exports - Defines remote mount points for NFS mount requests
The exports file specifies remote mount points for the NFS mount protocol per the NFS server specification (see Network File System Protocol Specification, RFC1094).
Each entry in the /etc/exports file consists of a file system or directory name followed by an optional list of options or an optional list of identifiers or both. The identifiers define which remote hosts can mount that particular file system or directory. The identifiers listed beside the name of each file system or directory can be either host names, IP addresses, or NIS netgroups names. If no identifiers are listed, the entry is exported to all hosts.
The format of the exports file is as follows:
pathname [option ...] [identifier ...]
The pathname specifies the name of a mounted local file system or a directory of a mounted local file system. The pathname must begin in column 1.
The following are valid export file options: Maps client superuser access to uid 0 for all hosts mounting this path. If you want to allow client superusers access to the file system or directory with the same permissions as a local superuser, use -root=0. Use -root=0 only if you trust the superuser on the client system. The default is for client superusers to be mapped to uid -2, which maps a client superuser to nobody. This limits access to world accessible files. If both the -root=0 option and the -anon=uid option are used, the root option overrides the uid specified in anon for client superusers. Maps the client superusers on the specified hosts only to uid 0. The format for the hostlist argument is as follows:
The client specification can be a host name or IP address. By default, client superusers are mapped to -2. This option overrides the uid specified in -anon=uid for client superusers in hostlist. Maps anonymous users to the specified uid. Client superusers are considered anonymous by the NFS server, as are requests that come in without UNIX authentication. By default, anonymous users are mapped to uid -2. Setting anon to -1 disables anonymous access. The file system or directory is exported read-only (default is read-write). The -o option is a synonym for -ro for backward compatibility. Limits read-write access to the hosts specified. All other hosts allowed to mount this path are granted read-only access. The format for the hostlist argument is as follows:
The client specification can be a host name or IP address. If both the -ro and -rw=hostlist options are specified, -rw prevails. Specifies the hosts to grant mount access to. The format for the hostlist argument is as follows:
The client specification can be a host name, IP address, or NIS network group. This option is provided for readability and compatibility with certain export file formats. Alternatively, to identify the client systems who are allowed access to this export use the whitespace separated identifier list described below.
The options can be applied to both file system and directory entries in /etc/exports.
Alternatively, you can list options using only one leading dash and separating them with commas as in -option[,option]....
You use the identifier field to specify host names, network groups, or both, separated by white space that specify the access list for this export. Host names can optionally contain the local BIND domain name.
If no hosts or netgroups are specified, the mount daemon exports this file system or directory to anyone requesting it. See the mountd(8) reference page for information on how to limit this scope to known hosts or to hosts in the same Bind domain.
A number sign (#) anywhere in the line marks a comment that extends to the end of that line.
A whitespace character in the left-most position of a line indicates a continuation line.
For example, suppose you enter:
/usr -root=0 milan kuan_yin.cis.berkeley.edu /usr/local 555.555.55.55 /u2 -ro /u3/dir1 -rw=milan:venice:florence /u3/dir2 -root=milan,access=venice:florence /u3/dir3 -root=0,access=milan:venice:florence /u3/dir4 -root=0 milan venice florence /u3/dir5 -root=milan -anon=-1
If /usr, /u2 and /u3 are local file system mount points, this specifies the following: /usr is exported read-write to hosts milan and kuan_yin.cis.berkeley.edu with root mapped to uid=0. /usr/local is exported read-write to host 555.555.55.55 with root mapped to -2. (For security reasons, this example uses the fictitious IP address 555.555.55.55.) /u2 is exported to all hosts read-only with root mapped to -2. /u3/dir1 is exported read-write to hosts milan, venice, and florence and read-only to all other hosts. For all hosts, root is mapped to -2. /u3/dir2 is exported with root mapped to 0 to host milan. Hosts milan, venice, and florence are allowed to mount this directory read-write. Root on hosts venice and florence is mapped to -2. /u3/dir3 is exported read-write and with root mapped to 0 to hosts milan, venice, and florence. /u3/dir4 is exported in the same manner as the previous example. /u3/dir5 is exported read-write to all hosts. Anonymous users are not allowed to mount this directory, with the exception of the client superuser on host milan. Root is mapped to 0 on host milan and to -2 on all other hosts.
Each file system that you want to allow clients to mount must be explicitly defined. Exporting only the root (/) will not allow clients to mount /usr. Exporting only /usr will not allow clients to mount /usr/local, if it is a file system.
Duplicate directory entries are not allowed. The first entry is valid and following duplicates are ignored.
Desired export options must be explicitly specified for each exported resource: file system or directory. If a file system and subdirectories within it are exported, the options associated with the file system are not ``inherited.'' You do not need to export an entire file system to allow clients to mount subdirectories within it.
The access list associated with each exported resource identifies which clients can mount that resource with the specified options. For example, you can export an entire file system read-only, with a subdirectory within it exported read-write to a subset of clients. If a client that is not identified in the export access list of a directory attempts to mount it, then access is checked against the closest exported ancestor. If mount access is allowed at a higher level in the directory tree of the file system, the export options associated with the successful match will be in effect.
To make a change to the exports file and have it take effect immediately, send the mountd(8) a HUP signal. Otherwise, the mountd(8) will reread the exports file the next time it receives a mount request from an NFS client or a showmount -e request.
Daemons: mountd(8), nfsd(8)
Files: hosts(4), netgroup(4)
Network Administration delim off