X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fexportfs%2Fexports.man;h=2b316f546bd95187622a4697d750f3410850adf4;hp=5dcc809361d6002df79eb3f76b0f43392116b832;hb=442c362b033ff30be49e162db8a57d8e375a6f1f;hpb=dd369074fb986c2fe1a59eed070f01433344ab2f diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index 5dcc809..2b316f5 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -1,5 +1,4 @@ -.TH EXPORTS 5 "28 October 1999" -.UC 5 +.TH EXPORTS 5 "4 March 2005" "Linux" "Linux File Formats Manual" .SH NAME exports \- NFS file systems being exported (for Kernel based NFS) .SH SYNOPSIS @@ -45,9 +44,10 @@ parts or those containing a single dash (\-) are ignored. .IP "wildcards Machine names may contain the wildcard characters \fI*\fR and \fI?\fR. This can be used to make the \fIexports\fR file more compact; for instance, -\fI*.cs.foo.edu\fR matches all hosts in the domain \fIcs.foo.edu\fR. However, -these wildcard characters do not match the dots in a domain name, so the -above pattern does not include hosts such as \fIa.b.cs.foo.edu\fR. +\fI*.cs.foo.edu\fR matches all hosts in the domain +\fIcs.foo.edu\fR. As these characters also match the dots in a domain +name, the given pattern will also match all hosts within any subdomain +of \fIcs.foo.edu\fR. .IP "IP networks You can also export directories to all hosts on an IP (sub-) network simultaneously. This is done by specifying an IP address and netmask pair @@ -78,6 +78,11 @@ may work by accident when reverse DNS lookups fail. '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +.SS RPCSEC_GSS security +To restrict access to an export using rpcsec_gss security, use the special +string "gss/krb5" as the client. It is not possible to simultaneously require +rpcsec_gss and to make requirements on the IP address of the client. +.PP .SS General Options .IR exportfs understands the following export options: @@ -95,17 +100,31 @@ This can also be made explicit by using the .IR ro " option. .TP -.IR sync -This option requests that all file writes be committed to disc before -the write request completes. This is required for complete safety of -data in the face of a server crash, but incurs a performance hit. -The default is to allow the server to write the data out whenever it -is ready. This can be explicitly requested with the -.IR async " option. +.IR async +This option allows the NFS server to violate the NFS protocol and +reply to requests before any changes made by that request have been +committed to stable storage (e.g. disc drive). + +Using this option usually improves performance, but at the cost that +an unclean server restart (i.e. a crash) can cause data to be lost or +corrupted. + +In releases of nfs-utils upto and including 1.0.0, this option was the +default. In this and future releases, +.I sync +is the default, and +.I async +must be explicit requested if needed. +To help make system adminstrators aware of this change, 'exportfs' +will issue a warning if neither +.I sync +nor +.I async +is specified. .TP .IR no_wdelay -This option only has effect if -.I sync +This option has no effect if +.I async is also set. The NFS server will normally delay committing a write request to disc slightly if it suspects that another related write request may be in progress or may arrive soon. This allows multiple write requests to @@ -151,7 +170,7 @@ The option can be explicitly disabled with .TP .IR no_subtree_check This option disables subtree checking, which has mild security -implications, but can improve reliability is some circumstances. +implications, but can improve reliability in some circumstances. If a subdirectory of a filesystem is exported, but the whole filesystem isn't then whenever a NFS request arrives, the server must @@ -170,7 +189,7 @@ subtree checking is also used to make sure that files inside directories to which only root has access can only be accessed if the filesystem is exported with .I no_root_squash -(see below), even the file itself allows more general access. +(see below), even if the file itself allows more general access. As a general guide, a home directory filesystem, which is normally exported at the root and may see lots of file renames, should be @@ -203,6 +222,21 @@ be explicitly requested with either of the synonymous .IR auth_nlm , or .IR secure_locks . +.TP +.IR no_acl +On some specially patched kernels, and when exporting filesystems that +support ACLs, this option tells nfsd not to reveal ACLs to clients, so +they will see only a subset of actual permissions on the given file +system. This option is safe for filesystems used by NFSv2 clients and +old NFSv3 clients that perform access decisions locally. Current +NFSv3 clients use the ACCESS RPC to perform all access decisions on +the server. Note that the +.I no_acl +option only has effect on kernels specially patched to support it, and +when exporting filesystems with ACL support. The default is to export +with ACL support (i.e. by default, +.I no_acl +is off). '''.TP '''.I noaccess @@ -222,6 +256,47 @@ or '''.TP '''.IR link_absolute '''Leave all symbolic link as they are. This is the default operation. + +.TP +.IR mountpoint= path +.TP +.I mp +This option makes it possible to only export a directory if it has +successfully been mounted. +If no path is given (e.g. +.IR mountpoint " or " mp ) +then the export point must also be a mount point. If it isn't then +the export point is not exported. This allows you to be sure that the +directory underneath a mountpoint will never be exported by accident +if, for example, the filesystem failed to mount due to a disc error. + +If a path is given (e.g. +.IR mountpoint= "/path or " mp= /path) +then the nominted path must be a mountpoint for the exportpoint to be +exported. + +.TP +.IR fsid= num +This option forces the filesystem identification portion of the file +handle and file attributes used on the wire to be +.I num +instead of a number derived from the major and minor number of the +block device on which the filesystem is mounted. Any 32 bit number +can be used, but it must be unique amongst all the exported filesystems. + +This can be useful for NFS failover, to ensure that both servers of +the failover pair use the same NFS file handles for the shared filesystem +thus avoiding stale file handles after failover. + +Some Linux filesystems are not mounted on a block device; exporting +these via NFS requires the use of the +.I fsid +option (although that may still not be enough). + +The value 0 has a special meaning when use with NFSv4. NFSv4 has a +concept of a root of the overall exported filesystem. The export point +exported with fsid=0 will be used as this root. + .SS User ID Mapping .PP .I nfsd @@ -426,6 +501,12 @@ don't use a reserved port for NFS. '''entry. .SH FILES /etc/exports +.SH SEE ALSO +.BR exportfs (8), +.BR netgroup (5), +.BR mountd (8), +.BR nfsd (8), +.BR showmount (8). '''.SH DIAGNOSTICS '''An error parsing the file is reported using syslogd(8) as level NOTICE from '''a DAEMON whenever nfsd(8) or mountd(8) is started up. Any unknown