/etc/exports

Updated: April 19, 2023

Define remote mountpoints for NFS mount requests

Name:

/etc/exports

/etc/exports.hostname

Description:

The exports file defines remote mountpoints for the NFS mount protocol according to the NFS server specification; see RFC 1094 (Network File System Protocol Specification) and RFC 1813 (NFS Version 3 Protocol Specification).

Note: There isn't a default version of this file; you can create your own if you need it.

Each line in the file specifies one remote mountpoint. The first field contains the mountpoint directory path, followed optionally by a list of options and/or a list of specific hosts separated by whitespace. If no specific hosts are specified, the mountpoint is exported to all hosts.

Here are the export options:

-mask=netmask -match=network
Restrict access to hosts belonging to subnet defined by netmask and network. By default, there's no restriction. Access is determined by:
((client_ip & netmask) == network)
-norsvd
Don't check incoming requests, they're from a reserved port. By default, NFS requests from ports greater than IPPORT_RESERVED are replied to with EACCES.
-ro
Export the filesystem as read-only. By default, the filesystem is exported as read/write.
-root=uid
Map root's uid (real user ID). By default, root is mapped to -2.

Let's now look at a sample file:

/usr -root=1 rickers snowhite.cis.uoguelph.ca
/usr/local 131.104.48.16
/u -root=5 -mask=255.255.240.0 -match=131.104.0.0
/u2 -ro -mask=255.0.0.0 -match=10.0.0.0 node11 node23

The above example specifies the following:

This mountpoint: Is exported:
/usr To hosts rickers and snowhite.cis.uoguelph.ca only, with root mapped to 1 and with read/write access.
/usr/local To host 131.104.48.16 only, with root mapped to -2 and with read/write access.
/u To all hosts within 131.104.0.0 to 131.104.15.255, with root mapped to 5 and with read/write access.
/u2 To hosts node11 and node23 and to hosts belonging to IP network 10 only, with root mapped to -2 and with read-only access.

Limitations:

Based on: