Extend the exportfs/mountd interface to pass fslocations info into the kernel

[nfs-utils.git] / utils / exportfs / exports.man

diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
index 7a032bc9609453e3295e84b891c742dc2cfe84a5..ab63b03cfd6be56bdd56f8fda5ae5b1b53a55f39 100644 (file)
--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
@@ -1,5 +1,4 @@
-.TH EXPORTS 5 "28 October 1999"
-.UC 5
+.TH EXPORTS 5 "4 March 2005" "Linux" "Linux File Formats Manual"

 .SH NAME
 exports \- NFS file systems being exported (for Kernel based NFS)
 .SH SYNOPSIS
 .SH NAME
 exports \- NFS file systems being exported (for Kernel based NFS)
 .SH SYNOPSIS


@@ -23,6 +22,11 @@ client may be immediately followed by a parenthesized, comma-separated
 list of export options for that client. No whitespace is permitted
 between a client and its option list.
 .PP
 list of export options for that client. No whitespace is permitted
 between a client and its option list.
 .PP

+Also, each line may have one or more specifications for default options
+after the path name, in the form of a dash ("\-") followed by an option
+list. The option list is used for all subsequent exports on that line
+only.
+.PP

 Blank lines are ignored.  A pound sign ("#") introduces a comment to the
 end of the line. Entries may be continued across newlines using a
 backslash. If an export name contains spaces it should be quoted using
 Blank lines are ignored.  A pound sign ("#") introduces a comment to the
 end of the line. Entries may be continued across newlines using a
 backslash. If an export name contains spaces it should be quoted using


@@ -89,7 +93,7 @@ rpcsec_gss and to make requirements on the IP address of the client.
 understands the following export options:
 .TP
 .IR secure "\*d
 understands the following export options:
 .TP
 .IR secure "\*d

-This option requires that requests originate on an internet port less
+This option requires that requests originate on an Internet port less

 than IPPORT_RESERVED (1024). This option is on by default. To turn it
 off, specify
 .IR insecure .
 than IPPORT_RESERVED (1024). This option is on by default. To turn it
 off, specify
 .IR insecure .


@@ -110,13 +114,20 @@ Using this option usually improves performance, but at the cost that
 an unclean server restart (i.e. a crash) can cause data to be lost or
 corrupted.
 
 an unclean server restart (i.e. a crash) can cause data to be lost or
 corrupted.
 

-In releases of nfs-utils upto and including 1.0.0, this option was the
-default.  In this and future releases,
+.TP
+.IR sync
+Reply to requests only after the changes have been committed to stable
+storage (see
+.IR async
+above).
+
+In releases of nfs-utils up to and including 1.0.0, this option was the
+default.  In all subsequence releases,

 .I sync
 is the default, and
 .I async
 .I sync
 is the default, and
 .I async

-must be explicit requested if needed.
-To help make system adminstrators aware of this change, 'exportfs'
+must be explicitly requested if needed.
+To help make system administrators aware of this change, 'exportfs'

 will issue a warning if neither
 .I sync
 nor
 will issue a warning if neither
 .I sync
 nor


@@ -169,9 +180,17 @@ copes with the situation effectively.
 The option can be explicitly disabled with
 .IR hide .
 .TP
 The option can be explicitly disabled with
 .IR hide .
 .TP

+.IR crossmnt
+This option is similar to
+.I nohide
+but it makes it possible for clients to move from the filesystem marked
+with crossmnt to exported filesystems mounted on it.  Thus when a child
+filesystem "B" is mounted on a parent "A", setting crossmnt on "A" has
+the same effect as setting "nohide" on B.
+.TP

 .IR no_subtree_check
 This option disables subtree checking, which has mild security
 .IR no_subtree_check
 This option disables subtree checking, which has mild security

-implications, but can improve reliability is some circumstances.
+implications, but can improve reliability in some circumstances.

 
 If a subdirectory of a filesystem is exported, but the whole
 filesystem isn't then whenever a NFS request arrives, the server must
 
 If a subdirectory of a filesystem is exported, but the whole
 filesystem isn't then whenever a NFS request arrives, the server must


@@ -190,7 +209,7 @@ subtree checking is also used to make sure that files inside
 directories to which only root has access can only be accessed if the
 filesystem is exported with
 .I no_root_squash
 directories to which only root has access can only be accessed if the
 filesystem is exported with
 .I no_root_squash

-(see below), even the file itself allows more general access.
+(see below), even if the file itself allows more general access.

 
 As a general guide, a home directory filesystem, which is normally
 exported at the root and may see lots of file renames, should be
 
 As a general guide, a home directory filesystem, which is normally
 exported at the root and may see lots of file renames, should be


@@ -203,6 +222,16 @@ The default of having subtree checks enabled, can be explicitly
 requested with
 .IR subtree_check .
 
 requested with
 .IR subtree_check .
 

+From release 1.1.0 of nfs-utils onwards, the default will be
+.I no_subtree_check
+as subtree_checking tends to cause more problems than it is worth.
+If you genuinely require subtree checking, you should explicitly put
+that option in the
+.B exports
+file.  If you put neither option,
+.I exportfs
+will warn you that the change is pending.
+

 .TP
 .IR insecure_locks
 .TP
 .TP
 .IR insecure_locks
 .TP


@@ -223,6 +252,21 @@ be explicitly requested with either of the synonymous
 .IR auth_nlm ,
 or
 .IR secure_locks .
 .IR auth_nlm ,
 or
 .IR secure_locks .

+.TP
+.IR no_acl
+On some specially patched kernels, and when exporting filesystems that
+support ACLs, this option tells nfsd not to reveal ACLs to clients, so
+they will see only a subset of actual permissions on the given file
+system.  This option is safe for filesystems used by NFSv2 clients and
+old NFSv3 clients that perform access decisions locally.  Current
+NFSv3 clients use the ACCESS RPC to perform all access decisions on
+the server.  Note that the
+.I no_acl
+option only has effect on kernels specially patched to support it, and
+when exporting filesystems with ACL support.  The default is to export
+with ACL support (i.e. by default,
+.I no_acl
+is off).

 
 '''.TP
 '''.I noaccess
 
 '''.TP
 '''.I noaccess


@@ -258,30 +302,65 @@ if, for example, the filesystem failed to mount due to a disc error.
 
 If a path is given (e.g.
 .IR mountpoint= "/path or " mp= /path)
 
 If a path is given (e.g.
 .IR mountpoint= "/path or " mp= /path)

-then the nominted path must be a mountpoint for the exportpoint to be
+then the nominated path must be a mountpoint for the exportpoint to be

 exported.
 
 .TP
 exported.
 
 .TP

-.IR fsid= num
-This option forces the filesystem identification portion of the file
-handle and file attributes used on the wire to be
-.I num
-instead of a number derived from the major and minor number of the
-block device on which the filesystem is mounted.  Any 32 bit number
-can be used, but it must be unique amongst all the exported filesystems.
+.IR fsid= num|root|uuid
+NFS needs to be able to identify each filesystem that it exports.
+Normally it will use a UUID for the filesystem (if the filesystem has
+such a thing) or the device number of the device holding the
+filesystem (if the filesystem is stored on the device).

 
 

-This can be useful for NFS failover, to ensure that both servers of
-the failover pair use the same NFS file handles for the shared filesystem
-thus avoiding stale file handles after failover.
+As not all filesystems are stored on devices, and not all filesystems
+have UUIDs, it is sometimes necessary to explicitly tell NFS how to
+identify a filesystem.  This is done with the
+.I fsid=
+option.

 
 

-Some Linux filesystems are not mounted on a block device; exporting
-these via NFS requires the use of the
-.I fsid
-option (although that may still not be enough).
+For NFSv4, there is a distinguished filesystem which is the root of
+all exported filesystem.  This is specified with
+.I fsid=root
+or
+.I fsid=0
+both of which mean exactly the same thing.
+
+Other filesystems can be identified with a small integer, or a UUID
+which should contain 32 hex digits and arbitrary punctuation.
+
+Linux kernels version 2.6.20 and earlier do not understand the UUID
+setting so a small integer must be used if an fsid option needs to be
+set for such kernels.  Setting both a small number and a UUID is
+supported so the same configuration can be made to work on old and new
+kernels alike.
+
+.TP
+.IR refer= path@host[+host][:path@host[+host]]
+A client referencing the export point will be directed to choose from
+the given list an alternative location for the filesystem.
+(Note that the server must have a mountpoint here, though a different
+filesystem is not required; so, for example,
+.IR "mount --bind" " /path /path"
+is sufficient.)
+.TP
+.IR replicas= path@host[+host][:path@host[+host]]
+If the client asks for alternative locations for the export point, it
+will be given this list of alternatives. (Note that actual replication
+of the filesystem must be handled elsewhere.)

 
 

-The value  0 has a special meaning when use with NFSv4.  NFSv4 has a
-concept of a root of the overall exported filesystem. The export point
-exported with fsid=0 will be used as this root.
+.TP
+.IR refer= path@host[+host][:path@host[+host]]
+A client referencing the export point will be directed to choose from
+the given list an alternative location for the filesystem.
+(Note that the server must have a mountpoint here, though a different
+filesystem is not required; so, for example,
+.IR "mount --bind" " /path /path"
+is sufficient.)
+.TP
+.IR replicas= path@host[+host][:path@host[+host]]
+If the client asks for alternative locations for the export point, it
+will be given this list of alternatives. (Note that actual replication
+of the filesystem must be handled elsewhere.)

 
 .SS User ID Mapping
 .PP
 
 .SS User ID Mapping
 .PP


@@ -309,7 +388,7 @@ By default,
 '''in the password file at startup time. If it isn't found, a uid and gid
 .I exportfs
 chooses a uid and gid
 '''in the password file at startup time. If it isn't found, a uid and gid
 .I exportfs
 chooses a uid and gid

-of -2 (i.e. 65534) for squashed access. These values can also be overridden by
+of 65534 for squashed access. These values can also be overridden by

 the
 .IR anonuid " and " anongid
 options.
 the
 .IR anonuid " and " anongid
 options.


@@ -363,8 +442,11 @@ Here's the complete list of mapping options:
 .TP
 .IR root_squash
 Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does
 .TP
 .IR root_squash
 Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does

-not apply to any other uids that might be equally sensitive, such as user
-.IR bin .
+not apply to any other uids or gids that might be equally sensitive, such as
+user
+.IR bin 
+or group
+.IR staff .

 .TP
 .IR no_root_squash
 Turn off root squashing. This option is mainly useful for diskless clients.
 .TP
 .IR no_root_squash
 Turn off root squashing. This option is mainly useful for diskless clients.


@@ -457,6 +539,7 @@ is supposedly that of user joe).
 /usr            *.local.domain(ro) @trusted(rw)
 /home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
 /pub            (ro,insecure,all_squash)
 /usr            *.local.domain(ro) @trusted(rw)
 /home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
 /pub            (ro,insecure,all_squash)

+/srv/www        \-sync,rw server @trusted @external(ro)

 '''/pub/private    (noaccess)
 .fi
 .PP
 '''/pub/private    (noaccess)
 .fi
 .PP


@@ -470,6 +553,9 @@ under the nobody account. The
 .I insecure 
 option in this entry also allows clients with NFS implementations that
 don't use a reserved port for NFS.
 .I insecure 
 option in this entry also allows clients with NFS implementations that
 don't use a reserved port for NFS.

+The sixth line exports a directory read-write to the machine 'server'
+as well as the `@trusted' netgroup, and read-only to netgroup `@external',
+all three mounts with the `sync' option enabled.

 ''' The last line denies all NFS clients
 '''access to the private directory.
 '''.SH CAVEATS
 ''' The last line denies all NFS clients
 '''access to the private directory.
 '''.SH CAVEATS


@@ -487,6 +573,12 @@ don't use a reserved port for NFS.
 '''entry.
 .SH FILES
 /etc/exports
 '''entry.
 .SH FILES
 /etc/exports

+.SH SEE ALSO
+.BR exportfs (8),
+.BR netgroup (5),
+.BR mountd (8),
+.BR nfsd (8),
+.BR showmount (8).

 '''.SH DIAGNOSTICS
 '''An error parsing the file is reported using syslogd(8) as level NOTICE from
 '''a DAEMON whenever nfsd(8) or mountd(8) is started up.  Any unknown
 '''.SH DIAGNOSTICS
 '''An error parsing the file is reported using syslogd(8) as level NOTICE from
 '''a DAEMON whenever nfsd(8) or mountd(8) is started up.  Any unknown