NAME
exportfs — export and unexport directories to NFS clients
SYNOPSIS
/usr/sbin/exportfs
[-auv]
/usr/sbin/exportfs
[-uv]
[dir ...]
/usr/sbin/exportfs
-i
[-o
options]
[-v]
[dir ...]
DESCRIPTION
The
exportfs
command makes a local directory or file available
to NFS clients for mounting over the network.
Directories and files cannot be NFS-mounted
unless they are first exported by
exportfs.
exportfs
is normally invoked at boot time by the
/sbin/init.d/nfs.server
script, and uses information contained in the
/etc/exports
file to export the file or file system named by each
dir,
which must be specified as a full path name.
If no options or arguments are specified in the command line,
exportfs
displays a list of the currently exported directories and files
on standard output.
A superuser can run
exportfs
at any time to alter the list or characteristics of
exported directories and files.
Options
exportfs
recognizes the following options:
- -a
Export all directories listed in
/etc/exports.
If
-u
is also specified, unexport all of the currently exported directories.
- -i
Ignore the options in
/etc/exports.
Normally,
exportfs
consults
/etc/exports
for the options associated with the exported directory.
- -u
Unexport the indicated directories.
- -v
Verbose.
Print each directory or file name as it is exported or unexported.
- -o options
Specify a comma-separated list of optional characteristics
for the directory being exported.
The list of
options
can include any of the following:
- async
All NFS Protocol Version 2 mounts will be asynchronous. This option is
ignored for NFS PV3.
Refer to
exports(4)
for warnings when using this option.
- ro
Export the directory read-only.
If not specified, the directory is exported read-write.
The
ro
and
rw
options cannot be used on the same
exportfs
command line.
- rw=hostname[:hostname]...
Export the directory read-mostly.
Read-mostly means read-only to most machines,
but read-write to those specified.
If neither
ro
nor
rw
is specified, the directory is exported
read-write to all.
The
ro
and
rw
options cannot be used on the same
exportfs
command line.
Up to 256
hostnames
can be specified.
With a server configured for DNS naming in the nsswitch "hosts" entry,
any hostname must be represented as a fully qualified DNS name. Currently
HP-UX will attempt to match a non-fully qualified hostname; this HP-only
feature will be obsoleted in a later release of HP-UX.
- anon=uid
If a request comes from an unknown user, use
uid
as the effective user ID.
Root users (user ID 0) are always treated as user
unknown
by the NFS server unless they are included in the
root
option below.
If the client is a UNIX system, only root users are considered
unknown.
All other users are recognized even if they are not in
/etc/passwd.
The default value for
uid
is the user ID of user
nobody.
If user
nobody
does not exist, the value -2 is used.
Setting the value of
anon
to -1 disables anonymous access.
- root=hostname[:hostname]...
Give root access only to the root users from a specified
hostname.
The default is for no hosts to be granted root access.
Up to 256
hostnames
can be specified.
hostnames
on this list are not guaranteed to successfully mount the
specified file system. If a non-empty access list is specified, the
hostname
must also meet one of the
access_list
criteria for
access=
or be on the
rw=
list.
With a server configured for DNS naming in the nsswitch "hosts" entry,
any hostname must be represented as a fully qualified DNS name. Currently
HP-UX will attempt to match a non-fully qualified hostname; this HP-only
feature will be obsoleted in a later release of HP-UX.
- access=[access_list][:access_list]...
Give mount access to each
access_list
listed. See the "access_list" subsection below. An empty
access=
list allows all
machines to mount the specified mount point.
hostnames
on the
rw=
list do not have to exist on the access list in order to
successfully mount the exported file system.
hostnames
on the
root=
list must either appear on the
rw=
list or
access=
list in order to successfully mount the file system.
- access_list
The
access_list
argument is a colon-separated list whose components
may be one or more of the following:
- hostname
The name of a host. With a server configured for DNS naming
in the nsswitch "hosts" entry, any hostname must be represented
as a fully qualified DNS name. Currently HP-UX will allow a match
for a non-fully qualified hostname; this HP only feature will be
obsoleted in a later release of HP-UX.
- netgroup
A netgroup contains a number of hostnames. With a server configured for DNS
naming in the nsswitch "hosts" entry, any hostname in a netgroup must be represented as a fully qualified DNS name.
- DNS suffix
To use domain membership, the server must use DNS to resolve hostnames to IP
addresses. That is, the "hosts" entry in the
/etc/nsswitch.conf
file must specify
"dns" ahead of "nis" or "nisplus", since only DNS returns the full domain name
of the host. Other name services like NIS or NIS+ cannot be used to resolve
hostnames on the server, because when mapping an IP address to a hostname, they
do not return domain information. For example,
NIS or NIS+
129.144.45.9 --> "myhost"
DNS
129.144.45.9 --> "myhost.myd.myc.com"
The DNS suffix is distinguished from hostnames and netgroups by a prefixed dot.
A dot by itself will match "myhost" but not "myhost.myd.mycy.com". This
single dot feature can be used to match hosts resolved from NIS and NIS+
rather than DNS.
- network
The network or subnet component is preceded by an at-sign (@). It can be
either a name or a dotted address. If a name, it will be converted to a dotted
address by
getnetbyname
(see
getnetent(3N)).
Entries in
/etc/networks
must contain all four
octets in order to be valid.
The network prefix assumes an octet aligned netmask determined from the zero
octets in the low order part of the address. In the case where network
prefixes are not byte-aligned, the syntax will allow a mask length to be
specified explicitly following a slash (/) delimiter. The mask is the
number of leftmost contiguous significant bits in the corresponding IP address.
- -
A prefixed minus sign (-) denies access to that component of
access_list.
The list is searched sequentially until a match is found that either
grants or denies access, or until the end of the list is reached. This
option is valid only in conjunction with hostname, network and DNS Suffix.
If prefixing a hostname and you are configured for DNS naming, you must
fully qualify the hostname.
DIAGNOSTICS
If an NFS-mounted directory is unexported by
exportfs,
any access by the client to the directory causes an
NFS stale file handle
error.
However, if
exportfs
is used to remove a client
from the access list of an exported directory, an
NFS stale file handle
error does not result from any access by the client to the directory.
EXAMPLES
The following invocation of
exportfs
lists currently exported directories and files:
Export entries in
/etc/exports:
Unexport all exported files and directories:
Unexport all exported files and directories
and print each directory or file name as it is unexported:
Export
/usr
to the world, ignoring options in
/etc/exports:
or
exportfs -i -o access= /usr
Export
/usr/bin
and
/var/adm
read-only to the world:
exportfs -i -o ro /usr/bin /var/adm
Export
/usr/bin
read-write only to systems,
polk
and
vanness,
when using DNS as the name service:
exportfs -i -o rw=polk.myd.myc.com:vanness.myd.myc.com /usr/bin
Export
/usr/bin
read-write only to systems,
polk
and
vanness,
when using NIS or NIS+ as the name services:
exportfs -i -o rw=polk:vanness /usr/bin
Export root access on
/var/adm
only to the system named
pine,
and mount access to both
pine
and
geary
when using DNS as the name services:
exportfs -i -o \
root=pine.myd.myc.com,access=pine.myd.myc.com:geary.myd.myc.com \
/var/adm
Export access to
/var/adm
for all hosts in the
myd.myc.com
domain.
exportfs -i -o access=.myd.myc.com /var/adm
Export access to
/var/adm
for all hosts in the same NIS domain, but deny
access to all hosts in the DNS name space:
exportfs -i -o access=. /var/adm
Export access to
/var/adm
using a network submask that is a dotted address:
exportfs -i -o access=@192.144 /var/adm
or
exportfs -i -o access=@192.144.0.0 /var/adm
or using a name where
mynetwork
is defined in
/etc/networks
as follows:
mynetwork 192.144.0.0 mount_144 #allow mounts using this mask
exportfs -i -o access=@mynetwork /var/adm
Export access to
/var/adm
where the network prefixes are not byte aligned:
exportfs -i -o access=@192.144.132/17 /var/adm
or
exportfs -i -o access=@mynetwork/17 /var/adm
Export access to
/var/adm
where the hostname,
terra,
in the netgroup engineering is denied access:
exportfs -i -o access=-terra:engineering /var/adm
Export access to
/var/adm
where the hostname,
terra,
is granted access because it is part of the netgroup
engineering.
exportfs -i -o access=engineering:-terra /var/adm
WARNINGS
You cannot export a directory that resides within the same file system
and is either a parent or sub-directory
of a directory that is currently exported.
For example,
/usr
and
/usr/local
cannot both be exported if they reside in the same disk partition.
If you unexport a directory,
remove a client from the access list,
then export again, the client still has access to the directory
until the client unmounts the directory.
Removing a client from the
root
or
rw
list takes effect immediately.
/etc/xtab
is a system file
that contains a list of currently exported directories and files.
This file is maintained by
exportfs.
To ensure that this file is always synchronous
with current system data structures,
do not attempt to edit
/etc/xtab
by hand.
FILES
- /etc/exports
Static export information
- /etc/hosts
List of hostnames
- /etc/netgroup
List of network groups
- /etc/xtab
Current state of exported directories
- /etc/networks
Network information