| Directory |
Specifies the directory name. |
| Option |
Specifies the optional characteristics for the directory being
exported. You can enter more than one variable by separating them
with commas. For options taking a Client parameter, Client can specify
a hostname, a dotted IP address, a network name, or a subnet designator.
A subnet designator is of the form @host/mask, where host
is either a hostname or a dotted IP address and mask specifies the
number of bits to use when checking access. If mask is not
specified, a full mask is used. For example, the designator @client.group.company.com/16 will match all Clients on the
company.com subnet. A designator of @client.group.company.com/24 will match only the Clients on the group.company.com subnet. Choose
from the following options: - ro
- Exports the directory with read-only permission. If not specified,
the directory is exported with read-write permission.
- ro=Client[:Client]
- Exports the directory with read-only permission to the specified
Clients. Exports the directory with read-write permissions to Clients
not specified in the list. A read-only list cannot be specified if
a read-write list has been specified.
- rw
- Exports the directory with read-write permission to all Clients.
- rw = Client [:Client]
- Exports the directory with read-write permission to the specified
Clients. Exports the directory read-only to Clients not in the list.
A read-write list cannot be specified if a read-only list has been
specified.
- access = Client[:Client,...]
- Gives mount access to each Client listed. If not specified, any
Client is allowed to mount the specified directory. The ro option
and the rw option can be combined on a single exports entry.
See the following examples:
access=x, ro=y
indicates that x has the rw option and y has the ro option
access=x, rw=y
indicates that x has the ro option and y has the rw option
- anon= UID
- If a request comes from a root user, use the user identification
(UID) value as the effective user ID.
The default value
for this option is -2. Setting the value of the anon option
to -1 disables anonymous access. Note that, by default, secure NFS
accepts nonsecure requests as anonymous, and users who want more security
can disable this feature by setting anon to a value of -1.
|
| |
- root=Client[:Client]
- Allows root access from the specified clients in the list. Putting
a host in the root list does not override the semantics of the other
options. For example, this option denies the mount access from a host
present in the root list but absent in the access list.
- secure
- Requires clients to use a more secure protocol when accessing
the directory.
A # (pound sign) anywhere
in the file indicates a comment that extends to the end of the line.
- deleg={yes|no}
- Enable or disable file delegation for the specified export. This
option overrides the system-wide delegation enablement for this export.
The system-wide enablement is done through the nfso command.
- vers=version[:version]
- Exports the directory for clients using the specified nfs protocol versions. Allowable values are 2, 3,
and 4. Versions 2 and 3 cannot be enforced separately. Specifying
version 2 or 3 allows access by clients using either nfs protocol versions 2 or 3. Version 4 can be specified independently
and must be specified to allow access by clients using version 4 protocol.
The default is 2 and 3.
- exname=external-name
- Exports the directory by the specified external name. The external
name must begin with the nfsroot name.
See below for a description of the nfsroot and nfspublic paths. This applies only
to directories exported for access by version 4 protocol only.
|
| Option (continued) |
- sec=flavor[:flavor...]
- This option is used to specify a list of security methods that
may be used to access files under the exported directory. Most exportfs options can be clustered using the sec option. Options following a sec option are presumed to belong with the preceding sec option. Any number of sec stanzas may be specified, but each security method can be
specified only once. Within each sec stanza
the ro, rw, root, and access options
may be specified once. Only the public, anon and vers options are considered global
for the export. If the sec option is used
to specify any security method, it must be used to specify all security
methods. In the absence of any sec option, UNIX authentication is
assumed.
Allowable flavor values are: - sys
- UNIX authentication.
- dh
- DES authentication.
- krb5
- Kerberos. Authentication only.
- krb5i
- Kerberos. Authentication and integrity.
- krb5p
- Kerberos. Authentication, integrity, and privacy.
- none
- Allow mount requests to proceed with anonymous credentials if
the mount request uses an authentication flavor not specified in the
export. Otherwise a weak auth error is returned.
By default, all flavors are allowed.
The secure option may be
specified, but not in conjunction with a sec option. The secure option is deprecated
and may be eliminated. Use sec=dh instead.
- refer=rootpath@host [+host][:rootpath@host [+host]]
- A namespace referral is created at the specified path. This referral
directs clients to the specified alternate locations where the clients
can continue operations. A referral is a special object. If a non-referral
object exists at the specified path, the export is not allowed and
an error message is printed. If nothing exists at the specified path,
a referral object is created there; this referral object includes
the pathname directories that lead to the object. Multiple referrals
can be created within a file system. A referral cannot be specified
for nfsroot. The name localhost cannot be used as a
hostname.
Unexporting the referral object has the effect of removing
the referral locations information from the referral object. Unexporting
the referral object does not remove the referral object itself. The
object can be removed using rm if desired. The administrator must
ensure that appropriate data is available at the referral servers.
This option is available only on AIX® version 5.3.0.30 or
later, and is allowed only for version 4 exports. If the export specification
allows version 2 or version 3 access, an error message will be printed
and the export will be disallowed. Note: A referral export can only
be made if replication is enabled on the server. Use chnfs
-R on to enable replication.
|
| Option (continued) |
- replicas=rootpath@host [+host][:rootpath@host [+host]]
- Replica location information is associated with the export path.
The replica information can be used by NFS version 4 clients to redirect
operations to the specified alternate locations if the current server
becomes unavailable. You should ensure that appropriate data is available
at the replica servers. Since replica information applies to an entire
file system, the specified path must be the root of a file system.
If the path is not a file system root, the export is not allowed and
an error message is printed. The name localhost cannot be used
as a hostname.
If the directory being exported is not in the replica
list, the entry ExportedDirectory@CurrentHost is added as the first replica location. A replica export can only
be made if replication is enabled on the server. By default, replication
is not enabled. If replica exports are made at system boot, replication
should be enabled using chnfs -R on. Replica locations can
also be specified for the nfsroot. The chnfs command
must be used for this purpose. In this case, the command is chnfs
-R host [ + host ]. If the current host is not specified
in the list, it will be added as the first replica host. The rootpath is not needed or allowed in this case. The reason is that the nfsroot is replicated only to the nfsroots of the specified
hosts. The replication mode can only be changed if there are no active
NFS version 4 exports. If the server's replication mode is changed,
any filehandles issued by the server during the previous replication
mode will not be honored by the server. This can cause application
errors on clients with old filehandles. Care must be taken when changing
the replication mode of the server. If possible, all client mounts
to the server should be unmounted before the server's replication
mode is changed. The replica location information associated with
the directory can be changed by modifying the replica list and reexporting
the directory. The new replica information will replace the old replica
information.
NFS clients are expected to refresh replica information
on a regular basis. If the server changes the replica information
for an export, it may take some time for the client to refresh its
replica information. This is not a serious problem if new replica
locations are added, since clients with old replica information will
still have correct, though possibly incomplete, replica information.
Removing replica information can be problematic since it can result
in clients having incorrect replica information for some period of
time. To aid clients in detecting the new information, exportfs attempts to touch the replicated directory. This will change the
timestamps on the directory, which in turn causes the client to refetch
the directory's attributes. This operation may not be possible, however,
if the replicated file system is read-only. When changing replica
information for a directory, you should be aware that there may be
a period of time between the changing of the replica information and
clients getting the new replica information.
This option is
available only on AIX version 5.3.0.30 or later, and is meaningful only for version 4
exports. If the option is used on an export that allows version 2
or version 3 access, the operation is allowed, but the replica information
is ignored by the version 2 and version 3 servers.
- noauto
- Accepts the replicas specification as-is. Does not automatically
insert the primary hostname as one of the replica locations if it
has not been specified.
|