NFS version 4 for Linux /etc/exports file format
NFS version 4 for Linux /etc/exports file format
Every entry in the /etc/exports file looks like this.
export path ([pseudo=pseudo path)[,ro][,rw][,sec=option[:option;]]
-
Export path - is the path to the actual directory that you will be
exporting.
-
Pseudo path - is the path of the pseudo system. This is the file
system that the client will see. You can make any hierarchal virtual file system you
want with these pseudo directories. The last directory is the mount point
where the exported directory will be mounted. If a pseudo path is not provided
here, by default the export path will be used.
-
ro - is to make the exported directory read-only. This is the default, and is optional.
rw - is to make the exported directory writeable. This is optional.
-
sec= - is the security options that will be negotiated by the client and
the server. If you want to have multiple options to negotiate put a :
in between the options. List all the security options that you would want
to use.
Here's a list of valid security options:
Note: currently, only krb5 is implemented.
-
none (AUTH_NONE RPC security)
-
sys (AUTH_SYS, default uid/gid lists)
-
dh (AUTH_DES, old diffe-hellman encryption)
-
krb5 (RPCSEC_GSS Kerberos 5 authentication)
-
krb5i (RPCSEC_GSS Kerberos 5 integrity)
-
krb5p (RPCSEC_GSS Kerberos 5 protection)
-
spkm3 (SPKM authentication)
-
spkm3i (SPKM integrity)
-
spkm3p (SPKM protection)
-
lkey (LIPKEY authentication)
-
lkeyi (LIPKEY integrity)
-
lkeyp (LIPKEY protection)
# - Comments out the rest of the line
Example of an /etc/exports file.
/export (pseudo=/foo,rw)
/usr/local (pseudo=/goo/dir1,ro)
/usr/share (pseudo=/goo/dir2,sec=dh:lkeyi)
/usr/man (pseudo=/goo/dir3,rw,sec=sys)
/usr/doc (pseudo=/goo/dir4,rw,sec=sys:krb5:krb5i:spkm3)
# a commment
The first line exports the /export directory with full access onto a
pseudo /foo directory.
The second line will export /usr/local by putting it onto the
pseudo /goo/dir1 and make it read only.
The third line has /usr/share exported on /goo/dir2 (also read-only) with the
security options dh or lkeyi.
The fourth entry exports /usr/man with the sys security option.
The last entry is /usr/doc with one of the security options sys,
krb5, krb5i, or spkm3.