Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
mfsexports.cfg(5)	    This is part of MooseFS	     mfsexports.cfg(5)

NAME
       mfsexports.cfg -	MooseFS	access control for mfsmounts

DESCRIPTION
       The  file  mfsexports.cfg  contains  MooseFS  access  list for mfsmount
       clients.

SYNTAX
       Syntax is:

       ADDRESS DIRECTORY [OPTIONS]

       Lines starting with # character are ignored as comments.

       ADDRESS can be specified	in several forms:

       *		   all addresses
       n.n.n.n		   single IP address
       n.n.n.n/b	   IP class specified by network address and number of significant bits
       n.n.n.n/m.m.m.m	   IP class specified by network address and mask
       f.f.f.f-t.t.t.t	   IP range specified by from-to addresses (inclusive)

       DIRECTORY can be	/ or path relative to MooseFS root;  special  value  .
       means MFSMETA companion filesystem.

       OPTIONS list:

       ro, readonly
	      export tree in read-only mode; this is default

       rw, readwrite
	      export tree in read-write	mode

       alldirs
	      allows  to  mount	any subdirectory of specified directory	(simi-
	      larly to NFS)

       dynamicip
	      allows reconnecting of already authenticated client from any  IP
	      address (the default is to check IP address on reconnect)

       ignoregid
	      disable  testing	of group access	at mfsmaster level (it's still
	      done at mfsmount level) -	in this	case "group" and "other"  per-
	      missions are logically added; needed for supplementary groups to
	      work (mfsmaster receives only user primary group information)

       admin  administrative  privileges  - currently: allow changing of quota
	      values and storage classes management

       maproot=USER[:GROUP]
	      maps root	(uid=0)	accesses to given user and group (similarly to
	      maproot option in	NFS mounts); USER and GROUP can	be  given  ei-
	      ther as name or number; if no group is specified,	USER's primary
	      group  is	 used.	Names are resolved on mfsmaster	side (see note
	      below).

       mapall=USER[:GROUP]
	      like above but maps all non privileged users  (uid!=0)  accesses
	      to given user and	group (see notes below).

       password=PASS, md5pass=MD5
	      requires	password  authentication  in order to access specified
	      resource

       minversion=VER
	      rejects access from clients older	than specified

       mingoal=N, maxgoal=N
	      specify range in which goal can be set by	users

       mintrashtime=TDUR, maxtrashtime=TDUR
	      specify range in which trashtime can be set by users

       disable=OPERATION[:OPERATION[:...]]
	      do not allow the client to perform certain operations

       Default	options	 are:  ro,  maproot=999:999,   mingoal=1,   maxgoal=9,
       mintrashtime=0, maxtrashtime=4294967295.

NOTES
       USER  and GROUP names (if not specified by explicit uid/gid number) are
       resolved	on mfsmaster host.

       TDUR can	be specified as	number without time unit (number  of  seconds)
       or  combination	of numbers with	time units. Time units are: W,D,H,M,S.
       Order is	important - less significant time units	can't be  defined  be-
       fore more significant time units.  Time units are case insensitive.

       Option  mapall  works  in MooseFS in different way than in NFS, because
       MooseFS is using	FUSE's "default_permissions" option. When  mapall  op-
       tion  is	 used,	users  see all objects with uid	equal to mapped	uid as
       their own and all other as root's objects. Similarly objects  with  gid
       equal  to  mapped  gid  are seen	as objects with	current	user's primary
       group and all other objects as objects with group  0  (usually  wheel).
       With mapall option set attribute	cache in kernel	is always turned off.

       Option  disable can take	many parameters	(operations to disable)	in two
       ways: as	a list separated by colons (:) or by repeating the option many
       times.  List of operations that can be disabled:
       chown	    - don't allow the client to	perform	the chown operation
       chmod	    - don't allow the client to	perform	the chmod operation
       symlink	    - don't allow the client to	create symbolic	links
       mkfifo	    - don't allow the client to	create FIFOs
       mkdev	    - don't allow the client to	create devices
       mksock	    - don't allow the client to	create sockets
       mkdir	    - don't allow the client to	create directories
       unlink	    - don't allow the client to	remove non directory objects (will also	deny move/rename operation if target inode already exists!)
       rmdir	    - don't allow the client to	remove directories (will also deny move/rename operation if target inode already exists!)
       rename	    - don't allow the client to	change inodes (files, directories) names
       move	    - don't allow the client to	move inodes (files, directories) to another path
       link	    - don't allow the client to	create hard links
       create	    - don't allow the client to	create new files
       readdir	    - don't allow the client to	list directories ('ls' command will not	work)
       read	    - don't allow the client to	read from files
       write	    - don't allow the client to	write to files
       truncate	    - don't allow the client to	shorten	the length of a	file with truncate command
       setlength    - don't allow the client to	increase the length of a file with truncate command
       appendchunks - don't allow the client to	add chunks from	one file to another (mfsappendchunks)
       snapshot	    - don't allow the client to	create snapshots
       settrash	    - don't allow the client to	change trash retention time
       setsclass    - don't allow the client to	set storage classes
       seteattr	    - don't allow the client to	set mfs	extra attributes
       setxattr	    - don't allow the client to	set XATTRs
       setfacl	    - don't allow the client to	set ACLs

EXAMPLES
       *		    /	    ro
       192.168.1.0/24	    /	    rw
       192.168.1.0/24	    /	    rw,alldirs,maproot=0,password=passcode
       10.0.0.0-10.0.0.5    /test   rw,maproot=nobody,password=test
       10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000
       10.2.0.0/16	    /	    rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w
       192.168.1.0/24	    /	    rw,disable=unlink:rmdir:truncate
       192.168.1.0/24	    /	    rw,disable=unlink,disable=rmdir,disable=truncate

REPORTING BUGS
       Report bugs to <bugs@moosefs.com>.

COPYRIGHT
       Copyright (C) 2023 Jakub	Kruszona-Zawadzki, Saglabs SA

       This file is part of MooseFS.

       MooseFS is free software; you can redistribute it and/or	modify it  un-
       der  the	 terms	of  the	GNU General Public License as published	by the
       Free Software Foundation, version 2 (only).

       MooseFS is distributed in the hope that it will be useful, but  WITHOUT
       ANY  WARRANTY;  without even the	implied	warranty of MERCHANTABILITY or
       FITNESS FOR A PARTICULAR	PURPOSE. See the GNU  General  Public  License
       for more	details.

       You should have received	a copy of the GNU General Public License along
       with  MooseFS;  if not, write to	the Free Software Foundation, Inc., 51
       Franklin	 St,  Fifth  Floor,  Boston,  MA  02111-1301,  USA  or	 visit
       http://www.gnu.org/licenses/gpl-2.0.html

SEE ALSO
       mfsmaster(8), mfsmaster.cfg(5)

MooseFS	3.0.117-1		 February 2023		     mfsexports.cfg(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mfsexports.cfg&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help