Home > 7-mode Manual Pages > exportfs

exportfs

Table of Contents

NAME

exportfs – exports or unexports a file system path, making it available or unavailable, respectively, for mounting by NFS clients.

SYNOPSIS

exportfs

exportfs [ -v ] [ -io options ] path

exportfs -a [ -v ]

exportfs -b [ -v ] enable | disable save | nosave allhosts | clientid[:clientid…] allpaths | path[:path…]

exportfs -c [ -v ] clientaddr path [ [ ro | rw | root ] [ sys | none | krb5 | krb5i | krb5p ] ]

exportfs -d [ -v ] [ 6.4 | 6.5 ]

exportfs -f [ -v ] [path]

exportfs -h | -r [ -v ]

exportfs -p [ -v ] [options] path

exportfs -q | -s | -w | -z [ -v ] path

exportfs -u [ -v ] path | -a

DESCRIPTION

Use the exportfs command to perform any of the following tasks:

* Export or unexport a file system path.

* Add an export entry to or remove an export entry from the /etc/exports file.

* Export or unexport all file system paths specified in the /etc/exports file.

* Enable or disable fencing of specific NFS clients from specific file system paths.

* Check whether an NFS client has a specific type of access to a file system path.

* Flush entries from the access cache.

* Revert the /etc/exports file to a format compatible with a previous Data ONTAP release.

* Display exported file system paths and export options.

* Display the actual file system path corresponding to an exported file system path.

* Save exported file system paths and their export options into a file.

OPTIONS

(none)
Displays all exported file system paths.

path
Exports a file system path without adding a corresponding export entry to the /etc/exports file. To override any export options specified for the file system path in the /etc/exports file, specify the -io options followed by a comma-delimited list of export options. For more information about export options, see exports . Note: To export a file system path and add a corresponding entry to the /etc/exports file, use the -p option instead.

-a
Exports all file system paths specified in the /etc/exports file. To export all file system paths specified in the /etc/exports file and unexport all file system paths not specified in the /etc/exports file, use the -r option instead. Note: Data ONTAP reexports a file system path only if its persistent export options (those specified in the /etc/exports file) are different from its current export options, thus ensuring that it does not expose NFS clients unnecessarily to a brief moment during a reexport in which a file system path is not available.

-b
Enables or disables fencing of specific NFS clients from specific file system paths, giving the NFS clients read-only or read-write access, respectively. To enable fencing, specify the enable option; to disable fencing, specify the disable option. To update the /etc/exports file, specify the save option; otherwise, specify the nosave option. To affect all NFS clients, specify the allhosts option; otherwise, specify a colon-delimited list of NFS client identifiers. To affect all exported file system paths, specify the allpaths option; otherwise, specify a colon-delimited list of file system paths. Data ONTAP drains all of the NFS requests in its queue before it enables or disables fencing, thereby ensuring that all file writes are atomic. Note: When you enable or disable fencing, Data ONTAP moves the NFS client to the front of its new access list (rw= or ro=). This reordering can change your original export rules.

-c
Checks whether an NFS client has a specific type of access to a file system path. You must specify the IP address of the NFS client (hostip) and the exported (not actual) file system path (path). To check whether the NFS client has read-only, read-write, or root access to the file system path, specify the ro, rw, or root option, respectively. If you do not specify an access type, Data ONTAP simply checks whether the NFS client can mount the file system path. If you specify an access type, you can also specify the NFS client’s security type: sys, none, krb5, krb5i, or krb5p. If you do not specify a security type, Data ONTAP assumes the NFS client’s security type is sys. Note: If Data ONTAP does not find an entry in the access cache corresponding to the file system path and (2) the NFS client’s IP address, access type, and security type, Data ONTAP determines the NFS client’s host name from its IP address (for example, it performs a reverse DNS lookup), (2) checks the NFS client’s host name, access type, and security type against the file system path’s export options, and (3) adds the result to the access cache as a new entry.

-d
Reverts the /etc/exports file to a format compatible with a previous Data ONTAP release. Specify the 6.4 option or 6.5 option to revert the /etc/exports file to a format compatible with the Data ONTAP 6.4 release or Data ONTAP 6.5 release, respectively. Before reverting the /etc/exports file, Data ONTAP backs it up under /etc/exports.pre.revert. Note: Always check the reverted /etc/exports file before accepting it. Reverting an /etc/exports file that uses features not supported in a previous Data ONTAP release can lead to unexpected results. For more information about reverting the /etc/exports file, see exports .

-f
Flushes entries from the access cache. To flush access cache entries corresponding to a specific file system path, specify the file system path; otherwise, to flush all access cache entries, do not specify a file system path. Note: To control when access cache entries expire automatically, set the nfs.export.harvest.timeout, nfs.export.neg.timeout, and nfs.export.pos.timeout options. For more information about these options, see options .

-h
Displays help for all exportfs options.

-i
Ignores the options specified for a file system path in the /etc/exports file. If you do not specify the -i option with the -o option, Data ONTAP uses the options specified for the file system path in the /etc/exports file instead of the options you specify on the command line.

-o
Specifies one or more export options for a file system path as a comma-delimited list. For more information about export options, see exports . Note: To override the options specified for the file system path in the /etc/exports file, you must specify the -i and -o options together.

-p
Exports a file system path and adds a corresponding export entry to the /etc/exports file. If you do not specify any export options, Data ONTAP automatically exports the file system path with the rw and -sec=sys export options. Use the -p option to add a file system path to the /etc/exports file without manually editing the /etc/exports file. Note: Data ONTAP exports the file system paths specified in the /etc/exports file every time NFS starts up (for example, when the filer reboots). For more information, see exports .

-q
Displays the export options for a file system path. Use the -q option to quickly view the export options for a single file system path without manually searching through the /etc/exports file. In addition to displaying the options, it also displays the ruleid for each "rule" in the export. This ruleid is used to display the in-memory and on-disk access cache for each "rule”. Rule is a set of host access permissions defined for a security flavor in an export and a ruleid uniquely identifies a rule for the duration when a filer is up. e.g.
   exportfs -q /vol/vol0    /vol/vol0  -sec=krb5, (ruleid=2), rw 
This means that the filesystem /vol/vol0 is exported via the rule "rw" and this rule has a ruleid of 2.
   exportfs -q /vol/vol1    /vol/vol1  -sec=sys, (ruleid=2), rw,            sec=krb5, (ruleid=10), ro=172.16.27.0/24, rw=172.16.36.0/24 
This means that the filesystem /vol/vol1 is exported via the rule "rw" (ruleid 2) to everyone who is coming with AUTH_SYS security and is also exported via the rule "ro=172.16.27.0/24, rw=172.16.36.0/24" (ruleid 10) to everyone coming in with Kerberos.

-r
Exports all file system paths specified in the /etc/exports file and unexports all file system paths not specified in the /etc/exports file. To export all file system paths specified in the /etc/exports file without unexporting any file system paths, use the -a option instead. Note: Data ONTAP reexports a file system path only if its persistent export options (those specified in the /etc/exports file) are different from its current export options, thus ensuring that it does not expose NFS clients unnecessarily to a brief moment during a reexport in which a file system path is not available.

-s
Displays the actual file system path corresponding to an exported file system path. Note: Unless a file system path is exported with the -actual option, its actual file system path is the same as its exported file system path.

-u
Unexports a file system path. To unexport a single file system path, specify the path; otherwise, to unexport all file system paths specified in the /etc/exports file, specify the -a option. Note: The -u option does not remove export entries from the /etc/exports file. To unexport a file system path and remove its export entry from the /etc/exports file, use the -z option instead.

-v
Specifies that Data ONTAP should be verbose. Use the -v option with any other option. For example, specify the -v option with the -a option to specify that Data ONTAP should display all file system paths that it exports.

-w
Saves exported file system paths and their export options into a file.

-z
Unexports a file system path and removes its export entry from the /etc/exports file. Use the -z option to remove a file system path from the /etc/exports file without manually editing the /etc/exports file. Note: By default entries are actually commented out and not removed from the /etc/exports file. To change the behaviour to actually remove entries switch off the nfs.export.exportfs_comment_on_delete option. For more information see options .

OPERANDS

clientaddr
An NFS client’s IP address.

clientid
One of the following NFS client identifiers: host name, IP address, netgroup, subnet, or domain name. For more information, see exports .

options
A comma-delimited list of export options. For more information, see exports .

path
A file system path: for example, a path to a volume, directory, or file.

EXTENDED DESCRIPTION

When you export a file system path, specify the -p option to add a corresponding entry to the /etc/exports file; otherwise, specify the -i and -o options to override any export options specified for the file system path in the /etc/exports file with the export options you specify on the command line.

When you specify the -b option (or the rw=, ro=, or root= export option), you must specify one or more NFS client identifiers as a colon-delimited list. An NFS client identifier is a host name, IP address, netgroup, subnet, or domain name. For more information about client identifiers, see exports .

Unlike UNIX systems, Data ONTAP lets you export a file system path even if one of its ancestors has been exported already. For example, you can export /vol/vol0/home even if /vol/vol0 has been exported already. However, you must never export an ancestor with fewer access controls than its children. Otherwise, NFS clients can mount the ancestor to circumvent the children’s access controls. For example, suppose you export /vol/vol0 to all NFS clients for read-write access (with the rw export option) and /vol/vol0/home to all NFS clients for read-only access (with the ro export option). If an NFS client mounts /vol/vol0/home, it has read-only access to /vol/vol0/home. But if an NFS client mounts /vol/vol0, it has read-write access to vol/vol0 and /vol/vol0/home. Thus, by mounting /vol/vol0, an NFS client can circumvent the security restrictions on /vol/vol0/home.

When an NFS client mounts a subpath of an exported file system path, Data ONTAP applies the export options of the exported file system path with the longest matching prefix. For example, suppose the only exported file system paths are /vol/vol0 and /vol/vol0/home. If an NFS client mounts /vol/vol0/home/user1, Data ONTAP applies the export options for /vol/vol0/home, not /vol/vol0, because /vol/vol0/home has the longest matching prefix.

Managing the access cache
Whenever an NFS client attempts to access an exported file system path, Data ONTAP checks the access cache for an entry corresponding to the file system path and (2) the NFS client’s IP address, access type, and security type. If an entry exists, Data ONTAP grants or denies access according to the value of the entry. If an entry does not exist, Data ONTAP grants or denies access according to the result of a comparison between the file system path’s export options and (2) the NFS client’s host name, access type, and security type. In this case, Data ONTAP looks up the client’s host name (for example, Data ONTAP performs a reverse DNS lookup) and adds a new entry to the access cache. To manually add access cache entries, use the -c option.

Note: The access cache associates an NFS client’s access rights with its IP address. Therefore, changes to an NFS client’s host name will not change its access rights until the access cache is flushed. Data ONTAP automatically flushes an access cache entry when its corresponding file system path is exported or unexported or (2) it expires. To control the expiration of access cache entries, set the nfs.export.harvest.timeout, nfs.export.neg.timeout, and nfs.export.pos.timeout options. For more information about these options, see options . To manually flush access cache entries, use the -f option.

Running exportfs on a vFiler unit
To run exportfs on a vFiler (TM) unit, use the vfiler run command. All paths you specify must belong to the vFiler unit. In addition, all IP addresses you specify must be in the vFiler unit’s ipspace. For more information, see vfiler .

Debugging mount and access problems
To debug mount and access problems, temporarily set the nfs.mountd.trace option to on and (2) monitor related messages that Data ONTAP displays and logs in the /etc/messages file. Some common access problems include:

* Data ONTAP cannot determine an NFS client’s host name because it does not have a reverse DNS entry for it. Add the NFS client’s host name to the DNS or the /etc/hosts file.

* The root volume is exported with a file system path consisting of a single forward slash (/), which misleads some automounters. Export the file system path using a different file system path name.

Exporting Origin Filer for FlexCache
Exporting a volume using the /etc/exports file does not affect whether the volume is available to a FlexCache volume; To enable a volume to be a FlexCache origin volume, use the the flexcache.access option.

EXAMPLES

Exporting file system paths
Each of the following commands exports /vol/vol0 to all hosts for read-write access:

  exportfs -p /vol/vol0   exportfs -io rw /vol/vol0 

Each of the following commands exports /vol/vol0 to all hosts for read-only access:

  exportfs -p ro /vol/vol0   exportfs -io ro /vol/vol0 

Each of the following commands exports /vol/vol0 to all hosts on the 10.45.67.0 subnet with the 255.255.255.0 netmask for read-write access:

  exportfs -io rw=10.45.67.0/24 /vol/vol0   exportfs -io rw=”network 10.45.67.0 netmask 255.255.255.0″ /vol/vol0   exportfs -io rw=”10.45.67.0 255.255.255.0″ /vol/vol0 

The following command exports /vol/vol0 to the hosts in the trusted netgroup for root access, the hosts in the friendly netgroup for read-write access, and all other hosts for read-only access:

  exportfs -io ro, root=@trusted, rw=@friendly /vol/vol0 

The following command exports all file system paths specified in the /etc/exports file:

  exportfs -a 

The following command exports all file system paths specified in the /etc/exports file and unexports all file system paths not specified in the /etc/exports file:

  exportfs -r 

Unexporting file system paths
The following command unexports /vol/vol0:

  exportfs -u /vol/vol0 

The following command unexports /vol/vol0 and removes its export entry from the /etc/exports file:

  exportfs -z /vol/vol0 

The following command unexports all file system paths:

  exportfs -ua 

Displaying exported file system paths
The following command displays all exported file system paths and their corresponding export options:

  exportfs 

The following command displays the export options for /vol/vol0:

  exportfs -q /vol/vol0 

Enabling and disabling fencing
Suppose /vol/vol0 is exported with the following export options:

  -rw=pig:horse:cat:dog, ro=duck, anon=0 

The following command enables fencing of cat from /vol/vol0:

  exportfs -b enable save cat /vol/vol0 

Note: cat moves to the front of the ro= list for /vol/vol0:

  -rw=pig:horse:dog, ro=cat:duck, anon=0 

The following command disables fencing of cat from /vol/vol0:

  exportfs -b disable save cat /vol/vol0 

Note: cat moves to the front of the rw= list for /vol/vol0:

  -rw=cat:pig:horse:dog, ro=duck, anon=0 

Checking an NFS client’s access rights
The following command checks whether an NFS client with an IP address of 192.168.208.51 and a security type of sys can mount /vol/vol0:

  exportfs -c 192.168.208.51 /vol/vol0 

The following command checks whether an NFS client with an IP address of 192.168.208.51 and a security type of none has read-only access to /vol/vol0:

  exportfs -c 192.168.208.51 /vol/vol0 ro none 

Flushing entries from the access cache
The following command flushes all entries from the access cache:

  exportfs -f 

The following command flushes all entries for /vol/vol0 from the access cache:

  exportfs -f /vol/vol0 

Reverting the /etc/exports file
The following command reverts the /etc/exports file to a format compatible with the Data ONTAP 6.5 release:

  exportfs -d 6.5 

Note: Before reverting the /etc/exports file, Data ONTAP backs it up under /etc/exports.pre.revert.

Displaying an actual file system path
The following example displays the actual file system path corresponding to /vol/vol0:

  exportfs -s /vol/vol0 

Note: The actual file system path will be the same as the exported file system path unless the file system path was exported with the -actual option.

Saving file system paths
The following example saves the file system paths and export options for all currently and recently exported file paths into /etc/exports.recent:

  exportfs -w /etc/exports.recent 

SEE ALSO

ipspace , options , vfiler , exports , hosts , netgroup , passwd


Table of Contents

Copyright © 1994-2008 NetApp, Inc. Legal Information

7-mode Manual Pages , , , ,



This site is not affiliated or sponsored in anyway by NetApp or any other company mentioned within.
%d bloggers like this: