exports - Defines remote mount points for NFS mount
requests
/etc/exports
The exports file specifies remote mount points for the NFS
mount protocol per the NFS server specification (see Network
File System Protocol Specification, RFC1094).
Each entry in the /etc/exports file consists of a filesystem
or directory name followed by an optional list of
options or an optional list of identifiers or both. The
identifiers define which remote hosts can mount that particular
filesystem or directory.
The identifiers listed beside the name of each filesystem
or directory can be either host names, IP addresses, or
NIS netgroups names. If no identifiers are listed, the
entry is exported to all hosts. If you are exporting a
file system to a client that has multiple network interfaces
on a subnet, you must specify the host names or IP
addresses for all of the interfaces; otherwise, export
requests from the unspecified interfaces will be denied.
A backslash character (\) in the right-most position of a
line indicates line continuation. A number sign (#)
either at the beginning of a line or at the end of a syntax
line marks a comment that extends to the end of that
line. You cannot use a number sign at the end of a line
containing a backslash character because the backslash
nullifies the end of line character.
Note that the mount command will touch the /etc/exports
file when issued with the -t nfs option. If you create a
new /etc/exports file, you should ensure that its ownership
is equivalent to that of the default, which is;
bin:bin (3:4).
The format of the exports file is as follows:
pathname [option ...] [identifier ...]
#comments
The pathname specifies the name of a mounted local
filesystem or a directory of a mounted local filesystem.
The pathname must begin in column 1.
The following are valid export file options: Maps client
superuser access to uid 0 for all hosts mounting this
path. If you want to allow client superusers access to
the filesystem or directory with the same permissions as a
local superuser, use -root=0. Use -root=0 only if you
trust the superuser on the client system. The default is
for client superusers to be mapped to uid -2, which maps a
client superuser to nobody. This limits access to world
accessible files. If both the -root=0 option and the
-anon=uid option are used, the root option overrides the
uid specified in anon for client superusers. Maps the
client superusers on the specified hosts only to uid 0.
The format for the hostlist argument is as follows:
client[:client]...
The client specification can be a host name or IP address.
By default, client superusers are mapped to -2. This
option overrides the uid specified in -anon=uid for client
superusers in hostlist. Maps anonymous users to the specified
uid. Client superusers are considered anonymous by
the NFS server, as are requests that come in without UNIX
authentication. By default, anonymous users are mapped to
uid -2. Setting anon to -1 disables anonymous access.
The filesystem or directory is exported read-only (default
is read-write). The -o option is a synonym for -ro for
backward compatibility. limits read-write access to the
hosts specified. All other hosts allowed to mount this
path are granted read-only access. The format for the
hostlist argument is as follows:
client[:client]...
The client specification can be a host name or IP address.
If both the -ro and -rw=hostlist options are specified,
-rw prevails. Exports a filesystem or directory for WebNFS
public access. Note that only one exported filesystem
can have this option set.
Note
When the -public option is set, the mount access list is
ignored by the WebNFS server. This means that all hosts
using the WebNFS protocol have access to this directory.
After setting the -public option, be sure to send the
mountd process a HUP signal. See kill(1) for further
information.
Used with -public option. Enables the server to look for
an index.html file when given a directory name. Specifies
the hosts to grant mount access to. The format for the
hostlist argument is as follows:
client[:client]...
The client specification can be a host name, IP address,
or NIS network group. This option is provided for readability
and compatibility with certain export file formats.
Alternatively, to identify the client systems who
are allowed access to this export use the whitespace separated
identifier list described below.
The options can be applied to both file system and directory
entries in /etc/exports.
Alternatively, you can list options using only one leading
dash and separating them with commas as in
-option[,option]....
You use the identifier field to specify host names, network
groups, or both, separated by white space that specify
the access list for this export. Host names can
optionally contain the local BIND domain name. A whitespace
character in the left-most position of a line indicates
line continuation.
Note
If no hosts or netgroups are specified, the mount daemon
exports this file system or directory to anyone requesting
it. See the mountd(8) reference page for information on
how to limit this scope to known hosts or to hosts in the
same BIND domain.
For example, suppose you enter:
/usr -root=0 milan kuan_yin.cis.berkeley.edu /usr/local
555.555.55.55 /u2 -ro /u3/dir1 -rw=milan:venice:florence
/u3/dir2 -root=milan,access=venice:florence /u3/dir3
-root=0,access=milan:venice:florence /u3/dir4 -root=0
milan venice florence /u3/dir5 -root=milan -anon=-1
/u3/dir6 -ro -public milan venice florence
If /usr, /u2 and /u3 are local file system mount points,
this specifies the following: /usr is exported read-write
to hosts milan and kuan_yin.cis.berkeley.edu with root
mapped to uid=0. /usr/local is exported read-write to
host 555.555.55.55 with root mapped to -2. (For security
reasons, this example uses the fictitious IP address
555.555.55.55.) /u2 is exported to all hosts read-only
with root mapped to -2. /u3/dir1 is exported read-write
to hosts milan, venice, and florence and read-only to all
other hosts. For all hosts, root is mapped to -2.
/u3/dir2 is exported with root mapped to 0 to host milan.
Hosts milan, venice, and florence are allowed to mount
this directory read-write. Root on hosts venice and florence
is mapped to -2. /u3/dir3 is exported read-write
and with root mapped to 0 to hosts milan, venice, and florence.
/u3/dir4 is exported in the same manner as the
previous example. /u3/dir5 is exported read-write to all
hosts. Anonymous users are not allowed to mount this
directory, with the exception of the client superuser on
host milan. Root is mapped to 0 on host milan and to -2
on all other hosts. /u3/dir6 Hosts milan, venice, and
florence are allowed to mount this directory read-only.
All other hosts have read-only WebNFS access, but cannot
mount this directory.
Each file system that you want to allow clients to mount
must be explicitly defined. Exporting only the root (/)
will not allow clients to mount /usr. Exporting only /usr
will not allow clients to mount /usr/local, if it is a
file system.
Duplicate directory entries are not allowed. The first
entry is valid and following duplicates are ignored.
Desired export options must be explicitly specified for
each exported resource: file system or directory. If a
file system and subdirectories within it are exported, the
options associated with the file system are not ``inherited.''
You do not need to export an entire file system
to allow clients to mount subdirectories within it.
The access list associated with each exported resource
identifies which clients can mount that resource with the
specified options. For example, you can export an entire
file system read-only, with a subdirectory within it
exported read-write to a subset of clients. If a client
that is not identified in the export access list of a
directory attempts to mount it, then access is checked
against the closest exported ancestor. If mount access is
allowed at a higher level in the directory tree of the
file system, the export options associated with the
successful match will be in effect.
To make a change to the exports file and have it take
effect immediately, send the mountd process a HUP signal.
Otherwise, the mountd process will reread the exports file
the next time it receives a mount request from an NFS
client or a showmount -e request.
Daemons: mountd(8), nfsd(8)
Commands: showmount(8)
Files: hosts(4), netgroup(4)
Network Administration: Services delim off
exports(4)
[ Back ] |