CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Fri Mar 29 22:50:27 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): mark up the list of groups to --maproot &c as optional To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Fri Mar 29 22:50:27 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): mark up the list of groups to --maproot &c as optional To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.38 src/usr.sbin/mountd/exports.5:1.39 --- src/usr.sbin/mountd/exports.5:1.38 Fri Mar 29 14:15:02 2024 +++ src/usr.sbin/mountd/exports.5 Fri Mar 29 22:50:27 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.38 2024/03/29 14:15:02 riastradh Exp $ +.\" $NetBSD: exports.5,v 1.39 2024/03/29 22:50:27 uwe Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -155,7 +155,7 @@ on the local machine .Pc . The user may be specified by name or number. .Sm off -.It Fl maproot Li = Ar user\^ Li \&: Ar group1\^ Li \&: group2\^ Li \&: Ar ... +.It Fl maproot Li = Ar user\^ Li \&: Op Ar group1\^ Li \&: group2\^ Li \&: Ar ... .Sm on The colon separated list is used to specify the precise credential to be used for remote access by root. @@ -167,13 +167,13 @@ should be used to distinguish a credenti complete credential for that user. .Sm off .It Fl mapall Li = Ar user -.It Fl mapall Li = Ar user\^ Li \&: Ar group1\^ Li \&: Ar group2\^ Li \&: Ar ... +.It Fl mapall Li = Ar user\^ Li \&: Op Ar group1\^ Li \&: Ar group2\^ Li \&: Ar ... .Sm on Mapping for all client uids (including root) using the same semantics as .Fl maproot . .It Fl r Ar user -.It Fl r Ar user\^ Ns Li \&: Ns Ar group1\^ Ns Li \&: Ns Ar group2\^ Ns Li \&: Ns Ar ... +.It Fl r Ar user\^ Ns Li \&: Ns Op Ar group1\^ Ns Li \&: Ns Ar group2\^ Ns Li \&: Ns Ar ... Synonym for .Fl maproot , for compatibility with older export file formats.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Fri Mar 29 14:15:02 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): Tiny punctuation fix in man page. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.37 src/usr.sbin/mountd/exports.5:1.38 --- src/usr.sbin/mountd/exports.5:1.37 Fri Mar 29 00:23:05 2024 +++ src/usr.sbin/mountd/exports.5 Fri Mar 29 14:15:02 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.37 2024/03/29 00:23:05 snj Exp $ +.\" $NetBSD: exports.5,v 1.38 2024/03/29 14:15:02 riastradh Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -408,7 +408,7 @@ directory within .Pa /u2 and mapping all uids to credentials for the principal that is authenticated by a Kerberos ticket. -.Pq Sy Kerberos not implemented . +.Pq Sy Kerberos not implemented. .It Pa /a is exported to the network .Ql 192.168.0.0 ,
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Fri Mar 29 14:15:02 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): Tiny punctuation fix in man page. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: snj Date: Fri Mar 29 00:23:06 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: pick some nits To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.36 src/usr.sbin/mountd/exports.5:1.37 --- src/usr.sbin/mountd/exports.5:1.36 Wed Mar 27 13:11:14 2024 +++ src/usr.sbin/mountd/exports.5 Fri Mar 29 00:23:05 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.36 2024/03/27 13:11:14 uwe Exp $ +.\" $NetBSD: exports.5,v 1.37 2024/03/29 00:23:05 snj Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -70,7 +70,7 @@ or Warning: Exporting a directory exposes the .Em entire -content of the filesystem that the directory lives in to +contents of the filesystem that the directory lives in to .Tn NFS clients. .Ef @@ -312,7 +312,7 @@ A, B or C; see .Xr inet 4 .Pc . .Pp -Scoped IPv6 address must carry scope identifier as documented in +Scoped IPv6 address must carry a scope identifier as documented in .Xr inet6 4 . For example, .Ql fe80::%ne2/10 @@ -338,11 +338,11 @@ The default remote mount-point file. .Pp If you have modified the .Pa /etc/exports -file, send the mountd a +file, send the mountd process a .Dv SIGHUP to make it re-read it: .Pp -.Dl "kill -HUP $(cat /var/run/mountd.pid)" . +.Dl "kill -HUP $(cat /var/run/mountd.pid)" .Sh EXAMPLES .Bd -literal -offset indent /usr /usr/local -maproot=0:10 friends
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: snj Date: Fri Mar 29 00:23:06 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: pick some nits To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Wed Mar 27 13:11:14 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): improve mark up To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Wed Mar 27 13:11:14 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): improve mark up To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.35 src/usr.sbin/mountd/exports.5:1.36 --- src/usr.sbin/mountd/exports.5:1.35 Wed Mar 27 01:43:26 2024 +++ src/usr.sbin/mountd/exports.5 Wed Mar 27 13:11:14 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.35 2024/03/27 01:43:26 riastradh Exp $ +.\" $NetBSD: exports.5,v 1.36 2024/03/27 13:11:14 uwe Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)exports.5 8.3 (Berkeley) 3/29/95 .\" -.Dd October 8, 2006 +.Dd March 27, 2024 .Dt EXPORTS 5 .Os .Sh NAME @@ -55,16 +55,16 @@ Each entry in is a line with a list of directories followed by a list of hosts, netgroups, and options, separated by spaces or tabs: .Pp -.Dl Pf / Va dir "..." Oo Va host | Va netgroup | Fl Va option Oc "..." +.D1 Li / Ns Ar dir Li ... Oo Ar host | Ar netgroup | Fl Ar option Oc Li ... .Pp All directories in a single line must live in the same filesystem, which is exported to the hosts and netgroups listed, according to the options specified. Exported directories must not have pathname components that are symbolic links, -.Ql "." , +.Ql \&. , or -.Ql ".." . +.Ql \&.. . .Pp .Bf -symbolic Warning: @@ -110,8 +110,9 @@ must come before any hosts, netgroups, o Options begin with .Ql - . All other items on an export line are interpreted either as netgroups -(see -.Xr netgroup 5 ) +.Po see +.Xr netgroup 5 +.Pc or as hosts, which can be either names, as in example.com, or numbers, as in 192.0.2.123 or 2001:db8:1234:abcd::42. Sets of hosts in a contiguous network range can be specified with the @@ -129,7 +130,7 @@ options are exported to hosts on the network, with no access control. .Pp Supported export options: -.Bl -tag -width ".Fl noresvport" +.Bl -tag -width Fl .It Fl alldirs Allow mount requests from clients at any point within the filesystem, including regular files. @@ -144,39 +145,40 @@ A client can still access the whole filesystem via individual RPCs if it wanted to, even if just one subdirectory has been mounted. .Sm off -.It Fl maproot No = Ar user +.It Fl maproot Li = Ar user .Sm on The credential of the specified user is used for remote access by root. The credential includes all the groups to which the user is a member -on the local machine (see -.Xr id 1 ) . +on the local machine +.Po see +.Xr id 1 +.Pc . The user may be specified by name or number. .Sm off -.It Fl maproot No = Ar user : group1 : group2 : ... +.It Fl maproot Li = Ar user\^ Li \&: Ar group1\^ Li \&: group2\^ Li \&: Ar ... .Sm on The colon separated list is used to specify the precise credential to be used for remote access by root. The elements of the list may be either names or numbers. Note that -.Sm off -.Ql Ar user ":" -.Sm on +.Sq Ar user\^ Ns Li \&: +(with the trailing colon) should be used to distinguish a credential containing no groups from a complete credential for that user. .Sm off -.It Fl mapall No = Ar user -.It Fl mapall No = Ar user : group1 : group2 : ... +.It Fl mapall Li = Ar user +.It Fl mapall Li = Ar user\^ Li \&: Ar group1\^ Li \&: Ar group2\^ Li \&: Ar ... .Sm on Mapping for all client uids (including root) using the same semantics as .Fl maproot . .It Fl r Ar user -.It Fl r Ar user Ns : Ns Ar group1 Ns : Ns Ar group2 Ns : Ar ... +.It Fl r Ar user\^ Ns Li \&: Ns Ar group1\^ Ns Li \&: Ns Ar group2\^ Ns Li \&: Ns Ar ... Synonym for .Fl maproot , for compatibility with older export file formats. .Pp -Note: +.Em Note : Not a synonym for the read-only option .Fl ro . .El @@ -196,7 +198,7 @@ If a option is given, all users (including root) will be mapped to that credential in place of their own. -.Bl -tag -width ".Fl noresvport" +.Bl -tag -width Fl .It Fl kerb Specifies that the Kerberos authentication server should be used to authenticate and map client credentials. @@ -204,8 +206,11 @@ used to authenticate and map client cred .It Fl ro Export filesystem read-only. Clients will be forbidden to change or write to anything in the -filesystem (except for named pipes, sockets, and device nodes, where -write semantics is client-side anyway). +filesystem +.Po +except for named pipes, sockets, and device nodes, where +write semantics is client-side anyway +.Pc . .It Fl o Synonym for .Fl ro @@ -226,9 +231,7 @@ Using this option decreases the security (WebNFS) Enables WebNFS export, equivalent to combining .Fl public , -.Sm off -.Fl mapall No = Ar nobody , -.Sm on +.Fl mapall=nobody , and .Fl ro . .It Fl publ
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Wed Mar 27 01:43:26 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): Substantially rewrite for clarity. Hope this is an improvement over the turgid paragraphs all about first/second/third cases of everything. PR misc/58063 To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.34 src/usr.sbin/mountd/exports.5:1.35 --- src/usr.sbin/mountd/exports.5:1.34 Wed Mar 27 00:46:17 2024 +++ src/usr.sbin/mountd/exports.5 Wed Mar 27 01:43:26 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.34 2024/03/27 00:46:17 riastradh Exp $ +.\" $NetBSD: exports.5,v 1.35 2024/03/27 01:43:26 riastradh Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -39,116 +39,147 @@ mount requests .Sh DESCRIPTION The -.Nm exports +.Nm file on an .Tn NFS -server, used by -.Xr mountd 8 , -lists filesystems to be exported to +server lists filesystems to be exported to .Tn NFS clients. +It is read and applied by +.Xr mountd 8 +on start and on +.Dv SIGHUP . +.Pp +Each entry in +.Nm +is a line with a list of directories followed by a list of hosts, +netgroups, and options, separated by spaces or tabs: +.Pp +.Dl Pf / Va dir "..." Oo Va host | Va netgroup | Fl Va option Oc "..." +.Pp +All directories in a single line must live in the same filesystem, +which is exported to the hosts and netgroups listed, according to the +options specified. +Exported directories must not have pathname components that are +symbolic links, +.Ql "." , +or +.Ql ".." . .Pp +.Bf -symbolic +Warning: Exporting a directory exposes the .Em entire content of the filesystem that the directory lives in to .Tn NFS -clients, even it it isn't the root directory of a filesystem on the -server. -The list of exports is only what the server advertises to clients in -the mount protocol, not a restriction on what files or directories -within exported filesystems clients have access to with -.Tn NFS . -.Pp -Each line in the file -(other than comment lines that begin with a -.Sq # ) -specifies the mount point(s) and export flags within one local server -filesystem for one or more hosts. -A host may be specified only once for each local filesystem on the -server and there may be only one default entry for each server -filesystem that applies to all other hosts. -The latter exports the filesystem to the -.Dq world -and should -be used only when the filesystem contains public information. +clients. +.Ef +This happens even if an exported directory is not the root directory of +a filesystem on the server. +.Tn NFS +clients are only prevented from access to files and directories on +filesystems that are +.Em not +exported at all. .Pp -If you have modified the -.Pa /etc/exports -file, send the mountd a SIGHUP to make it re-read the -.Pa /etc/exports -file: -.Dq kill -HUP `cat /var/run/mountd.pid` . +.Bf -symbolic +Warning: +Access control is only by network address. +.Ef +.Tn NFS +servers with any non-public data should be exposed only to restricted +or firewalled networks with ingress filtering. +There is no authentication or encryption to make it safe for +restricting access on the open internet. +.Pp +Blank lines are ignored. +Text beginning with +.Ql # +until the end of line is ignored as a comment. +Each line ending with +.Ql \e +has the next line appended, without the +.Ql \e , +as a continuation line. +Characters can be escaped with +.Ql \e . +.Pp +All directories, which begin with +.Ql / , +must come before any hosts, netgroups, or options on a line. +Options begin with +.Ql - . +All other items on an export line are interpreted either as netgroups +(see +.Xr netgroup 5 ) +or as hosts, which can be either names, as in example.com, or numbers, +as in 192.0.2.123 or 2001:db8:1234:abcd::42. +Sets of hosts in a contiguous network range can be specified with the +.Fl network +option. .Pp -In a mount entry, -the first field(s) specify the directory path(s) within a server filesystem -that can be mounted on by the corresponding client(s). -There are two forms of this specification. -The first is to list all mount points as absolute -directory paths separated by whitespace. -The second is to specify the pathname of the root of the filesystem -followed by the -.Fl alldirs -flag; -this form allows the host(s) to mount at any point within the filesystem, +The same filesystem may be exported on multiple lines with different +options to different sets of hosts, as long as it is exported at most +once to each host, netgroup, or network. +.Pp +Export lines with no hosts, netgroups, or +.Fl network +options are exported to +.Em any +hosts on the network, with no access control. +
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Wed Mar 27 01:43:26 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): Substantially rewrite for clarity. Hope this is an improvement over the turgid paragraphs all about first/second/third cases of everything. PR misc/58063 To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Wed Mar 27 00:46:17 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): Revert warning about `-ro' on read/write file systems. Looks like the nfs server does enforce that after all, in spite of the rather oblique commentary in the BUGS section about export options being tied to local mount point options with which they must be noncontradictory. And there's no reason in principle it shouldn't enforce this -- it just need to block various file system _operations_, rather than the subtree issue where the criteria for evaluating whether operations are allowed on particular _file handles_ are too painful to contemplate. PR misc/58063 To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.33 src/usr.sbin/mountd/exports.5:1.34 --- src/usr.sbin/mountd/exports.5:1.33 Tue Mar 26 23:32:43 2024 +++ src/usr.sbin/mountd/exports.5 Wed Mar 27 00:46:17 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.33 2024/03/26 23:32:43 riastradh Exp $ +.\" $NetBSD: exports.5,v 1.34 2024/03/27 00:46:17 riastradh Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -174,33 +174,14 @@ This option is currently not implemented .Pp The .Fl ro -option should be specified for filesystems that are read-only (default -is to assume read/write). +option specifies that the filesystem should be exported read-only +(default read/write). The option .Fl o is a synonym for .Fl ro in an effort to be backward compatible with older export file formats. .Pp -.Bf -symbolic -Warning: -Exporting a read/write filesystem with -.Fl ro -.Em does not -prevent clients from writing to it. -.Ef -To prevent clients from writing to a filesystem, it must be mounted -read-only -.Em on the server -in the first place. -To export a read/write filesystem so clients can only read from it, not -write to it, you can mount a read-only nullfs from the filesystem with -.Xr mount_null 8 -using the -.Fl o Cm ro -option, and then export the read-only nullfs instead. -See also caveats about nullfs namespace below. -.Pp The .Fl noresvport option specifies that NFS RPC calls for the filesystem do not have to come @@ -424,7 +405,7 @@ systems. .Pp .Pp Filesystems that provide a namespace for a subtree of another -filesystem such as nullfs +filesystem such as nullfs .No ( Xr mount_null 8 ) and umapfs .No ( Xr mount_umap 8 )
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Wed Mar 27 00:46:17 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 Log Message: exports(5): Revert warning about `-ro' on read/write file systems. Looks like the nfs server does enforce that after all, in spite of the rather oblique commentary in the BUGS section about export options being tied to local mount point options with which they must be noncontradictory. And there's no reason in principle it shouldn't enforce this -- it just need to block various file system _operations_, rather than the subtree issue where the criteria for evaluating whether operations are allowed on particular _file handles_ are too painful to contemplate. PR misc/58063 To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/usr.sbin/mountd/exports.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Tue Mar 26 23:32:43 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 mountd.8 Log Message: exports(5), mountd(8): First pass at clarifying export semantics. The exports(5) man page is full of walls of turgid prose that should be itemized lists with syntax templates, and I'm itching to rewrite it, but let's get the security-relevant warnings out of the way first. PR misc/58063 To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/usr.sbin/mountd/exports.5 cvs rdiff -u -r1.42 -r1.43 src/usr.sbin/mountd/mountd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/exports.5 diff -u src/usr.sbin/mountd/exports.5:1.32 src/usr.sbin/mountd/exports.5:1.33 --- src/usr.sbin/mountd/exports.5:1.32 Thu Mar 28 22:54:25 2013 +++ src/usr.sbin/mountd/exports.5 Tue Mar 26 23:32:43 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: exports.5,v 1.32 2013/03/28 22:54:25 njoly Exp $ +.\" $NetBSD: exports.5,v 1.33 2024/03/26 23:32:43 riastradh Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -34,22 +34,30 @@ .Os .Sh NAME .Nm exports -.Nd define remote mount points for +.Nd exported filesystem mount points for .Tn NFS mount requests -.Sh SYNOPSIS -.Nm exports .Sh DESCRIPTION The .Nm exports -file specifies remote mount points for the +file on an .Tn NFS -mount protocol per the +server, used by +.Xr mountd 8 , +lists filesystems to be exported to .Tn NFS -server specification; see -.%T "Network File System Protocol Specification RFC 1094, Appendix A" -and -.%T "NFS: Network File System Version 3 Specification, Appendix I" . +clients. +.Pp +Exporting a directory exposes the +.Em entire +content of the filesystem that the directory lives in to +.Tn NFS +clients, even it it isn't the root directory of a filesystem on the +server. +The list of exports is only what the server advertises to clients in +the mount protocol, not a restriction on what files or directories +within exported filesystems clients have access to with +.Tn NFS . .Pp Each line in the file (other than comment lines that begin with a @@ -166,14 +174,33 @@ This option is currently not implemented .Pp The .Fl ro -option specifies that the filesystem should be exported read-only -(default read/write). +option should be specified for filesystems that are read-only (default +is to assume read/write). The option .Fl o is a synonym for .Fl ro in an effort to be backward compatible with older export file formats. .Pp +.Bf -symbolic +Warning: +Exporting a read/write filesystem with +.Fl ro +.Em does not +prevent clients from writing to it. +.Ef +To prevent clients from writing to a filesystem, it must be mounted +read-only +.Em on the server +in the first place. +To export a read/write filesystem so clients can only read from it, not +write to it, you can mount a read-only nullfs from the filesystem with +.Xr mount_null 8 +using the +.Fl o Cm ro +option, and then export the read-only nullfs instead. +See also caveats about nullfs namespace below. +.Pp The .Fl noresvport option specifies that NFS RPC calls for the filesystem do not have to come @@ -369,6 +396,23 @@ The default remote mount-point file. .Xr mountd 8 , .Xr nfsd 8 , .Xr showmount 8 +.Rs +.%T NFS: Network File System Protocol Specification +.%R RFC 1094 +.%I IETF Network Working Group +.%O Appendix A +.%U https://datatracker.ietf.org/doc/html/rfc1094#appendix-A.1 +.Re +.Rs +.%A B. Callaghan +.%A B. Pawlowski +.%A P. Staubach +.%T NFS Version 3 Protocol Specification +.%R RFC 1813 +.%I IETF Network Working Group +.%O Appendix I +.%U https://datatracker.ietf.org/doc/html/rfc1813#section-5.0 +.Re .Sh CAVEATS Don't re-export NFS-mounted filesystems unless you are sure of the implications. @@ -377,6 +421,21 @@ systems being exported, e.g. when timest Re-exporting should work to some extent and can even be useful in some cases, but don't expect it works as well as with local file systems. +.Pp +.Pp +Filesystems that provide a namespace for a subtree of another +filesystem such as nullfs +.No ( Xr mount_null 8 ) +and umapfs +.No ( Xr mount_umap 8 ) +.Em do not +restrict +.Tn NFS +clients to that namespace, so they cannot be used to securely limit +.Tn NFS +clients to a subtree of a filesystem. +If you want to export one subtree and prevent access to other subtrees, +the exported subtree must be on its own filesystem on the server. .Sh BUGS The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local Index: src/usr.sbin/mountd/mountd.8 diff -u src/usr.sbin/mountd/mountd.8:1.42 src/usr.sbin/mountd/mountd.8:1.43 --- src/usr.sbin/mountd/mountd.8:1.42 Wed Mar 15 20:39:12 2023 +++ src/usr.sbin/mountd/mountd.8 Tue Mar 26 23:32:43 2024 @@ -1,4 +1,4 @@ -.\" $NetB
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: riastradh Date: Tue Mar 26 23:32:43 UTC 2024 Modified Files: src/usr.sbin/mountd: exports.5 mountd.8 Log Message: exports(5), mountd(8): First pass at clarifying export semantics. The exports(5) man page is full of walls of turgid prose that should be itemized lists with syntax templates, and I'm itching to rewrite it, but let's get the security-relevant warnings out of the way first. PR misc/58063 To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/usr.sbin/mountd/exports.5 cvs rdiff -u -r1.42 -r1.43 src/usr.sbin/mountd/mountd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Wed Mar 15 20:39:12 UTC 2023 Modified Files: src/usr.sbin/mountd: mountd.8 Log Message: mountd(8): comma before "and" Not a serial comma, technically, as there are only two items, but it makes reading easier, IMHO. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 src/usr.sbin/mountd/mountd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/mountd.8 diff -u src/usr.sbin/mountd/mountd.8:1.41 src/usr.sbin/mountd/mountd.8:1.42 --- src/usr.sbin/mountd/mountd.8:1.41 Wed Mar 15 20:33:04 2023 +++ src/usr.sbin/mountd/mountd.8 Wed Mar 15 20:39:12 2023 @@ -1,4 +1,4 @@ -.\" $NetBSD: mountd.8,v 1.41 2023/03/15 20:33:04 uwe Exp $ +.\" $NetBSD: mountd.8,v 1.42 2023/03/15 20:39:12 uwe Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -53,7 +53,7 @@ listens for service requests at the port .Tn NFS server specification; see .%T "Network File System Protocol Specification" , -RFC 1094, Appendix A and +RFC 1094, Appendix A, and .%T "NFS: Network File System Version 3 Protocol Specification" , Appendix I. .Pp
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Wed Mar 15 20:39:12 UTC 2023 Modified Files: src/usr.sbin/mountd: mountd.8 Log Message: mountd(8): comma before "and" Not a serial comma, technically, as there are only two items, but it makes reading easier, IMHO. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 src/usr.sbin/mountd/mountd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Wed Mar 15 20:33:04 UTC 2023 Modified Files: src/usr.sbin/mountd: mountd.8 Log Message: mountd(8): fix minor markup nits While here, use $() instead of `` in the example. To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/usr.sbin/mountd/mountd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/usr.sbin/mountd/mountd.8 diff -u src/usr.sbin/mountd/mountd.8:1.40 src/usr.sbin/mountd/mountd.8:1.41 --- src/usr.sbin/mountd/mountd.8:1.40 Tue Feb 16 10:01:55 2021 +++ src/usr.sbin/mountd/mountd.8 Wed Mar 15 20:33:04 2023 @@ -1,4 +1,4 @@ -.\" $NetBSD: mountd.8,v 1.40 2021/02/16 10:01:55 wiz Exp $ +.\" $NetBSD: mountd.8,v 1.41 2023/03/15 20:33:04 uwe Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -59,7 +59,7 @@ Appendix I. .Pp Options and operands available for .Nm mountd : -.Bl -tag -width Ds +.Bl -tag -width Fl .It Fl d Enable debugging mode. .Nm @@ -68,7 +68,7 @@ debugging messages to stderr. .It Fl N Do not require privileged ports for mount or NFS RPC calls. This option is equivalent to specifying -.Dq -noresvport -noresvmnt +.Ql -noresvport -noresvmnt on every export. See .Xr exports 5 @@ -94,13 +94,15 @@ to bind to the given port. If this option is not given, .Nm may bind to every anonymous port -(in the range 600-1023) which causes trouble when trying to use +(in the range 600\^\(en1023) which causes trouble when trying to use NFS through a firewall. .It Ar exportsfile The .Ar exportsfile argument specifies an alternative location -for the exports file. +for the +.Xr exports 5 +file. Multiple exports files can be defined. .El .Pp @@ -115,19 +117,23 @@ After changing the exports file, a hangup signal should be sent to the .Nm daemon to get it to reload the export information. -After sending the SIGHUP -(kill \-s HUP `cat /var/run/mountd.pid`), +After sending the +.Dv SIGHUP +.Pp +.Dl kill \-s HUP $(cat /var/run/mountd.pid) +.Pp check the syslog output to see if .Nm logged any parsing errors in the exports file. .Pp -After receiving SIGTERM, +After receiving +.Dv SIGTERM , .Nm sends a broadcast request to remove the mount list from all the clients. This can take a long time, since the broadcast request waits for each client to respond. .Sh FILES -.Bl -tag -width /var/run/mountd.pid -compact +.Bl -tag -width ".Pa /var/run/mountd.pid" -compact .It Pa /etc/exports the list of exported filesystems .It Pa /var/run/mountd.pid
CVS commit: src/usr.sbin/mountd
Module Name:src Committed By: uwe Date: Wed Mar 15 20:33:04 UTC 2023 Modified Files: src/usr.sbin/mountd: mountd.8 Log Message: mountd(8): fix minor markup nits While here, use $() instead of `` in the example. To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/usr.sbin/mountd/mountd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
