# Sample export config # # This sample is not intended to be used as is, rather it is an illustration of # some of the flexibility of EXPORT configuration. There are a couple simple # EXPORT configurations at the end that are more usable. # # Options documentation: # # Export permission options available in EXPORT_DEFAULTS, EXPORT, and CLIENT # blocks. If an option is not set in a more specific block, the next less # specific block will be considered, until finally the default is taken if # the option is not specified in any applicable block, following this order: # CLIENT, EXPORT, EXPORT_DEFAULTS, baked in default. # # Access_Type (NONE): RW, RO, MDONLY, MDONLY_RO, NONE # RW allows all opertations # RO allows only operations that do not modify the server # MDONLY does not allow READ or WRITE operations, but # allows any other operation. # MDONLY_RO does not allow READ, WRITE, or any operation # that modifies file attributes or directory # content # NONE allows no access at all # # Protocols (3,4) The Protocols allowed. NFSV3, NFSV4, and 9P may be # specified. 3, 4, V3, V4, NFS3, and NFS4 may also be # used. # # Transports (UDP, TCP) The transport protocols allowed (UDP, TCP, and RDMA may # be specified) # # Squash (Root_Squash) What kind of user id squashing is performed: # No_Root_Squash, NoIdSquash, None # No user id squashing is performed # RootId, Root_Id_Squash, RootIdSquash # uid 0 and gid 0 are squashed to the # Anonymous_Uid and Anonymous_Gid # gid 0 in alt_groups lists is also squashed # Root, Root_Squash, RootSquash # uid 0 and gid of any value are squashed to the # Anonymous_Uid and Anonymous_Gid # alt_groups lists is discarded # All, All_Squash, AllSquash, All_Anonymous, AllAnonymous # All users are squashed # # Anonymous_Uid (-2) If a user id is squashed, this is the uid used # Ranges from -2147483648 to 4294967295 # uid are traditionally uint32_t however, tradition # has long been to specify NFS anonynmous uid as -2 # so negative values are allowed # # Anonymous_Gid (-2) If a group id is squashed, this is the gid used # Ranges from -2147483648 to 4294967295 # gid are traditionally uint32_t however, tradition # has long been to specify NFS anonynmous gid as -2 # so negative values are allowed # # SecType (none, sys) The RPC security flavors allowed, none (AUTH_NONE), # sys (AUTH_SYS/AUTH_UNIX), krb5 (RPCSEC_GSS), # krb5i (RPCSEC_GSS), krb5p (RCSEC_GSS) # # PrivilegedPort (false) If this option is true, client connections # must originate from port < 1024. This is # tradition based on some operating systems # requiring a user to be a privileged user to # create a socket with a source port < 1024 # # Manage_Gids (false) If this option is true, the alt groups list in # AUTH_SYS credentials will be replaced by a server # lookup of the group list. This allows bypassing the # 16 group limit of AUTH_SYS. # # Delegations (None) The types of delegations that may be granted. (None, Read, Write, # ReadWrite, R, W, and RW may be specified). # EXPORT_DEFAULTS block: # # All export permission options are usable. # # WARNING: If Access_Type is specified, that access type will be granted to # all clients on any export for which there is not an applicable CLIENT # block that explicitly provides a different Access_Type or for which the # EXPORT block does not provide a different Access_Type. # # If you desire to set a default Access_Type for all allowed clients, you # may then want to specify Access_Type = None; in every EXPORT block. EXPORT_DEFAULTS { SecType = sys, krb5, krb5i, krb5p; # Restrict all exports to NFS v4 unless otherwise specified Protocols = 4; } # EXPORT block # # All export permissions options are available, as well as the following: # # Export_id (required) An identifier for the export, must be unique and # betweem 0 and 65535. If Export_Id 0 is specified, Pseudo # must be the root path (/). # # Path (required) The directory in the exported file system this export # is rooted on (may be ignored for some FSALs). It need # not be unique if Pseudo and/or Tag are specified. # # Pseudo (required v4) This option specifies the position in the Pseudo FS # this export occupies if this is an NFS v4 export. It # must be unique. By using different Pseudo options, # the same Path may be exported multiple times. # # Tag (no default) This option allows an alternative access for NFS v3 # mounts. The option MUST not have a leading /. Clients # may not mount subdirectories (i.e. if Tag = foo, the # client may not mount foo/baz). By using different # Tag options, the same Path may be exported multiple # times. # # MaxRead (4194304) The maximum read size on this export # MaxWrite (4194304) The maximum write size on this export # PrefRead (4194304) The preferred read size on this export # PrefWrite (4194304) The preferred write size on this export # PrefReaddir (16384) The preferred readdir size on this export # These 5 options have the same range of values from # 512 to 9 megabytes. # # MaxOffsetWrite (18446744073709551615) Maximum file offset that may be written # MaxOffsetRead (18446744073709551615) Maximum file offset that may be read # These options may be used to restrict # the offsets within files. # # CLIENT (optional) See the CLIENT block below # # FSAL (required) See the FSAL block below EXPORT { Export_Id = 1; Path = /export/exp1; Pseudo = /export/exp1; Tag = exp1; # Override the default set in EXPORT_DEFAULTS Protocols = 3,4; MaxRead = 65536; MaxWrite = 65536; PrefRead = 65536; PrefWrite = 65536; # All clients for which there is no CLIENT block that specifies a # different Access_Type will have RW access (this would be an unusual # specification in the real world since barring a firewall, this # export is world readable and writeable). Access_Type = RW; # FSAL block # # This is required to indicate which Ganesha File System Abstraction # Layer (FSAL) will be used for this export. # # The only option available for all FSALs is: # # Name (required) The name of the FSAL # # Some FSALs have additional options, see individual FSAL documentation. FSAL { Name = VFS; } # CLIENT blocks # # An export may optionally have one or more CLIENT blocks. These blocks # specify export options for a restricted set of clients. The export # permission options specified in the EXPORT block will apply to any # client for which there is no applicable CLIENT block. # # All export permissions options are available, as well as the # following: # # Clients (required) The list of clients these export permissions # apply to. Clients may be specified by hostname, # ip address, netgroup, CIDR network address, # host name wild card, or simply "*" to apply to # all clients. CLIENT { Clients = 192.168.0.10, 192.168.1.0/8; Squash = None; } CLIENT { # Note the following specification is a larger network than # the first block, however, the first applicable CLIENT block # is used. Clients = 192.168.0.0/16; Squash = All; Access_Type = RO; } CLIENT { # This block is actually meaningless since 192.168.0.22 will # match the network address in the second CLIENT block. Clients = 192.168.0.22; Squash = None; Access_Type = RW; } } # Here is a simple sample EXPORT that should be used without an EXPORT_DEFAULTS # block. It takes advantage of the fact that whatever export permissions are # in the EXPORT block are applied to all clients for which there is no # matching CLIENT block. EXPORT { Export_Id = 2; Path = /export; Pseudo = /export; Access_Type = RW; Squash = None; FSAL { Name = VFS; } } # Here is an example with a simple CLIENT block EXPORT { Export_Id = 3; Path = /export2; Pseudo = /export2; FSAL { Name = VFS; } CLIENT { Clients = your, list, of, clients; Access_Type = RW; Squash = None; } } # Finally here is an example of how you can specify options for the Pseudo FS. # Note that even without specifying the Pseudo Root EXPORT, EXPORT_DEFAULTS will # still apply to it (except for Access_Type, Protocols, Transports, and Squash, # since those are all "set" options). EXPORT { Export_Id - 0; Path = /; Pseudo = /; CLIENT { Clients = 192.168.0.0/16; Access_Type = MDONLY_RO; SecType=sys,krb5,krb5i,krb5p; } } # The Automatically Generated Pseudo Root is effectively: EXPORT { Export_Id - 0; Path = /; Pseudo = /; Squash = None; Protcols = NFSV4; Transports = TCP; Access_Type = MDONLY_RO; Filesystem_Id = 152.152; MaxWrite = 67108864; MaxRead = 67108864; PrefWrite = 67108864; PrefRead = 67108864; PrefReaddir = 67108864; }