list of export options for that client. No whitespace is permitted
between a client and its option list.
.PP
+Also, each line may have one or more specifications for default options
+after the path name, in the form of a dash ("\-") followed by an option
+list. The option list is used for all subsequent exports on that line
+only.
+.PP
Blank lines are ignored. A pound sign ("#") introduces a comment to the
end of the line. Entries may be continued across newlines using a
backslash. If an export name contains spaces it should be quoted using
understands the following export options:
.TP
.IR secure "\*d
-This option requires that requests originate on an internet port less
+This option requires that requests originate on an Internet port less
than IPPORT_RESERVED (1024). This option is on by default. To turn it
off, specify
.IR insecure .
.IR async
above).
-In releases of nfs-utils upto and including 1.0.0, this option was the
-default. In this and future releases,
+In releases of nfs-utils up to and including 1.0.0, this option was the
+default. In all subsequence releases,
.I sync
is the default, and
.I async
-must be explicit requested if needed.
-To help make system adminstrators aware of this change, 'exportfs'
+must be explicitly requested if needed.
+To help make system administrators aware of this change, 'exportfs'
will issue a warning if neither
.I sync
nor
requested with
.IR subtree_check .
+From release 1.1.0 of nfs-utils onwards, the default will be
+.I no_subtree_check
+as subtree_checking tends to cause more problems than it is worth.
+If you genuinely require subtree checking, you should explicitly put
+that option in the
+.B exports
+file. If you put neither option,
+.I exportfs
+will warn you that the change is pending.
+
.TP
.IR insecure_locks
.TP
If a path is given (e.g.
.IR mountpoint= "/path or " mp= /path)
-then the nominted path must be a mountpoint for the exportpoint to be
+then the nominated path must be a mountpoint for the exportpoint to be
exported.
.TP
'''in the password file at startup time. If it isn't found, a uid and gid
.I exportfs
chooses a uid and gid
-of -2 (i.e. 65534) for squashed access. These values can also be overridden by
+of 65534 for squashed access. These values can also be overridden by
the
.IR anonuid " and " anongid
options.
.TP
.IR root_squash
Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does
-not apply to any other uids that might be equally sensitive, such as user
-.IR bin .
+not apply to any other uids or gids that might be equally sensitive, such as
+user
+.IR bin
+or group
+.IR staff .
.TP
.IR no_root_squash
Turn off root squashing. This option is mainly useful for diskless clients.
/usr *.local.domain(ro) @trusted(rw)
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
/pub (ro,insecure,all_squash)
+/srv/www \-sync,rw server @trusted @external(ro)
'''/pub/private (noaccess)
.fi
.PP
.I insecure
option in this entry also allows clients with NFS implementations that
don't use a reserved port for NFS.
+The sixth line exports a directory read-write to the machine 'server'
+as well as the `@trusted' netgroup, and read-only to netgroup `@external',
+all three mounts with the `sync' option enabled.
''' The last line denies all NFS clients
'''access to the private directory.
'''.SH CAVEATS