5. share_nfs - make NFS shares available for mounting by remote systems share_nfs

share_nfs - make NFS shares available for mounting by remote systems share_nfs 


  • System Administration Commands					 share_nfs(1M)



NAME
       share_nfs - make	NFS shares available for mounting by remote systems

SYNOPSIS
       share -F	nfs [-a	[-o specific_options] [-d description]
	    pathname [sharename] | [-A]]


       zfs set share.nfs=on | off filesystem|share


       zfs share -o share.nfs=on | off specific_options
	    filesystem|filesystem%share


DESCRIPTION
       The  share  utility  defines  and  publishes a NFS share, which makes a
       local file system available for mounting	by remote systems.  It	starts
       the nfsd(1M) and	mountd(1M) daemons if they are not already running.


       You  can	 use the share command to create and publish a ZFS file	system
       share, but this is considered  a	 legacy	 operation.  See  zfs(1M)  for
       information about setting the share.nfs property	or using the zfs share
       command to create and publish NFS shares.

OPTIONS
       The following options are supported:

       -F nfs

	   Specify the NFS file	sharing	protocol.


       -a

	   Publish all defined shares.


       -o specific_options

	   Specify specific_options in a comma-separated list of keywords  and
	   attribute-value-assertions  for interpretation by the NFS protocol.
	   By default, a share is published  with  read-write  access  to  all
	   clients,  unless  a	specific  option overrides the default access.
	   specific_options can	be any combination of the following:

	   aclok

	       Allows the NFS server to	do access control for  NFS  Version  2
	       clients.	 When  aclok  is  set on the server, maximal access is
	       given to	all clients. For example, with aclok  set,  if	anyone
	       has  read permissions, then everyone does. If aclok is not set,
	       minimal access is given to all clients.


	   anon=uid

	       Set uid to be the  effective  user  ID  of  unknown  users.  By
	       default,	  unknown  users  are  given  the  effective  user  ID
	       UID_NOBODY. If uid is set to -1,	access is denied.


	   charset

	       All clients will	be assumed to be using the specified character
	       set (see	list in	following description) and file	and path names
	       will be converted to UTF-8 for the server.


	   charset=access_list

	       Where charset is	one of:	euc-cn,	euc-jp,	euc-jpms, euc-kr, euc-
	       tw,  iso8859-1,	iso8859-2,  iso8859-5,	iso8859-6,  iso8859-7,
	       iso8859-8, iso8859-9, iso8859-13, iso8859-15, koi8-r.

	       Clients that match the access_list for one of these  properties
	       will  be	 assumed  to  be using that character set and file and
	       path names will be converted to UTF-8 for the server.


	   index=file

	       Load file rather	than a listing	of  the	 directory  containing
	       this file when the directory is referenced by an	NFS URL.


	   log[=tag]

	       Enables	NFS  server logging for	the specified file system. The
	       optional	tag determines the location of the related log	files.
	       The tag is defined in /etc/nfs/nfslog.conf. If no tag is	speci-
	       fied, the default values	associated  with  the  global  tag  in
	       /etc/nfs/nfslog.conf  is	used. Support of NFS server logging is
	       only available for NFS Version 2	and Version 3 requests.


	   noaclfab

	       Allows NFS  servers  to	not  return  fabricated	 ACLs  to  NFS
	       clients.	 The  default behavior for NFS servers is to fabricate
	       ACLs. If	noaclfab is set, then the NFS server does  not	fabri-
	       cate  ACLs,  which  is the appropriate choice if	the underlying
	       filesystem does not support the POSIX Draft ACL.


	   none

	       Access is disallowed to all clients. The	ro or rw  options  can
	       override	none.


	   none=access_list

	       Access  is  not	allowed	 to any	client that matches the	access
	       list. The exception is when the access list is an asterisk (*),
	       in which	case ro	or rw can override none.


	   nosub

	       Prevents	 clients from mounting subdirectories of shared	direc-
	       tories. For example, if /export is shared with the nosub	option
	       on server fooey then a NFS client cannot	do:

		 mount -F nfs fooey:/export/home/mnt


	       NFS Version 4 does not use the MOUNT protocol. The nosub	option
	       only applies to NFS Version 2 and Version 3 requests.


	   nosuid

	       By default, clients are allowed to create files on  the	shared
	       file  system with the setuid or setgid mode enabled. Specifying
	       nosuid causes the server	file system  to	 silently  ignore  any
	       attempt to enable the setuid or setgid mode bits.


	   public

	       Moves  the  location of the public file handle from root	(/) to
	       the exported directory for WebNFS-enabled browsers and clients.
	       This  option  does  not enable WebNFS service. WebNFS is	always
	       on. Only	one file system	per server may use  this  option.  Any
	       other  option,  including the -ro=list and -rw=list options can
	       be included with	the public option.


	   ro

	       Share is	published with read-only access	to all clients.


	   ro=access_list

	       Share is	published with read-only access	to the clients	listed
	       in  access_list;	 overrides  the	 rw  suboption for the clients
	       specified. See access_list below.


	   root

	       Root users from all hosts have root access.


	   root=access_list

	       Only root users from the	hosts specified	 in  access_list  have
	       root  access.  See  access_list	below. By default, no host has
	       root access, so root users are mapped to	an anonymous  user  ID
	       (see  the  anon=uid  option  described above). Netgroups	can be
	       used if the file	system shared  is  using  UNIX	authentication
	       (AUTH_SYS).


	   root_mapping=uid

	       For  a  client that is allowed root access, map the root	UID to
	       the specified user id.


	   rw

	       Share is	published with read and	write access to	all clients.


	   rw=access_list

	       Share is	published with read and	write access  to  the  clients
	       listed  in  access_list;	 overrides  the	 ro  suboption for the
	       clients specified. See access_list below.


	   sec=mode[:mode]...

	       Publishes a share by using one or more of the  specified	 secu-
	       rity modes. The mode in the sec=mode option must	be a node name
	       supported on the	client.	If the sec= option is  not  specified,
	       the  default  security  mode  used  is  AUTH_SYS. Multiple sec=
	       options can be specified	on the	command	 line,	although  each
	       mode  can  appear  only once. The security modes	are defined in
	       nfssec(5).

	       Each sec= option	specifies modes	that apply to  any  subsequent
	       window=,	 rw,  ro, rw=, ro= and root= options that are provided
	       before another sec=option.  Each	 additional  sec=  resets  the
	       security	 mode  context,	so that	more window=, rw, ro, rw=, ro=
	       and root= options can be	supplied for additional	modes.


	   sec=none

	       If the option  sec=none	is  specified  when  the  client  uses
	       AUTH_NONE,  or  if  the client uses a security mode that	is not
	       one that	the file system	is shared with,	then the credential of
	       each  NFS  request  is  treated	as  unauthenticated.  See  the
	       anon=uid	 option	 for  a	 description  of  how  unauthenticated
	       requests	are handled.


	   secure

	       This option has been deprecated in favor	of the sec=dh option.


	   window=value

	       When  a	share  is  published with sec=dh, set the maximum life
	       time (in	seconds) of  the  RPC  request's  credential  (in  the
	       authentication header) that the NFS server allows. If a creden-
	       tial arrives with a life	time larger than what is allowed,  the
	       NFS server rejects the request. The default value is 30000 sec-
	       onds (8.3 hours).



       -d description

	   Provide a comment that describes the	file system to be shared.


       -A

	   Display all defined shares.


   access_list
       The access_list argument	is either the  string  "*"  to	represent  all
       hosts  or  a colon-separated list whose components may be any number of
       the following:

       hostname

	   The name of a host. With a server configured	for DNS	or LDAP	naming
	   in  the nsswitch hosts entry, any hostname must be represented as a
	   fully qualified DNS or LDAP name. The hostname  specified  must  be
	   the	canonical  name	 for  this  host  and  must match the hostname
	   returned on the reverse lookup of the incoming IP  address  of  the
	   NFS client.


       netgroup

	   A netgroup contains a number	of hostnames. With a server configured
	   for DNS or LDAP naming in the nsswitch hosts	entry, any hostname in
	   a  netgroup	must  be  represented as a fully qualified DNS or LDAP
	   name.


       domain name suffix

	   To use domain membership the	server must use	DNS or LDAP to resolve
	   hostnames  to  IP  addresses;  that	is,  the  hosts	 entry	in the
	   /etc/nsswitch.conf must specify dns or ldap	ahead  of  nis,	 since
	   only	 DNS  and  LDAP	return the full	domain name of the host. Other
	   name	services like NIS cannot be used to resolve hostnames  on  the
	   server because when mapping an IP address to	a hostname they	do not
	   return domain information. For example,

	     NIS   172.16.45.9 --> "myhost"


	   and:

	     DNS or LDAP   172.16.45.9 -->
		  "myhost.mydomain.mycompany.com"


	   The domain name suffix is distinguished  from  hostnames  and  net-
	   groups by a prefixed	dot. For example,

	   rw=.mydomain.mycompany.com

	   A  single  dot  can be used to match	a hostname with	no suffix. For
	   example,

	   rw=.

	   matches mydomain but	not mydomain.mycompany.com. This  feature  can
	   be  used  to	 match	hosts resolved through NIS rather than DNS and
	   LDAP.


       network

	   The network or subnet component is preceded by an at-sign  (@).  It
	   can	be a name, an IPv4 or IPv6 address. If a name, it is converted
	   to an address by getnetbyname(3C). For example,

	   =@mynet

	   would be equivalent to:

	   [email protected] or [email protected]

	   For an IPv4 address,	the network prefix  assumes  an	 octet-aligned
	   netmask  determined	from the zeroth	octet in the low-order part of
	   the address up to and including the high-order octet, if  you  want
	   to  specify a single	IP address (see	below).	In the case where net-
	   work	prefixes are not byte-aligned, the syntax allows a mask	length
	   to  be  specified  explicitly  following a slash (/)	delimiter. For
	   example,

	   =@theothernet/17 or [email protected]/22

	   ...where the	mask is	the number of left most	contiguous significant
	   bits	in the corresponding IP	address.

	   For	an  IPv6  address,  the	 address must be enclosed in a pair of
	   square brackets. Otherwise, the first occurrence of an  IPv6	 colon
	   would  be  interpreted as the separator between the addresses. Net-
	   work	mask length is specified  explicitly  following	 a  slash  (/)
	   delimiter. For example,

	     =@[fe80::/10]


	   ...where the	mask is	the number of left most	contiguous significant
	   bits	in the corresponding IP	network	address.

	   When	specifying individual IP addresses, use	the  same  @  notation
	   described above, without a netmask specification. For example:

	     [email protected]


	   Multiple,  individual IP addresses would be specified, for example,
	   as:

	     [email protected]:@[fe80::209:3dff:fe00:c074]





       A  prefixed  minus  sign	 (-)  denies  access  to  that	component   of
       access_list.  The  list is searched sequentially	until a	match is found
       that either grants or denies access, or until the end of	 the  list  is
       reached.	 For  example,	if  host terra is in the engineering netgroup,
       then

	 rw=-terra:engineering




       denies access to	terra but

	 rw=engineering:-terra




       grants access to	terra.

OPERANDS
       The following operands are supported:

       pathname

	   The pathname	of the file system to be shared.


EXAMPLES
       Example 1 Define	and Publish an NFS Share


       The following example shows how to use  the  legacy  share  command  to
       define and publish the /export/manuals file system share.


	 # share -F NFS	/export/manuals




       The  following  example shows how to use	the zfs	set command to share a
       ZFS file	system.


	 # zfs set share.nfs=on	tank/data




       The following example shows how to create a named NFS share,  tank/pub-
       lic%pubshare, with the share.nfs.public option rather than setting this
       option on the ZFS file system, tank/public, because  this  property  is
       not inheritable.


	 # zfs create -o mountpoint=/pub tank/public
	 # zfs share -o	share.nfs=on -o	share.nfs.public=on tank/public%pubshare



EXIT STATUS
       The following exit values are returned:

       0

	   Successful completion.


       >0

	   An error occurred.


FILES
       /etc/dfs/fstypes

	   list	of system types, NFS by	default


       /etc/dfs/sharetab

	   system record of shared file	systems


       /etc/nfs/nfslogtab

	   system record of logged file	systems


       /etc/nfs/nfslog.conf

	   logging configuration file


ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:




       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |service/file-system/nfs	   |
       +-----------------------------+-----------------------------+

SEE ALSO
       mount(1M),  mountd(1M),	nfsd(1M), nfslogd(1M), share(1M), unshare(1M),
       zfs_share(1M),  getnetbyname(3SOCKET),	nfslog.conf(4),	  netgroup(4),
       attributes(5), nfssec(5)

NOTES
       Creating	 and  publishing an NFS	share with the share command is	perma-
       nent until the share is unshared. Publishing NFS	shares is  managed  by
       the following SMF service:

	 $ svcs	| grep share
	 online		Mar_07	 svc:/network/shares:default




       If the file system being	shared is a symbolic link to a valid pathname,
       the canonical path (the path  which  the	 symbolic  link	 follows)  are
       shared.	For  example, if /export/foo is	a symbolic link	to /export/bar
       (/export/foo -> /export/bar), the following share  command  results  in
       /export/bar as the shared pathname (and not /export/foo).

	 # share -F nfs	/export/foo




       An NFS mount of server:/export/foo results in server:/export/bar	really
       being mounted.


       The mountd(1M) process allows the processing of a path  name  the  con-
       tains a symbolic	link. This allows the processing of paths that are not
       themselves explicitly shared with share_nfs. For	 example,  /export/foo
       might  be  a  symbolic  link  that refers to /export/bar	which has been
       specifically shared. When the client mounts /export/foo the mountd pro-
       cessing	follows	 the  symbolic link and	responds with the /export/bar.
       The NFS Version 4 protocol does not use the mountd processing  and  the
       client's	use of /export/foo does	not work as it does with NFS Version 2
       and Version 3 and the client receives an	error when attempting to mount
       /export/foo.



SunOS 5.11			  2 Jan	2014			 share_nfs(1M)
solaris manpages 2041
Log in to reply
 

© Lightnetics 2024