.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "FS_EXPORTAFS 1" .TH FS_EXPORTAFS 1 2024-02-03 OpenAFS "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME fs_exportafs \- Configures export of AFS to clients of other file systems .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBfs exportafs\fR \fB\-type\fR\ <\fIexporter\ name\fR> [\fB\-start\fR\ <\fIstart/stop\ translator\ (on\ |\ off)\fR>] [\fB\-convert\fR\ <\fIconvert\ from\ afs\ to\ unix\ mode\ (on\ |\ off)\fR>] [\fB\-uidcheck\fR\ <\fIrun\ on\ strict\ 'uid\ check'\ mode\ (on\ |\ off)\fR>] [\fB\-submounts\fR\ <\fIallow\ nfs\ mounts\ to\ subdirs\ of\ /afs/..\ (on\ |\ off)\fR>] [\fB\-clipags\fR\ <\fIuse\ client-assigned\ PAGs\ (on\ |\ off)\fR>] [\fB\-pagcb\fR\ <\fIcallback\ clients\ to\ get\ creds\ (on\ |\ off)\fR>] [\fB\-help\fR] .PP \&\fBfs exp\fR \fB\-t\fR\ <\fIexporter\ name\fR> [\fB\-st\fR\ <\fIstart/stop\ translator\ (on\ |\ off)\fR>] [\fB\-co\fR\ <\fIconvert\ from\ afs\ to\ unix\ mode\ (on\ |\ off)\fR>] [\fB\-u\fR\ <\fIrun\ on\ strict\ 'uid\ check'\ mode\ (on\ |\ off)\fR>] [\fB\-su\fR\ <\fIallow\ nfs\ mounts\ to\ subdirs\ of\ /afs/..\ (on\ |\ off)\fR>] [\fB\-cl\fR\ <\fIuse\ client-assigned\ PAGs\ (on\ |\ off)\fR>] [\fB\-p\fR\ <\fIcallback\ clients\ to\ get\ creds\ (on\ |\ off)\fR>] [\fB\-h\fR] .SH DESCRIPTION .IX Header "DESCRIPTION" The \fBfs exportafs\fR command sets (if the \fB\-start\fR argument is provided) or reports (if it is omitted) whether the machine can reexport the AFS filespace to clients of a non-AFS file system. To control certain features of the translation protocol, use the following arguments: .IP \(bu 4 To control whether the UNIX group and other mode bits on an AFS file or directory are set to match the owner mode bits when it is exported to the non-AFS file system, use the \fB\-convert\fR argument. .IP \(bu 4 To control whether tokens can be placed in a credential structure identified by a UID that differs from the local UID of the entity that is placing the tokens in the structure, use the \fB\-uidcheck\fR argument. The most common use is to control whether issuers of the \fBknfs\fR command can specify a value for its \fB\-id\fR argument that does not match their local UID on the NFS/AFS translator machine. .IP \(bu 4 To control whether users can create mounts in the non-AFS filespace to an AFS directory other than \fI/afs\fR, use the \fB\-submounts\fR argument. .SH OPTIONS .IX Header "OPTIONS" .IP "\fB\-type\fR <\fIexporter name\fR>" 4 .IX Item "-type " Names the alternate file system to which to reexport the AFS filespace. The only acceptable value is \f(CW\*(C`nfs\*(C'\fR, in lowercase letters only. .IP "\fB\-start\fR " 4 .IX Item "-start " Enables the local machine to reexport the AFS filespace if the value is \&\f(CW\*(C`on\*(C'\fR, or disables it if the value is \f(CW\*(C`off\*(C'\fR. Omit this argument to report the current setting for all of the configurable parameters. .IP "\fB\-convert\fR " 4 .IX Item "-convert " Controls the setting of the UNIX group and other mode bits on AFS files and directories exported to the non-AFS file system. If the value is \&\f(CW\*(C`on\*(C'\fR, they are set to match the \fBowner\fR mode bits. If the value is \&\f(CW\*(C`off\*(C'\fR, the bits are not changed. If this argument is omitted, the default value is \f(CW\*(C`on\*(C'\fR. .IP "\fB\-uidcheck\fR " 4 .IX Item "-uidcheck " Controls whether tokens can be placed in a credential structure identified by a UID that differs from the local UID of the entity that is placing the tokens in the structure. .RS 4 .IP \(bu 4 If the value is on, the UID that identifies the credential structure must match the local UID. .Sp With respect to the \fBknfs\fR command, this value means that the value of \&\fB\-id\fR argument must match the issuer's local UID on the translator machine. In practice, this setting makes it pointless to include the \&\fB\-id\fR argument to the \fBknfs\fR command, because the only acceptable value (the issuer's local UID) is already used when the \fB\-id\fR argument is omitted. .Sp Enabling UID checking also makes it impossible to issue the \fBklog\fR and \&\fBpagsh\fR commands on a client machine of the non-AFS file system even though it is a system type supported by AFS. For an explanation, see \&\fBklog\fR\|(1). .IP \(bu 4 If the value is off (the default), tokens can be assigned to a local UID in the non-AFS file system that does not match the local UID of the entity assigning the tokens. .Sp With respect to the \fBknfs\fR command, it means that the issuer can use the \&\fB\-id\fR argument to assign tokens to a local UID on the NFS client machine that does not match his or her local UID on the translator machine. (An example is assigning tokens to the MFS client machine's local superuser \&\f(CW\*(C`root\*(C'\fR.) This setting allows more than one issuer of the \fBknfs\fR command to make tokens available to the same user on the NFS client machine. Each time a different user issues the \fBknfs\fR command with the same value for the \fB\-id\fR argument, that user's tokens overwrite the existing ones. This can result in unpredictable access for the user on the NFS client machine. .RE .RS 4 .RE .IP "\fB\-submounts\fR " 4 .IX Item "-submounts " Controls whether a user of the non-AFS filesystem can mount any directory in the AFS filespace other than the top-level \fI/afs\fR directory. If the value is \f(CW\*(C`on\*(C'\fR, such submounts are allowed. If the value is \f(CW\*(C`off\*(C'\fR, only mounts of the \fI/afs\fR directory are allowed. If this argument is omitted, the default value is \f(CW\*(C`off\*(C'\fR. .IP "\fB\-clipags\fR " 4 .IX Item "-clipags " Turning on this option enables support for "client-assigned PAGs". With client-assigned PAGs, an NFS client can manage its own AFS pags, and inform the NFS translator machine what PAG we are using, instead of the NFS translator machine keeping track of PAGs. An NFS client machine can do this if it has the "afspag" kernel module loaded, which tracks PAGs but otherwise does not implement AFS functionality, and forwards all requests to the NFS translator machine. .Sp You should only turn on this option if you are making use of client-assigned PAGs, and you trust the NFS client machines making use of the translator. This option is off by default. .IP "\fB\-pagcb\fR " 4 .IX Item "-pagcb " Turning on this option means that the NFS translator machine will contact new NFS clients in order to obtain their credentials and sysnames. This option can be useful so that client credentials are not lost if the translator machine is rebooted, or if an NFS client is "moved" to using a different translator. This functionality will only work with NFS clients that are also running the "afspag" kernel module. .Sp Using this option with NFS clients not running with the "afspag" kernel module would cause long timeouts when the translator machine attempts to contact the client to obtain its credentials and sysname list. This option is off by default. .IP \fB\-help\fR 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH OUTPUT .IX Header "OUTPUT" If the machine is not even configured as a server of the non-AFS file system, the following message appears: .PP .Vb 2 \& Sorry, the \-exporter type is currently not supported on \& this AFS client .Ve .PP If the machine is configured as a server of the non-AFS file system but is not currently enabled to reexport AFS to it (because the \fB\-start\fR argument to this command is not set to \f(CW\*(C`on\*(C'\fR), the message is as follows: .PP .Vb 1 \& \*(Aq\*(Aq translator is disabled .Ve .PP If the machine is enabled to reexport AFS, the following message precedes messages that report the settings of the other parameters. .PP .Vb 1 \& \*(Aq\*(Aq translator is enabled with the following options: .Ve .PP The following messages indicate that the \fB\-convert\fR argument is set to \&\f(CW\*(C`on\*(C'\fR or \f(CW\*(C`off\*(C'\fR respectively: .PP .Vb 2 \& Running in convert owner mode bits to world/other mode \& Running in strict unix mode .Ve .PP The following messages indicate that the \fB\-uidcheck\fR argument is set to \&\f(CW\*(C`on\*(C'\fR or \f(CW\*(C`off\*(C'\fR respectively: .PP .Vb 2 \& Running in strict \*(Aqpasswd sync\*(Aq mode \& Running in no \*(Aqpasswd sync\*(Aq mode .Ve .PP The following messages indicate that the \fB\-submounts\fR argument is set to \&\f(CW\*(C`on\*(C'\fR or \f(CW\*(C`off\*(C'\fR respectively: .PP .Vb 2 \& Allow mounts of /afs/.. subdirs \& Only mounts to /afs allowed .Ve .SH EXAMPLES .IX Header "EXAMPLES" The following example shows that the local machine can export AFS to NFS client machines. .PP .Vb 5 \& % fs exportafs nfs \& \*(Aqnfs\*(Aq translator is enabled with the following options: \& Running in convert owner mode bits to world/other mode \& Running in no \*(Aqpasswd sync\*(Aq mode \& Only mounts to /afs allowed .Ve .PP The following example enables the machine as an NFS server and converts the UNIX group and other mode bits on exported AFS directories and files to match the UNIX owner mode bits. .PP .Vb 1 \& % fs exportafs \-type nfs \-start on \-convert on .Ve .PP The following example disables the machine from reexporting AFS to NFS client machines: .PP .Vb 1 \& % fs exportafs \-type nfs \-start off .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The issuer must be logged in as the local superuser root. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBklog\fR\|(1), \&\fBknfs\fR\|(1) .SH COPYRIGHT .IX Header "COPYRIGHT" IBM Corporation 2000. All Rights Reserved. .PP This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.