similar type of access to a file, beragautam.tx. What you will do? Very simple

Create a group.

Issue the command that enables the group to access the file

Give file access permission to this group. (Example, all permissions to owner and read and
execute permissions to group)

Make the users members of a group.

Do these tasks as defined below.
groupadd newgroup
chgrp newgroup bera.tx
chmod 750 beragautam.tx

And then add the user to this group.

vi /etc/group
At the bottom of the file verify the entry related to newgroup and add the user name. It
will look like –
newgroup:x:600:beragautam,gautam

Here, beragautam and gautam are members of the newly created group, ‘newgroup’. The thing
must be noted is, usernames are specified by comma (,) separated form. However,
instead of editing th e /etc/group file directly, we can use commands to add or remove
users from a group.

If we want to add members (in our example, the name of the group is acct and the
members are red and green), we can use the following command –
gpasswd –M red,green acct

If we want to add user ‘blue’ in the ‘acct’ group we can use the following command –
gpasswd –a blue acct

To remove user red from the acct group, we can use the following command –
gpasswd –d red acct

Labels: command, configuration, edit, file system, guide to linux, job, kernel, Linux, linux administrator guide, linux config, Linux installation guide, pocket linux guide, red hat linux guide

In a TCP/IP network, each host should have a unique IP address according to the Network address.The clients may also require other information to access different services and resources.In a large network it increase the overhead for an administrator. DHCP Server automates this. DHCP Server provides clients with an IP address along with some host specific configuration parameters. A DHCP Server can be used for dynamic allocation, or it can be used just as a bearer.
In RedHat linux, the main configuration file is /etc/dhcpd.conf

DHCP related information are stored in /var/lib/dhcp/dhcpd.leases file
By default, the /etc/dhcpd.conf file not exists in your system. Though you can copy a
sample file, /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample, to /etc/dhcpd.conf.

Some options and systaxes in /etc/dhcpd.conf file:

default-lease-time 720;
max-lease-time 86400;
(Values are in seconds)
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.10 192.168.100.50;
range 192.168.100.101 192.168.100.150;
}
(Specifies subnet address with mask followed by subnet address range. Here, addresses
from 192.168.100.51 to 192.168.100.100 will never allocated to any systems)

host comp1 {
hardware Ethernet 00:04:5A:4F:8E:4B;
fixed address 192.168.100.60;
}
(You are supplying ip address ( 192.168.100.60) to comp1 whose NIC mac address is
00:04:5A: 4F:8E:4B.)

option routers 192.168.100.1;
(Gateway address)

option domain-name-servers 192.168.100.2,192.168.100.3;
(Ip address of your Primary and Secondary DNS Server)

option time-servers 192.168.100.2;
(Clients synchronizes time from this Time Server)
option netbios-name-servers 192.168.100.4;
(Microsoft WINS Server)

Check out the following example of a /etc/dhcpd.conf file for your perusal: -




To start the DHCP Server –

/etc/init.d/dhcpd start or
service dhcpd start

To start the service automatically during the boot time –
chkconfig dhcpd on

Labels: configure dhcp server, dhcp server, guide to linux, Linux, linux administrator guide, Linux installation guide, pocket linux guide, red hat linux guide, redhat server

TCP WRAPPERS
To provide a better degree of access control, some service like sshd, portmap, xinetd are compiled with libwrap.a library. These are called “Tcp-wrapped” service.
Now, we are going to implement control on tcp-wrapped service. We will modify /etc/hosts.deny file here as follows – see the highlighted section in the screenshot below.


Here, in the highlighted section –
• The 1st line defines “ssh connection from any system will be disallowed”
• The 2nd line defines “only a computer with IP address 172.16.1.38 will be allowed to establish ssh session – others will be disallowed”
• The 3rd line defines “ssh connection from any system will be disallowed but the system will allow 172.16.1.38 and 172.16.1.178 to establish ssh session”
• The 4th line allows “computer from 172.16.0.0/255.255.248.0 network will be establis allowed to h ssh session – other will be disallowed”
• The 5th line defines “computer from 172.16.0.0/255.255.248.0 network, except 172.16.1.38, will be allowed and other systems will be disallowed to establish ssh session.
• The 6th line defines “the same rule as it is defined in the 5th line, where the rule is here for telnet and ssh service”
• The last line defines “all tcp-wrapped service can only be accessible from
abc.com domain”

In the screen shot above the last line is activated only as it is not commented out using #.
Have a note, you do not need to start or restart any service to control tcp-wrapped service using tcp-wrapper. All you have to do is just modify the /etc/hosts.deny file.
There is another important file, /etc/hosts.allow, as far as tcp wrapper is concerned. The system will check the /etc/hosts.allow file first, service will be accessible to users using it. Then the system will go through /etc/hosts.deny file and act accordingly.
Let us assume, we have a requirement where we want only ssh service will be accessible from 172.16.1.38 and other “tcp-wrapped” services will be blocked from any user.
The easiest solution is add the following line in /etc/hosts.deny file –
ALL: ALL
Add the following line in /etc/hosts.allow file –
ssh: 172.16.1.38

Labels: command, guide to linux, Linux, linux administrator guide, Linux installation guide, linux security, pocket linux guide, red hat linux guide, redhat server, TCP WRAPPERS

Protecting the /boot/grub/grub.conf with md5 password:

For trouble shooting purpose, administrator sometimes boot the linux computer in single user mode. We will learn how to boot a linux system in single user mode shortly.
If you boot a Linux computer in single user mode the system will never ask you to authenticate and assume you as root user. It is really helpful in case you forgot root user’s password, or the root password has expired, or you want to recover the grub boot loader in a dual-boot system etc.
But there is a security risk also. For example, any one can change the root user’s password after booting the computer in single user mode.
To protect unauthorized user to start the Linux computer in single user mode, it is recommended to set md5 password on grub. The md5 password can be implemented during the time of installation of the Linux computer. It is also possible to set the md5 password on grub after installation.
Here, I will show you, how to set md5 password on grub after installation.
Run, grub-md5-crypt
The system will ask you to enter the password. Supply it.
The system will return you a string on your monitor like this -
$1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
Note down the string very carefully.
Now, open the /boot/grub/grub.conf file in vi editor
Just below the splashimage=(hd0,1)/grub/splash.xpm.gz line in the file, place the following line –
password—md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/

After modification, the /boot/grub/grub.conf will look like –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
password --md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
gr
However, I never do the task the same way I describe you above. Rather I append the output of grub-md5-crypt to /etc/grub.conf by executing the following command –
grub-md5-crypt >> /etc/grub.conf
Then I delete unnecessary lines there in the grub.conf file and cut the string and paste it to right place.
At this point if you reboot the computer and try to start the computer with single user mode, you need to supply the grub password, by default the system will boot according to the configuration in the /etc/inittab file.

Labels: boot, boot loader, command, grub, grub.conf, guide to linux, linux administrator guide, linux boot loader, linux security, pocket linux guide, red hat linux guide, redhat server, single user mode

PLUGGABLE AUTHENTICATION MODULE (PAM)
If you want to disallow console logins to all but root
Open the /etc/security/access.conf file in any editor
Copy the follwing line and paste it at the next line -
# -:ALL EXCEPT wheel shutdown sync:LOCAL
Modify the line as follows -
-:ALL EXCEPT root sync:LOCAL
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_access.so
The above task will disallow console login locally. The user will be able to login to your server from remote system using telnet or ssh.
To disallow local as well as virtual terminal login
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_listfile.so item=user sense=allow
onerr=fail file=/etc/security/validusers
Do not be confused. I am repeating, the above is a single line input. It looks different because it does not fit into my document.
Now, create the /etc/security/validusers file and add users’ name there one in a single line like –
root
user1

The above configuration will allow root and user only to log into your system’s terminal. If you replace sense=allow with sense=deny in the directive in
/etc/pam.d/system-auth file, it will disallow root and .
If you want to disallow a user from login from any terminal except ttyx
Open the /etc/security/access.conf file in any editor
Copy the follwing line and paste it at the next line -
# -:ALL EXCEPT wheel shutdown sync:LOCAL
Modify the line as follows -
-:red:ALL EXCEPT tty3
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_access.so
Login Time Restriction
Open the /etc/security/time.conf in any editor
Add the following lines there -
login;*;red;MoTuWeThFr0000-2400
login;*;green;Mo1000-2400|TuWeThFr0000-2400|Sa0000-1400
Edit the /etc/pam.d/system-auth file - add the following line
account required /lib/security/pam_time.so
Here, user red will be allowed to login from Monday to Friday. And
user green will be allowed to login to the system from Monday 10 hrs to Saturday 14 hrs.
We refer day by using the first two characters of it. For example to refer Sunday, we will be using Su only.
We can use ! for reverse action. Check the following line–
login;*;red;!MoTuWeThFr0000-2400
Here, user red will be disallowed to login from Monday to Friday.

Labels: command, configuration, guide to linux, linux administrator guide, linux security, PLUGGABLE AUTHENTICATION MODULE, pocket linux guide, red hat linux guide

Working with Log - Syslog
Linux applications use syslog utility to log application related error and status messages to a file, by default in /var/log directory.
By default the syslog utility is running in your system to log messages. By default your syslog server accepts log messages from your local system. We can configure a centralized log server in our network that eventually eases track log messaging.
The files related with syslog are /etc/syslog.conf and /etc/sysconfig/syslog.
The /etc/syslog.conf defines in which files log messages will be written. The /etc/sysconfig/syslog file defines mode of operation, whether it will allow remote system to send log messages or not.
A sample /etc/syslog.conf is as follows –


In the default file, it defines –
/var/log/messages is a “general purpose” log, many application logs messages here.
/var/log/secure records login attempts, session related information.
/var/log/maillog contains information about mailing
/var/log/cron allows crond daemon to log messages
/var/log/boot.log contains log messages related to service – start/stop/shutdows information.
Briefly, the syslog service accepts log messages from different programs and writes the messages to appropriate files,generally in /var/log directory.
If you want to configure syslog service to accept log-messages from remote system, you have to configure /etc/sysconfig/syslog file as follows. Note the highlighted section in the following screen shot of /etc/sysconfig/syslog file –
in Syslog Server


Here, what I have done is, replace SYSLOGD_OPTIONS=”-m 0” with
SYSLOGD_OPTIONS=”-m 0 –r”
Now, go to the Linux Client, the system that will send log-messages to your log-server, and do the following – assuming the IP address and name of your log-server is 172.16.1.230 and redhatlinux .
Modify /etc/hosts file by adding the following entry -
172.16.1.230 redhatlinux
Modify /etc/syslog.conf as follows –
authpriv.* @redhatlinux
The above syntax will tell the syslog service to send authentication related information to your syslog server.
Now, restart the syslog service in both, client and server, system. Execute –
service syslog restart
One important thing I must tell. The log files are really helpful. If you are getting problem always check the related log file.
And for students preparing for RHCE exam, “If you fail to log in to your linux system, reboot your computer in single-user mode, check the /var/log/secure file”.

Labels: command, configuration, Linux, linux administrator guide, linux security, log error, log messages, pocket linux guide, red hat linux guide, syslog, syslog server, syslog service, working with log

Configure secure imap – imaps

First of all check whether your mail server is running. If everything is going file, follow the steps –

1. Have backup copy of dovecot.pem file
cd /usr/share/ssl/certs
mv dovecot.pem org.dovecot.pem
cd ../private
mv dovecot.pem org.dovecot.pem
cd –

2. Create new dovecot.pem file with your customized setting, execute make
dovecot.pem. See the screen shot below


At this point your system will ask you to supply some information like – Country name
etc. See what I have done in my case below –



Carefully note the Common Name section. Here, you must supply the FQDN of your mailserver.
At this point the /usr/share/ssl/certs/dovecot.pem is created. If there is any problem, remove the dovecot.pem file and recreate it.

3. Copy the file to /usr/share/ssl/private directory –
cp dovecot.pem ../private
4. Modify /etc/dovecot.conf file as follows –
protocols = ipop3 pop3 imap imaps
5. Restart the servers –
service dovecot restart
service sendmail restart

Labels: command, configuration, Configure secure imap, fqdn, guide to linux, imap, linux administrator guide, Linux installation guide, linux security, pocket linux guide, red hat linux guide

When you have a system available from the Internet or remote location, you must consider applying some security on your system. In Redhat there are some services run by xinetd server. xinetd is consider a “super server” in Redhat linux environment.
Here I am going to show you how you can implement security on a service under xinetd in your system.
Below I have printed a sample /etc/xinetd.d/telnet file for our purpose –
# a sample /etc/xinetd.d/telnet file
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 172.16.0.0/16
no_access = 172.16.1.2
per_source = 1
instances = 4
access_times = 13:00-17:00
}
# end of file
In the above sample file, -
disable = no (enable telnet service)
only_from = 172.16.0.0/16 (Telnet server will respond to clients from
no_access = 172.16.1.2 172.16.0.0/16 network only, except
172.16.1.2)
per_source = 1 (Per source only one connection will be
allowed)
instances = 4 (Total number of connection allowed is 4)
access_times = 13:00-15:00 (Connection will be allowed between 13 and
15 hrs)
However, whenever you modify /etc/xinetd.d/telnet file, never forget to restart the xinetd service. Run – service xinetd restart

Labels: command, linux administrator guide, Linux installation guide, linux security, modify xinetd service., pocket linux guide, red hat linux guide, service, xinetd, xinetd Access Control, xinetd server

Squid Proxy Server
Basic Configuration
The main configuration file for squid proxy server is /etc/squid/squid.conf.

The Squid Proxy Server has a dependency on a DNS Server. Please be noted,
while configuring the proxy client, what you only need to do is, specify the proxy
server’s address and the port number the proxy server is listen to in the browser
setting. There is no need to define the DNS or Router’s address in the TCP/IP
properties in the client machine.

So, please check the /etc/resolv.conf file whether you have already putted any
‘nameserver’ entry on not. The Squid Proxy Server listens to Port 3128 by default.
And by default it will reject all packets. If you want to allow users from your
network only to get the service from squid proxy server – modify the
/etc/squid/squid.conf file as follows. Here we are assuming our network address
is 192.168.0.0/24.

First of all find out the visible_hostname directive in the squid.conf file. By
default it sets to none. Just below the line # none – place an entry like this –

visible_hostname hostname or FQDN

Now find out ‘acl all’ directive in the file. You will find a line like the following –
acl all src 0.0.0.0/0.0.0.0

The above directive is a way to define every hosts in every network, src keyword
define the “source”, by “all” access control list name. If you move downwords,
you will find a line like this –
http_access deny all

Using the two lines, acl all src 0.0.0.0/0.0.0.0 and http_access deny all, the
squid proxy server disallow all the clients to access the proxy service. If you
replace deny with allow in http_access deny all line here, it will allow all clients
to access the serveice. However our task here is to allow our network only. So
put a line that will define you network with an acl name and allow it using the
http_access directive while keeping the default setting. You can write a directive
like this just after the acl all src 0.0.0.0/0.0.0.0 line –
acl ourlan src 192.168.0.0/255.255.255.0

Also put a line just before the http_access deny all directive like the following –
http_access allow ourlan

While allowing clients, Squid Proxy Server goes through the policy one after
another, top to bottom. If it finds any match related to the current packet, it
takes decision on that - whether the client will be allowed or denied.

To start/stop/restart the squid service you can execute the following command
respectively –

service squid start
service squid stop
service squid restart

chkconfig squid on command will start squid automatically at booting time.


User authenticated access to Squid Proxy

The user can be authenticated from the local system (the squid proxy server) through
ncsa authentication or from an LDAP server like Novell' s NDS or e-Directory or Microsoft's
Active Directory.

I am sending you the ncsa authentication implementation....

1. First of all, create a password file for the users and assign read permission to all.

touch /etc/squid/squid_passwd
chmod o+r /etc/squid/squid_passwd

2. Create Users and Passwords for the users -

htpasswd /etc/squid/squid_passwd user_1
htpasswd /etc/squid/squid_passwd user_2
htpasswd /etc/squid/squid_passwd user_n

3. Modify /etc/squid/squid.conf to support ncsa_auth program
Open the /etc/squid/squid.conf in vi editor, find out auth_param directives, and add the
following line just below the last auth_param directives -

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

Move to acl section in the /etc/squid/squid.conf file - you can find out acl all directive
by pressing /acl all and press . Add the follwing line -

acl ncsa_users proxy_auth REQUIRED

Scroll down to http_access deny all directive and insert a line at the top as follows -

http_access allow ncsa_users

4. Restart your Squid proxy server -

service squid restart

Web site restriction through Squid Proxy

Open the /etc/squid/squid.conf in vi editor - move to acl ncsa_users proxy_auth
REQUIRED
add a line as follows -

acl blockdomain dstdomain "/etc/squid/blocked-domain-list"

Scroll down to http_access allow ncsa_users
put a line at the top like this -

http_access deny blockdomain

After modification, it will look like these -
...
http_access deny blockdomain
http_access allow ncsa_users
http_access deny all

Now create a file in /etc/squid, named blocked-domain-list

Define the name of th e web sites you want to block as follows -
.xxx.com
.yyy.com

Please be noted, you can only define one domain name in a single line.

Restart your Squid proxy server -

service squid restart

There are several methods of using a block list with squid. One of them is the Malware
Block list. Let us check how to use this list.

Now, it is time to check, the activities of squid proxy server. By default squid
generates log report in /var/log/squid directory. The access.log reports you
information about website access using your proxy server where cache.log and
store.log keep information about cached information. Commands are available
to pipe out information. However, there are so many utilities available in the
Internet to show you information in easily readable format.

In production environment I use SARG – the Squid Analysis Report Generator.
SARG helps you to analysis squid-log information using a browser where you can
categorize information. Top of that it is free.

First of all, download the software. I have downloaded it, sarg-2.2.2.tar.gz, from
http://sarg.sourceforge.net/sarg.php.

Go to the directory where you have downloaded the software and extract it using
the following command.
tar xzvf sarg-2.2.2.tar.gz

The command will extract the file in sarg-2.2.2 directory. Change your working
directory there – execute cd sarg-2.2.2
./configure –-enable-htmldir=/var/www/html/report
It is time to compile and install the software. Execute the following commands –
make && make install

By default the sarg binary directory is /usr/bin, where the sarg configuration file
is saved in /usr/local/sarg directory. The name of the configuration file is
sarg.conf.

Now you have to modify /usr/local/sarg/sarg.conf so that it will find the
access.log file, generated by squid, and generate a report by creating necessary
files in a directory.

In my case, I define minimum parameters like follows –
access_log /var/log/squid/access.log
output_dir /var/www/html/squid/squid-reports

You will find the access_log and output_dir parameters in sarg.conf file. Remove
the # and make necessary changes. In my case the squid directory is created in
/var/www/html directory. You do not need to create squid-report directory, rather
the sarg software will create it. You have to make it sure whether squid has
enough permission to create file there in /var/www/html/squid directory.

Now, generate the report that will be used by “sarg” using the following command
–
sarg –f /usr/local/sarg/sarg.conf

Now, configure Apache to access this report from your browser. What I usually do
is, I put the following Alias directives in my /etc/httpd/conf/httpd.conf file –

Alias /report “/var/www/html/squid/squid-reports/”

Options Indexes Includes


Restart your apache web server. From your web browser see the fascinating
report using – http://squid_server’s_ip_address/report

Here I am putting some screen shots –







Thing is that whenever you run sarg –f /usr/local/sarg/sarg.conf, sarg-report
will be created. We can submit a cron job, so that the system will execute it
automatically. In my network, I put the following line after executing crontab –e,

0 * * * * /usr/bin/sarg –f /usr/local/sarg/sarg.conf


Setting customized message

Create an html file with customized message and save it to /etc/squid/error
directory.

Now put the following directives in /etc/squid/httpd.conf –

acl blacklist dstdomain “/var/lib/squidguard/BL/blacklist”
http_access deny blacklist
deny_info blocked.htm blacklist

Restart squid proxy server and try to access any restricted site, as per
/var/lib/squidguard/BL/blacklist, from your workstation.

See the result in my case –

Labels: configuration, firewall, guide to linux, instalation, linux administrator guide, linux config, Linux installation guide, pocket linux guide, Proxy server, red hat linux guide, squid proxy server

By default the RedHat linux has built in Kernel support for NFS.
The Filesystem to share are defined in /etc/exports file.
In our lab session, we will configure our web server so that users can access their respective home directory and will have read- only access to /all directory. We must remind whatever share permission we specify in the /etc/exports file, the most restrictive settings will activated. The IP address of our NFS server is 192.168.100.2.
First of all, edit the /etc/exports file by inserting the following lines
/all *(ro)
/home *(rw)
Export the share using the following command –
exportfs –a –v
Restart the service –
service nfs restart
service nfslock restart

Check which folders are NFS shared –
exportfs
Go to any client computer, make a directory using mkdir command say /all
mkdir /all
Assign necessary permission, here we will set – chmod 705 –R /all
Mount the NFS shared directory to your client’s computer
mount 192.168.100.2:/all /all
At this point, users from your client computer will access /all directory in your NFS server.
Yes, it is read-only access.
Now, you have to configure your network such a way, so that, whenever a user logs in to any computer, he will get the same file system and hierarchy in his/her home directory.
In fact, whenever a user saves files to his/her home directory, it will be saved to NFS Server.

Labels: book, command, guide to linux, Linux, linux administrator guide, linux config, Linux installation guide, mail server, NFS, NFS File server, pocket linux guide, red hat linux guide