1.\" Copyright (c) 1989, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)exports.5 8.2 (Berkeley) 1/28/94 33.\" 34.Dd January 28, 1994 35.Dt EXPORTS 5 36.Os 37.Sh NAME 38.Nm exports 39.Nd define remote mount points for 40.Tn NFS 41mount requests 42.Sh SYNOPSIS 43.Nm exports 44.Sh DESCRIPTION 45The 46.Nm exports 47file specifies remote mount points for the 48.Tn NFS 49mount protocol per the 50.Tn NFS 51server specification; see 52.%T "Network File System Protocol Specification \\*(tNRFC\\*(sP 1094, Appendix A" . 53.Pp 54Each line in the file 55(other than comment lines that begin with a #) 56specifies the mount point(s) and export flags within one local server 57filesystem for one or more hosts. 58A host may be specified only once for each local filesystem on the 59server and there may be only one default entry for each server 60filesystem that applies to all other hosts. 61The latter exports the filesystem to the ``world'' and should 62be used only when the filesystem contains public information. 63.Pp 64In a mount entry, 65the first field(s) specify the directory path(s) within a server filesystem 66that can be mounted on by the corresponding client(s). 67There are two forms of this specification. 68The first is to list all mount points as absolute 69directory paths separated by whitespace. 70The second is to specify the pathname of the root of the filesystem 71followed by the 72.Fl alldirs 73flag; 74this form allows the host(s) to mount any directory within the filesystem. 75The pathnames must not have any symbolic links in them and should not have 76any "." or ".." components. 77Mount points for a filesystem may appear on multiple lines each with 78different sets of hosts and export options. 79.Pp 80The second component of a line specifies how the filesystem is to be 81exported to the host set. 82The option flags specify whether the filesystem 83is exported read-only or read-write and how the client uid is mapped to 84user credentials on the server. 85.Pp 86Export options are specified as follows: 87.Pp 88.Sm off 89.Fl maproot No = Sy user 90.Sm on 91The credential of the specified user is used for remote access by root. 92The credential includes all the groups to which the user is a member 93on the local machine (see 94.Xr id 1 ). 95The user may be specified by name or number. 96.Pp 97.Sm off 98.Fl maproot No = Sy user:group1:group2:... 99.Sm on 100The colon separated list is used to specify the precise credential 101to be used for remote access by root. 102The elements of the list may be either names or numbers. 103Note that user: should be used to distinguish a credential containing 104no groups from a complete credential for that user. 105.Pp 106.Sm off 107.Fl mapall No = Sy user 108.Sm on 109or 110.Sm off 111.Fl mapall No = Sy user:group1:group2:... 112.Sm on 113specifies a mapping for all client uids (including root) 114using the same semantics as 115.Fl maproot . 116.Pp 117The option 118.Fl r 119is a synonym for 120.Fl maproot 121in an effort to be backward compatible with older export file formats. 122.Pp 123In the absence of 124.Fl maproot 125and 126.Fl mapall 127options, remote accesses by root will result in using a credential of -2:-2. 128All other users will be mapped to their remote credential. 129If a 130.Fl maproot 131option is given, 132remote access by root will be mapped to that credential instead of -2:-2. 133If a 134.Fl mapall 135option is given, 136all users (including root) will be mapped to that credential in 137place of their own. 138.Pp 139The 140.Fl kerb 141option specifies that the Kerberos authentication server should be 142used to authenticate and map client credentials. 143(Note that this is NOT Sun NFS compatible and 144is supported for TCP transport only.) 145.Pp 146The 147.Fl ro 148option specifies that the filesystem should be exported read-only 149(default read/write). 150The option 151.Fl o 152is a synonym for 153.Fl ro 154in an effort to be backward compatible with older export file formats. 155.Pp 156The third component of a line specifies the host set to which the line applies. 157The set may be specified in three ways. 158The first way is to list the host name(s) separated by white space. 159(Standard internet ``dot'' addresses may be used in place of names.) 160The second way is to specify a ``netgroup'' as defined in the netgroup file (see 161.Xr netgroup 5 ). 162The third way is to specify an internet subnetwork using a network and 163network mask that is defined as the set of all hosts with addresses within 164the subnetwork. 165This latter approach requires less overhead within the 166kernel and is recommended for cases where the export line refers to a 167large number of clients within an administrative subnet. 168.Pp 169The first two cases are specified by simply listing the name(s) separated 170by whitespace. 171All names are checked to see if they are ``netgroup'' names 172first and are assumed to be hostnames otherwise. 173Using the full domain specification for a hostname can normally 174circumvent the problem of a host that has the same name as a netgroup. 175The third case is specified by the flag 176.Sm off 177.Fl network No = Sy netname 178.Sm on 179and optionally 180.Sm off 181.Fl mask No = Sy netmask . 182.Sm on 183If the mask is not specified, it will default to the mask for that network 184class (A, B or C; see 185.Xr inet 5 ). 186.Pp 187For example: 188.Bd -literal -offset indent 189/usr /usr/local -maproot=0:10 friends 190/usr -maproot=daemon grumpy.cis.uoguelph.ca 131.104.48.16 191/usr -ro -mapall=nobody 192/u -maproot=bin: -network 131.104.48 -mask 255.255.255.0 193/u2 -maproot=root friends 194/u2 -alldirs -kerb -network cis-net -mask cis-mask 195.Ed 196.Pp 197Given that 198.Sy /usr , 199.Sy /u 200and 201.Sy /u2 202are 203local filesystem mount points, the above example specifies the following: 204.Sy /usr 205is exported to hosts 206.Em friends 207where friends is specified in the netgroup file 208with users mapped to their remote credentials and 209root mapped to uid 0 and group 10. 210It is exported read-write and the hosts in ``friends'' can mount either /usr 211or /usr/local. 212It is exported to 213.Em 131.104.48.16 214and 215.Em grumpy.cis.uoguelph.ca 216with users mapped to their remote credentials and 217root mapped to the user and groups associated with ``daemon''; 218it is exported to the rest of the world as read-only with 219all users mapped to the user and groups associated with ``nobody''. 220.Pp 221.Sy /u 222is exported to all hosts on the subnetwork 223.Em 131.104.48 224with root mapped to the uid for ``bin'' and with no group access. 225.Pp 226.Sy /u2 227is exported to the hosts in ``friends'' with root mapped to uid and groups 228associated with ``root''; 229it is exported to all hosts on network ``cis-net'' allowing mounts at any 230directory within /u2 and mapping all uids to credentials for the principal 231that is authenticated by a Kerberos ticket. 232.Sh FILES 233.Bl -tag -width /etc/exports -compact 234.It Pa /etc/exports 235The default remote mount-point file. 236.El 237.Sh SEE ALSO 238.Xr netgroup 5 , 239.Xr mountd 8 , 240.Xr nfsd 8 , 241.Xr showmount 8 242.Sh BUGS 243The export options are tied to the local mount points in the kernel and 244must be non-contradictory for any exported subdirectory of the local 245server mount point. 246It is recommended that all exported directories within the same server 247filesystem be specified on adjacent lines going down the tree. 248You cannot specify a hostname that is also the name of a netgroup. 249Specifying the full domain specification for a hostname can normally 250circumvent the problem. 251