NAME
exports, xtab — directories to export to NFS clients
DESCRIPTION
File
/etc/exports
describes the directories that can be exported to NFS
clients.
The system administrator creates it using a text editor.
mountd
processes it each time a mount request is received (see
mountd(1M)).
/etc/exports
is read automatically by the
exportfs
command (see
exportfs(1M)).
If this file is changed,
exportfs
must be run
(exportfs -a)
before the changes can affect the daemon's operation.
If this file is present at boot time, the
/sbin/init.d/nfs.server
script will execute an
exportfs
command and export the file systems
listed in the file.
/etc/xtab
contains entries for directories that are currently exported.
This file should only be accessed by programs using
getexportent
(see
exportent(3N)).
(Use
exportfs -u
to remove entries from this file).
An entry for a directory consists of a command line of the following form:
directory - option[, option]...
where
directory
is the path name of a directory (or file).
options
can have any of the following values and forms:
- ro
Export the directory read-only.
If not specified, the directory is exported read-write.
The
ro
and
rw
options cannot be used on the same exports line.
- rw=hostname[:hostname]...
Export the directory read-mostly.
Read-mostly means read-only to most machines,
but read-write to those specified.
If neither
ro
nor
rw
is specified, the directory is exported
read-write to all.
The
ro
and
rw
options cannot be used on the same exports line.
Up to 256
hostnames
can be specified.
With a server configured for DNS naming in the nsswitch "hosts" entry,
any hostname must be represented as a fully qualified DNS name. Currently
HP-UX will attempt to match a non-fully qualified hostname; this HP-only
feature will be obsoleted in a later release of HP-UX.
- anon=uid
If a request comes from an unknown user,
use
uid
as the effective user ID.
Note:
Root users (uid 0) are always considered ``unknown'' by the NFS
server unless they are included in the
root
option below.
The default value for this option is
-2.
Setting
anon
to
-1
disables anonymous access.
- root=hostname[:hostname]...
Give root access only to the root users from a specified
hostname.
The default is for no hosts to be granted root access.
Up to 256
hostnames
can be specified.
hostnames
on this list are not guaranteed to successfully mount the
specified file system. If a non-empty access list is specified, the
hostname
must also meet one of the
access_list
criteria described below as well.
Up to 256
hostnames
can be specified.
With a server configured for DNS naming in the nsswitch "hosts" entry,
any hostname must be represented as a fully qualified DNS name. Currently
HP-UX will attempt to match a non-fully qualified hostname; this HP-only
feature will be obsoleted in a later release of HP-UX.
- access=[access_list][:access_list]...
Give mount access to each
access_list
listed. See the "access_list" subsection below. An empty
access=
list allows all
machines to mount the specified mount point.
- access_list
The
access_list
argument is a colon-separated list whose components
may be any number of the following:
- hostname
The name of a host. With a server configured for DNS naming
in the nsswitch "hosts" entry, any hostname must be represented
as a fully qualified DNS name. Currently HP-UX will allow a match
for a non-fully qualified hostname; this HP-only feature will be
obsoleted in a later release of HP-UX.
- netgroup
A netgroup contains a number of hostnames. With a server configured for DNS
naming in the nsswitch "hosts" entry, any hostname in a netgroup must be represented as a fully qualified DNS name.
- DNS suffix
To use domain membership the server must use DNS to resolve hostnames to IP
addresses; that is, the "hosts" entry in the
/etc/nsswitch.conf
must specify
"dns" ahead of "nis" or "nisplus", since only DNS returns the full domain name
of the host. Other name services like NIS or NIS+ cannot be used to resolve
hostnames on the server, because when mapping an IP address to a hostname, they
do not return domain information. For example,
NIS or NIS+
129.144.45.9 --> "myhost"
DNS
129.144.45.9 --> "myhost.myd.myc.com"
The DNS suffix is distinguished from hostnames and netgroups by a prefixed dot.
A dot by itself will match "myhost" but not "myhost.myd.mycy.com". This
single dot feature can be used to match hosts resolved from NIS and NIS+
rather than DNS.
- network
The network or subnet component is preceded by an at-sign (@). It can be
either a name or a dotted address. If a name, it will be converted to a dotted
address by
getnetbyname
(see
getnetent(3N)).
Entries in
/etc/networks
must contain all four
octets in order to be valid.
The network prefix assumes an octet aligned netmask determined from the zero
octets in the low order part of the address. In the case where network
prefixes are not byte-aligned, the syntax will allow a mask length to be
specified explicitly following a slash (/) delimiter. Where the mask is the
number of leftmost contiguous significant bits in the corresponding IP address.
- -
A prefixed minus sign (-) denies access to that component of access_list.
The list is searched sequentially until a match is found that either
grants or denies access, or until the end of the list is reached. This
option is valid only in conjunction with hostname, network and DNS Suffix.
If prefixing a hostname and you are configured for DNS naming, you must
fully qualify the hostname.
- async
Specifying
async
increases write performance on the NFS
server by causing asynchronous writes on the NFS server.
The
async
option can be specified
anywhere on the command line after
directory.
Before using this option, refer to WARNINGS below.
- #
A
#
character anywhere in the file indicates a comment
that extends to the end of the line.
A directory name with no accompanying name list
allows any machine to mount the given directory.
/etc/exports
contains a list of file systems and the
access_lists
or machine names allowed to remotely mount each file system.
The file system names are left-justified and followed by
a list of names separated by white space.
A file system name with no accompanying name list means the
file system is available to everyone.
A
#
anywhere in the file indicates a comment
extending to the end of that line.
EXAMPLES
/usr/games cocoa fudge # export to only these machines
/usr -access=clients # export to my clients
/usr/local # export to the world
/usr2 -access=bison:deer:pup # export to only these machines
/var/adm -root=bison:deer # give root access only to these
/usr/new -anon=0 # give all machines root access
/usr/temp -rw=ram:alligator # export read-write only to these
/usr/bin -ro # export read-only to everyone
/usr/stuff -access=bear,anon=-2,ro # several options on one line
/usr/subnet -access=@mysubnet #use mysubent in /etc/networks
/usr/subnet1 -access=@192.5 #clients must be in the 192.5.0.0 subnet
/usr/domain -access=.myd.myc.com #clients must be in .myd.myc.com
/usr/restrict -access=-host1.myd.myc.com:sales # disallow -host1 in the sales netgroup.
WARNINGS
If the
async
option is used, an unreported data loss may occur
ONLY
on a write and
ONLY
if the NFS server experiences a failure after the write reply
has been sent to the client. Specifically, blocks which have been
queued for the server's disk, but have not yet been written to the disk
may
be lost.
You cannot export either a parent directory or a subdirectory
of an exported directory that resides
within the same file system.
It is not allowed, for instance, to export both
/usr
and
/usr/local
if both directories reside on the same disk partition.
AUTHOR
exports
was developed by Sun Microsystems, Inc.
FILES
- /etc/exports
Static export information
- /etc/xtab
Current state of exported directories
- /etc/hosts
List of hostnames
- /etc/netgroup
List of network groups
- /etc/networks
Network information
- /sbin/init.d/nfs.server
Script that executes
exportfs
command.
