summaryrefslogtreecommitdiffstats
path: root/usr.sbin/mountd/exports.5
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/mountd/exports.5')
-rw-r--r--usr.sbin/mountd/exports.5489
1 files changed, 0 insertions, 489 deletions
diff --git a/usr.sbin/mountd/exports.5 b/usr.sbin/mountd/exports.5
deleted file mode 100644
index 357f82a..0000000
--- a/usr.sbin/mountd/exports.5
+++ /dev/null
@@ -1,489 +0,0 @@
-.\" Copyright (c) 1989, 1991, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" @(#)exports.5 8.3 (Berkeley) 3/29/95
-.\" $FreeBSD$
-.\"
-.Dd December 3, 2009
-.Dt EXPORTS 5
-.Os
-.Sh NAME
-.Nm exports
-.Nd define remote mount points for
-.Tn NFS
-mount requests
-.Sh SYNOPSIS
-.Nm
-.Sh DESCRIPTION
-The
-.Nm
-file specifies remote mount points for the
-.Tn NFS
-mount protocol per the
-.Tn NFS
-server specification; see
-.%T "Network File System Protocol Specification" ,
-RFC1094, Appendix A and
-.%T "NFS: Network File System Version 3 Specification" ,
-Appendix I.
-.Pp
-Each line in the file
-(other than comment lines that begin with a #)
-specifies the mount point(s) and export flags within one local server
-file system or the NFSv4 tree root for one or more hosts.
-A long line may be split over several lines by ending all but the
-last line with a backslash
-.Pq Ql \e .
-A host may be specified only once for each local file or the NFSv4 tree root on the
-server and there may be only one default entry for each server
-file system that applies to all other hosts.
-The latter exports the file system to the
-.Dq world
-and should
-be used only when the file system contains public information.
-.Pp
-In a mount entry,
-the first field(s) specify the directory path(s) within a server file system
-that can be mounted on by the corresponding client(s).
-There are three forms of this specification.
-The first is to list all mount points as absolute
-directory paths separated by whitespace.
-The second is to specify the pathname of the root of the file system
-followed by the
-.Fl alldirs
-flag;
-this form allows the host(s) to mount at any point within the file system,
-including regular files if the
-.Fl r
-option is used on
-.Xr mountd 8 .
-The third form has the string ``V4:'' followed by a single absolute path
-name, to specify the NFSv4 tree root.
-The pathnames must not have any symbolic links in them and should not have
-any
-.Dq Pa \&.
-or
-.Dq Pa ..
-components.
-Mount points for a file system may appear on multiple lines each with
-different sets of hosts and export options.
-.Pp
-The second component of a line specifies how the file system is to be
-exported to the host set.
-The option flags specify whether the file system
-is exported read-only or read-write and how the client UID is mapped to
-user credentials on the server.
-For the NFSv4 tree root, the only option that can be specified in this
-section is
-.Fl sec .
-.Pp
-Export options are specified as follows:
-.Pp
-.Sm off
-.Fl maproot Li = Sy user
-.Sm on
-The credential of the specified user is used for remote access by root.
-The credential includes all the groups to which the user is a member
-on the local machine (see
-.Xr id 1 ) .
-The user may be specified by name or number.
-.Pp
-.Sm off
-.Fl maproot Li = Sy user:group1:group2:...
-.Sm on
-The colon separated list is used to specify the precise credential
-to be used for remote access by root.
-The elements of the list may be either names or numbers.
-Note that user: should be used to distinguish a credential containing
-no groups from a complete credential for that user.
-.Pp
-.Sm off
-.Fl mapall Li = Sy user
-.Sm on
-or
-.Sm off
-.Fl mapall Li = Sy user:group1:group2:...
-.Sm on
-specifies a mapping for all client UIDs (including root)
-using the same semantics as
-.Fl maproot .
-.Pp
-The option
-.Fl r
-is a synonym for
-.Fl maproot
-in an effort to be backward compatible with older export file formats.
-.Pp
-In the absence of
-.Fl maproot
-and
-.Fl mapall
-options, remote accesses by root will result in using a credential of -2:-2.
-All other users will be mapped to their remote credential.
-If a
-.Fl maproot
-option is given,
-remote access by root will be mapped to that credential instead of -2:-2.
-If a
-.Fl mapall
-option is given,
-all users (including root) will be mapped to that credential in
-place of their own.
-.Pp
-.Sm off
-.Fl sec Li = Sy flavor1:flavor2...
-.Sm on
-specifies a colon separated list of acceptable security flavors to be
-used for remote access.
-Supported security flavors are sys, krb5, krb5i and krb5p.
-If multiple flavors are listed, they should be ordered with the most
-preferred flavor first.
-If this option is not present,
-the default security flavor list of just sys is used.
-.Pp
-The
-.Fl ro
-option specifies that the file system should be exported read-only
-(default read/write).
-The option
-.Fl o
-is a synonym for
-.Fl ro
-in an effort to be backward compatible with older export file formats.
-.Pp
-.Tn WebNFS
-exports strictly according to the spec (RFC 2054 and RFC 2055) can
-be done with the
-.Fl public
-flag.
-However, this flag in itself allows r/w access to all files in
-the file system, not requiring reserved ports and not remapping UIDs.
-It
-is only provided to conform to the spec, and should normally not be used.
-For a
-.Tn WebNFS
-export,
-use the
-.Fl webnfs
-flag, which implies
-.Fl public ,
-.Sm off
-.Fl mapall No = Sy nobody
-.Sm on
-and
-.Fl ro .
-Note that only one file system can be
-.Tn WebNFS
-exported on a server.
-.Pp
-A
-.Sm off
-.Fl index No = Pa file
-.Sm on
-option can be used to specify a file whose handle will be returned if
-a directory is looked up using the public filehandle
-.Pq Tn WebNFS .
-This is to mimic the behavior of URLs.
-If no
-.Fl index
-option is specified, a directory filehandle will be returned as usual.
-The
-.Fl index
-option only makes sense in combination with the
-.Fl public
-or
-.Fl webnfs
-flags.
-.Pp
-Specifying the
-.Fl quiet
-option will inhibit some of the syslog diagnostics for bad lines in
-.Pa /etc/exports .
-This can be useful to avoid annoying error messages for known possible
-problems (see
-.Sx EXAMPLES
-below).
-.Pp
-The third component of a line specifies the host set to which the line applies.
-The set may be specified in three ways.
-The first way is to list the host name(s) separated by white space.
-(Standard Internet
-.Dq dot
-addresses may be used in place of names.)
-The second way is to specify a
-.Dq netgroup
-as defined in the
-.Pa netgroup
-file (see
-.Xr netgroup 5 ) .
-The third way is to specify an Internet subnetwork using a network and
-network mask that is defined as the set of all hosts with addresses within
-the subnetwork.
-This latter approach requires less overhead within the
-kernel and is recommended for cases where the export line refers to a
-large number of clients within an administrative subnet.
-.Pp
-The first two cases are specified by simply listing the name(s) separated
-by whitespace.
-All names are checked to see if they are
-.Dq netgroup
-names
-first and are assumed to be hostnames otherwise.
-Using the full domain specification for a hostname can normally
-circumvent the problem of a host that has the same name as a netgroup.
-The third case is specified by the flag
-.Sm off
-.Fl network Li = Sy netname Op Li / Ar prefixlength
-.Sm on
-and optionally
-.Sm off
-.Fl mask No = Sy netmask .
-.Sm on
-The netmask may be specified either by attaching a
-.Ar prefixlength
-to the
-.Fl network
-option, or by using a separate
-.Fl mask
-option.
-If the mask is not specified, it will default to the mask for that network
-class (A, B or C; see
-.Xr inet 4 ) .
-See the
-.Sx EXAMPLES
-section below.
-.Pp
-Scoped IPv6 address must carry scope identifier as documented in
-.Xr inet6 4 .
-For example,
-.Dq Li fe80::%re2/10
-is used to specify
-.Li fe80::/10
-on
-.Li re2
-interface.
-.Pp
-For the third form which specifies the NFSv4 tree root, the directory path
-specifies the location within the server's file system tree which is the
-root of the NFSv4 tree.
-All entries of this form must specify the same directory path.
-This location can be any directory and does not
-need to be within an exported file system. If it is not in an exported
-file system, a very limited set of operations are permitted, so that an
-NFSv4 client can traverse the tree to an exported file system.
-Although parts of the NFSv4 tree can be non-exported, the entire NFSv4 tree
-must consist of local file systems capable of being exported via NFS.
-NFSv4 does not use the mount protocol and does permit clients to cross server
-mount point boundaries, although not all clients are capable of crossing the
-mount points.
-.Pp
-The
-.Fl sec
-option on these line(s) specifies what security flavors may be used for
-NFSv4 operations that do not use file handles. Since these operations
-(SetClientID, SetClientIDConfirm, Renew, DelegPurge and ReleaseLockOnwer)
-allocate/modify state in the server, it is possible to restrict some clients to
-the use of the krb5[ip] security flavors, via this option.
-See the
-.Sx EXAMPLES
-section below.
-This third form is meaningless for NFSv2 and NFSv3 and is ignored for them.
-.Pp
-The
-.Xr mountd 8
-utility can be made to re-read the
-.Nm
-file by sending it a hangup signal as follows:
-.Bd -literal -offset indent
-/etc/rc.d/mountd reload
-.Ed
-.Pp
-After sending the
-.Dv SIGHUP ,
-check the
-.Xr syslogd 8
-output to see whether
-.Xr mountd 8
-logged any parsing errors in the
-.Nm
-file.
-.Sh FILES
-.Bl -tag -width /etc/exports -compact
-.It Pa /etc/exports
-the default remote mount-point file
-.El
-.Sh EXAMPLES
-.Bd -literal -offset indent
-/usr /usr/local -maproot=0:10 friends
-/usr -maproot=daemon grumpy.cis.uoguelph.ca 131.104.48.16
-/usr -ro -mapall=nobody
-/u -maproot=bin: -network 131.104.48 -mask 255.255.255.0
-/a -network 192.168.0/24
-/a -network 3ffe:1ce1:1:fe80::/64
-/u2 -maproot=root friends
-/u2 -alldirs -network cis-net -mask cis-mask
-/cdrom -alldirs,quiet,ro -network 192.168.33.0 -mask 255.255.255.0
-/private -sec=krb5i
-/secret -sec=krb5p
-V4: / -sec=krb5:krb5i:krb5p -network 131.104.48 -mask 255.255.255.0
-V4: / -sec=sys:krb5:krb5i:krb5p grumpy.cis.uoguelph.ca
-.Ed
-.Pp
-Given that
-.Pa /usr , /u , /a
-and
-.Pa /u2
-are
-local file system mount points, the above example specifies the following:
-.Pp
-The file system rooted at
-.Pa /usr
-is exported to hosts
-.Em friends
-where friends is specified in the netgroup file
-with users mapped to their remote credentials and
-root mapped to UID 0 and group 10.
-It is exported read-write and the hosts in
-.Dq friends
-can mount either
-.Pa /usr
-or
-.Pa /usr/local .
-It is exported to
-.Em 131.104.48.16
-and
-.Em grumpy.cis.uoguelph.ca
-with users mapped to their remote credentials and
-root mapped to the user and groups associated with
-.Dq daemon ;
-it is exported to the rest of the world as read-only with
-all users mapped to the user and groups associated with
-.Dq nobody .
-.Pp
-The file system rooted at
-.Pa /u
-is exported to all hosts on the subnetwork
-.Em 131.104.48
-with root mapped to the UID for
-.Dq bin
-and with no group access.
-.Pp
-The file system rooted at
-.Pa /u2
-is exported to the hosts in
-.Dq friends
-with root mapped to UID and groups
-associated with
-.Dq root ;
-it is exported to all hosts on network
-.Dq cis-net
-allowing mounts at any
-directory within /u2.
-.Pp
-The file system rooted at
-.Pa /a
-is exported to the network 192.168.0.0, with a netmask of 255.255.255.0.
-However, the netmask length in the entry for
-.Pa /a
-is not specified through a
-.Fl mask
-option, but through the
-.Li / Ns Ar prefix
-notation.
-.Pp
-The file system rooted at
-.Pa /a
-is also exported to the IPv6 network
-.Li 3ffe:1ce1:1:fe80::
-address, using the upper 64 bits as the prefix.
-Note that, unlike with IPv4 network addresses, the specified network
-address must be complete, and not just contain the upper bits.
-With IPv6 addresses, the
-.Fl mask
-option must not be used.
-.Pp
-The file system rooted at
-.Pa /cdrom
-will be exported read-only to the entire network 192.168.33.0/24, including
-all its subdirectories.
-Since
-.Pa /cdrom
-is the conventional mountpoint for a CD-ROM device, this export will
-fail if no CD-ROM medium is currently mounted there since that line
-would then attempt to export a subdirectory of the root file system
-with the
-.Fl alldirs
-option which is not allowed.
-The
-.Fl quiet
-option will then suppress the error message for this condition that
-would normally be syslogged.
-As soon as an actual CD-ROM is going to be mounted,
-.Xr mount 8
-will notify
-.Xr mountd 8
-about this situation, and the
-.Pa /cdrom
-file system will be exported as intended.
-Note that without using the
-.Fl alldirs
-option, the export would always succeed.
-While there is no CD-ROM medium mounted under
-.Pa /cdrom ,
-it would export the (normally empty) directory
-.Pa /cdrom
-of the root file system instead.
-.Pp
-The file system rooted at
-.Pa /private
-will be exported using Kerberos 5 authentication and will require
-integrity protected messages for all accesses.
-The file system rooted at
-.Pa /secret
-will also be exported using Kerberos 5 authentication and all messages
-used to access it will be encrypted.
-.Pp
-For the experimental server, the NFSv4 tree is rooted at ``/'',
-and any client within the 131.104.48 subnet is permitted to perform NFSv4 state
-operations on the server, so long as valid Kerberos credentials are provided.
-The machine grumpy.cis.uoguelph.ca is permitted to perform NFSv4 state
-operations on the server using AUTH_SYS credentials, as well as Kerberos ones.
-.Sh SEE ALSO
-.Xr nfsv4 4 ,
-.Xr netgroup 5 ,
-.Xr mountd 8 ,
-.Xr nfsd 8 ,
-.Xr showmount 8
-.Sh BUGS
-The export options are tied to the local mount points in the kernel and
-must be non-contradictory for any exported subdirectory of the local
-server mount point.
-It is recommended that all exported directories within the same server
-file system be specified on adjacent lines going down the tree.
-You cannot specify a hostname that is also the name of a netgroup.
-Specifying the full domain specification for a hostname can normally
-circumvent the problem.
OpenPOWER on IntegriCloud