NAME share_nfs: share - make local NFS file systems available for mounting by remote systems SYNOPSIS

/sbin/fs/nfs/share [-d description ] [-F nfs] [-o specific_options ] pathname
DESCRIPTION The share utility makes local file systems available for mounting by remote systems. If no argument is specified, then share displays all file systems currently shared, including NFS file systems and file systems shared through other distributed file system packages. Options The following options are supported:

-d description
Provide a comment that describes the file system to be shared.

-F nfs
Share NFS file system type.

-o specific_options
Specify specific_options in a comma-separated list of keywords and attribute-value-assertions for interpretation by the file-system-type-specific command. If specific_options is not specified, then by default sharing will be read-write to all clients. specific_options can be any combination of the following:


All NFS Protocol Version 2 mounts will be asynchronous. This option is ignored for NFS PV3. Specifying async increases write performance on the NFS server by causing asynchronous writes on the NFS server. The async option can be specified anywhere on the command line after directory. Before using this option, refer to APPLICATION USAGE section below. Set uid to be the effective user ID of unknown users. By default, unknown users are given the effective user ID UID_NOBODY. If uid is set to -1, access is denied. Force the file system identification portion of the file handle to be num instead of a number derived from the major and minor number of the block device on which the file system is mounted. A value between 1 and 32767 may be used, but it must be unique among the shared file systems. This option is useful for NFS failover to ensure that both servers of the failover pair use the same NFS file handles for the shared file systems. This avoids stale file handles if a failover occurs.

anon=uid fsid=num

index=file log[=tag]

Load file rather than a listing of the directory containing this file when the directory is referenced by an NFS URL. Enables NFS server logging for the specified file system. The optional tag determines the location of the related log files. The tag is defined in /etc/nfs/nfslog.conf. If no tag is specified, the default values associated with the "global" tag in /etc/nfs/nfslog.conf will be used. Prevents clients from mounting subdirectories of shared directories. For example, if /export is shared with the nosub option on server fooey, then a NFS client will not be able to do:



mount -F nfs fooey:/export/home/mnt nosuid
By default, clients are allowed to create files on the shared file system with the setuid or setgid mode enabled. Specifying nosuid causes the server file system to silently ignore any attempt to enable the setuid or setgid mode bits. Moves the location of the public file handle from root (/) to the exported directory for Web NFS-enabled browsers and clients. This option does not enable Web NFS service; Web NFS is always on. Only one file system per server may use this option. All other options, including the refer, ro=access_list , and rw=access_list options may be included with the public option.


HP-UX 11i Version 3: September 2010


Hewlett-Packard Company


The default value is 30000 seconds (8. Multiple sec= options can be specified on the command line. or if the client uses a security mode that is not one that the file system is shared with. rw. ro Sharing will be read-only to all clients. rw. See access_list below. so that more window=. The access_list is a colonseparated list whose components may be any number of the following.conf must specify dns or ldap ahead of nis. ro. then the credential of each NFS request is treated as unauthenticated. and root= options can be supplied for additional modes. Netgroups can be used if the file system shared is using UNIX authentication (AUTH_SYS). ro=. rw=. See the anon=uid option for a description of how unauthenticated requests are handled. any hostname in a netgroup must be represented as a fully qualified DNS or LDAP name. sec=none If the option sec=none is specified when the client uses AUTH_NONE. Sharing will be read-mostly to clients in access_list . although each mode can appear only once. Each additional sec= resets the security mode context. so root users are mapped to an anonymous user ID (see the anon=uid option described above). If a credential arrives with a life time larger than what is allowed. since only DNS and LDAP return the full domain name of the host. Read-mostly means read-write to those clients specified and read-only for all other systems. With a server configured for DNS or LDAP naming in the nsswitch "hosts" entry.. any hostname must be represented as a fully qualified DNS or LDAP name. Each sec= option specifies modes that apply to any subsequent window=. rw Sharing will be read-write to all clients. See access_list below.3 hours). set the maximum life time (in seconds) of the RPC request’s credential (in the authentication header) that the NFS server will allow. domain name suffix To use domain membership. This is the default behavior.. rw=access_list sec=mode[:mode] . that is. The access_list Argument The access_list argument is used in many of the options described above. ro. the default security mode used is AUTH_SYS. sharing will be read-write to the clients listed in access_list . netgroup A netgroup contains a number of hostnames. window=value s pathname Operands The following operands are supported: The pathname of the file system to be shared. The mode in the sec=mode option must be a mode name supported on the client. and root= options that are provided before another sec=mode. ro=access_list root=access_list Only root users from the hosts specified in access_list will have root access.share_nfs(1M) share_nfs(1M) refer=path @host[+host][:path @host[+host]] Refer the client accessing the specified shared file system to an alternative location on the provided host. rw=. overrides the ro suboption for the clients specified. With a server configured for DNS or LDAP naming in the nsswitch "hosts" entry. By default. When sharing with sec=dh. the server must use DNS or LDAP to resolve hostnames to IP addresses. ro=. the "hosts" entry in the /etc/nsswitch. overrides the rw suboption for the clients specified. See access_list below. no host has root access. Other name 2 Hewlett-Packard Company −2− HP-UX 11i Version 3: September 2010 . Sharing will use one or more of the specified security modes. the NFS server will reject the request. Sharing will be read-only to the clients listed in access_list . hostname The name of a host. If the sec= option is not specified. If sec= option is provided. The security modes are defined in nfssec (5).

For example. For example.9 --> "myhost" 129. For example. For example. The location of the log file. as long as it is used in the same way as with exportfs. HP-UX 11i Version 3: September 2010 −3− Hewlett-Packard Company 3 . the syntax will allow a mask length to be specified explicitly following a slash (/) delimiter.144 or =@129. the share command replaces exportfs.mycompany. It can be either a name or a dotted address.45.132/17 where the mask is the number of leftmost contiguous significant bits in the corresponding IP address. it will be converted to a dotted address by getnetbyname(). but applies to all file". network The network or subnet component is preceded by an at-sign (@).share_nfs(1M) share_nfs(1M) services like NIS cannot be used to resolve hostnames on the server. (for example. will match "mydomain" but not "mydomain. =@mynet would be equivalent to: =@129. =@mynet/17 or rw=@129. To support compatibility with scripts run on systems with older versions of HP-UX that do not have support for the share command and instead use A single dot can be used to match a hostname with no suffix.144. attempts to use the access option with new share options. sec=). is specified by the global entry in /etc/nfs/nfslog.0 The network prefix assumes an octet aligned netmask determined from the zero octets in the loworder part of the address. If share commands are invoked multiple times on the same file system.9 --> "myhost. the last share invocation supersedes any previous invocations and the options set by the last share command replace the old options. A prefixed minus sign (-) denies access to that component of access_list .144. The list is searched sequentially until a match is found that either grants or denies access. For example.conf. or until the end of the list is reached.45. If a name. share will not fail when the access option is used.144. rw=. share support of the access option will be removed in a future release of HP-UX. use the ro= and rw= options to achieve the desired access restrictions.0.mycompany. WARNINGS File system sharing used to be called exporting on HP-UX. and the exportfs command was used. EXAMPLES The following example shows the /export file system shared with logging enabled: example% share -o log /export The default global logging parameters are used since no tag identifier is specified. may result in the access option being rejected.31 and later releases. For example. It is highly recommended not to use the access option with the share command. In the case where network prefixes are not byte-aligned. With the new share NFS model. However. rw=.144. Instead. NIS DNS or LDAP 129. because when mapping an IP address to a hostname they do not return domain information. if read-only permission was previously given to usera on somefs.mycompany. the following share command could be used to also give read-only permission to userb: s share -F nfs -o ro=usera:userb /somefs This behavior is not limited to sharing the root file system. This command is available on HP-UX 11. as well as the necessary logging work" The domain name suffix is distinguished from hostnames and netgroups by a prefixed dot. This feature can be used to match hosts resolved through NIS rather than DNS and LDAP.

If rw=. the following share command will deny access to hostb: share -F nfs -o ro=hosta. /var is safer. The root= option with AUTH_SYS is guaranteed to work over UDP and TCP but may not work over other transport providers.sec=sys. It is not /var If within a sec= clause. multiple security modes per share command should only be used in situations where the clients using more secure modes get stronger access than clients using less secure modes. If client hosta is in two netgroups . rw=. Putting a host in the root list does not override the semantics of the other options. rw. /var In this example hosta would get read-write access: share -F nfs -o rw=group2. share -F nfs -o sec=dh. If the sec= option is presented at least once. all uses of the window=. ro=. because any client (intruder or legitimate) that avoids AUTH_DES will only get read-only access. for instance. For example: share -F nfs /var share -F nfs -o sec=sys /var will grant read-write access to any host using AUTH_SYS.share_nfs(1M) share_nfs(1M) APPLICATION USAGE If the async option is used. sys must appear in one of the options mode lists for accessing using the AUTH_SYS security mode to be allowed. Specifically. If the sec= option is not presented. rw. and ro= options. You cannot export either a parent directory or a subdirectory of an exported directory that resides within the same file system . with the exception to those in the readwrite list. There are no interactions between the root= option and the rw. and root= options must come after the first sec= option. Combining multiple security modes can be a security hole in situations where the ro= and rw= options are used to control access to weaker security modes. Something like: share -F nfs -o sec=dh.root=hostb /var The following will give read-only permissions to hostb: 4 Hewlett-Packard Company −4− HP-UX 11i Version 3: September 2010 . In general. The access the host gets is the same as when the root= options is this example. If one or more explicit sec= options are presented. instead of per mount request. all hosts get read-write access with the exceptions of those in the read-only list. ro. both the ro and rw= options are specified. rw=.group1 and group2. and ro= options is done per NFS request. but have not yet been written to the disk may be /var an intruder can forge the IP address for hosta (albeit on each NFS request) to side-step the stronger controls of AUTH_DES. the order of the options rule is not enforced. For example. and ro= options are specified in the same sec= clause. then sec=sys is implied. and a client is in both lists. if the ro= and rw options are specified. The ro= and rw= options are guaranteed to work over UDP and TCP but may not work over other transport providers. an unreported data loss may occur ONLY on a write and ONLY if the NFS server experiences a failure after the write reply has been sent to the client. to export both /usr and /usr/local if both directories reside on the same disk partition. for compatibility. rw=. the client would get read-only access: s share -F nfs -o ro=group1. All hosts would get read-only access. but share -F nfs -o sec=dh /var will grant no access to clients that use AUTH_SYS. In this the order of the two options determines the access the client gets. The root= option with AUTH_DES is guaranteed to work over any transport provider. blocks which have been queued for the server’s disk. Access checking for the window=.

unshare(1M). fstypes(4). nfslog. For example. SEE ALSO mount(1M). Inc. getnetbyname(3N). EXIT STATUS The following exit values are returned: 0 >0 FILES Successful completion.root=hostb /var If the file system being shared is a symbolic link to a valid pathname. example# share -F nfs /export/foo Note that an NFS mount of server:/export/foo will result in server:/export/bar really being mounted. netgroup(4). sharetab(4). nfsd(1M). the canonical path (the path which the symbolic link follows) will be shared. mountd(1M). s HP-UX 11i Version 3: September 2010 −5− Hewlett-Packard Company 5 . This line in the /etc/dfs/dfstab file will share the /disk file system read-only at boot time: share -F nfs -o ro /disk Note that the same command entered from the command line will not share the /disk file system unless there is at least one file system entry in the /etc/dfs/dfstab file. /etc/dfs/fstypes /etc/dfs/sharetab /etc/nfs/nfslogtab /etc/nfs/nfslog.root=hostb /var The following will give read-write permissions to hostb: share -F nfs -o ro=hosta. nfslogd(1M). if /export/foo is a symbolic link to /export/bar (/export/foo -> /export/bar).rw=hostb.conf(4). share(1M). nfssec(5). NFS by default system record of shared file systems system record of logged file systems logging configuration file share_nfs was developed by Sun Microsystems.conf AUTHOR list of distributed file system types. An error occurred. the following share command will result in /export/bar as the shared pathname (and not /export/foo).share_nfs(1M) share_nfs(1M) share -F nfs -o ro=hostb.

(Notes) (Notes) s 6 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010 .

Sign up to vote on this title
UsefulNot useful