Commit | Line | Data |
---|---|---|
984263bc MD |
1 | .\" Copyright (c) 1989, 1991, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
3 | .\" | |
4 | .\" Redistribution and use in source and binary forms, with or without | |
5 | .\" modification, are permitted provided that the following conditions | |
6 | .\" are met: | |
7 | .\" 1. Redistributions of source code must retain the above copyright | |
8 | .\" notice, this list of conditions and the following disclaimer. | |
9 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer in the | |
11 | .\" documentation and/or other materials provided with the distribution. | |
12 | .\" 3. All advertising materials mentioning features or use of this software | |
13 | .\" must display the following acknowledgement: | |
14 | .\" This product includes software developed by the University of | |
15 | .\" California, Berkeley and its contributors. | |
16 | .\" 4. Neither the name of the University nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
19 | .\" | |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
31 | .\" | |
32 | .\" @(#)exports.5 8.3 (Berkeley) 3/29/95 | |
33 | .\" $FreeBSD: src/sbin/mountd/exports.5,v 1.10.2.8 2002/09/28 16:31:45 markm Exp $ | |
cabeba47 | 34 | .\" $DragonFly: src/sbin/mountd/exports.5,v 1.5 2007/11/23 23:16:36 swildner Exp $ |
984263bc MD |
35 | .\" |
36 | .Dd March 29, 1995 | |
37 | .Dt EXPORTS 5 | |
38 | .Os | |
39 | .Sh NAME | |
40 | .Nm exports | |
41 | .Nd define remote mount points for | |
42 | .Tn NFS | |
43 | mount requests | |
44 | .Sh SYNOPSIS | |
45 | .Nm | |
46 | .Sh DESCRIPTION | |
47 | The | |
48 | .Nm | |
49 | file specifies remote mount points for the | |
50 | .Tn NFS | |
51 | mount protocol per the | |
52 | .Tn NFS | |
53 | server specification; see | |
54 | .%T "Network File System Protocol Specification" , | |
cabeba47 | 55 | RFC 1094, Appendix A and |
984263bc MD |
56 | .%T "NFS: Network File System Version 3 Specification" , |
57 | Appendix I. | |
58 | .Pp | |
59 | Each line in the file | |
60 | (other than comment lines that begin with a #) | |
61 | specifies the mount point(s) and export flags within one local server | |
62 | filesystem for one or more hosts. | |
63 | A host may be specified only once for each local filesystem on the | |
64 | server and there may be only one default entry for each server | |
65 | filesystem that applies to all other hosts. | |
66 | The latter exports the filesystem to the ``world'' and should | |
67 | be used only when the filesystem contains public information. | |
68 | .Pp | |
69 | In a mount entry, | |
70 | the first field(s) specify the directory path(s) within a server filesystem | |
71 | that can be mounted on by the corresponding client(s). | |
72 | There are two forms of this specification. | |
73 | The first is to list all mount points as absolute | |
74 | directory paths separated by whitespace. | |
75 | The second is to specify the pathname of the root of the filesystem | |
76 | followed by the | |
77 | .Fl alldirs | |
78 | flag; | |
79 | this form allows the host(s) to mount at any point within the filesystem, | |
80 | including regular files if the | |
81 | .Fl r | |
82 | option is used on | |
83 | .Xr mountd 8 . | |
84 | The pathnames must not have any symbolic links in them and should not have | |
85 | any "." or ".." components. | |
86 | Mount points for a filesystem may appear on multiple lines each with | |
87 | different sets of hosts and export options. | |
88 | .Pp | |
89 | The second component of a line specifies how the filesystem is to be | |
90 | exported to the host set. | |
91 | The option flags specify whether the filesystem | |
92 | is exported read-only or read-write and how the client uid is mapped to | |
93 | user credentials on the server. | |
94 | .Pp | |
95 | Export options are specified as follows: | |
96 | .Pp | |
97 | .Sm off | |
98 | .Fl maproot No = Sy user | |
99 | .Sm on | |
100 | The credential of the specified user is used for remote access by root. | |
101 | The credential includes all the groups to which the user is a member | |
102 | on the local machine (see | |
103 | .Xr id 1 ) . | |
104 | The user may be specified by name or number. | |
105 | .Pp | |
106 | .Sm off | |
107 | .Fl maproot No = Sy user:group1:group2:... | |
108 | .Sm on | |
109 | The colon separated list is used to specify the precise credential | |
110 | to be used for remote access by root. | |
111 | The elements of the list may be either names or numbers. | |
112 | Note that user: should be used to distinguish a credential containing | |
113 | no groups from a complete credential for that user. | |
114 | .Pp | |
115 | .Sm off | |
116 | .Fl mapall No = Sy user | |
117 | .Sm on | |
118 | or | |
119 | .Sm off | |
120 | .Fl mapall No = Sy user:group1:group2:... | |
121 | .Sm on | |
122 | specifies a mapping for all client uids (including root) | |
123 | using the same semantics as | |
124 | .Fl maproot . | |
125 | .Pp | |
126 | The option | |
127 | .Fl r | |
128 | is a synonym for | |
129 | .Fl maproot | |
130 | in an effort to be backward compatible with older export file formats. | |
131 | .Pp | |
132 | In the absence of | |
133 | .Fl maproot | |
134 | and | |
135 | .Fl mapall | |
136 | options, remote accesses by root will result in using a credential of -2:-2. | |
137 | All other users will be mapped to their remote credential. | |
138 | If a | |
139 | .Fl maproot | |
140 | option is given, | |
141 | remote access by root will be mapped to that credential instead of -2:-2. | |
142 | If a | |
143 | .Fl mapall | |
144 | option is given, | |
145 | all users (including root) will be mapped to that credential in | |
146 | place of their own. | |
147 | .Pp | |
148 | The | |
149 | .Fl ro | |
150 | option specifies that the filesystem should be exported read-only | |
151 | (default read/write). | |
152 | The option | |
153 | .Fl o | |
154 | is a synonym for | |
155 | .Fl ro | |
156 | in an effort to be backward compatible with older export file formats. | |
157 | .Pp | |
158 | .Tn WebNFS | |
159 | exports strictly according to the spec (RFC 2054 and RFC 2055) can | |
160 | be done with the | |
161 | .Fl public | |
162 | flag. | |
163 | However, this flag in itself allows r/w access to all files in | |
164 | the filesystem, not requiring reserved ports and not remapping uids. | |
165 | It | |
166 | is only provided to conform to the spec, and should normally not be used. | |
167 | For a | |
168 | .Tn WebNFS | |
169 | export, | |
170 | use the | |
171 | .Fl webnfs | |
172 | flag, which implies | |
173 | .Fl public , | |
174 | .Sm off | |
175 | .Fl mapall No = Sy nobody | |
176 | .Sm on | |
177 | and | |
178 | .Fl ro . | |
179 | .Pp | |
180 | A | |
181 | .Sm off | |
182 | .Fl index No = Sy file | |
183 | .Sm on | |
184 | option can be used to specify a file whose handle will be returned if | |
185 | a directory is looked up using the public filehandle | |
186 | .Pq Tn WebNFS . | |
187 | This is to mimic the behavior of URLs. | |
188 | If no | |
189 | .Fl index | |
190 | option is specified, a directory filehandle will be returned as usual. | |
191 | The | |
192 | .Fl index | |
193 | option only makes sense in combination with the | |
194 | .Fl public | |
195 | or | |
196 | .Fl webnfs | |
197 | flags. | |
198 | .Pp | |
199 | Specifying the | |
200 | .Fl quiet | |
201 | option will inhibit some of the syslog diagnostics for bad lines in | |
202 | .Pa /etc/exports . | |
203 | This can be useful to avoid annoying error messages for known possible | |
204 | problems (see | |
205 | .Sx EXAMPLES | |
206 | below). | |
207 | .Pp | |
208 | The third component of a line specifies the host set to which the line applies. | |
209 | The set may be specified in three ways. | |
210 | The first way is to list the host name(s) separated by white space. | |
211 | (Standard Internet ``dot'' addresses may be used in place of names.) | |
212 | The second way is to specify a ``netgroup'' as defined in the netgroup file (see | |
213 | .Xr netgroup 5 ) . | |
214 | The third way is to specify an Internet subnetwork using a network and | |
215 | network mask that is defined as the set of all hosts with addresses within | |
216 | the subnetwork. | |
217 | This latter approach requires less overhead within the | |
218 | kernel and is recommended for cases where the export line refers to a | |
219 | large number of clients within an administrative subnet. | |
220 | .Pp | |
221 | The first two cases are specified by simply listing the name(s) separated | |
222 | by whitespace. | |
223 | All names are checked to see if they are ``netgroup'' names | |
224 | first and are assumed to be hostnames otherwise. | |
225 | Using the full domain specification for a hostname can normally | |
226 | circumvent the problem of a host that has the same name as a netgroup. | |
227 | The third case is specified by the flag | |
228 | .Sm off | |
229 | .Fl network No = Sy netname | |
230 | .Sm on | |
231 | and optionally | |
232 | .Sm off | |
233 | .Fl mask No = Sy netmask . | |
234 | .Sm on | |
235 | If the mask is not specified, it will default to the mask for that network | |
236 | class (A, B or C; see | |
237 | .Xr inet 4 ) . | |
238 | See the | |
239 | .Sx EXAMPLES | |
240 | section below. | |
241 | .Pp | |
242 | The | |
243 | .Xr mountd 8 | |
244 | utility can be made to re-read the | |
245 | .Nm | |
246 | file by sending it a hangup signal as follows: | |
247 | .Bd -literal -offset indent | |
248 | kill -s HUP `cat /var/run/mountd.pid` | |
249 | .Ed | |
250 | .Pp | |
251 | After sending the | |
252 | .Dv SIGHUP , | |
253 | check the | |
254 | .Xr syslogd 8 | |
255 | output to see whether | |
256 | .Xr mountd 8 | |
257 | logged any parsing errors in the | |
258 | .Nm | |
259 | file. | |
260 | .Sh FILES | |
261 | .Bl -tag -width /etc/exports -compact | |
262 | .It Pa /etc/exports | |
263 | the default remote mount-point file | |
264 | .El | |
265 | .Sh EXAMPLES | |
266 | .Bd -literal -offset indent | |
267 | /usr /usr/local -maproot=0:10 friends | |
268 | /usr -maproot=daemon grumpy.cis.uoguelph.ca 131.104.48.16 | |
269 | /usr -ro -mapall=nobody | |
270 | /u -maproot=bin: -network 131.104.48 -mask 255.255.255.0 | |
271 | /u2 -maproot=root friends | |
272 | /u2 -alldirs -network cis-net -mask cis-mask | |
273 | /cdrom -alldirs,quiet,ro -network 192.168.33.0 -mask 255.255.255.0 | |
274 | .Ed | |
275 | .Pp | |
276 | Given that | |
f1481abe SW |
277 | .Pa /usr , |
278 | .Pa /u | |
984263bc | 279 | and |
f1481abe | 280 | .Pa /u2 |
984263bc MD |
281 | are |
282 | local filesystem mount points, the above example specifies the following: | |
f1481abe | 283 | .Pa /usr |
984263bc MD |
284 | is exported to hosts |
285 | .Em friends | |
286 | where friends is specified in the netgroup file | |
287 | with users mapped to their remote credentials and | |
288 | root mapped to uid 0 and group 10. | |
289 | It is exported read-write and the hosts in ``friends'' can mount either /usr | |
290 | or /usr/local. | |
291 | It is exported to | |
292 | .Em 131.104.48.16 | |
293 | and | |
294 | .Em grumpy.cis.uoguelph.ca | |
295 | with users mapped to their remote credentials and | |
296 | root mapped to the user and groups associated with ``daemon''; | |
297 | it is exported to the rest of the world as read-only with | |
298 | all users mapped to the user and groups associated with ``nobody''. | |
299 | .Pp | |
f1481abe | 300 | .Pa /u |
984263bc MD |
301 | is exported to all hosts on the subnetwork |
302 | .Em 131.104.48 | |
303 | with root mapped to the uid for ``bin'' and with no group access. | |
304 | .Pp | |
f1481abe | 305 | .Pa /u2 |
984263bc MD |
306 | is exported to the hosts in ``friends'' with root mapped to uid and groups |
307 | associated with ``root''; | |
308 | it is exported to all hosts on network ``cis-net'' allowing mounts at any | |
309 | directory within /u2. | |
310 | .Pp | |
311 | The filesystem rooted at | |
f1481abe | 312 | .Pa /cdrom |
984263bc MD |
313 | will exported read-only to the entire network 192.168.33.0/24, including |
314 | all its subdirectories. | |
315 | Since | |
f1481abe | 316 | .Pa /cdrom |
984263bc MD |
317 | is the conventional mountpoint for a CD-ROM device, this export will |
318 | fail if no CD-ROM medium is currently mounted there since that line | |
319 | would then attempt to export a subdirectory of the root filesystem | |
320 | with the | |
321 | .Fl alldirs | |
322 | option which is not allowed. | |
323 | The | |
324 | .Fl quiet | |
325 | option will then suppress the error message for this condition that | |
326 | would normally be syslogged. | |
327 | As soon as an actual CD-ROM is going to be mounted, | |
328 | .Xr mount 8 | |
329 | will notify | |
330 | .Xr mountd 8 | |
331 | about this situation, and the | |
f1481abe | 332 | .Pa /cdrom |
3f5e28f4 | 333 | filesystem will be exported as intended. |
984263bc MD |
334 | Note that without using the |
335 | .Fl alldirs | |
336 | option, the export would always succeed. | |
337 | While there is no CD-ROM medium mounted under | |
f1481abe | 338 | .Pa /cdrom , |
984263bc | 339 | it would export the (normally empty) directory |
f1481abe | 340 | .Pa /cdrom |
984263bc MD |
341 | of the root filesystem instead. |
342 | .Sh SEE ALSO | |
343 | .Xr netgroup 5 , | |
344 | .Xr mountd 8 , | |
345 | .Xr nfsd 8 , | |
346 | .Xr showmount 8 | |
347 | .Sh BUGS | |
348 | The export options are tied to the local mount points in the kernel and | |
349 | must be non-contradictory for any exported subdirectory of the local | |
350 | server mount point. | |
351 | It is recommended that all exported directories within the same server | |
352 | filesystem be specified on adjacent lines going down the tree. | |
353 | You cannot specify a hostname that is also the name of a netgroup. | |
354 | Specifying the full domain specification for a hostname can normally | |
355 | circumvent the problem. |