 |
Index for Section 4 |
|
 |
Alphabetical listing for E |
|
exports(4)
NAME
exports - Defines remote mount points for NFS mount requests
SYNOPSIS
/etc/exports
DESCRIPTION
The exports file specifies remote mount points for the NFS mount protocol
per the NFS server specification (see Network File System Protocol
Specification, RFC1094).
Each entry in the /etc/exports file consists of a file system or directory
name followed by an optional list of options or an optional list of
identifiers or both. The identifiers define which remote hosts can mount
that particular file system or directory. The identifiers listed beside
the name of each file system or directory can be either host names, IP
addresses, or NIS netgroups names. If no identifiers are listed, the entry
is exported to all hosts.
The format of the exports file is as follows:
pathname [option ...] [identifier ...]
#comments
The pathname specifies the name of a mounted local file system or a
directory of a mounted local file system. The pathname must begin in
column 1.
The following are valid export file options:
-root=0 Maps client superuser access to uid 0 for all hosts mounting this
path. If you want to allow client superusers access to the file
system or directory with the same permissions as a local
superuser, use -root=0. Use -root=0 only if you trust the
superuser on the client system. The default is for client
superusers to be mapped to uid -2, which maps a client superuser
to nobody. This limits access to world accessible files. If
both the -root=0 option and the -anon=uid option are used, the
root option overrides the uid specified in anon for client
superusers.
-root=hostlist
Maps the client superusers on the specified hosts only to uid 0.
The format for the hostlist argument is as follows:
client[:client]...
The client specification can be a host name or IP address. By
default, client superusers are mapped to -2. This option
overrides the uid specified in -anon=uid for client superusers in
hostlist.
-anon=uid Maps anonymous users to the specified uid. Client superusers are
considered anonymous by the NFS server, as are requests that come
in without UNIX authentication. By default, anonymous users are
mapped to uid -2. Setting anon to -1 disables anonymous access.
-ro The file system or directory is exported read-only (default is
read-write). The -o option is a synonym for -ro for backward
compatibility.
-rw=hostlist
Limits read-write access to the hosts specified. All other hosts
allowed to mount this path are granted read-only access. The
format for the hostlist argument is as follows:
client[:client]...
The client specification can be a host name or IP address. If
both the -ro and -rw=hostlist options are specified, -rw
prevails.
-access=hostlist
Specifies the hosts to grant mount access to. The format for the
hostlist argument is as follows:
client[:client]...
The client specification can be a host name, IP address, or NIS
network group. This option is provided for readability and
compatibility with certain export file formats. Alternatively,
to identify the client systems who are allowed access to this
export use the whitespace separated identifier list described
below.
The options can be applied to both file system and directory entries in
/etc/exports.
Alternatively, you can list options using only one leading dash and
separating them with commas as in -option[,option]....
You use the identifier field to specify host names, network groups, or
both, separated by white space that specify the access list for this
export. Host names can optionally contain the local BIND domain name.
Note
If no hosts or netgroups are specified, the mount daemon exports this
file system or directory to anyone requesting it. See the mountd(8)
reference page for information on how to limit this scope to known
hosts or to hosts in the same Bind domain.
A number sign (#) anywhere in the line marks a comment that extends to the
end of that line.
A whitespace character in the left-most position of a line indicates a
continuation line.
For example, suppose you enter:
/usr -root=0 milan kuan_yin.cis.berkeley.edu
/usr/local 555.555.55.55
/u2 -ro
/u3/dir1 -rw=milan:venice:florence
/u3/dir2 -root=milan,access=venice:florence
/u3/dir3 -root=0,access=milan:venice:florence
/u3/dir4 -root=0 milan venice florence
/u3/dir5 -root=milan -anon=-1
If /usr, /u2 and /u3 are local file system mount points, this specifies the
following:
· /usr is exported read-write to hosts milan and
kuan_yin.cis.berkeley.edu with root mapped to uid=0.
· /usr/local is exported read-write to host 555.555.55.55 with root
mapped to -2. (For security reasons, this example uses the fictitious
IP address 555.555.55.55.)
· /u2 is exported to all hosts read-only with root mapped to -2.
· /u3/dir1 is exported read-write to hosts milan, venice, and florence
and read-only to all other hosts. For all hosts, root is mapped to
-2.
· /u3/dir2 is exported with root mapped to 0 to host milan. Hosts
milan, venice, and florence are allowed to mount this directory read-
write. Root on hosts venice and florence is mapped to -2.
· /u3/dir3 is exported read-write and with root mapped to 0 to hosts
milan, venice, and florence.
· /u3/dir4 is exported in the same manner as the previous example.
· /u3/dir5 is exported read-write to all hosts. Anonymous users are not
allowed to mount this directory, with the exception of the client
superuser on host milan. Root is mapped to 0 on host milan and to -2
on all other hosts.
Each file system that you want to allow clients to mount must be explicitly
defined. Exporting only the root (/) will not allow clients to mount /usr.
Exporting only /usr will not allow clients to mount /usr/local, if it is a
file system.
Duplicate directory entries are not allowed. The first entry is valid and
following duplicates are ignored.
Desired export options must be explicitly specified for each exported
resource: file system or directory. If a file system and subdirectories
within it are exported, the options associated with the file system are not
``inherited.'' You do not need to export an entire file system to allow
clients to mount subdirectories within it.
The access list associated with each exported resource identifies which
clients can mount that resource with the specified options. For example,
you can export an entire file system read-only, with a subdirectory within
it exported read-write to a subset of clients. If a client that is not
identified in the export access list of a directory attempts to mount it,
then access is checked against the closest exported ancestor. If mount
access is allowed at a higher level in the directory tree of the file
system, the export options associated with the successful match will be in
effect.
To make a change to the exports file and have it take effect immediately,
send the mountd(8) a HUP signal. Otherwise, the mountd(8) will reread the
exports file the next time it receives a mount request from an NFS client
or a showmount -e request.
RELATED INFORMATION
Daemons: mountd(8), nfsd(8)
Commands: showmount(8)
Files: hosts(4), netgroup(4)
Network Administration
Network Administration