1.\" Copyright (c) 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.roff% 5.\" 6.\" @(#)exports.5 8.2 (Berkeley) 01/28/94 7.\" 8.Dd 9.Dt EXPORTS 5 10.Os 11.Sh NAME 12.Nm exports 13.Nd define remote mount points for 14.Tn NFS 15mount requests 16.Sh SYNOPSIS 17.Nm exports 18.Sh DESCRIPTION 19The 20.Nm exports 21file specifies remote mount points for the 22.Tn NFS 23mount protocol per the 24.Tn NFS 25server specification; see 26.%T "Network File System Protocol Specification \\*(tNRFC\\*(sP 1094, Appendix A" . 27.Pp 28Each line in the file 29(other than comment lines that begin with a #) 30specifies the mount point(s) and export flags within one local server 31filesystem for one or more hosts. 32A host may be specified only once for each local filesystem on the 33server and there may be only one default entry for each server 34filesystem that applies to all other hosts. 35The latter exports the filesystem to the ``world'' and should 36be used only when the filesystem contains public information. 37.Pp 38In a mount entry, 39the first field(s) specify the directory path(s) within a server filesystem 40that can be mounted on by the corresponding client(s). 41There are two forms of this specification. 42The first is to list all mount points as absolute 43directory paths separated by whitespace. 44The second is to specify the pathname of the root of the filesystem 45followed by the 46.Fl alldirs 47flag; 48this form allows the host(s) to mount any directory within the filesystem. 49The pathnames must not have any symbolic links in them and should not have 50any "." or ".." components. 51Mount points for a filesystem may appear on multiple lines each with 52different sets of hosts and export options. 53.Pp 54The second component of a line specifies how the filesystem is to be 55exported to the host set. 56The option flags specify whether the filesystem 57is exported read-only or read-write and how the client uid is mapped to 58user credentials on the server. 59.Pp 60Export options are specified as follows: 61.Pp 62.Sm off 63.Fl maproot No = Sy user 64.Sm on 65The credential of the specified user is used for remote access by root. 66The credential includes all the groups to which the user is a member 67on the local machine (see 68.Xr id 1 ). 69The user may be specified by name or number. 70.Pp 71.Sm off 72.Fl maproot No = Sy user:group1:group2:... 73.Sm on 74The colon separated list is used to specify the precise credential 75to be used for remote access by root. 76The elements of the list may be either names or numbers. 77Note that user: should be used to distinguish a credential containing 78no groups from a complete credential for that user. 79.Pp 80.Sm off 81.Fl mapall No = Sy user 82.Sm on 83or 84.Sm off 85.Fl mapall No = Sy user:group1:group2:... 86.Sm on 87specifies a mapping for all client uids (including root) 88using the same semantics as 89.Fl maproot . 90.Pp 91The option 92.Fl r 93is a synonym for 94.Fl maproot 95in an effort to be backward compatible with older export file formats. 96.Pp 97In the absence of 98.Fl maproot 99and 100.Fl mapall 101options, remote accesses by root will result in using a credential of -2:-2. 102All other users will be mapped to their remote credential. 103If a 104.Fl maproot 105option is given, 106remote access by root will be mapped to that credential instead of -2:-2. 107If a 108.Fl mapall 109option is given, 110all users (including root) will be mapped to that credential in 111place of their own. 112.Pp 113The 114.Fl kerb 115option specifies that the Kerberos authentication server should be 116used to authenticate and map client credentials. 117(Note that this is NOT Sun NFS compatible and 118is supported for TCP transport only.) 119.Pp 120The 121.Fl ro 122option specifies that the filesystem should be exported read-only 123(default read/write). 124The option 125.Fl o 126is a synonym for 127.Fl ro 128in an effort to be backward compatible with older export file formats. 129.Pp 130The third component of a line specifies the host set to which the line applies. 131The set may be specified in three ways. 132The first way is to list the host name(s) separated by white space. 133(Standard internet ``dot'' addresses may be used in place of names.) 134The second way is to specify a ``netgroup'' as defined in the netgroup file (see 135.Xr netgroup 5 ). 136The third way is to specify an internet subnetwork using a network and 137network mask that is defined as the set of all hosts with addresses within 138the subnetwork. 139This latter approach requires less overhead within the 140kernel and is recommended for cases where the export line refers to a 141large number of clients within an administrative subnet. 142.Pp 143The first two cases are specified by simply listing the name(s) separated 144by whitespace. 145All names are checked to see if they are ``netgroup'' names 146first and are assumed to be hostnames otherwise. 147Using the full domain specification for a hostname can normally 148circumvent the problem of a host that has the same name as a netgroup. 149The third case is specified by the flag 150.Sm off 151.Fl network No = Sy netname 152.Sm on 153and optionally 154.Sm off 155.Fl mask No = Sy netmask . 156.Sm on 157If the mask is not specified, it will default to the mask for that network 158class (A, B or C; see 159.Xr inet 5 ). 160.Pp 161For example: 162.Bd -literal -offset indent 163/usr /usr/local -maproot=0:10 friends 164/usr -maproot=daemon grumpy.cis.uoguelph.ca 131.104.48.16 165/usr -ro -mapall=nobody 166/u -maproot=bin: -network 131.104.48 -mask 255.255.255.0 167/u2 -maproot=root friends 168/u2 -alldirs -kerb -network cis-net -mask cis-mask 169.Ed 170.Pp 171Given that 172.Sy /usr , 173.Sy /u 174and 175.Sy /u2 176are 177local filesystem mount points, the above example specifies the following: 178.Sy /usr 179is exported to hosts 180.Em friends 181where friends is specified in the netgroup file 182with users mapped to their remote credentials and 183root mapped to uid 0 and group 10. 184It is exported read-write and the hosts in ``friends'' can mount either /usr 185or /usr/local. 186It is exported to 187.Em 131.104.48.16 188and 189.Em grumpy.cis.uoguelph.ca 190with users mapped to their remote credentials and 191root mapped to the user and groups associated with ``daemon''; 192it is exported to the rest of the world as read-only with 193all users mapped to the user and groups associated with ``nobody''. 194.Pp 195.Sy /u 196is exported to all hosts on the subnetwork 197.Em 131.104.48 198with root mapped to the uid for ``bin'' and with no group access. 199.Pp 200.Sy /u2 201is exported to the hosts in ``friends'' with root mapped to uid and groups 202associated with ``root''; 203it is exported to all hosts on network ``cis-net'' allowing mounts at any 204directory within /u2 and mapping all uids to credentials for the principal 205that is authenticated by a Kerberos ticket. 206.Sh FILES 207.Bl -tag -width /etc/exports -compact 208.It Pa /etc/exports 209The default remote mount-point file. 210.El 211.Sh SEE ALSO 212.Xr netgroup 5 , 213.Xr mountd 8 , 214.Xr nfsd 8 , 215.Xr showmount 8 216.Sh BUGS 217The export options are tied to the local mount points in the kernel and 218must be non-contradictory for any exported subdirectory of the local 219server mount point. 220It is recommended that all exported directories within the same server 221filesystem be specified on adjacent lines going down the tree. 222You cannot specify a hostname that is also the name of a netgroup. 223Specifying the full domain specification for a hostname can normally 224circumvent the problem. 225