exports(5nfs)exports(5nfs)Nameexports - defines NFS file systems to be exported
Syntax
/etc/exports
Description
The file describes the local file systems and directories that can be
mounted by remote hosts through the use of the NFS protocol. The file
can also be used to restrict access to a particular set of remote sys‐
tems. The request daemon accesses the file each time it receives a
mount request from an NFS client.
Each entry in the file consists of a file system or directory name fol‐
lowed by an optional list of options or an optional list of identifiers
or both. The identifiers define which remote hosts can mount that par‐
ticular file system or directory. The identifiers listed beside the
name of each file system or directory can be either host names or YP
netgroups names. When the daemon receives a mount request from a
client, it searches for a match in the list of identifiers, first by
checking the client host name with the host name identifiers and second
by checking the client host name in a YP netgroups. When it finds a
match, makes that file system or directory available to the requesting
client.
The exports file format is defined as follows:
pathname [-r=#] [-o] [identifier_1 identifier_2 ... identifier_n]
or
#anything
Name of a mounted local file system or a directory of a
mounted local file system . The must begin in column 1.
options:
-r=# Map client superuser access to uid #. If you
want to allow client superusers access to the
file system or directory with the same permis‐
sions as a local superuser, use Use only if you
trust the superuser on the client system. The
default is which maps a client superuser to
nobody. This limits access to world readable
files.
-o Export file system or directory read-only.
The options can be applied to both file system
and directory entries in
identifiers: Host names or netgroups, or both, separated by white
space, that specify the access list for this export.
Host names can optionally contain the local BIND domain
name. For more information on BIND, see the Guide to
the BIND/Hesiod Service If no hosts or netgroups are
specified, the daemon exports this file system or direc‐
tory to anyone requesting it.
A number sign (#) anywhere in the line marks a comment that extends to
the end of that line.
A whitespace character in the left-most position of a line indicates a
continuation line.
Each file system that you want to allow clients to mount must be
explicitly defined. Exporting only the root (/) will not allow clients
to mount Exporting only will not allow clients to mount if it is a file
system.
Duplicate directory entries are not allowed. The first entry is valid
and following duplicates are ignored.
Desired export options must be explicitly specified for each exported
resource: file system or directory. If a file system and subdirecto‐
ries within it are exported, the options associated with the file sys‐
tem are not ``inherited''. You do not need to export an entire file
system to allow clients to mount subdirectories within it.
The access list associated with each exported resource identifies which
clients can mount that resource with the specified options. For exam‐
ple, you can export an entire file system read-only, with a subdirec‐
tory within it exported read-write to a subset of clients. If a client
that is not identified in the export access list of a directory
attempts to mount it, then access is checked against the closest
exported ancestor. If mount access is allowed at a higher level in the
directory tree of the file system, the export options associated with
the successful match will be in effect.
If you are concerned with nfs security, all ufs file systems exported
via nfs should be ufs mounted with the option. All ufs file systems
exported via nfs with the option specified in the file should be ufs
mounted with the option.
Examples
/usr alpha beta # export /usr to hosts alpha and beta, client
superuser maps to uid -2 and read-write
access is permitted
/usr/staff/doe clients # export directory to hosts in netgroup clients
/usr/man/man1 -o # export directory read-only to everyone
/usr/local -r=0 beta # export file system to beta, superuser
on beta maps to local superuser (uid=0)
FilesSee Alsohosts(5), mountd(8nfs), netgroup(5yp)
Guide to the BIND/Hesiod Service
Introduction to Networking and Distributed System Services
exports(5nfs)