Qualifier | Description |
---|---|
read_write, readwrite, rw | Grants read/write access. This is the default setting. |
read_only, readonly, ro | Grants read-only access. |
root_squash, rootsquash | Maps user and group IDs of 0 (zero) to the anonymous user or group. This is the default setting. |
no_root_squash, norootsquash | Turns off root squashing. |
all_squash, allsquash | Maps all user IDs and group IDs to the anonymous user or group. |
no_all_squash, noallsquash | Turns off all squashing. This is the default setting. |
secure | Requires requests to originate from an IP port less than 1024. Access to such ports is normally restricted to administrators of the client machine. To turn it off, use the insecure option. |
insecure | Turns off the secure option. This is the default setting. |
anon_uid, anonuid | Explicitly sets an anonymous user ID. |
anon_gid, anongid | Explicitly sets an anonymous group ID. |
noaccess, no_access | Denies the specified clients access to the export. |
(sec=<mode>) | Allows you to specify the flavor of NFS security, where <mode> is a colon delimited list of allowed security flavors (sys:krb5:krb5i:krb5p). |
- 10.1.2.38(ro)
Grants read-only access to the client whose IP address is 10.1.2.38.
- 10.1.2.0/24(ro)
Grants read-only access to all clients whose IP address is within the range 10.1.2.0 to 10.1.2.255.
- yourcompanydept(ro)
Grants read-only access to all members of the NIS group yourcompanydept.
- *.mycompany.com(ro, anonuid=20)
Grants read-only access to all clients whose computer name ends.mycompany.com. All squashed requests are to be treated as if they originated from user ID 20.
- 10.1.*.* (readonly, allsquash, anonuid=10, anongid=10)
Grants read-only access to all the matching clients. All requests are squashed to the anonymous user, which is explicitly set as user ID 10 and group ID 10.
- The order in which the
entries are specified is important. Take the following two lines:
*(ro)
10.1.2.38(rw)
The first grants read-only access to all clients, whereas the second grants read/write access to the specified client. The second line is redundant, however, as the first line matches all clients. These lines must be transposed to grant write access to 10.1.2.38.
- 10.1.1.*(sec=sys),10.1.2.*(sec=krb5:krb5i:krb5p),*(sec=krb5p)
- Clients in the 10.1.1.* subnet use sys authentication.
- Clients in the 10.1.2.* subnet to use krb5, krb5i, or krb5p.
- All other clients use krb5p.
Note: To improve performance, when specifying clients that can access an export, it is recommended that you specify IP addresses or IP address ranges, including those that include wildcards, before specifying host names or NIS netgroups.