X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=utils%2Fexportfs%2Fexports.man;h=d57b8b41cccaf302be0b00cdf752177bf59763cf;hb=95aa4adaec0f6543a5fb9db112953d8ec9a100ff;hp=d11a2a0b9a3421049380fa2b83a6aae1e90d65b1;hpb=956008acd1ec89ab03aebdbd5533a5630cf4804a;p=nfs-utils.git diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index d11a2a0..d57b8b4 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -88,7 +88,7 @@ rpcsec_gss and to make requirements on the IP address of the client. understands the following export options: .TP .IR secure "\*d -This option requires that requests originate on an internet port less +This option requires that requests originate on an Internet port less than IPPORT_RESERVED (1024). This option is on by default. To turn it off, specify .IR insecure . @@ -109,13 +109,20 @@ Using this option usually improves performance, but at the cost that an unclean server restart (i.e. a crash) can cause data to be lost or corrupted. -In releases of nfs-utils upto and including 1.0.0, this option was the -default. In this and future releases, +.TP +.IR sync +Reply to requests only after the changes have been committed to stable +storage (see +.IR async +above). + +In releases of nfs-utils up to and including 1.0.0, this option was the +default. In all subsequence releases, .I sync is the default, and .I async must be explicit requested if needed. -To help make system adminstrators aware of this change, 'exportfs' +To help make system administrators aware of this change, 'exportfs' will issue a warning if neither .I sync nor @@ -168,6 +175,14 @@ copes with the situation effectively. The option can be explicitly disabled with .IR hide . .TP +.IR crossmnt +This option is similar to +.I nohide +but it makes it possible for clients to move from the filesystem marked +with crossmnt to exported filesystems mounted on it. Thus when a child +filesystem "B" is mounted on a parent "A", setting crossmnt on "A" has +the same effect as setting "nohide" on B. +.TP .IR no_subtree_check This option disables subtree checking, which has mild security implications, but can improve reliability in some circumstances. @@ -202,6 +217,16 @@ The default of having subtree checks enabled, can be explicitly requested with .IR subtree_check . +From release 1.1.0 of nfs-utils onwards, the default will be +.I no_subtree_check +as subtree_checking tends to cause more problems than it is worth. +If you genuinely require subtree checking, you should explicitly put +that option in the +.B exports +file. If you put neither option, +.I exportfs +will warn you that the change is pending. + .TP .IR insecure_locks .TP @@ -222,6 +247,21 @@ be explicitly requested with either of the synonymous .IR auth_nlm , or .IR secure_locks . +.TP +.IR no_acl +On some specially patched kernels, and when exporting filesystems that +support ACLs, this option tells nfsd not to reveal ACLs to clients, so +they will see only a subset of actual permissions on the given file +system. This option is safe for filesystems used by NFSv2 clients and +old NFSv3 clients that perform access decisions locally. Current +NFSv3 clients use the ACCESS RPC to perform all access decisions on +the server. Note that the +.I no_acl +option only has effect on kernels specially patched to support it, and +when exporting filesystems with ACL support. The default is to export +with ACL support (i.e. by default, +.I no_acl +is off). '''.TP '''.I noaccess @@ -257,7 +297,7 @@ if, for example, the filesystem failed to mount due to a disc error. If a path is given (e.g. .IR mountpoint= "/path or " mp= /path) -then the nominted path must be a mountpoint for the exportpoint to be +then the nominated path must be a mountpoint for the exportpoint to be exported. .TP @@ -308,7 +348,7 @@ By default, '''in the password file at startup time. If it isn't found, a uid and gid .I exportfs chooses a uid and gid -of -2 (i.e. 65534) for squashed access. These values can also be overridden by +of 65534 for squashed access. These values can also be overridden by the .IR anonuid " and " anongid options. @@ -362,8 +402,11 @@ Here's the complete list of mapping options: .TP .IR root_squash Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does -not apply to any other uids that might be equally sensitive, such as user -.IR bin . +not apply to any other uids or gids that might be equally sensitive, such as +user +.IR bin +or group +.IR staff . .TP .IR no_root_squash Turn off root squashing. This option is mainly useful for diskless clients.