1.\" Copyright (c) 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.roff% 5.\" 6.\" @(#)exports.5 8.1 (Berkeley) 06/09/93 7.\" 8.Dd 9.Dt EXPORTS 5 10.Os 11.Sh NAME 12.Nm exports 13.Nd define remote mount points for 14.Tn NFS 15mount requests 16.Sh SYNOPSIS 17.Nm exports 18.Sh DESCRIPTION 19The 20.Nm exports 21file specifies remote mount points for the 22.Tn NFS 23mount protocol per the 24.Tn NFS 25server specification; see 26.%T "Network File System Protocol Specification \\*(tNRFC\\*(sP 1094, Appendix A" . 27.Pp 28Each line in the file 29(other than comment lines that begin with a #) 30specifies the mount point(s) and export flags within one local server 31filesystem for one or more hosts. 32A host may be specified only once for each local filesystem on the 33server and there may be only one default entry for each server 34filesystem that applies to all other hosts. 35The latter exports the filesystem to the ``world'' and should 36be used only when the filesystem contains public information. 37.Pp 38In a mount entry, 39the first field(s) specify the directory path(s) within a server filesystem 40that can be mounted on by the corresponding client(s). 41There are two forms of this specification. 42The first is to list all mount points as absolute 43directory paths separated by whitespace. 44The second is to specify the pathname of the root of the filesystem 45followed by the 46.Fl alldirs 47flag; 48this form allows the host(s) to mount any directory within the filesystem. 49Mount points for a filesystem may appear on multiple lines each with 50different sets of hosts and export options. 51.Pp 52The second component of a line specifies how the filesystem is to be 53exported to the host set. 54The option flags specify whether the filesystem 55is exported read-only or read-write and how the client uid is mapped to 56user credentials on the server. 57.Pp 58Export options are specified as follows: 59.Pp 60.Sm off 61.Fl maproot No = Sy user 62.Sm on 63The credential of the specified user is used for remote access by root. 64The credential includes all the groups to which the user is a member 65on the local machine (see 66.Xr id 1 ). 67The user may be specified by name or number. 68.Pp 69.Sm off 70.Fl maproot No = Sy user:group1:group2:... 71.Sm on 72The colon separated list is used to specify the precise credential 73to be used for remote access by root. 74The elements of the list may be either names or numbers. 75Note that user: should be used to distinguish a credential containing 76no groups from a complete credential for that user. 77.Pp 78.Sm off 79.Fl mapall No = Sy user 80.Sm on 81or 82.Sm off 83.Fl mapall No = Sy user:group1:group2:... 84.Sm on 85specifies a mapping for all client uids (including root) 86using the same semantics as 87.Fl maproot . 88.Pp 89The option 90.Fl r 91is a synonym for 92.Fl maproot 93in an effort to be backward compatible with older export file formats. 94.Pp 95In the absence of 96.Fl maproot 97and 98.Fl mapall 99options, remote accesses by root will result in using a credential of -2:-2. 100All other users will be mapped to their remote credential. 101If a 102.Fl maproot 103option is given, 104remote access by root will be mapped to that credential instead of -2:-2. 105If a 106.Fl mapall 107option is given, 108all users (including root) will be mapped to that credential in 109place of their own. 110.Pp 111The 112.Fl kerb 113option specifies that the Kerberos authentication server should be 114used to authenticate and map client credentials. 115(Note that this is NOT Sun NFS compatible and 116is supported for TCP transport only.) 117.Pp 118The 119.Fl ro 120option specifies that the filesystem should be exported read-only 121(default read/write). 122The option 123.Fl o 124is a synonym for 125.Fl ro 126in an effort to be backward compatible with older export file formats. 127.Pp 128The third component of a line specifies the host set to which the line applies. 129The set may be specified in three ways. 130The first way is to list the host name(s) separated by white space. 131(Standard internet ``dot'' addresses may be used in place of names.) 132The second way is to specify a ``netgroup'' as defined in the netgroup file (see 133.Xr netgroup 5 ). 134The third way is to specify an internet subnetwork using a network and 135network mask that is defined as the set of all hosts with addresses within 136the subnetwork. 137This latter approach requires less overhead within the 138kernel and is recommended for cases where the export line refers to a 139large number of clients within an administrative subnet. 140.Pp 141The first two cases are specified by simply listing the name(s) separated 142by whitespace. 143All names are checked to see if they are ``netgroup'' names 144first and are assumed to be hostnames otherwise. 145Using the full domain specification for a hostname can normally 146circumvent the problem of a host that has the same name as a netgroup. 147The third case is specified by the flag 148.Sm off 149.Fl network No = Sy netname 150.Sm on 151and optionally 152.Sm off 153.Fl mask No = Sy netmask . 154.Sm on 155If the mask is not specified, it will default to the mask for that network 156class (A, B or C; see 157.Xr inet 5 ). 158.Pp 159For example: 160.Bd -literal -offset indent 161/usr /usr/local -maproot=0:10 friends 162/usr -maproot=daemon grumpy.cis.uoguelph.ca 131.104.48.16 163/usr -ro -mapall=nobody 164/u -maproot=bin: -network 131.104.48 -mask 255.255.255.0 165/u2 -maproot=root friends 166/u2 -alldirs -kerb -network cis-net -mask cis-mask 167.Ed 168.Pp 169Given that 170.Sy /usr , 171.Sy /u 172and 173.Sy /u2 174are 175local filesystem mount points, the above example specifies the following: 176.Sy /usr 177is exported to hosts 178.Em friends 179where friends is specified in the netgroup file 180with users mapped to their remote credentials and 181root mapped to uid 0 and group 10. 182It is exported read-write and the hosts in ``friends'' can mount either /usr 183or /usr/local. 184It is exported to 185.Em 131.104.48.16 186and 187.Em grumpy.cis.uoguelph.ca 188with users mapped to their remote credentials and 189root mapped to the user and groups associated with ``daemon''; 190it is exported to the rest of the world as read-only with 191all users mapped to the user and groups associated with ``nobody''. 192.Pp 193.Sy /u 194is exported to all hosts on the subnetwork 195.Em 131.104.48 196with root mapped to the uid for ``bin'' and with no group access. 197.Pp 198.Sy /u2 199is exported to the hosts in ``friends'' with root mapped to uid and groups 200associated with ``root''; 201it is exported to all hosts on network ``cis-net'' allowing mounts at any 202directory within /u2 and mapping all uids to credentials for the principal 203that is authenticated by a Kerberos ticket. 204.Sh FILES 205.Bl -tag -width /etc/exports -compact 206.It Pa /etc/exports 207The default remote mount-point file. 208.El 209.Sh SEE ALSO 210.Xr netgroup 5 , 211.Xr mountd 8 , 212.Xr nfsd 8 , 213.Xr showmount 8 214.Sh BUGS 215The export options are tied to the local mount points in the kernel and 216must be non-contradictory for any exported subdirectory of the local 217server mount point. 218It is recommended that all exported directories within the same server 219filesystem be specified on adjacent lines going down the tree. 220You cannot specify a hostname that is also the name of a netgroup. 221Specifying the full domain specification for a hostname can normally 222circumvent the problem. 223