share_nfs(1M)															     share_nfs(1M)

NAME

       share_nfs: share - make local NFS file systems available for mounting by remote systems

SYNOPSIS

       description] specific_options] pathname

DESCRIPTION

       The utility makes local file systems available for mounting by remote systems.

       If  no  argument  is specified, then displays all file systems currently shared, including NFS file systems and file systems shared through
       other distributed file system packages.

   Options
       The following options are supported:

       Provide a comment that describes the
	      file system to be shared.

       Share NFS file system type.

       Specify
	      specific_options in a comma-separated list of keywords and attribute-value-assertions for interpretation	by  the  file-system-type-
	      specific	command.   If  specific_options  is  not  specified,  then  by	default  sharing  will be read-write to all clients.  spe-
	      cific_options can be any combination of the following:

	      All NFS Protocol Version 2 mounts will be asynchronous.
			   This option is ignored for NFS PV3.	Specifying increases write performance on the NFS server by  causing  asynchronous
			   writes on the NFS server.  The option can be specified anywhere on the command line after directory.  Before using this
			   option, refer to section below.

	      Set	   uid to be the effective user of unknown users.  By default, unknown users are given the effective user If uid is set to
			   access is denied.

	      Force the file system identification portion of the file
			   handle to be num instead of a number derived from the major and minor number of the block device on which the file sys-
			   tem is mounted.  A value between 1 and 32767 may be used, but it must be unique among the shared file systems.

			   This option is useful for NFS failover to ensure that both servers of the failover pair use the same NFS  file  handles
			   for the shared file systems.  This avoids stale file handles if a failover occurs.

	      Load	   file rather than a listing of the directory containing this file when the directory is referenced by an NFS URL.

	      Enables NFS  server  logging for the specified file system.  The optional tag determines the location of the related log files.  The
			   tag is defined in If no tag is specified, the default values associated with the "global" tag in will be used.

	      Prevents clients from mounting subdirectories of shared
			   directories.  For example, if is shared with the option on server then a NFS client will not be able to do:

	      By default,  clients are allowed to create files on the shared file system with the or mode enabled.  Specifying causes  the  server
			   file system to silently ignore any attempt to enable the or mode bits.

	      Moves	   the	location  of the public file handle from to the exported directory for Web NFS-enabled browsers and clients.  This
			   option does not enable Web NFS service; Web NFS is always on.  Only one file system per server  may	use  this  option.
			   All other options, including the , and options may be included with the option.

	      Refer the client accessing the specified shared file system to an
			   alternative location on the provided host.

	      Sharing will be read-only to all clients.

	      Sharing will be read-only to the clients listed in
			   access_list; overrides the suboption for the clients specified.  See access_list below.

	      Only root users from the hosts specified in
			   access_list	will  have  root  access.   See access_list below.  By default, no host has root access, so root users are
			   mapped to an anonymous user (see the option described above).  Netgroups can be used if the file system shared is using
			   UNIX authentication

	      Sharing will be read-write to all clients.  This is the default behavior.

	      Sharing will be read-mostly to clients in
			   access_list.   Read-mostly  means read-write to those clients specified and read-only for all other systems.  If option
			   is provided, sharing will be read-write to the clients listed in access_list; overrides the suboption for  the  clients
			   specified.  See access_list below.

	      Sharing will use one or more of the specified security modes.
			   The	mode in the option must be a mode name supported on the client.  If the option is not specified, the default secu-
			   rity mode used is Multiple options can be specified on the command line, although each mode can appear only once.   The
			   security modes are defined in nfssec(5).

			   Each  option  specifies modes that apply to any subsequent and options that are provided before another Each additional
			   resets the security mode context, so that more and options can be supplied for additional modes.

	      If the option
			   is specified when the client uses or if the client uses a security mode that is not one that the file system is  shared
			   with,  then	the credential of each NFS request is treated as unauthenticated.  See the option for a description of how
			   unauthenticated requests are handled.

	      When sharing with
			   set the maximum life time (in seconds) of the RPC request's credential (in the  authentication  header)  that  the  NFS
			   server  will  allow.   If a credential arrives with a life time larger than what is allowed, the NFS server will reject
			   the request.  The default value is 30000 seconds (8.3 hours).

   Operands
       The following operands are supported:

	      pathname	  The pathname of the file system to be shared.

   The access_list Argument
       The access_list argument is used in many of the options described above.  The access_list is a colon-separated list whose components may be
       any number of the following.

       hostname
	      The  name  of  a	host.  With a server configured for DNS or LDAP naming in the "hosts" entry, any hostname must be represented as a
	      fully qualified DNS or LDAP name.

       netgroup
	      A netgroup contains a number of hostnames.  With a server configured for DNS or LDAP naming in the "hosts" entry, any hostname in  a
	      netgroup must be represented as a fully qualified DNS or LDAP name.

       domain name suffix
	      To  use  domain  membership, the server must use DNS or LDAP to resolve hostnames to IP addresses; that is, the "hosts" entry in the
	      must specify or ahead of since only DNS and LDAP return the full domain name of the host.  Other name services like  NIS	cannot	be
	      used  to	resolve  hostnames  on the server, because when mapping an IP address to a hostname they do not return domain information.
	      For example,

	      NIS	     129.144.45.9 --> "myhost"

	      DNS or LDAP    129.144.45.9 --> "myhost.mydomain.mycompany.com"

	      The domain name suffix is distinguished from hostnames and netgroups by a prefixed dot.  For example,

	      A single dot can be used to match a hostname with no suffix.  For example,

	      will match "mydomain" but not "mydomain.mycompany.com".  This feature can be used to match hosts resolved through  NIS  rather  than
	      DNS and LDAP.

       network
	      The  network  or subnet component is preceded by an at-sign It can be either a name or a dotted address.	If a name, it will be con-
	      verted to a dotted address by For example, would be equivalent to:

	      The network prefix assumes an octet aligned netmask determined from the zero octets in the low-order part of the	address.   In  the
	      case  where  network prefixes are not byte-aligned, the syntax will allow a mask length to be specified explicitly following a slash
	      delimiter.  For example,

	      where the mask is the number of leftmost contiguous significant bits in the corresponding IP address.

	      A prefixed minus sign denies access to that component of access_list.  The list is searched sequentially until a match is found that
	      either grants or denies access, or until the end of the list is reached.

WARNINGS

       File  system  sharing  used  to be called exporting on HP-UX, and the command was used.	With the new share NFS model, the command replaces
       This command is available on HP-UX 11.31 and later releases.

       To support compatibility with scripts run on systems with older versions of HP-UX that do not have support for the command and instead  use
       will  not fail when the option is used, as long as it is used in the same way as with However, attempts to use the option with new options,
       (for example, may result in the option being rejected.  It is highly recommended not to use the option with the command.  Instead, use  the
       and options to achieve the desired access restrictions.	support of the option will be removed in a future release of HP-UX.

       If commands are invoked multiple times on the same file system, the last invocation supersedes any previous invocations and the options set
       by the last command replace the old options.  For example, if read-only permission was previously given to on the following  command  could
       be used to also give read-only permission to

       This behavior is not limited to sharing the root file system, but applies to all file systems.

EXAMPLES

       The following example shows the file system shared with logging enabled:

       The  default  global logging parameters are used since no tag identifier is specified.  The location of the log file, as well as the neces-
       sary logging work files, is specified by the global entry in

APPLICATION USAGE

       If the option is used, an unreported data loss may occur on a write and if the NFS server experiences a failure after the write	reply  has
       been  sent  to the client.  Specifically, blocks which have been queued for the server's disk, but have not yet been written to the disk be
       lost.

       You cannot export either a parent directory or a subdirectory of an exported directory that resides It is not  allowed,	for  instance,	to
       export both and if both directories reside on the same disk partition.

       If  the option is presented at least once, all uses of the and options must come the first option.  If the option is not presented, then is
       implied.

       If one or more explicit options are presented, sys must appear in one of the options mode lists for accessing using the security mode to be
       allowed.  For example:

       will grant read-write access to any host using but

       will grant no access to clients that use

       Access checking for the and options is done per NFS request, instead of per mount request.

       Combining  multiple security modes can be a security hole in situations where the and options are used to control access to weaker security
       modes.  In this example,

       an intruder can forge the IP address for (albeit on each NFS request) to side-step the stronger controls of Something like:

       is safer, because any client (intruder or legitimate) that avoids will only get read-only access.  In general, multiple security modes  per
       command	should	only  be  used	in situations where the clients using more secure modes get stronger access than clients using less secure
       modes.

       If and options are specified in the same clause, and a client is in both lists, the order of the two  options  determines  the  access  the
       client gets.  If client is in two netgroups - and in this example, the client would get read-only access:

       In this example would get read-write access:

       If  within a clause, both the and options are specified, for compatibility, the order of the options rule is not enforced.  All hosts would
       get read-only access, with the exception to those in the read-write list. Likewise, if the and options are specified, all hosts	get  read-
       write access with the exceptions of those in the read-only list.

       The and options are guaranteed to work over UDP and TCP but may not work over other transport providers.

       The option with is guaranteed to work over UDP and TCP but may not work over other transport providers.

       The option with is guaranteed to work over any transport provider.

       There  are no interactions between the option and the and options.  Putting a host in the list does not override the semantics of the other
       options.  The access the host gets is the same as when the options is absent.  For example, the following command will deny access to

       The following will give read-only permissions to

       The following will give read-write permissions to

       If the file system being shared is a symbolic link to a valid pathname, the canonical path (the path which the symbolic link follows)  will
       be shared.  For example, if is a symbolic link to the following command will result in as the shared pathname (and not

       Note that an NFS mount of will result in really being mounted.

       This line in the file will share the file system read-only at boot time:

       Note  that  the same command entered from the command line will not share the file system unless there is at least one file system entry in
       the file.

EXIT STATUS

       The following exit values are returned:

       Successful completion.
       An error occurred.

FILES

       list of distributed file system types, NFS by default
       system record of shared file systems
       system record of logged file systems
       logging configuration file

AUTHOR

       was developed by Sun Microsystems, Inc.

SEE ALSO

       mount(1M),  mountd(1M),	nfsd(1M),  nfslogd(1M),  share(1M),  unshare(1M),  getnetbyname(3N),  fstypes(4),   netgroup(4),   nfslog.conf(4),
       sharetab(4), nfssec(5).

																     share_nfs(1M)