.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "FS_EXPORTAFS 1" .TH FS_EXPORTAFS 1 "2021-01-27" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" fs_exportafs \- Configures export of AFS to clients of other file systems .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBfs exportafs\fR \fB\-type\fR\ <\fIexporter\ name\fR> [\fB\-start\fR\ <\fIstart/stop\ translator\ (on\ |\ off)\fR>] [\fB\-convert\fR\ <\fIconvert\ from\ afs\ to\ unix\ mode\ (on\ |\ off)\fR>] [\fB\-uidcheck\fR\ <\fIrun\ on\ strict\ 'uid\ check'\ mode\ (on\ |\ off)\fR>] [\fB\-submounts\fR\ <\fIallow\ nfs\ mounts\ to\ subdirs\ of\ /afs/..\ (on\ |\ off)\fR>] [\fB\-clipags\fR\ <\fIuse\ client-assigned\ PAGs\ (on\ |\ off)\fR>] [\fB\-pagcb\fR\ <\fIcallback\ clients\ to\ get\ creds\ (on\ |\ off)\fR>] [\fB\-help\fR] .PP \&\fBfs exp\fR \fB\-t\fR\ <\fIexporter\ name\fR> [\fB\-st\fR\ <\fIstart/stop\ translator\ (on\ |\ off)\fR>] [\fB\-co\fR\ <\fIconvert\ from\ afs\ to\ unix\ mode\ (on\ |\ off)\fR>] [\fB\-u\fR\ <\fIrun\ on\ strict\ 'uid\ check'\ mode\ (on\ |\ off)\fR>] [\fB\-su\fR\ <\fIallow\ nfs\ mounts\ to\ subdirs\ of\ /afs/..\ (on\ |\ off)\fR>] [\fB\-cl\fR\ <\fIuse\ client-assigned\ PAGs\ (on\ |\ off)\fR>] [\fB\-p\fR\ <\fIcallback\ clients\ to\ get\ creds\ (on\ |\ off)\fR>] [\fB\-h\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBfs exportafs\fR command sets (if the \fB\-start\fR argument is provided) or reports (if it is omitted) whether the machine can reexport the \s-1AFS\s0 filespace to clients of a non-AFS file system. To control certain features of the translation protocol, use the following arguments: .IP "\(bu" 4 To control whether the \s-1UNIX\s0 group and other mode bits on an \s-1AFS\s0 file or directory are set to match the owner mode bits when it is exported to the non-AFS file system, use the \fB\-convert\fR argument. .IP "\(bu" 4 To control whether tokens can be placed in a credential structure identified by a \s-1UID\s0 that differs from the local \s-1UID\s0 of the entity that is placing the tokens in the structure, use the \fB\-uidcheck\fR argument. The most common use is to control whether issuers of the \fBknfs\fR command can specify a value for its \fB\-id\fR argument that does not match their local \&\s-1UID\s0 on the \s-1NFS/AFS\s0 translator machine. .IP "\(bu" 4 To control whether users can create mounts in the non-AFS filespace to an \&\s-1AFS\s0 directory other than \fI/afs\fR, use the \fB\-submounts\fR argument. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-type\fR <\fIexporter name\fR>" 4 .IX Item "-type " Names the alternate file system to which to reexport the \s-1AFS\s0 filespace. The only acceptable value is \f(CW\*(C`nfs\*(C'\fR, in lowercase letters only. .IP "\fB\-start\fR " 4 .IX Item "-start " Enables the local machine to reexport the \s-1AFS\s0 filespace if the value is \&\f(CW\*(C`on\*(C'\fR, or disables it if the value is \f(CW\*(C`off\*(C'\fR. Omit this argument to report the current setting for all of the configurable parameters. .IP "\fB\-convert\fR " 4 .IX Item "-convert " Controls the setting of the \s-1UNIX\s0 group and other mode bits on \s-1AFS\s0 files and directories exported to the non-AFS file system. If the value is \&\f(CW\*(C`on\*(C'\fR, they are set to match the \fBowner\fR mode bits. If the value is \&\f(CW\*(C`off\*(C'\fR, the bits are not changed. If this argument is omitted, the default value is \f(CW\*(C`on\*(C'\fR. .IP "\fB\-uidcheck\fR " 4 .IX Item "-uidcheck " Controls whether tokens can be placed in a credential structure identified by a \s-1UID\s0 that differs from the local \s-1UID\s0 of the entity that is placing the tokens in the structure. .RS 4 .IP "\(bu" 4 If the value is on, the \s-1UID\s0 that identifies the credential structure must match the local \s-1UID.\s0 .Sp With respect to the \fBknfs\fR command, this value means that the value of \&\fB\-id\fR argument must match the issuer's local \s-1UID\s0 on the translator machine. In practice, this setting makes it pointless to include the \&\fB\-id\fR argument to the \fBknfs\fR command, because the only acceptable value (the issuer's local \s-1UID\s0) is already used when the \fB\-id\fR argument is omitted. .Sp Enabling \s-1UID\s0 checking also makes it impossible to issue the \fBklog\fR and \&\fBpagsh\fR commands on a client machine of the non-AFS file system even though it is a system type supported by \s-1AFS.\s0 For an explanation, see \&\fBklog\fR\|(1). .IP "\(bu" 4 If the value is off (the default), tokens can be assigned to a local \s-1UID\s0 in the non-AFS file system that does not match the local \s-1UID\s0 of the entity assigning the tokens. .Sp With respect to the \fBknfs\fR command, it means that the issuer can use the \&\fB\-id\fR argument to assign tokens to a local \s-1UID\s0 on the \s-1NFS\s0 client machine that does not match his or her local \s-1UID\s0 on the translator machine. (An example is assigning tokens to the \s-1MFS\s0 client machine's local superuser \&\f(CW\*(C`root\*(C'\fR.) This setting allows more than one issuer of the \fBknfs\fR command to make tokens available to the same user on the \s-1NFS\s0 client machine. Each time a different user issues the \fBknfs\fR command with the same value for the \fB\-id\fR argument, that user's tokens overwrite the existing ones. This can result in unpredictable access for the user on the \s-1NFS\s0 client machine. .RE .RS 4 .RE .IP "\fB\-submounts\fR " 4 .IX Item "-submounts " Controls whether a user of the non-AFS filesystem can mount any directory in the \s-1AFS\s0 filespace other than the top-level \fI/afs\fR directory. If the value is \f(CW\*(C`on\*(C'\fR, such submounts are allowed. If the value is \f(CW\*(C`off\*(C'\fR, only mounts of the \fI/afs\fR directory are allowed. If this argument is omitted, the default value is \f(CW\*(C`off\*(C'\fR. .IP "\fB\-clipags\fR " 4 .IX Item "-clipags " Turning on this option enables support for \*(L"client-assigned PAGs\*(R". With client-assigned PAGs, an \s-1NFS\s0 client can manage its own \s-1AFS\s0 pags, and inform the \&\s-1NFS\s0 translator machine what \s-1PAG\s0 we are using, instead of the \s-1NFS\s0 translator machine keeping track of PAGs. An \s-1NFS\s0 client machine can do this if it has the \&\*(L"afspag\*(R" kernel module loaded, which tracks PAGs but otherwise does not implement \s-1AFS\s0 functionality, and forwards all requests to the \s-1NFS\s0 translator machine. .Sp You should only turn on this option if you are making use of client-assigned PAGs, and you trust the \s-1NFS\s0 client machines making use of the translator. This option is off by default. .IP "\fB\-pagcb\fR " 4 .IX Item "-pagcb " Turning on this option means that the \s-1NFS\s0 translator machine will contact new \&\s-1NFS\s0 clients in order to obtain their credentials and sysnames. This option can be useful so that client credentials are not lost if the translator machine is rebooted, or if an \s-1NFS\s0 client is \*(L"moved\*(R" to using a different translator. This functionality will only work with \s-1NFS\s0 clients that are also running the \&\*(L"afspag\*(R" kernel module. .Sp Using this option with \s-1NFS\s0 clients not running with the \*(L"afspag\*(R" kernel module would cause long timeouts when the translator machine attempts to contact the client to obtain its credentials and sysname list. This option is off by default. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH "OUTPUT" .IX Header "OUTPUT" If the machine is not even configured as a server of the non-AFS file system, the following message appears: .PP .Vb 2 \& Sorry, the \-exporter type is currently not supported on \& this AFS client .Ve .PP If the machine is configured as a server of the non-AFS file system but is not currently enabled to reexport \s-1AFS\s0 to it (because the \fB\-start\fR argument to this command is not set to \f(CW\*(C`on\*(C'\fR), the message is as follows: .PP .Vb 1 \& \*(Aq\*(Aq translator is disabled .Ve .PP If the machine is enabled to reexport \s-1AFS,\s0 the following message precedes messages that report the settings of the other parameters. .PP .Vb 1 \& \*(Aq\*(Aq translator is enabled with the following options: .Ve .PP The following messages indicate that the \fB\-convert\fR argument is set to \&\f(CW\*(C`on\*(C'\fR or \f(CW\*(C`off\*(C'\fR respectively: .PP .Vb 2 \& Running in convert owner mode bits to world/other mode \& Running in strict unix mode .Ve .PP The following messages indicate that the \fB\-uidcheck\fR argument is set to \&\f(CW\*(C`on\*(C'\fR or \f(CW\*(C`off\*(C'\fR respectively: .PP .Vb 2 \& Running in strict \*(Aqpasswd sync\*(Aq mode \& Running in no \*(Aqpasswd sync\*(Aq mode .Ve .PP The following messages indicate that the \fB\-submounts\fR argument is set to \&\f(CW\*(C`on\*(C'\fR or \f(CW\*(C`off\*(C'\fR respectively: .PP .Vb 2 \& Allow mounts of /afs/.. subdirs \& Only mounts to /afs allowed .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" The following example shows that the local machine can export \s-1AFS\s0 to \s-1NFS\s0 client machines. .PP .Vb 5 \& % fs exportafs nfs \& \*(Aqnfs\*(Aq translator is enabled with the following options: \& Running in convert owner mode bits to world/other mode \& Running in no \*(Aqpasswd sync\*(Aq mode \& Only mounts to /afs allowed .Ve .PP The following example enables the machine as an \s-1NFS\s0 server and converts the \s-1UNIX\s0 group and other mode bits on exported \s-1AFS\s0 directories and files to match the \s-1UNIX\s0 owner mode bits. .PP .Vb 1 \& % fs exportafs \-type nfs \-start on \-convert on .Ve .PP The following example disables the machine from reexporting \s-1AFS\s0 to \s-1NFS\s0 client machines: .PP .Vb 1 \& % fs exportafs \-type nfs \-start off .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The issuer must be logged in as the local superuser root. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBklog\fR\|(1), \&\fBknfs\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.