Linux Explorers

Exploring the wonderful world of Linux

For those of you who are new to configuring Red Hat Enterprise Linux systems you may find some level of difficulty configuring services such as httpd, samba, e-mail, etc.  The most frustration comes from configuring a service correctly however not being able to connect from another PC.  For example you may have spent hours configuring an Apache web server however are unable to connect to the site from another computer.

Most likely the problem can be traced back to not having SELinux or the firewall (iptables) configured correctly.  There are guides out there for configuring services that instruct you to disable the firewall or to disable SELinux. I would highly recommend that you NOT do this disable SELinux or the firewall!  This is a double emphasis for those configuring Red Hat Enterprise Linux (RHEL) servers for a production environment as disabling those security settings could place your job in jeopardy.  Disabling SELinux and the firewall will make it easier to configure your services however doing so would expose your system to security breeches.  Disabling the firewall would allow incoming connections on virtually any port and disabling SELinux would expose the file system to further manipulation.

If you’re going to be using RHEL in a production environment take the time to understand which ports are used by your application so that you may open the appropriate ports in the firewall and set the appropriate SELinux contexts instead of disabling these security features.

As always I’d like to hear from you so please post your opinions regarding this topic.

This article describes how to configure a basic Samba share in Red Hat Enterprise Linux 7 (RHEL7).  This procedure will describe how to configure a share to work with SELinux and the firewall.  For those unfamiliar with samba it is software that allows windows clients to connect to Linux based servers and share files and printing.

 

Note: the commands in this guide need to be run as the root user.

 

1) The first step in the process is to install the samba software on your machine.  Use the command below to install all of the Samba packages.

yum -y install samba*

 

2) Create the directory containing the contents you would like to share.  In this example the directory will be “/samba_share”

mkdir /samba_share

 

3) Change the permission level on the directory to “777″

chmod 777 /samba_share

This allows all users to read, write, and execute files from this directory.

 

4) Change the SELinux file context so that it can be shared

chcon -t samba_share_t /samba_share/

This command changes the SELinux security context on the directory to “samba_share_t” which will allow the contents of the directory to be shared via samba.  Users wont be able to access the share if the SELinux context is not changed.

 

5) Now we need to create a samba user that will be able to access the shared directory.  We will use the user “johndoe” to accomplish this.

if the user “johndoe” has not been added to the system create the account with the following commands.

useradd johndoe
passwd johndoe

Once the user has been added you can create the user’s samba account with the following commands.

smbpasswd -a johndoe
(create the password)

 

5) Configure the “/etc/samba/smb.conf” file with the directory share information.  Its a good idea to create a backup of this file before making any edits.

Navigate toward the bottom of the “/etc/samba/smb.conf” file and look for the “Share Definitions” and add the following lines to define the share:

[samba_share]
      comment = Samba share
      path = /samba_share
      browseable = yes
      valid users = johndoe
     writable = yes

 

6) Enable and start the samba service

systemctl enable smb.service
systemctl start smb.service

 

7) Create a firewall rule to allow connections to the samba share

firewall-cmd –permanent –add-service=samba

systemctl restart firewalld 

 

8) I would also recommend rebooting the system

 

9) You should now be able to connect to your samba share using a windows computer along with the credentials for the user “johndoe”

 

There are other ways of accomplishing this task so please leave any recommendations you have.

Configuring a VNC server is Red Hat Enterprise Linux 7 (RHEL7) is completely different from the process used in RHEL6.  I was unable to find a guide for the process of creating a vncserver on Red Hat Enterprise Linux 7 and decided to put this together once I figured out how to get it working.  I hope this helps you accomplish your goal.

 

1) First the VNC server packages will need to be installed.  The step below assumes the RHEL7 repositories have been configured.

yum -y install tigervnc-server

you can also install the server and client with the command below:

yum -y install tigervnc*

 

2) In the next step you will create a VNC user account for the specific user(s) that will need to access the system via VNC.  In this example a user named “johndoe” will be created.

useradd johndoe
passwd johndoe     create the password

After the user “johndoe” has been created login as the user and create a vncpassword.

vncpasswd    create the password

 

3) The next step is to create a VNC server configuration file for the user “johndoe.”  We will create a copy of the original VNC config file and edit it for the user.  The default vncserver port for incoming connections is 5900 and this step will configure a connection for user johndoe on a sub-port which is 5901 in this case.

cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

 

4) Edit the /etc/systemd/system/vncserver@:1.service file with your desired text editor and replace the string “<USER>” with appropriate vncuser’s username.  In this case the user will be “johndoe”.  Please see the screenshow below:

 

if you were to add more users you would create a new “vncserver@:#.service” file and change the <USER> string to the user, enable the service and appropriate ports as will be discussed below.

 

5) Next the firewall will need to be edited to accept incoming connections.  The steps below will demonstrate how to open port 5901 in the firewall.

firewall-cmd –permanent –zone=public –add-service vnc-server
(This command will add the entire vnc-server service to the public zone in the firewall and the firewalld service will manage the incoming connections.  It also manages connections for configuration files for multiple users.  For example user sally who is configured to connect on port 5903)

The command below may also be used

firewall-cmd –permanent –zone=public –add-port 5901/tcp

(This command only opens TCP port 5901 for incoming connections.  With this method more ports would need to be opened as additional users are added.)

 

6) Enable and start the vnc service

systemctl enable vncserver@:1.service
(Ensures the service will start at system startup)

systemctl start vncserver@:1.service
(Starts the service if its not already started)

 

7) Now you should be able to connect to your VNC server.  The connection string used will depend on the VNC client used.  For the TigerVNC  client the following connection string would be used:

192.168.1.100:5901

 

You should then be able to connect remote session using the vncpassword created for user “johndoe”.  I hope these instructions help and would like to hear your feedback.