-.TH EXPORTS 5 "28 October 1999"
-.UC 5
+.TH EXPORTS 5 "4 March 2005" "Linux" "Linux File Formats Manual"
.SH NAME
exports \- NFS file systems being exported (for Kernel based NFS)
.SH SYNOPSIS
.IP "wildcards
Machine names may contain the wildcard characters \fI*\fR and \fI?\fR.
This can be used to make the \fIexports\fR file more compact; for instance,
-\fI*.cs.foo.edu\fR matches all hosts in the domain \fIcs.foo.edu\fR. However,
-these wildcard characters do not match the dots in a domain name, so the
-above pattern does not include hosts such as \fIa.b.cs.foo.edu\fR.
+\fI*.cs.foo.edu\fR matches all hosts in the domain
+\fIcs.foo.edu\fR. As these characters also match the dots in a domain
+name, the given pattern will also match all hosts within any subdomain
+of \fIcs.foo.edu\fR.
.IP "IP networks
You can also export directories to all hosts on an IP (sub-) network
simultaneously. This is done by specifying an IP address and netmask pair
'''.B \-\-public\-root
'''option. Multiple specifications of a public root will be ignored.
.PP
+.SS RPCSEC_GSS security
+To restrict access to an export using rpcsec_gss security, use the special
+string "gss/krb5" as the client. It is not possible to simultaneously require
+rpcsec_gss and to make requirements on the IP address of the client.
+.PP
.SS General Options
.IR exportfs
understands the following export options:
.TP
.IR secure "\*d
-This option requires that requests originate on an internet port less
+This option requires that requests originate on an Internet port less
than IPPORT_RESERVED (1024). This option is on by default. To turn it
off, specify
.IR insecure .
an unclean server restart (i.e. a crash) can cause data to be lost or
corrupted.
-In releases of nfs-utils upto and including 1.0.0, this option was the
-default. In this and future releases,
+.TP
+.IR sync
+Reply to requests only after the changes have been committed to stable
+storage (see
+.IR async
+above).
+
+In releases of nfs-utils up to and including 1.0.0, this option was the
+default. In all subsequence releases,
.I sync
is the default, and
.I async
must be explicit requested if needed.
-To help make system adminstrators aware of this change, 'exportfs'
+To help make system administrators aware of this change, 'exportfs'
will issue a warning if neither
.I sync
nor
The option can be explicitly disabled with
.IR hide .
.TP
+.IR crossmnt
+This option is similar to
+.I nohide
+but it makes it possible for clients to move from the filesystem marked
+with crossmnt to exported filesystems mounted on it. Thus when a child
+filesystem "B" is mounted on a parent "A", setting crossmnt on "A" has
+the same effect as setting "nohide" on B.
+.TP
.IR no_subtree_check
This option disables subtree checking, which has mild security
-implications, but can improve reliability is some circumstances.
+implications, but can improve reliability in some circumstances.
If a subdirectory of a filesystem is exported, but the whole
filesystem isn't then whenever a NFS request arrives, the server must
directories to which only root has access can only be accessed if the
filesystem is exported with
.I no_root_squash
-(see below), even the file itself allows more general access.
+(see below), even if the file itself allows more general access.
As a general guide, a home directory filesystem, which is normally
exported at the root and may see lots of file renames, should be
requested with
.IR subtree_check .
+From release 1.1.0 of nfs-utils onwards, the default will be
+.I no_subtree_check
+as subtree_checking tends to cause more problems than it is worth.
+If you genuinely require subtree checking, you should explicitly put
+that option in the
+.B exports
+file. If you put neither option,
+.I exportfs
+will warn you that the change is pending.
+
.TP
.IR insecure_locks
.TP
.IR auth_nlm ,
or
.IR secure_locks .
+.TP
+.IR no_acl
+On some specially patched kernels, and when exporting filesystems that
+support ACLs, this option tells nfsd not to reveal ACLs to clients, so
+they will see only a subset of actual permissions on the given file
+system. This option is safe for filesystems used by NFSv2 clients and
+old NFSv3 clients that perform access decisions locally. Current
+NFSv3 clients use the ACCESS RPC to perform all access decisions on
+the server. Note that the
+.I no_acl
+option only has effect on kernels specially patched to support it, and
+when exporting filesystems with ACL support. The default is to export
+with ACL support (i.e. by default,
+.I no_acl
+is off).
'''.TP
'''.I noaccess
'''.TP
'''.IR link_absolute
'''Leave all symbolic link as they are. This is the default operation.
+
+.TP
+.IR mountpoint= path
+.TP
+.I mp
+This option makes it possible to only export a directory if it has
+successfully been mounted.
+If no path is given (e.g.
+.IR mountpoint " or " mp )
+then the export point must also be a mount point. If it isn't then
+the export point is not exported. This allows you to be sure that the
+directory underneath a mountpoint will never be exported by accident
+if, for example, the filesystem failed to mount due to a disc error.
+
+If a path is given (e.g.
+.IR mountpoint= "/path or " mp= /path)
+then the nominated path must be a mountpoint for the exportpoint to be
+exported.
+
+.TP
+.IR fsid= num
+This option forces the filesystem identification portion of the file
+handle and file attributes used on the wire to be
+.I num
+instead of a number derived from the major and minor number of the
+block device on which the filesystem is mounted. Any 32 bit number
+can be used, but it must be unique amongst all the exported filesystems.
+
+This can be useful for NFS failover, to ensure that both servers of
+the failover pair use the same NFS file handles for the shared filesystem
+thus avoiding stale file handles after failover.
+
+Some Linux filesystems are not mounted on a block device; exporting
+these via NFS requires the use of the
+.I fsid
+option (although that may still not be enough).
+
+The value 0 has a special meaning when use with NFSv4. NFSv4 has a
+concept of a root of the overall exported filesystem. The export point
+exported with fsid=0 will be used as this root.
+
.SS User ID Mapping
.PP
.I nfsd
'''in the password file at startup time. If it isn't found, a uid and gid
.I exportfs
chooses a uid and gid
-of -2 (i.e. 65534) for squashed access. These values can also be overridden by
+of 65534 for squashed access. These values can also be overridden by
the
.IR anonuid " and " anongid
options.
.TP
.IR root_squash
Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does
-not apply to any other uids that might be equally sensitive, such as user
-.IR bin .
+not apply to any other uids or gids that might be equally sensitive, such as
+user
+.IR bin
+or group
+.IR staff .
.TP
.IR no_root_squash
Turn off root squashing. This option is mainly useful for diskless clients.
'''entry.
.SH FILES
/etc/exports
+.SH SEE ALSO
+.BR exportfs (8),
+.BR netgroup (5),
+.BR mountd (8),
+.BR nfsd (8),
+.BR showmount (8).
'''.SH DIAGNOSTICS
'''An error parsing the file is reported using syslogd(8) as level NOTICE from
'''a DAEMON whenever nfsd(8) or mountd(8) is started up. Any unknown