exports

Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services

NAME

       exports - NFS file systems being exported


SYNOPSIS

       /etc/exports


DESCRIPTION

       The  file  /etc/exports  serves as the access control list
       for file systems which may be exported to NFS clients.  It
       it  used  by  both the NFS mount daemon, mountd(8) and the
       NFS file server daemon nfsd(8).

       The file format is similar  to  the  SunOS  exports  file,
       except  that  several  additional  options  are permitted.
       Each line contains a mount point and a list of machine  or
       netgroup  names  allowed  to mount the file system at that
       point.  An optional parenthesized list of mount parameters
       may  follow  each  machine name.  Blank lines are ignored,
       and a # introduces a comment to the end of the line.


   General Options
       secure This option requires that requests originate on  an
              internet  port  less  than  IPPORT_RESERVED (1024).
              This option is on by default. To turn it off, spec-
              ify insecure.

       ro     Allow  only  read-only requests on this NFS volume.
              The default is to allow  write  requests  as  well,
              which  can  also  be  made explicit by using the rw
              option.

       link_relative
              Convert absolute symbolic  links  (where  the  link
              contents start with a slash) into relative links by
              prepending the necessary number  of  ../'s  to  get
              from  the directory containing the link to the root
              on the server.  This has subtle, perhaps  question-
              able,  semantics  when  the  file  hierarchy is not
              mounted at its root.

       link_absolute
              Leave all symbolic link as they are.  This  is  the
              default operation.

   User ID Mapping
       nfsd  bases  its  access  control  to  files on the server
       machine on the uid  and  gid  provided  in  each  NFS  RPC
       request.  The  normal behavior a user would expect is that
       she can access her files on the server just as  she  would
       on  a normal file system. This requires that the same uids
       and gids are used on the client and  the  server  machine.
       This is not always true, nor is it always desirable.

       Very  often,  it  is not desirable that the root user on a
       client machine is also  treated  as  root  when  accessing
       files  on  the  NFS server. To this end, uid 0 is normally
       mapped to a  different  id:  the  so-called  anonymous  or
       nobody  uid.  This mode of operation (called `root squash-
       ing')  is  the  default,  and  can  be  turned  off   with
       no_root_squash.

       By default, nfsd tries to obtain the anonymous uid and gid
       by looking up user nobody in the password file at  startup
       time.  If it isn't found, a uid and gid of -2 (i.e. 65534)
       is used. These  values  can  also  be  overridden  by  the
       anonuid and anongid options.

       In  addition to this, nfsd lets you specify arbitrary uids
       and gids that should be mapped to  user  nobody  as  well.
       Finally,  you  can  map all user requests to the anonymous
       uid by specifying the all_squash option.

       For the benefit of installations where uids differ between
       different machines, nfsd provides a way to dynamically map
       server uids to  client  uids  and  vice  versa.   This  is
       enabled  with the map_daemon option, and uses the UGID RPC
       protocol. For this to work, you have to run  the  ugidd(8)
       mapping daemon on the client host.

       Here's the complete list of mapping options:

       root_squash
              Map  requests  from  uid/gid  0  to  the  anonymous
              uid/gid. Note that this does not apply to any other
              uids  that might be equally sensitive, such as user
              bin.

       no_root_squash
              Turn off root squashing. This option is mainly use-
              ful for diskless clients.

       squash_uids and squash_gids
              This  option  specifies a list of uids ir gids that
              should be subject to  anonymous  mapping.  A  valid
              list of ids looks like this:

              squash_uids=0-15,20,25-50

              Usually, your squash lists will look a lot simpler.

       all_squash
              Map all uids and gids to the anonymous user. Useful
              for NFS-exported public FTP directories, news spool
              directories,   etc.   The   opposite   option    is
              no_all_squash, which is the default setting.


       map_daemon
              This  option turns on dynamic uid/gid mapping. Each
              uid in an NFS request will  be  translated  to  the
              equivalent server uid, and each uid in an NFS reply
              will be mapped the other  way  round.  This  option
              requires that rpc.ugidd(8) runs on the client host.
              The default setting is map_identity,  which  leaves
              all uids untouched. The normal squash options apply
              regardless of whether dynamic mapping is  requested
              or not.

       anonuid and anongid
              These options explicitly set the uid and gid of the
              anonymous account.  This option is primarily useful
              for  PC/NFS  clients,  where  you  might  want  all
              requests appear to be from one user. As an example,
              consider  the  export  entry  for  /home/joe in the
              example section below, which maps all  requests  to
              uid 150 (which is supposedly that of user joe).



EXAMPLE

       # sample /etc/exports file
       /               master(rw) trusty(rw,no_root_squash)
       /projects       proj*.local.domain(rw)
       /usr            *.local.domain(ro) @trusted(rw)
       /home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
       /pub            (ro,insecure,all_quash)

       The  first  line exports the entire filesystem to machines
       master and trusty.  In addition to write access,  all  uid
       squashing  is  turned  off for host trusty. The second and
       third entry show examples for wildcard hostnames and  net-
       groups  (this  is  the  entry `@trusted'). The fourth line
       shows the entry for the PC/NFS client discussed above. The
       last  line  exports the public FTP directory to every host
       in the world, executing  all  requests  under  the  nobody
       account.  The  insecure  option  in this entry also allows
       clients with NFS implementations that don't use a reserved
       port for NFS.


CAVEATS

       Unlike  other NFS server implementations, this nfsd allows
       you to export both a directory and a subdirectory  thereof
       to  the  same  host, for instance /usr and /usr/X11R6.  In
       this case, the mount options of the  most  specific  entry
       apply.  For  instance,  when  a  user  on  the client host
       accesses a file in /usr/X11R6, the mount options given  in
       the  /usr/X11R6  entry  apply.  This is also true when the
       latter is a wildcard or netgroup entry.


FILES

       /etc/exports


DIAGNOSTICS

       An error parsing the file is reported using syslogd(8)  as
       level  NOTICE  from a DAEMON whenever nfsd(8) or mountd(8)
       is started up.  Any unknown host is reported at that time,
       but  often  not all hosts are not yet known to named(8) at
       boot time, thus as hosts are found they are reported  with
       the same syslogd(8) parameters.


SEE ALSO

       mountd(8), nfsd(8)
Hurricane Electric Internet Services: Accounts starting at $9.95/month
Hurricane Electric Internet Services
Copyright (C) 1998 Hurricane Electric. All Rights Reserved.