share_nfs(1m) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

share_nfs

Name
     share_nfs - make NFS shares available for mounting by remote
     systems

Synopsis
     share -F nfs [-a [-o specific_options] [-d description]
          pathname [sharename] | [-A]]


     zfs set share.nfs=on | off filesystem|share


     zfs share -o share.nfs=on | off specific_options
          filesystem|filesystem%share

Description
     The share utility defines and publishes a NFS  share,  which
     makes  a  local file system available for mounting by remote
     systems. It starts the nfsd(1M) and  mountd(1M)  daemons  if
     they are not already running.


     You can use the share command to create and  publish  a  ZFS
     file  system  share,  but this is considered a legacy opera-
     tion.  See  zfs(1M)  for  information  about   setting   the
     share.nfs  property or using the zfs share command to create
     and publish NFS shares.

Options
     The following options are supported:

     -F nfs
         Specify the NFS file sharing protocol.


     -a
         Publish all defined shares.


     -o specific_options
         Specify specific_options in a  comma-separated  list  of
         keywords  and attribute-value-assertions for interpreta-
         tion by the NFS protocol. By default, a  share  is  pub-
         lished  with  read-write access to all clients, unless a
         specific   option   overrides   the   default    access.
         specific_options  can  be any combination of the follow-
         ing:
         aclok
             Allows the NFS server to do access control  for  NFS
             Version  2 clients. When aclok is set on the server,
             maximal access is given to all clients. For example,
             with aclok set, if anyone has read permissions, then
             everyone does. If aclok is not set,  minimal  access
             is given to all clients.


         anon=uid
             Set uid to be  the  effective  user  ID  of  unknown
             users.  By  default,  unknown  users  are  given the
             effective user ID UID_NOBODY. If uid is set  to  -1,
             access is denied.


         charset
             All clients will be assumed to be using  the  speci-
             fied  character  set (see list in following descrip-
             tion) and file and path names will be  converted  to
             UTF-8 for the server.


         charset=access_list
             Where charset is one of: euc-cn,  euc-jp,  euc-jpms,
             euc-kr,  euc-tw,  iso8859-1,  iso8859-2,  iso8859-5,
             iso8859-6,    iso8859-7,    iso8859-8,    iso8859-9,
             iso8859-13, iso8859-15, koi8-r.

             Clients that match the access_list for one of  these
             properties  will be assumed to be using that charac-
             ter set and file and path names will be converted to
             UTF-8 for the server.


         index=file
             Load file rather than a  listing  of  the  directory
             containing  this  file  when the directory is refer-
             enced by an NFS URL.


         log[=tag]
             Enables NFS server logging for  the  specified  file
             system.  The optional tag determines the location of
             the  related  log  files.  The  tag  is  defined  in
             /etc/nfs/nfslog.conf.  If  no  tag is specified, the
             default values associated with  the  global  tag  in
             /etc/nfs/nfslog.conf  is used. Support of NFS server
             logging is only available  for  NFS  Version  2  and

             Version 3 requests.


         noaclfab
             Allows NFS servers to not return fabricated ACLs  to
             NFS clients. The default behavior for NFS servers is
             to fabricate ACLs. If noaclfab is set, then the  NFS
             server   does  not  fabricate  ACLs,  which  is  the
             appropriate choice if the underlying filesystem does
             not support the POSIX Draft ACL.


         none
             Access is disallowed to all clients. The  ro  or  rw
             options can override none.


         none=access_list
             Access is not allowed to any client that matches the
             access  list.  The exception is when the access list
             is an asterisk (*), in which case ro or rw can over-
             ride none.


         nosub
             Prevents clients  from  mounting  subdirectories  of
             shared  directories.  For  example,  if  /export  is
             shared with the nosub option on server fooey then  a
             NFS client cannot do:

               mount -F nfs fooey:/export/home/mnt


             NFS Version 4 does not use the MOUNT  protocol.  The
             nosub  option only applies to NFS Version 2 and Ver-
             sion 3 requests.


         nosuid
             By default, clients are allowed to create  files  on
             the  shared  file  system  with the setuid or setgid
             mode enabled. Specifying nosuid  causes  the  server
             file system to silently ignore any attempt to enable
             the setuid or setgid mode bits.


         public
             Moves the location of the public  file  handle  from
             root  (/)  to  the  exported  directory  for WebNFS-
             enabled browsers and clients. This option  does  not
             enable WebNFS service. WebNFS is always on. Only one
             file system per server  may  use  this  option.  Any
             other  option,  including  the -ro=list and -rw=list
             options can be included with the public option.


         ro
             Share is published  with  read-only  access  to  all
             clients.


         ro=access_list
             Share is published  with  read-only  access  to  the
             clients  listed  in  access_list;  overrides  the rw
             suboption for the clients specified. See access_list
             below.


         root
             Root users from all hosts have root access.


         root=access_list
             Only  root  users  from  the  hosts   specified   in
             access_list have root access. See access_list below.
             By default, no host has root access, so  root  users
             are mapped to an anonymous user ID (see the anon=uid
             option described above). Netgroups can  be  used  if
             the  file system shared is using UNIX authentication
             (AUTH_SYS).


         root_mapping=uid
             For a client that is allowed root  access,  map  the
             root UID to the specified user id.


         rw
             Share is published with read and write access to all
             clients.


         rw=access_list
             Share is published with read and write access to the
             clients  listed  in  access_list;  overrides  the ro
             suboption for the clients specified. See access_list
             below.

         sec=mode[:mode]...
             Publishes a share by using one or more of the speci-
             fied security modes. The mode in the sec=mode option
             must be a node name supported on the client. If  the
             sec=  option  is not specified, the default security
             mode used is AUTH_SYS. Multiple sec= options can  be
             specified  on  the  command line, although each mode
             can appear only once. The security modes are defined
             in nfssec(5).

             Each sec= option specifies modes that apply  to  any
             subsequent  window=,  rw,  ro,  rw=,  ro=  and root=
             options that are provided before another sec=option.
             Each  additional  sec= resets the security mode con-
             text, so that more window=, rw,  ro,  rw=,  ro=  and
             root= options can be supplied for additional modes.


         sec=none
             If the option sec=none is specified when the  client
             uses  AUTH_NONE,  or  if  the client uses a security
             mode that is not one that the file system is  shared
             with,  then  the  credential  of each NFS request is
             treated as unauthenticated. See the anon=uid  option
             for  a  description  of how unauthenticated requests
             are handled.


         secure
             This option has been  deprecated  in  favor  of  the
             sec=dh option.


         window=value
             When a share is published with sec=dh, set the  max-
             imum  life  time  (in  seconds) of the RPC request's
             credential (in the authentication header)  that  the
             NFS  server  allows.  If a credential arrives with a
             life time larger  than  what  is  allowed,  the  NFS
             server  rejects  the  request.  The default value is
             30000 seconds (8.3 hours).



     -d description
         Provide a comment that describes the file system  to  be
         shared.

     -A
         Display all defined shares.


  access_list
     The  access_list  argument  is  either  the  string  "*"  to
     represent  all  hosts  or  a colon-separated list whose com-
     ponents may be any number of the following:

     hostname
         The name of a host. With a server configured for DNS  or
         LDAP  naming  in  the nsswitch hosts entry, any hostname
         must be represented as a fully  qualified  DNS  or  LDAP
         name.  The hostname specified must be the canonical name
         for this host and must match the  hostname  returned  on
         the reverse lookup of the incoming IP address of the NFS
         client.


     netgroup
         A netgroup contains a number of hostnames. With a server
         configured  for DNS or LDAP naming in the nsswitch hosts
         entry, any hostname in a netgroup must be represented as
         a fully qualified DNS or LDAP name.


     domain name suffix
         To use domain membership the server must use DNS or LDAP
         to resolve hostnames to IP addresses; that is, the hosts
         entry in the /etc/nsswitch.conf must specify dns or ldap
         ahead  of  nis,  since only DNS and LDAP return the full
         domain name of the host. Other name  services  like  NIS
         cannot  be  used  to  resolve  hostnames  on  the server
         because when mapping an IP address to a hostname they do
         not return domain information. For example,

           NIS   172.16.45.9 --> "myhost"


         and:

           DNS or LDAP   172.16.45.9 -->
                "myhost.mydomain.mycompany.com"


         The domain name suffix is distinguished  from  hostnames
         and netgroups by a prefixed dot. For example,

         rw=.mydomain.mycompany.com

         A single dot can be used to match  a  hostname  with  no
         suffix. For example,

         rw=.

         matches mydomain but  not  mydomain.mycompany.com.  This
         feature  can be used to match hosts resolved through NIS
         rather than DNS and LDAP.


     network
         The network or subnet component is preceded  by  an  at-
         sign  (@). It can be a name, an IPv4 or IPv6 address. If
         a   name,   it   is   converted   to   an   address   by
         getnetbyname(3C). For example,

         =@mynet

         would be equivalent to:

         =@172.16 or =@172.16.0.0

         For an IPv4  address,  the  network  prefix  assumes  an
         octet-aligned  netmask  determined from the zeroth octet
         in the low-order part of the address up to and including
         the high-order octet, if you want to specify a single IP
         address (see below). In the case where network  prefixes
         are not byte-aligned, the syntax allows a mask length to
         be specified explicitly following a slash (/) delimiter.
         For example,

         =@theothernet/17 or =@172.16.132/22

         ...where the mask is the number of left most  contiguous
         significant bits in the corresponding IP address.

         For an IPv6 address, the address must be enclosed  in  a
         pair of square brackets. Otherwise, the first occurrence
         of an IPv6 colon would be interpreted as  the  separator
         between  the addresses. Network mask length is specified
         explicitly following a slash (/) delimiter. For example,

           =@[fe80::/10]


         ...where the mask is the number of left most  contiguous
         significant   bits   in  the  corresponding  IP  network
         address.

         When specifying individual IP addresses, use the same  @
         notation  described  above, without a netmask specifica-
         tion. For example:

           =@172.16.132.14


         Multiple, individual IP addresses  would  be  specified,
         for example, as:

           root=@172.16.132.20:@[fe80::209:3dff:fe00:c074]





     A prefixed minus sign (-) denies access to that component of
     access_list. The list is searched sequentially until a match
     is found that either grants or denies access, or  until  the
     end of the list is reached. For example, if host terra is in
     the engineering netgroup, then

       rw=-terra:engineering




     denies access to terra but

       rw=engineering:-terra




     grants access to terra.

Operands
     The following operands are supported:

     pathname
         The pathname of the file system to be shared.

Examples
     Example 1 Define and Publish an NFS Share


     The following example shows how to use the legacy share com-
     mand  to  define and publish the /export/manuals file system
     share.


       # share -F NFS /export/manuals

     The following example shows how to use the zfs  set  command
     to share a ZFS file system.


       # zfs set share.nfs=on tank/data




     The following example shows how to create a named NFS share,
     tank/public%pubshare,   with   the  share.nfs.public  option
     rather than setting this option  on  the  ZFS  file  system,
     tank/public, because this property is not inheritable.


       # zfs create -o mountpoint=/pub tank/public
       # zfs share -o share.nfs=on -o share.nfs.public=on tank/public%pubshare

Exit Status
     The following exit values are returned:

     0
         Successful completion.


     >0
         An error occurred.

Files
     /etc/dfs/fstypes
         list of system types, NFS by default


     /etc/dfs/sharetab
         system record of shared file systems


     /etc/nfs/nfslogtab
         system record of logged file systems


     /etc/nfs/nfslog.conf
         logging configuration file

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE   TYPEATTRIBUTE   VALUE   _   Availabilityservice/file-
     system/nfs

See Also
     mount(1M),  mountd(1M),  nfsd(1M),  nfslogd(1M),  share(1M),
     unshare(1M),      zfs_share(1M),      getnetbyname(3SOCKET),
     nfslog.conf(4), netgroup(4), attributes(5), nfssec(5)

Notes
     Creating and publishing an NFS share with the share  command
     is  permanent  until  the  share is unshared. Publishing NFS
     shares is managed by the following SMF service:

       $ svcs | grep share
       online         Mar_07   svc:/network/shares:default




     If the file system being shared is  a  symbolic  link  to  a
     valid  pathname, the canonical path (the path which the sym-
     bolic link follows) are shared. For example, if  /export/foo
     is   a   symbolic   link   to  /export/bar  (/export/foo  ->
     /export/bar),  the  following  share  command   results   in
     /export/bar as the shared pathname (and not /export/foo).

       # share -F nfs /export/foo




     An   NFS   mount   of    server:/export/foo    results    in
     server:/export/bar really being mounted.


     The mountd(1M) process allows the processing of a path  name
     the  contains a symbolic link. This allows the processing of
     paths  that  are  not  themselves  explicitly  shared   with
     share_nfs. For example, /export/foo might be a symbolic link
     that refers  to  /export/bar  which  has  been  specifically
     shared.  When  the client mounts /export/foo the mountd pro-
     cessing follows the symbolic  link  and  responds  with  the
     /export/bar.  The  NFS  Version  4 protocol does not use the
     mountd processing and the client's use of  /export/foo  does
     not work as it does with NFS Version 2 and Version 3 and the
     client  receives  an  error   when   attempting   to   mount
     /export/foo.
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 1.0 CSS3