projects techreports press lab location staff
citi top.2 top.3
citi mid.3
bot.1 bot.2 bot.3

Projects: NFS Version 4 Open Source Reference Implementation

NFS version 4 /etc/exports for Linux

Every entry in the /etc/exports file looks like this.

(pseudo path) (export path) [ro] [sec=<option>[:<option>]]

  • Pseudo path - is the path of the pseudo system. This is the file system that the client will see. You can make any hierarchal virtual file system you want with these pseudo directories. The last directory is the mount point where the exported directory will be mounted.
  • Export path - is the path to the actual directory that you will be exporting.
  • ro - is to make the exported directory read-only. This is optional.
  • sec= - is the security options that will be negotiated by the client and the server. If you want to have multiple options to negotiate put a : in between the options. List all the security options that you would want to use.

Here's a list of valid security options:

Note: currently, only krb5 is implemented.

  • none (AUTH_NONE RPC security)
  • sys (AUTH_SYS, default uid/gid lists)
  • dh (AUTH_DES, old diffe-hellman encryption)
  • krb5 (RPCSEC_GSS Kerberos 5 authentication)
  • krb5i (RPCSEC_GSS Kerberos 5 integrity)
  • krb5p (RPCSEC_GSS Kerberos 5 protection)
  • spkm3 (SPKM authentication)
  • spkm3i (SPKM integrity)
  • spkm3p (SPKM protection)
  • lkey (LIPKEY authentication)
  • lkeyi (LIPKEY integrity)
  • lkeyp (LIPKEY protection)

# - Comments out the rest of the line

Example of an /etc/exports file.

/foo		/export                     
/goo/dir1	/usr/local 	ro	
/goo/dir2	/usr/share	ro	sec=dh:lkeyi
/goo/dir3	/usr/man	sec=sys
/goo/dir4       /usr/doc        sec=sys:krb5:krb5i:spkm3
# a commment

The first line exports the /export directory with full access onto a pseudo /foo directory.

The second line will export /usr/local by putting it onto the pseudo /goo/dir1 and make it read only.

The third line has /usr/share exported on /goo/dir2 with the security options dh or lkeyi.

The fourth entry exports /usr/man with the sys security option.

The last entry is /usr/doc with one of the security options sys, krb5, krb5i, or spkm3. projects | techreports | press | lab | location | staff Email address
or call +1 734 763 2929
Copyright © 1996-2013
The Regents of the University of Michigan