exports, xtab - directories to export to NFS clients
File /etc/exports describes the directories that can be exported to
NFS clients. The system administrator creates it using a text editor.
mountd processes it each time a mount request is received (see
/etc/exports is read automatically by the exportfs command (see
exportfs(1M)). If this file is changed, exportfs must be run
(exportfs -a) before the changes can affect the daemon's operation.
If this file is present at boot time, the /sbin/init.d/nfs.server
script will execute an exportfs command and export the file systems
listed in the file.
/etc/xtab contains entries for directories that are currently
exported. This file should only be accessed by programs using
getexportent (see exportent(3N)). (Use exportfs -u to remove entries
from this file).
An entry for a directory consists of a command line of the following
directory - option[, option]...
where directory is the path name of a directory (or file).
options can have any of the following values and forms:
ro Export the directory read-only. If not specified, the
directory is exported read-write. The ro and rw
options cannot be used on the same exports line.
Export the directory read-mostly. Read-mostly means
read-only to most machines, but read-write to those
specified. If neither ro nor rw is specified, the
directory is exported read-write to all. The ro and rw
options cannot be used on the same exports line. Up to
256 hostnames can be specified. With a server
configured for DNS naming in the nsswitch "hosts"
entry, any hostname must be represented as a fully
qualified DNS name. Currently HP-UX will attempt to
match a non-fully qualified hostname; this HP-only
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000
feature will be obsoleted in a later release of HP-UX.
anon=uid If a request comes from an unknown user, use uid as the
effective user ID. Note: Root users (uid 0) are always
considered ``unknown'' by the NFS server unless they
are included in the root option below.
The default value for this option is -2. Setting anon
to -1 disables anonymous access.
Give root access only to the root users from a
specified hostname. The default is for no hosts to be
granted root access. Up to 256 hostnames can be
specified. hostnames on this list are not guaranteed
to successfully mount the specified file system. If a
non-empty access list is specified, the hostname must
also meet one of the access_list criteria described
below as well. Up to 256 hostnames can be specified.
With a server configured for DNS naming in the nsswitch
"hosts" entry, any hostname must be represented as a
fully qualified DNS name. Currently HP-UX will attempt
to match a non-fully qualified hostname; this HP-only
feature will be obsoleted in a later release of HP-UX.
Give mount access to each access_list listed. See the
"access_list" subsection below. An empty access= list
allows all machines to mount the specified mount point.
The access_list argument is a colon-separated list
whose components may be any number of the
The name of a host. With a server configured
for DNS naming in the nsswitch "hosts" entry,
any hostname must be represented as a fully
qualified DNS name. Currently HP-UX will
allow a match for a non-fully qualified
hostname; this HP-only feature will be
obsoleted in a later release of HP-UX.
A netgroup contains a number of hostnames.
With a server configured for DNS naming in
the nsswitch "hosts" entry, any hostname in a
netgroup must be represented as a fully
qualified DNS name.
Hewlett-Packard Company - 2 - HP-UX Release 11i: November 2000
To use domain membership the server must use
DNS to resolve hostnames to IP addresses;
that is, the "hosts" entry in the
/etc/nsswitch.conf must specify "dns" ahead
of "nis" or "nisplus", since only DNS returns
the full domain name of the host. Other name
services like NIS or NIS+ cannot be used to
resolve hostnames on the server, because when
mapping an IP address to a hostname, they do
not return domain information. For example,
NIS or NIS+
220.127.116.11 --> "myhost"
18.104.22.168 --> "myhost.myd.myc.com"
The DNS suffix is distinguished from
hostnames and netgroups by a prefixed dot. A
dot by itself will match "myhost" but not
"myhost.myd.mycy.com". This single dot
feature can be used to match hosts resolved
from NIS and NIS+ rather than DNS.
The network or subnet component is preceded
by an at-sign (@). It can be either a name
or a dotted address. If a name, it will be
converted to a dotted address by getnetbyname
(see getnetent(3N)). Entries in
/etc/networks must contain all four octets in
order to be valid.
The network prefix assumes an octet aligned
netmask determined from the zero octets in
the low order part of the address. In the
case where network prefixes are not byte-
aligned, the syntax will allow a mask length
to be specified explicitly following a slash
(/) delimiter. Where the mask is the number
of leftmost contiguous significant bits in
the corresponding IP address.
- A prefixed minus sign (-) denies access to
that component of access_list. The list is
searched sequentially until a match is found
that either grants or denies access, or until
the end of the list is reached. This option
Hewlett-Packard Company - 3 - HP-UX Release 11i: November 2000
is valid only in conjunction with hostname,
network and DNS Suffix. If prefixing a
hostname and you are configured for DNS
naming, you must fully qualify the hostname.
async Specifying async increases write performance on the NFS
server by causing asynchronous writes on the NFS
server. The async option can be specified anywhere on
the command line after directory. Before using this
option, refer to WARNINGS below.
# A # character anywhere in the file indicates a comment
that extends to the end of the line.
A directory name with no accompanying name list allows any
machine to mount the given directory.
/etc/exports contains a list of file systems and the access_lists or
machine names allowed to remotely mount each file system. The file
system names are left-justified and followed by a list of names
separated by white space. A file system name with no accompanying
name list means the file system is available to everyone.
A # anywhere in the file indicates a comment extending to the end of
/usr/games cocoa fudge # export to only these machines
/usr -access=clients # export to my clients
/usr/local # export to the world
/usr2 -access=bison:deer:pup # export to only these machines
/var/adm -root=bison:deer # give root access only to these
/usr/new -anon=0 # give all machines root access
/usr/temp -rw=ram:alligator # export read-write only to these
/usr/bin -ro # export read-only to everyone
/usr/stuff -access=bear,anon=-2,ro # several options on one line
/usr/subnet -access=@mysubnet #use mysubent in /etc/networks
/usr/subnet1 -email@example.com #clients must be in the 22.214.171.124 subnet
/usr/domain -access=.myd.myc.com #clients must be in .myd.myc.com
/usr/restrict -access=-host1.myd.myc.com:sales # disallow -host1 in the sales netgroup.
If the async option is used, an unreported data loss may occur ONLY on
a write and ONLY if the NFS server experiences a failure after the
write reply has been sent to the client. Specifically, blocks which
have been queued for the server's disk, but have not yet been written
to the disk may be lost.
You cannot export either a parent directory or a subdirectory of an
exported directory that resides within the same file system. It is
not allowed, for instance, to export both /usr and /usr/local if both
Hewlett-Packard Company - 4 - HP-UX Release 11i: November 2000
directories reside on the same disk partition.
exports was developed by Sun Microsystems, Inc.
/etc/exports Static export information
/etc/xtab Current state of exported directories
/etc/hosts List of hostnames
/etc/netgroup List of network groups
/etc/networks Network information
/sbin/init.d/nfs.server Script that executes exportfs command.
exportfs(1M), mountd(1M), nfsd(1M), exportent(3N), hosts(4),
Hewlett-Packard Company - 5 - HP-UX Release 11i: November 2000