exportfs Command

Purpose

Exports and unexports directories to NFS clients.

Syntax

/usr/sbin/exportfs [ -a ] [ -v ] [ -u ] [ -i ] [ -fFile ] [ -F ] [ -oOption [ ,Option ... ] ] [ -V Exported Version] [ Directory ]

Description

The exportfs command makes local directories available for Network File System (NFS) clients to mount. This command is normally invoked during system startup by the /etc/rc.nfsfile and uses information in the /etc/exports file to export one or more directories, which must be specified with full path names.

The /etc/xtab file lists directories that are currently exported. To display this file, enter the exportfs command without flags or arguments. To alter the file or to alter the characteristics of one of its directories, root users can edit the /etc/exports file and run the exportfs command. Such alterations can be done at any time. Never edit the /etc/xtab file directly.

Note:
  1. You cannot export a directory that is either a parent directory or a subdirectory of one that is currently exported and within the same file system.
  2. NFS versions 2 and 3 allow both directories and files to be exported. Only directories can be exported for NFS version 4 access.
  3. If two entries for the same directory with different versions 2 (or 3) and 4 exist in the /etc/exports file, the exportfs command exports both of the entries.
  4. If the options for NFS versions 2 (or 3) and 4 are the same for a directory, there can be one entry in the /etc/exports file specifying -vers=3:4.

Flags

Item Description
-a Exports all directories listed in the exports file.
-v Prints the name of each directory as it is exported or unexported.
-u Unexports the directories you specify. When used with the -a flag, unexports all exported directories. When used with both the -a and -f flags, unexports all directories in the specified export file.
-i Allows the exporting of directories not specified in the exports file or ignores the options in the exports file. Unless the -f flag is used to specify an alternate file, the exportfs command will normally consult the /etc/exports file for the options associated with the exported directory."
-f File Specifies an export file, instead of the /etc/exports file, that contains a list of directories that you can export. This file should follow the same format as the /etc/exports file. NOTE: This alternate file will not be used for exporting directories automatically when the system and NFS is started. The /etc/exports file is the only file that is supported for specifying directories to export at system start.
-F Specifies that a forced unexport should be performed. Use this flag only with the -u flag. This flag has no effect when unexporting a V2/V3 export. A V4 unexport can fail due to associated state. This flag forces the release of any state associated with a V4 export.
-oOptions Specifies the optional characteristics for the directory being exported. You can enter more than one variable by separating them with commas. For options taking a Client parameter, Client can specify a hostname, a dotted IP address, a network name, or a subnet designator. A subnet designator is of the form "@host/mask", where host is either a hostname or a dotted IP address and mask specifies the number of bits to use when checking access. If mask is not specified, a full mask is used. For example, the designator @client.group.company.com/16 will match all Clients on the company.com subnet. A designator of @client.group.company.com/24 will match only the Clients on the group.company.com subnet. Choose from the following options:
ro
Exports the directory with read-only permission. If not specified, the directory is exported with read-write permission.
ro=Client[:Client]
Exports the directory with read-only permission to the specified Clients. Exports the directory with read-write permissions to Clients not specified in the list. A read-only list cannot be specified if a read-write list has been specified.
rw
Exports the directory with read-write permission to all Clients.
rw=Client [:Client]
Exports the directory with read-write permission to the specified Clients. Exports the directory read-only to Clients not in the list. A read-write list cannot be specified if a read-only list has been specified.
anon =UID
Uses the UID value as the effective user ID, if a request comes from a root user.

The default value for this option is -2. In NFS version 2 and NFS version 3, setting the value of the anon option to -1 disables anonymous access. Thus, by default, secure NFS accepts nonsecure requests as anonymous, and users who want more security can disable this feature by setting anon to a value of -1.

root=Client[:Client]
Allows root access from the specified clients in the list. Putting a host in the root list does not override the semantics of the other options. For example, this option denies the mount access from a host present in the root list but absent in the access list.
access=Client[:Client,...]
Gives mount access to each client listed. A client can be either a host name or a net group name. Each client in the list is first checked for in the /etc/netgroup database and then in the /etc/hosts database. The default value allows any machine to mount the given directory.
secure
Requires clients to use a more secure protocol when accessing the directory.
-o Options (continued)
sec=flavor[:flavor...]

This option is used to specify a list of security methods that may be used to access files under the exported directory. Most exportfs options can be clustered using the sec option. Options following a sec option are presumed to belong with the preceding sec option. Any number of sec stanzas may be specified, but each security method can be specified only once. Within each sec stanza the ro, rw, root, and access options may be specified once. Only the public, anon and vers options are considered global for the export. If the sec option is used to specify any security method, it must be used to specify all security methods. In the absence of any sec option, all authentication flavors are allowed.

Allowable flavor values are:
sys
UNIX authentication. This is the default method.
dh
DES authentication.
none
Allow mount requests to proceed with anonymous credentials if the mount request uses an authentication flavor not specified in the export.
krb5
Kerberos. Authentication only.
krb5i
Kerberos. Authentication and integrity.
krb5p
Kerberos. Authentication, integrity, and privacy.
The secure option may be specified, but not in conjunction with a sec option. The secure option is deprecated and may be eliminated. Use sec=dh instead.
vers=version_number[:version_number...]
Specifies which versions of NFS are allowed to access the exported directory. Valid versions are 2, 3, and 4. Versions 2 and 3 cannot be selected exclusively. Specifying either version 2 or version 3 will allow access by both NFS version 2 and NFS version 3. Version 4 can be selected exclusively. The default is to allow access using NFS protocol versions 2 and 3.
exname=external-name
Exports the directory by the specified external name. The external name must begin with the nfsroot name. See the description of the /etc/exports file for a description of the nfsroot name. This option applies only to directories exported for access by NFS version 4 protocol.
deleg={yes | no}
Enables or disables file delegation for the specified export. This option overrides the system-wide delegation enablement for this export. The system-wide enablement is done through nfso.
-o Options (continued)
refer=rootpath@host[+host][:rootpath@host[+host]]
A namespace referral will be created at the specified path. The referral directs clients to the specified alternate locations where they can continue operations. A referral is a special object. If a nonreferral object exists at the specified path, the export is disallowed and an error message is printed. If nothing exists at the specified path, a referral object is created there that includes the path name directories leading to the object. Multiple referrals can be created within a file system. A referral cannot be specified for the nfsroot. The name localhost cannot be used as a hostname. This refer option is allowed only for version 4 exports. If the export specification allows version 2 or version 3 access, an error message will be printed and the export will be disallowed. Unexporting the referral object has the effect of removing the referral locations information from the referral object. The object itself is not removed by unexporting. Use rm if you want to remove the object. The administrator must ensure that appropriate data is available at the referral servers. This option is available only on AIX 5L™ Version 5.3 with the 5300-03 Recommended Maintenance package or later.
Note: A referral export can only be made if replication is enabled on the server. Use chnfs -R on to enable replication.
-o Options (continued)
replicas=rootpath@host[+host][:rootpath@host[+host]]
Replica location information will be associated with the export path. The replica information can be used by NFS version 4 clients to redirect operations to the specified alternate locations if the current server becomes unavailable. The administrator should ensure that appropriate data is available at the replica servers. Because replica information applies to an entire file system, the specified path must be the root of a file system. If the path is not a file system root, the export is disallowed and an error message is printed. The name localhost cannot be used as a hostname. This replicas option is meaningful only for version 4 exports. If the option is used on an export that allows version 2 or version 3 access, the operation is allowed, but the replica information is ignored by the version 2 and version 3 servers. If the directory being exported is not in the replica list, the entry exported directory@current host will be added as the first replica location. This option is available only on AIX® 5.3 with 5300-03 or later. A replica export can only be made if replication is enabled on the server. By default, replication is not enabled. If replica exports will be made at system boot, replication should be enabled by using the chnfs -R on command. Replica locations can also be specified for the nfsroot. This can be done only using chnfs -R host[+host]. If the current host is not specified in the list, it will be added as the first replica host. The rootpath is not needed or allowed in this case because nfsroot is replicated only to the nfsroots of the specified hosts. The chnfs program can be used to enable or disable replication. Changing the replication mode can only be done if no NFS version 4 exports are active. If the server's replication mode is changed, file handles issued by the server during the previous replication mode will not be honored by the server. This can cause application errors on clients holding old file handles. Be careful when changing the replication mode of the server. If possible, all clients who have mounts to the server should unmount them before the server's replication mode is changed. The replica location information associated with the directory can be changed by modifying the replica list and reexporting the directory. The new replica information replaces the old replica information. NFS clients are expected to refresh replica information on a regular basis. If the server changes the replica information for an export, it might take time for the client to notice. This is not much of a problem if new replica locations are added, because clients holding the old information still have correct, if incomplete, replica information. Removing replica information can be problematic because it can result in clients holding incorrect replica information for a period of time. To aid clients in detecting the new information, exportfs will attempt to touch the replicated directory. This changes the timestamps on the directory, which in turn causes the client to refetch the directory's attributes. This operation might not be possible, however, if the replicated file system is read-only. When changing replica information for a directory, be aware that there could be some latency between changing the information and clients noticing the new information.
-o Options (continued)
noauto
Accepts the replicas specification as-is. Does not automatically insert the primary hostname as one of the replica locations if it has not been specified.
scatter
Defines how the alternate locations list is generated from the servers specified on the refer or replicas option. If the noauto option is not used, the alternate locations list also includes the primary host name as one of the replica locations. The scatter option applies only to directories exported for access by NFS version 4 protocol. The scatter option has three allowable values:
full
All of the servers are scattered to form the combinations of alternate locations.
partial
The first location of all the combinations is fixed to the first server specified on the refer or replicas option. The rest of the locations and the first location are scattered as if they are scattered using the scatter=full method.
none
No scatter is to be used. The value can also be used to disable scattering if enabled previously.

Whenever the attributes of a Client change, all export entries that contain that Client as a parameter should be exported again. Events that can change a Client's attributes include modifying a netgroup or changing the IP address of a client. Failure to do so can result in the server using old client information.
-V Exported Version Specifies the version number. Valid version numbers are 2, 3 and 4.

Solaris Compatibility

The exportfs command may be invoked as share, shareall, unshare, or unshareall. When the exportfs command is invoked as share or shareall, the functionality is equivalent to exportfs and exportfs -a, respectively, except that the sec option must be used to specify the security methods. When the exportfs command is invoked as unshare or unshareall, the functionality is equivalent to exportfs -u and exportfs -u -a, respectively.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To export all directories in the /etc/exports file, enter: 
    exportfs -a
  2. To export one directory from the /etc/exports file, enter: 
    exportfs /home/notes
    In this example, the /home/notes directory is exported.
    Note: For this command to work, the /home/notes directory must be specified in the /etc/exports file.
  3. To unexport a directory, enter: 
    exportfs -u /home/notes

    In this example, the /home/notes directory is unexported.

  4. To display the name of the directory currently being exported, enter: 
    exportfs -v
  5. To export a directory that is not specified in the /etc/exports file, enter: 
    exportfs -i /home/zeus

    In this example, the /home/zeus directory is exported without restrictions.

  6. To export a directory and give netgroup members permission to access this directory, enter: 
    exportfs access=cowboys:oilers /home/notes -o

    In this example, the /home/notes directory is exported and permits users of cowboys and oilers host machines to have access.

  7. To export a directory with different options from the /etc/exports file, enter: 
    exportfs -i -o root=zorro:silver /directory

    In this example, the /directory directory is exported and allows root user access to zorro and silver host machines, regardless of the access permissions specified in the /etc/exports file.

  8. To export the /common/docs directory with write permissions to clients using Kerberos authentication, but read-only permissions to clients using UNIX authentication, add the following text to the /etc/exports file: 
    /common/docs -sec=krb5,rw,sec=sys,ro

    Then enter exportfs /common/docs to perform the export.

  9. To create a referral at /usr/info to the /usr/info directory on host infoserver, add the following line to /etc/exports and then export /usr/info: 
    /usr/info -vers=4,refer=/usr/info@infoserver
  10. To specify replicas for the /common/info directory at hosts backup1 and backup2, add the following line to /etc/exports and then export /common/info: 
    /common/info -vers=4,replicas=/common/info@backup1:/common/info@backup2,<other options>
  11. To export the /common/docs directory with both version 3 and version 4, enter the following command: 
    exportfs -V 3:4 /common/docs
  12. To export all of the version 4 entries in the /etc/exports file, enter the following command: 
    exportfs -a -V 4
  13. To unexport the /common/docs directory only for version 3, enter the following command: 
    exportfs -u -V 3 /common/docs
  14. To unexport all of the version 3 entries in the /etc/xtab file, enter the following command: 
    exportfs -ua -V 3
  15. To specify referrals for the /common/docs directory at hosts named s1, s2, and s3 and scatter them fully, add the following line to the /etc/exports file and then export the /common/docs directory: 
    /common/docs -vers=4,refer=/common/docs@s1:/common/docs@s2:/common/docs@s3,scatter=full
  16. To specify replicas for the /common/docs directory at hosts named s1, s2, s3, and s4 and scatter them partially (the first fail over server is s1 for all combinations), add the following line to the /etc/exports file and then export the /common/docs directory: 
    /common/docs -vers=4,noauto,replicas=/common/docs@s1:/common/docs@s2:/common/docs@s3:/common/docs@s4,scatter=partial

Files

Item Description
/etc/exports Lists the directories that the server can export.
/etc/xtab Lists currently exported directories.
/etc/hosts Contains an entry for each host on the network.
/etc/netgroup Contains information about each user group on the network.
/etc/rc.nfs Contains the startup script for the NFS and NIS daemons.