share_nfs(1M)share_nfs(1M)NAME
share_nfs: share - make local NFS file systems available for mounting
by remote systems
SYNOPSIS
description] specific_options] pathname
DESCRIPTION
The utility makes local file systems available for mounting by remote
systems.
If no argument is specified, then displays all file systems currently
shared, including NFS file systems and file systems shared through
other distributed file system packages.
Options
The following options are supported:
Provide a comment that describes the
file system to be shared.
Share NFS file system type.
Specify
specific_options in a comma-separated list of keywords and
attribute-value-assertions for interpretation by the file-sys‐
tem-type-specific command. If specific_options is not speci‐
fied, then by default sharing will be read-write to all clients.
specific_options can be any combination of the following:
All NFS Protocol Version 2 mounts will be asynchronous.
This option is ignored for NFS PV3. Specifying
increases write performance on the NFS server by
causing asynchronous writes on the NFS server. The
option can be specified anywhere on the command
line after directory. Before using this option,
refer to section below.
Set uid to be the effective user of unknown users. By
default, unknown users are given the effective user
If uid is set to access is denied.
Force the file system identification portion of the file
handle to be num instead of a number derived from
the major and minor number of the block device on
which the file system is mounted. A value between
1 and 32767 may be used, but it must be unique
among the shared file systems.
This option is useful for NFS failover to ensure
that both servers of the failover pair use the same
NFS file handles for the shared file systems. This
avoids stale file handles if a failover occurs.
Load file rather than a listing of the directory con‐
taining this file when the directory is referenced
by an NFS URL.
Enables NFS server logging for the specified file system. The
optional tag determines the location of the related
log files. The tag is defined in If no tag is
specified, the default values associated with the
"global" tag in will be used.
Prevents clients from mounting subdirectories of shared
directories. For example, if is shared with the
option on server then a NFS client will not be able
to do:
By default, clients are allowed to create files on the shared
file system with the or mode enabled. Specifying
causes the server file system to silently ignore
any attempt to enable the or mode bits.
Moves the location of the public file handle from to the
exported directory for Web NFS-enabled browsers and
clients. This option does not enable Web NFS ser‐
vice; Web NFS is always on. Only one file system
per server may use this option. All other options,
including the , and options may be included with
the option.
Refer the client accessing the specified shared file system to
an
alternative location on the provided host.
Sharing will be read-only to all clients.
Sharing will be read-only to the clients listed in
access_list; overrides the suboption for the
clients specified. See access_list below.
Only root users from the hosts specified in
access_list will have root access. See access_list
below. By default, no host has root access, so
root users are mapped to an anonymous user (see the
option described above). Netgroups can be used if
the file system shared is using UNIX authentication
Sharing will be read-write to all clients. This is the default
behavior.
Sharing will be read-mostly to clients in
access_list. Read-mostly means read-write to those
clients specified and read-only for all other sys‐
tems. If option is provided, sharing will be read-
write to the clients listed in access_list; over‐
rides the suboption for the clients specified. See
access_list below.
Sharing will use one or more of the specified security modes.
The mode in the option must be a mode name sup‐
ported on the client. If the option is not speci‐
fied, the default security mode used is Multiple
options can be specified on the command line,
although each mode can appear only once. The secu‐
rity modes are defined in nfssec(5).
Each option specifies modes that apply to any sub‐
sequent and options that are provided before
another Each additional resets the security mode
context, so that more and options can be supplied
for additional modes.
If the option
is specified when the client uses or if the client
uses a security mode that is not one that the file
system is shared with, then the credential of each
NFS request is treated as unauthenticated. See the
option for a description of how unauthenticated
requests are handled.
When sharing with
set the maximum life time (in seconds) of the RPC
request's credential (in the authentication header)
that the NFS server will allow. If a credential
arrives with a life time larger than what is
allowed, the NFS server will reject the request.
The default value is 30000 seconds (8.3 hours).
Operands
The following operands are supported:
pathname The pathname of the file system to be shared.
The access_list Argument
The access_list argument is used in many of the options described
above. The access_list is a colon-separated list whose components may
be any number of the following.
hostname
The name of a host. With a server configured for DNS or LDAP
naming in the "hosts" entry, any hostname must be represented as
a fully qualified DNS or LDAP name.
netgroup
A netgroup contains a number of hostnames. With a server con‐
figured for DNS or LDAP naming in the "hosts" entry, any host‐
name in a netgroup must be represented as a fully qualified DNS
or LDAP name.
domain name suffix
To use domain membership, the server must use DNS or LDAP to
resolve hostnames to IP addresses; that is, the "hosts" entry in
the must specify or ahead of since only DNS and LDAP return the
full domain name of the host. Other name services like NIS can‐
not be used to resolve hostnames on the server, because when
mapping an IP address to a hostname they do not return domain
information. For example,
NIS 129.144.45.9 --> "myhost"
DNS or LDAP 129.144.45.9 --> "myhost.mydomain.mycompany.com"
The domain name suffix is distinguished from hostnames and net‐
groups by a prefixed dot. For example,
A single dot can be used to match a hostname with no suffix.
For example,
will match "mydomain" but not "mydomain.mycompany.com". This
feature can be used to match hosts resolved through NIS rather
than DNS and LDAP.
network
The network or subnet component is preceded by an at-sign It can
be either a name or a dotted address. If a name, it will be
converted to a dotted address by For example, would be equiva‐
lent to:
The network prefix assumes an octet aligned netmask determined
from the zero octets in the low-order part of the address. In
the case where network prefixes are not byte-aligned, the syntax
will allow a mask length to be specified explicitly following a
slash delimiter. For example,
where the mask is the number of leftmost contiguous significant
bits in the corresponding IP address.
A prefixed minus sign denies access to that component of
access_list. The list is searched sequentially until a match is
found that either grants or denies access, or until the end of
the list is reached.
WARNINGS
File system sharing used to be called exporting on HP-UX, and the com‐
mand was used. With the new share NFS model, the command replaces This
command is available on HP-UX 11.31 and later releases.
To support compatibility with scripts run on systems with older ver‐
sions of HP-UX that do not have support for the command and instead use
will not fail when the option is used, as long as it is used in the
same way as with However, attempts to use the option with new options,
(for example, may result in the option being rejected. It is highly
recommended not to use the option with the command. Instead, use the
and options to achieve the desired access restrictions. support of the
option will be removed in a future release of HP-UX.
If commands are invoked multiple times on the same file system, the
last invocation supersedes any previous invocations and the options set
by the last command replace the old options. For example, if read-only
permission was previously given to on the following command could be
used to also give read-only permission to
This behavior is not limited to sharing the root file system, but
applies to all file systems.
EXAMPLES
The following example shows the file system shared with logging
enabled:
The default global logging parameters are used since no tag identifier
is specified. The location of the log file, as well as the necessary
logging work files, is specified by the global entry in
APPLICATION USAGE
If the option is used, an unreported data loss may occur on a write and
if the NFS server experiences a failure after the write reply has been
sent to the client. Specifically, blocks which have been queued for
the server's disk, but have not yet been written to the disk be lost.
You cannot export either a parent directory or a subdirectory of an
exported directory that resides It is not allowed, for instance, to
export both and if both directories reside on the same disk partition.
If the option is presented at least once, all uses of the and options
must come the first option. If the option is not presented, then is
implied.
If one or more explicit options are presented, sys must appear in one
of the options mode lists for accessing using the security mode to be
allowed. For example:
will grant read-write access to any host using but
will grant no access to clients that use
Access checking for the and options is done per NFS request, instead of
per mount request.
Combining multiple security modes can be a security hole in situations
where the and options are used to control access to weaker security
modes. In this example,
an intruder can forge the IP address for (albeit on each NFS request)
to side-step the stronger controls of Something like:
is safer, because any client (intruder or legitimate) that avoids will
only get read-only access. In general, multiple security modes per
command should only be used in situations where the clients using more
secure modes get stronger access than clients using less secure modes.
If and options are specified in the same clause, and a client is in
both lists, the order of the two options determines the access the
client gets. If client is in two netgroups - and in this example, the
client would get read-only access:
In this example would get read-write access:
If within a clause, both the and options are specified, for compatibil‐
ity, the order of the options rule is not enforced. All hosts would
get read-only access, with the exception to those in the read-write
list. Likewise, if the and options are specified, all hosts get read-
write access with the exceptions of those in the read-only list.
The and options are guaranteed to work over UDP and TCP but may not
work over other transport providers.
The option with is guaranteed to work over UDP and TCP but may not work
over other transport providers.
The option with is guaranteed to work over any transport provider.
There are no interactions between the option and the and options.
Putting a host in the list does not override the semantics of the other
options. The access the host gets is the same as when the options is
absent. For example, the following command will deny access to
The following will give read-only permissions to
The following will give read-write permissions to
If the file system being shared is a symbolic link to a valid pathname,
the canonical path (the path which the symbolic link follows) will be
shared. For example, if is a symbolic link to the following command
will result in as the shared pathname (and not
Note that an NFS mount of will result in really being mounted.
This line in the file will share the file system read-only at boot
time:
Note that the same command entered from the command line will not share
the file system unless there is at least one file system entry in the
file.
EXIT STATUS
The following exit values are returned:
Successful completion.
An error occurred.
FILES
list of distributed file system types, NFS by default
system record of shared file systems
system record of logged file systems
logging configuration file
AUTHOR
was developed by Sun Microsystems, Inc.
SEE ALSOmount(1M), mountd(1M), nfsd(1M), nfslogd(1M), share(1M), unshare(1M),
getnetbyname(3N), fstypes(4), netgroup(4), nfslog.conf(4), sharetab(4),
nfssec(5).
share_nfs(1M)
