X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fexportfs%2Fexports.man;h=4cddc793d24b69c1eab0781cd01e58d327119e24;hp=034a896225e09c84001e9365b941397b54350306;hb=4bcb2c85022812c36e6008d5d51466b4b0e61d86;hpb=e7c106f6008ab11558e595585fb72872b21ae624 diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index 034a896..4cddc79 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -1,5 +1,4 @@ -.TH EXPORTS 5 "28 October 1999" -.UC 5 +.TH EXPORTS 5 "4 March 2005" "Linux" "Linux File Formats Manual" .SH NAME exports \- NFS file systems being exported (for Kernel based NFS) .SH SYNOPSIS @@ -30,6 +29,9 @@ double quotes. You can also specify spaces or other unusual character in the export name using a backslash followed by the character code as three octal digits. .PP +To apply changes to this file, run exportfs -ra or /etc/init.d/nfs-kernel-server +reload (the latter being a distribution-specific extension). +.PP .SS Machine Name Formats NFS clients may be specified in a number of ways: .IP "single host @@ -79,6 +81,11 @@ may work by accident when reverse DNS lookups fail. '''.B \-\-public\-root '''option. Multiple specifications of a public root will be ignored. .PP +.SS RPCSEC_GSS security +To restrict access to an export using rpcsec_gss security, use the special +string "gss/krb5" as the client. It is not possible to simultaneously require +rpcsec_gss and to make requirements on the IP address of the client. +.PP .SS General Options .IR exportfs understands the following export options: @@ -105,6 +112,13 @@ Using this option usually improves performance, but at the cost that an unclean server restart (i.e. a crash) can cause data to be lost or corrupted. +.TP +.IR sync +Reply to requests only after the changes have been committed to stable +storage (see +.IR async +above). + In releases of nfs-utils upto and including 1.0.0, this option was the default. In this and future releases, .I sync @@ -164,9 +178,17 @@ copes with the situation effectively. The option can be explicitly disabled with .IR hide . .TP +.IR crossmnt +This option is similar to +.I nohide +but it makes it possible for clients to move from the filesystem marked +with crossmnt to exported filesystems mounted on it. Thus when a child +filesystem "B" is mounted on a parent "A", setting crossmnt on "A" has +the same effect as setting "nohide" on B. +.TP .IR no_subtree_check This option disables subtree checking, which has mild security -implications, but can improve reliability is some circumstances. +implications, but can improve reliability in some circumstances. If a subdirectory of a filesystem is exported, but the whole filesystem isn't then whenever a NFS request arrives, the server must @@ -185,7 +207,7 @@ subtree checking is also used to make sure that files inside directories to which only root has access can only be accessed if the filesystem is exported with .I no_root_squash -(see below), even the file itself allows more general access. +(see below), even if the file itself allows more general access. As a general guide, a home directory filesystem, which is normally exported at the root and may see lots of file renames, should be @@ -218,6 +240,21 @@ be explicitly requested with either of the synonymous .IR auth_nlm , or .IR secure_locks . +.TP +.IR no_acl +On some specially patched kernels, and when exporting filesystems that +support ACLs, this option tells nfsd not to reveal ACLs to clients, so +they will see only a subset of actual permissions on the given file +system. This option is safe for filesystems used by NFSv2 clients and +old NFSv3 clients that perform access decisions locally. Current +NFSv3 clients use the ACCESS RPC to perform all access decisions on +the server. Note that the +.I no_acl +option only has effect on kernels specially patched to support it, and +when exporting filesystems with ACL support. The default is to export +with ACL support (i.e. by default, +.I no_acl +is off). '''.TP '''.I noaccess @@ -304,7 +341,7 @@ By default, '''in the password file at startup time. If it isn't found, a uid and gid .I exportfs chooses a uid and gid -of -2 (i.e. 65534) for squashed access. These values can also be overridden by +of 65534 for squashed access. These values can also be overridden by the .IR anonuid " and " anongid options. @@ -358,8 +395,11 @@ Here's the complete list of mapping options: .TP .IR root_squash Map requests from uid/gid 0 to the anonymous uid/gid. Note that this does -not apply to any other uids that might be equally sensitive, such as user -.IR bin . +not apply to any other uids or gids that might be equally sensitive, such as +user +.IR bin +or group +.IR staff . .TP .IR no_root_squash Turn off root squashing. This option is mainly useful for diskless clients. @@ -482,6 +522,12 @@ don't use a reserved port for NFS. '''entry. .SH FILES /etc/exports +.SH SEE ALSO +.BR exportfs (8), +.BR netgroup (5), +.BR mountd (8), +.BR nfsd (8), +.BR showmount (8). '''.SH DIAGNOSTICS '''An error parsing the file is reported using syslogd(8) as level NOTICE from '''a DAEMON whenever nfsd(8) or mountd(8) is started up. Any unknown