*** UNIX MANUAL PAGE BROWSER ***

exports(4) Kernel Interfaces Manual exports(4) NAME exports - Defines remote mount points for NFS mount requests SYNOPSIS /etc/exports DESCRIPTION The exports file specifies remote mount points for the NFS mount proto- col per the NFS server specification (see Network File System Protocol Specification, RFC1094). Each entry in the /etc/exports file consists of a file system or direc- tory name followed by an optional list of options or an optional list of identifiers or both. The identifiers define which remote hosts can mount that particular file system or directory. The identifiers listed beside the name of each file system or directory can be either host names, IP addresses, or NIS netgroups names. If no identifiers are listed, the entry is exported to all hosts. The format of the exports file is as follows: pathname [option ...] [identifier ...] #comments The pathname specifies the name of a mounted local file system or a di- rectory of a mounted local file system. The pathname must begin in column 1. The following are valid export file options: Maps client superuser ac- cess to uid 0 for all hosts mounting this path. If you want to allow client superusers access to the file system or directory with the same permissions as a local superuser, use -root=0. Use -root=0 only if you trust the superuser on the client system. The default is for client superusers to be mapped to uid -2, which maps a client superuser to no- body. This limits access to world accessible files. If both the -root=0 option and the -anon=uid option are used, the root option over- rides the uid specified in anon for client superusers. Maps the client superusers on the specified hosts only to uid 0. The format for the hostlist argument is as follows: client[:client]... The client specification can be a host name or IP address. By default, client superusers are mapped to -2. This option overrides the uid specified in -anon=uid for client superusers in hostlist. Maps anony- mous users to the specified uid. Client superusers are considered anonymous by the NFS server, as are requests that come in without UNIX authentication. By default, anonymous users are mapped to uid -2. Setting anon to -1 disables anonymous access. The file system or di- rectory is exported read-only (default is read-write). The -o option is a synonym for -ro for backward compatibility. Limits read-write ac- cess to the hosts specified. All other hosts allowed to mount this path are granted read-only access. The format for the hostlist argu- ment is as follows: client[:client]... The client specification can be a host name or IP address. If both the -ro and -rw=hostlist options are specified, -rw prevails. Specifies the hosts to grant mount access to. The format for the hostlist argu- ment is as follows: client[:client]... The client specification can be a host name, IP address, or NIS network group. This option is provided for readability and compatibility with certain export file formats. Alternatively, to identify the client systems who are allowed access to this export use the whitespace sepa- rated identifier list described below. The options can be applied to both file system and directory entries in /etc/exports. Alternatively, you can list options using only one leading dash and separating them with commas as in -option[,option].... You use the identifier field to specify host names, network groups, or both, separated by white space that specify the access list for this export. Host names can optionally contain the local BIND domain name. Note If no hosts or netgroups are specified, the mount daemon exports this file system or directory to anyone requesting it. See the mountd(8) reference page for information on how to limit this scope to known hosts or to hosts in the same Bind domain. A number sign (#) anywhere in the line marks a comment that extends to the end of that line. A whitespace character in the left-most position of a line indicates a continuation line. For example, suppose you enter: /usr -root=0 milan kuan_yin.cis.berkeley.edu /usr/local 555.555.55.55 /u2 -ro /u3/dir1 -rw=milan:venice:florence /u3/dir2 -root=milan,ac- cess=venice:florence /u3/dir3 -root=0,access=milan:venice:florence /u3/dir4 -root=0 milan venice florence /u3/dir5 -root=milan -anon=-1 If /usr, /u2 and /u3 are local file system mount points, this specifies the following: /usr is exported read-write to hosts milan and kuan_yin.cis.berkeley.edu with root mapped to uid=0. /usr/local is ex- ported read-write to host 555.555.55.55 with root mapped to -2. (For security reasons, this example uses the fictitious IP address 555.555.55.55.) /u2 is exported to all hosts read-only with root mapped to -2. /u3/dir1 is exported read-write to hosts milan, venice, and florence and read-only to all other hosts. For all hosts, root is mapped to -2. /u3/dir2 is exported with root mapped to 0 to host mi- lan. Hosts milan, venice, and florence are allowed to mount this di- rectory read-write. Root on hosts venice and florence is mapped to -2. /u3/dir3 is exported read-write and with root mapped to 0 to hosts mi- lan, venice, and florence. /u3/dir4 is exported in the same manner as the previous example. /u3/dir5 is exported read-write to all hosts. Anonymous users are not allowed to mount this directory, with the ex- ception of the client superuser on host milan. Root is mapped to 0 on host milan and to -2 on all other hosts. Each file system that you want to allow clients to mount must be ex- plicitly defined. Exporting only the root (/) will not allow clients to mount /usr. Exporting only /usr will not allow clients to mount /usr/local, if it is a file system. Duplicate directory entries are not allowed. The first entry is valid and following duplicates are ignored. Desired export options must be explicitly specified for each exported resource: file system or directory. If a file system and subdirecto- ries within it are exported, the options associated with the file sys- tem are not ``inherited.'' You do not need to export an entire file system to allow clients to mount subdirectories within it. The access list associated with each exported resource identifies which clients can mount that resource with the specified options. For exam- ple, you can export an entire file system read-only, with a subdirec- tory within it exported read-write to a subset of clients. If a client that is not identified in the export access list of a directory at- tempts to mount it, then access is checked against the closest exported ancestor. If mount access is allowed at a higher level in the direc- tory tree of the file system, the export options associated with the successful match will be in effect. To make a change to the exports file and have it take effect immedi- ately, send the mountd(8) a HUP signal. Otherwise, the mountd(8) will reread the exports file the next time it receives a mount request from an NFS client or a showmount -e request. RELATED INFORMATION Daemons: mountd(8), nfsd(8) Commands: showmount(8) Files: hosts(4), netgroup(4) Network Administration Network Administration delim off exports(4)