|
|
Export a file system with write permissions
|
|
|
|
exports(5nfs) exports(5nfs) Name exports - defines NFS file systems to be exported Syntax /etc/exports Description The file describes the local file systems and directories that can be mounted by remote hosts through the use of the NFS protocol. The file can also be used to restrict access to a particular set of remote systems. The request daemon accesses the file each time it receives a mount request from an NFS client. Each entry in the file consists of a file system or directory name followed by an optional list of options or an optional list of identi- fiers or both. The identifiers define which remote hosts can mount that particular file system or directory. The identifiers listed beside the name of each file system or directory can be either host names or YP netgroups names. When the daemon receives a mount request from a client, it searches for a match in the list of identifiers, first by checking the client host name with the host name identifiers and sec- ond by checking the client host name in a YP netgroups. When it finds a match, makes that file system or directory available to the requesting client. The exports file format is defined as follows: pathname [-r=#] [-o] [identifier_1 identifier_2 ... identifier_n] or #anything Name of a mounted local file system or a directory of a mounted local file system . The must begin in column 1. options: -r=# Map client superuser access to uid #. If you want to allow client superusers access to the file system or directory with the same permissions as a local superuser, use Use only if you trust the superuser on the client system. The default is which maps a client superuser to nobody. This limits access to world readable files. -o Export file system or directory read-only. The options can be applied to both file system and directory entries in identifiers: Host names or netgroups, or both, separated by white space, that specify the access list for this export. Host names can optionally contain the local BIND domain name. For more information on BIND, see the Guide to the BIND/Hesiod Service If no hosts or netgroups are specified, the daemon exports this file system or directory to anyone requesting it. A number sign (#) anywhere in the line marks a comment that extends to the end of that line. A whitespace character in the left-most position of a line indicates a continuation line. Each file system that you want to allow clients to mount must be explicitly defined. Exporting only the root (/) will not allow clients to mount Exporting only will not allow clients to mount if it is a file system. Duplicate directory entries are not allowed. The first entry is valid and following duplicates are ignored. Desired export options must be explicitly specified for each exported resource: file system or directory. If a file system and subdirecto- ries within it are exported, the options associated with the file system are not ``inherited''. You do not need to export an entire file system to allow clients to mount subdirectories within it. The access list associated with each exported resource identifies which clients can mount that resource with the specified options. For example, you can export an entire file system read-only, with a subdirectory within it exported read-write to a subset of clients. If a client that is not identified in the export access list of a directory attempts to mount it, then access is checked against the closest exported ancestor. If mount access is allowed at a higher level in the directory tree of the file system, the export options associated with the successful match will be in effect. If you are concerned with nfs security, all ufs file systems exported via nfs should be ufs mounted with the option. All ufs file systems exported via nfs with the option specified in the file should be ufs mounted with the option. Examples /usr alpha beta # export /usr to hosts alpha and beta, client superuser maps to uid -2 and read-write access is permitted /usr/staff/doe clients # export directory to hosts in netgroup clients /usr/man/man1 -o # export directory read-only to everyone /usr/local -r=0 beta # export file system to beta, superuser on beta maps to local superuser (uid=0) Files See Also hosts(5), mountd(8nfs), netgroup(5yp) Guide to the BIND/Hesiod Service Introduction to Networking and Distributed System Services exports(5nfs)
