mknfsexp Command
Purpose
Exports a directory to NFS clients.
Syntax
/usr/sbin/mknfsexp -d Directory [ -e pathname] [ -f Exports_File ] [ -t [ { rw | ro | remove } { rm -h HostName [ , HostName ... ] } ] ] [ -a UID ] [ -r HostName [ , HostName ... ] ] [ -c HostName [ , HostName ... ] ] [ -s | -n ] [ -I | -B | -N ] [ -P | -p ] [ -D {yes | no} ] [ -v ] [ -x | -X ] [ -S flavor [ ,flavor ] ] [ -G rootpath@host[+host][:rootpath@host[+host]] ] [ -g rootpath@host[+host][:rootpath@host[+host]] ] [-o Ordering ]
Description
The mknfsexp command takes the flags and parameters specified and constructs a line that is syntactically correct for the /etc/exports file. If this command is invoked with the -B flag, an entry will be added to the /etc/exports file and the exportfs command is invoked to export the directory specified. Alternatively, the -I flag adds an entry to the exports file and does not export the directory, or the -N flag does not add an entry to the exports file but does export the directory.
Flags
| Item | Description |
|---|---|
| -a UID | Uses the UID variable as the effective user ID only if a
request comes from an unknown user. The default value of this option
is -2. Note: Root users (UID 0) are always considered unknown by
the NFS server, unless they are included in the root option. Setting
the value of UID to -1 disables anonymous access.
|
| -B | Adds an entry to the /etc/exports file and the exportfs command is executed to export the directory. This flag is the default. |
| -c HostName [ , HostName ] ... | Gives mount access to each of the clients listed. A client can either be a host or a netgroup. The default is to allow all hosts access. |
| -d Directory | Specifies the directory that is to be exported or changed. |
| -D {yes | no} | Enables or disables file delegation for the specified export. This option overrides the system-wide delegation enablement for this export. The system-wide enablement is done through nfso. |
| -e pathname | Specifies an export name for the directory. |
| -f Exports_File | Specifies the full path name of the exports file to use if other than the /etc/exports file. |
| -g rootpath@host [+host] [:rootpath@host [+host]] | The specified directory will be marked with
replica information. If the server becomes unreachable by an NFS client,
the client can switch to one of the specified servers. This option
is only accessible using NFS version 4 protocol, and version 4 access
must be specified in the options. Because the directory is being exported
for client access, specifying NFS version 2 or version 3 access will
not cause an error, but the request will simply be ignored by the
version 2 or version 3 server. This option cannot be specified with
the -G flag. Only the host part of each
specification is verified. The administrator must ensure that the
specified rootpaths are valid and that the
target servers contain appropriate data. If the directory being exported
is not in the replica list, that directory will be added as the first
replica location. The administrator should ensure that appropriate
data exists at the replica locations. For a more complete description
of replication, see the exportfs command. The -g option
is available only on AIX® 5.3 with 5300-03 or
later. Note: A referral or replica export can only be made if replication
is enabled on the server. Use chnfs -R on to
enable replication.
|
| -G rootpath@host [+host] [:rootpath@host [+host]] | A namespace referral will be created at the
specified path. The referral directs clients to the specified alternate
locations where they can continue operations. A referral is a special
object. If a nonreferral object exists at the specified path, the
export is disallowed and an error message is printed. If nothing exists
at the specified path, a referral object is created there that includes
the path name directories leading to the object. A referral cannot
be specified for the nfsroot. The name localhost cannot
be used as a hostname. The -G option
is allowed only for version 4 exports. If the export specification
allows version 2 or version 3 access, an error message will be printed
and the export will be disallowed. The administrator should ensure
that appropriate data exists at the referral locations. For a more
complete description of referrals, see the exportfs command.
The -G option is available only on AIX 5L Version 5.3 with the 5300-03 Recommended Maintenance package or later. Note: A
referral or replica export can only be made if replication is enabled
on the server. Use chnfs -R on to enable
replication.
|
| -h HostName [ , HostName ] ... | Specifies which hosts have read-write access to the directory. This option is valid only when the exported file is to be read-mostly. |
| -I | Adds an entry to the /etc/exports file so that the next time the exportfs command is run during system restart, the directory will be exported. |
| -n | Does not require the client to use the more secure protocol. This flag is the default. |
| -N | Does not add an entry to the /etc/exports file but the exportfs command is run with the correct parameters so that the directory is exported. |
| -o Ordering | Defines how the alternate locations list is generated from
the servers that you specified on the refer or replicas option.
The option applies only to directories exported for access by NFS
version 4 protocol. The Ordering parameter has three allowable
values:
|
| -p | Specifies that the exported directory is not a public directory. |
| -P | Specifies that the exported directory is to be a public directory. |
| -r HostName [ , HostName ] ... | Gives root users on the specified hosts access to the directory. The default is for no hosts to be granted root access. |
| -s | Requires clients to use a more secure protocol when accessing the directory. |
| -S flavor[,flavor] | May be used in conjunction with the -c, -t,
or -r options to associate the option with one or more specific
security methods. Most exportfs options can be clustered using
the sec option. Any number of sec stanzas may be specified,
but each security method can be specified only once. Allowable
flavor values are:
|
| -t Type | Specifies whether the directory is read-write, read-only,
or read-mostly. The possible values for the Type variable are:
|
| -v number [ , number ] ... | The directory specified by the -d option is made available to clients using the specified NFS versions. Valid values are 2, 3, or 4. You can export two entries for the same directory with different versions 2 (or 3) and 4. |
| -x | Accepts the replica location information specified with the -g option as-is. Does not insert the server's primary hostname into the list if it is not present. This flag is intended for use with servers with multiple network interfaces. If none of the server's host names are in the replica list, NFSv4 clients might treat the location information as faulty and discard it. |
| -X | Enables auto-insert of the primary hostname into the replica list. If the server's primary hostname is not specified in the replica list, the hostname will be added as the first replica location. |
Examples
- To export a directory
with read-only permission, enter:
In this example, the mknfsexp command exports the /usr directory with read-only permission.mknfsexp -d /usr -t ro - To export a directory
with read-mostly permission and a secure protocol to specific hosts,
enter:
In this example the mknfsexp command exports the /home/guest directory with read-mostly permission, using more secure protocol.mknfsexp -d /home/guest -t rm -h bighost,littlehost -s - To export a directory
with read-write permission to a specific netgroup and specific hosts,
and to make the export effective on the next system restart, enter:
In the above example, the mknfsexp command exports the /usr directory and gives read and write permission to host1, host2, and grp3. The -I flag makes this change effective on the next system restart.mknfsexp -d /usr -t rw -c host1,host3,grp3 -I - To export a directory
with read-only permission to an exports file other than /etc/exports,
enter:
In the above example, the mknfsexp command exports the /usr directory with read-only permission to the /etc/exports.other file.mknfsexp -d /usr -t ro -f /etc/exports.other - To export the /common/documents directory to allow access
only to clients using NFS version 4 protocol, enter:
mknfsexp -d /common/documents -v 4 - To export the /common/documents directory, allowing access
to
client1andclient2for clients using krb5 access, enter:mknfsexp -d /common/documents -S krb5 -r client1,client2 - To export the /common/documents directory with full scattering
for the hosts named s1 and s2 specified as referrals,
enter the following command:
mknfsexp -d /common/documents -v 4 -G /common/documents@s1:/common/ documents@s2 -o full - To export the /common/documents directory with partial
scattering at hosts named s1, s2 and s3, specified
as replicas, enter the following command:
mknfsexp -d /common/documents -v 4 -g /common/documents@s1:/common/ documents@s2:/common/documents@s3 -o partial - To export the /common/documents directory with the export
name /exports1/cool/mike, enter the following command:
mknfsexp -d /common/documents -e /exports1/cool/mike -S sys -v 4
Files
| Item | Description |
|---|---|
| /etc/exports | Lists the directories that the server can export. |
Security
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged
operations. For more information about authorizations and privileges, see Privileged Command
Database in Security. For a list of privileges and the
authorizations associated with this command, see the lssecattr command or the
getcmdattr subcommand.