Commit | Line | Data |
---|---|---|
f891d0ed KB |
1 | .\" Copyright (c) 1989, 1991, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
b64bd2a1 | 3 | .\" |
eadcc84a | 4 | .\" %sccs.include.redist.roff% |
b64bd2a1 | 5 | .\" |
f891d0ed | 6 | .\" @(#)exports.5 8.1 (Berkeley) %G% |
b64bd2a1 | 7 | .\" |
eadcc84a CL |
8 | .Dd |
9 | .Dt EXPORTS 5 | |
10 | .Os | |
11 | .Sh NAME | |
12 | .Nm exports | |
13 | .Nd define remote mount points for | |
14 | .Tn NFS | |
15 | mount requests | |
16 | .Sh SYNOPSIS | |
17 | .Nm exports | |
18 | .Sh DESCRIPTION | |
19 | The | |
20 | .Nm exports | |
466c2641 | 21 | file specifies remote mount points for the |
eadcc84a | 22 | .Tn NFS |
b64bd2a1 | 23 | mount protocol per the |
eadcc84a | 24 | .Tn NFS |
b64bd2a1 | 25 | server specification; see |
f9196243 | 26 | .%T "Network File System Protocol Specification \\*(tNRFC\\*(sP 1094, Appendix A" . |
eadcc84a | 27 | .Pp |
fc13291c KM |
28 | Each line in the file |
29 | (other than comment lines that begin with a #) | |
466c2641 KM |
30 | specifies the mount point(s) and export flags within one local server |
31 | filesystem for one or more hosts. | |
32 | A host may be specified only once for each local filesystem on the | |
33 | server and there may be only one default entry for each server | |
34 | filesystem that applies to all other hosts. | |
35 | The latter exports the filesystem to the ``world'' and should | |
36 | be used only when the filesystem contains public information. | |
fc13291c KM |
37 | .Pp |
38 | In a mount entry, | |
466c2641 KM |
39 | the first field(s) specify the directory path(s) within a server filesystem |
40 | that can be mounted on by the corresponding client(s). | |
41 | There are two forms of this specification. | |
42 | The first is to list all mount points as absolute | |
43 | directory paths separated by whitespace. | |
44 | The second is to specify the pathname of the root of the filesystem | |
45 | followed by the | |
46 | .Fl alldirs | |
47 | flag; | |
48 | this form allows the host(s) to mount any directory within the filesystem. | |
49 | Mount points for a filesystem may appear on multiple lines each with | |
50 | different sets of hosts and export options. | |
51 | .Pp | |
52 | The second component of a line specifies how the filesystem is to be | |
53 | exported to the host set. | |
54 | The option flags specify whether the filesystem | |
55 | is exported read-only or read-write and how the client uid is mapped to | |
56 | user credentials on the server. | |
fc13291c KM |
57 | .Pp |
58 | Export options are specified as follows: | |
59 | .Pp | |
60 | .Sm off | |
466c2641 | 61 | .Fl maproot No = Sy user |
fc13291c KM |
62 | .Sm on |
63 | The credential of the specified user is used for remote access by root. | |
64 | The credential includes all the groups to which the user is a member | |
65 | on the local machine (see | |
66 | .Xr id 1 ). | |
67 | The user may be specified by name or number. | |
eadcc84a | 68 | .Pp |
eadcc84a | 69 | .Sm off |
466c2641 | 70 | .Fl maproot No = Sy user:group1:group2:... |
eadcc84a | 71 | .Sm on |
fc13291c KM |
72 | The colon separated list is used to specify the precise credential |
73 | to be used for remote access by root. | |
74 | The elements of the list may be either names or numbers. | |
75 | Note that user: should be used to distinguish a credential containing | |
76 | no groups from a complete credential for that user. | |
77 | .Pp | |
78 | .Sm off | |
466c2641 | 79 | .Fl mapall No = Sy user |
fc13291c KM |
80 | .Sm on |
81 | or | |
82 | .Sm off | |
466c2641 | 83 | .Fl mapall No = Sy user:group1:group2:... |
fc13291c KM |
84 | .Sm on |
85 | specifies a mapping for all client uids (including root) | |
86 | using the same semantics as | |
466c2641 | 87 | .Fl maproot . |
fc13291c | 88 | .Pp |
eadcc84a CL |
89 | The option |
90 | .Fl r | |
466c2641 KM |
91 | is a synonym for |
92 | .Fl maproot | |
b64bd2a1 | 93 | in an effort to be backward compatible with older export file formats. |
eadcc84a | 94 | .Pp |
fc13291c | 95 | In the absence of |
466c2641 | 96 | .Fl maproot |
fc13291c | 97 | and |
466c2641 | 98 | .Fl mapall |
fc13291c | 99 | options, remote accesses by root will result in using a credential of -2:-2. |
466c2641 | 100 | All other users will be mapped to their remote credential. |
fc13291c | 101 | If a |
466c2641 | 102 | .Fl maproot |
fc13291c | 103 | option is given, |
466c2641 | 104 | remote access by root will be mapped to that credential instead of -2:-2. |
fc13291c | 105 | If a |
466c2641 | 106 | .Fl mapall |
fc13291c | 107 | option is given, |
466c2641 | 108 | all users (including root) will be mapped to that credential in |
fc13291c | 109 | place of their own. |
fc13291c KM |
110 | .Pp |
111 | The | |
112 | .Fl kerb | |
113 | option specifies that the Kerberos authentication server should be | |
466c2641 | 114 | used to authenticate and map client credentials. |
fc13291c KM |
115 | (Note that this is NOT Sun NFS compatible and |
116 | is supported for TCP transport only.) | |
117 | .Pp | |
118 | The | |
eadcc84a | 119 | .Fl ro |
466c2641 KM |
120 | option specifies that the filesystem should be exported read-only |
121 | (default read/write). | |
eadcc84a CL |
122 | The option |
123 | .Fl o | |
466c2641 | 124 | is a synonym for |
eadcc84a | 125 | .Fl ro |
b64bd2a1 | 126 | in an effort to be backward compatible with older export file formats. |
eadcc84a | 127 | .Pp |
466c2641 KM |
128 | The third component of a line specifies the host set to which the line applies. |
129 | The set may be specified in three ways. | |
130 | The first way is to list the host name(s) separated by white space. | |
131 | (Standard internet ``dot'' addresses may be used in place of names.) | |
132 | The second way is to specify a ``netgroup'' as defined in the netgroup file (see | |
133 | .Xr netgroup 5 ). | |
134 | The third way is to specify an internet subnetwork using a network and | |
135 | network mask that is defined as the set of all hosts with addresses within | |
136 | the subnetwork. | |
137 | This latter approach requires less overhead within the | |
138 | kernel and is recommended for cases where the export line refers to a | |
139 | large number of clients within an administrative subnet. | |
140 | .Pp | |
141 | The first two cases are specified by simply listing the name(s) separated | |
142 | by whitespace. | |
143 | All names are checked to see if they are ``netgroup'' names | |
144 | first and are assumed to be hostnames otherwise. | |
145 | Using the full domain specification for a hostname can normally | |
146 | circumvent the problem of a host that has the same name as a netgroup. | |
147 | The third case is specified by the flag | |
148 | .Sm off | |
149 | .Fl network No = Sy netname | |
150 | .Sm on | |
151 | and optionally | |
152 | .Sm off | |
153 | .Fl mask No = Sy netmask . | |
154 | .Sm on | |
155 | If the mask is not specified, it will default to the mask for that network | |
156 | class (A, B or C; see | |
157 | .Xr inet 5 ). | |
158 | .Pp | |
b64bd2a1 | 159 | For example: |
eadcc84a | 160 | .Bd -literal -offset indent |
466c2641 KM |
161 | /usr /usr/local -maproot=0:10 friends |
162 | /usr -maproot=daemon grumpy.cis.uoguelph.ca 131.104.48.16 | |
163 | /usr -ro -mapall=nobody | |
164 | /u -maproot=bin: -network 131.104.48 -mask 255.255.255.0 | |
165 | /u2 -maproot=root friends | |
166 | /u2 -alldirs -kerb -network cis-net -mask cis-mask | |
eadcc84a CL |
167 | .Ed |
168 | .Pp | |
169 | Given that | |
170 | .Sy /usr , | |
171 | .Sy /u | |
172 | and | |
173 | .Sy /u2 | |
174 | are | |
fc13291c | 175 | local filesystem mount points, the above example specifies the following: |
eadcc84a CL |
176 | .Sy /usr |
177 | is exported to hosts | |
466c2641 KM |
178 | .Em friends |
179 | where friends is specified in the netgroup file | |
180 | with users mapped to their remote credentials and | |
181 | root mapped to uid 0 and group 10. | |
182 | It is exported read-write and the hosts in ``friends'' can mount either /usr | |
183 | or /usr/local. | |
184 | It is exported to | |
fc13291c | 185 | .Em 131.104.48.16 |
466c2641 KM |
186 | and |
187 | .Em grumpy.cis.uoguelph.ca | |
188 | with users mapped to their remote credentials and | |
fc13291c KM |
189 | root mapped to the user and groups associated with ``daemon''; |
190 | it is exported to the rest of the world as read-only with | |
466c2641 | 191 | all users mapped to the user and groups associated with ``nobody''. |
eadcc84a CL |
192 | .Pp |
193 | .Sy /u | |
466c2641 KM |
194 | is exported to all hosts on the subnetwork |
195 | .Em 131.104.48 | |
196 | with root mapped to the uid for ``bin'' and with no group access. | |
eadcc84a CL |
197 | .Pp |
198 | .Sy /u2 | |
466c2641 KM |
199 | is exported to the hosts in ``friends'' with root mapped to uid and groups |
200 | associated with ``root''; | |
201 | it is exported to all hosts on network ``cis-net'' allowing mounts at any | |
202 | directory within /u2 and mapping all uids to credentials for the principal | |
203 | that is authenticated by a Kerberos ticket. | |
eadcc84a CL |
204 | .Sh FILES |
205 | .Bl -tag -width /etc/exports -compact | |
206 | .It Pa /etc/exports | |
fc13291c | 207 | The default remote mount-point file. |
eadcc84a CL |
208 | .El |
209 | .Sh SEE ALSO | |
466c2641 | 210 | .Xr netgroup 5 , |
eadcc84a CL |
211 | .Xr mountd 8 , |
212 | .Xr nfsd 8 , | |
213 | .Xr showmount 8 | |
214 | .Sh BUGS | |
fc13291c KM |
215 | The export options are tied to the local mount points in the kernel and |
216 | must be non-contradictory for any exported subdirectory of the local | |
217 | server mount point. | |
218 | It is recommended that all exported directories within the same server | |
219 | filesystem be specified on adjacent lines going down the tree. | |
466c2641 KM |
220 | You cannot specify a hostname that is also the name of a netgroup. |
221 | Specifying the full domain specification for a hostname can normally | |
222 | circumvent the problem. |