NFS version 4 /etc/exports for Linux
Every entry in the /etc/exports file looks like this.
(pseudo path) (export path) [ro] [sec=<option>[:<option>]]
Pseudo path - is the path of the pseudo system. This is the file
system that the client will see. You can make any hierarchal virtual file system you
want with these pseudo directories. The last directory is the mount point
where the exported directory will be mounted.
Export path - is the path to the actual directory that you will be
ro - is to make the exported directory read-only. This is optional.
sec= - is the security options that will be negotiated by the client and
the server. If you want to have multiple options to negotiate put a :
in between the options. List all the security options that you would want
Here's a list of valid security options:
Note: currently, only krb5 is implemented.
none (AUTH_NONE RPC security)
sys (AUTH_SYS, default uid/gid lists)
dh (AUTH_DES, old diffe-hellman encryption)
krb5 (RPCSEC_GSS Kerberos 5 authentication)
krb5i (RPCSEC_GSS Kerberos 5 integrity)
krb5p (RPCSEC_GSS Kerberos 5 protection)
spkm3 (SPKM authentication)
spkm3i (SPKM integrity)
spkm3p (SPKM protection)
lkey (LIPKEY authentication)
lkeyi (LIPKEY integrity)
lkeyp (LIPKEY protection)
# - Comments out the rest of the line
Example of an /etc/exports file.
/goo/dir1 /usr/local ro
/goo/dir2 /usr/share ro sec=dh:lkeyi
/goo/dir3 /usr/man sec=sys
/goo/dir4 /usr/doc sec=sys:krb5:krb5i:spkm3
# a commment
The first line exports the /export directory with full access onto a
pseudo /foo directory.
The second line will export /usr/local by putting it onto the
pseudo /goo/dir1 and make it read only.
The third line has /usr/share exported on /goo/dir2 with the security
options dh or lkeyi.
The fourth entry exports /usr/man with the sys security option.
The last entry is /usr/doc with one of the security options sys,
krb5, krb5i, or spkm3.