mfsexports.cfg - LizardFS access control for mfsmounts
The file mfsexports.cfg
contains LizardFS access list for mfsmount
Lines starting with #
character are ignored.
can be specified in several forms:
•* all addresses
•n.n.n.n single IP address
•n.n.n.n/b IP class specified by
network address and bits number
•n.n.n.n/m.m.m.m IP class
specified by network address and mask
•f.f.f.f-t.t.t.t IP range
specified by from-to addresses (inclusive)
could be /
or path relative to LizardFS root; special
means MFSMETA companion filesystem.
export tree in read-only mode (default)
export tree in read-write mode
disable testing of group access at
mfsmaster level (it’s still done at mfsmount level) - in
this case "group" and "other" permissions are logically
added; needed for supplementary groups to work ( mfsmaster receives
only user primary group information)
allows reconnecting of already authenticated
client from any IP address (the default is to check IP address on
maps root (uid=0) accesses to given user and
group (similarly to maproot option in NFS mounts); USER and
GROUP can be given either as name or number; if no group is specified,
USER's primary group is used. Names are resolved on mfsmaster
side (see note below).
like above but maps all non privileged users
(uid!=0) accesses to given user and group (see notes below).
rejects access from clients older than
specify range in which goal can be set by
specify range in which trashtime can be set by
requires password authentication in order to
access specified resource
allows to mount any subdirectory of specified
directory (similarly to NFS)
allows non-root users to use filesystem
mounted in the meta mode (option available only in this mode)
Default options are: ro,maproot=999:999
names (if not specified by explicit uid/gid number)
are resolved on mfsmaster
TDUR can be specified as number without time unit (number of seconds) or
combination of numbers with time units. Time units are:
. Order is important - less
significant time units can’t be defined before more significant time
works in LizardFS in different way than in NFS, because of
using FUSE’s "default_permissions" option. When mapall option
is used, users see all objects with uid equal to mapped uid as their own and
all other as root’s objects. Similarly objects with gid equal to mapped
gid are seen as objects with current user’s primary group and all other
objects as objects with group 0 (usually wheel). With mapall
attribute cache in kernel is always turned off.
•* / ro
•192.168.1.0/24 / rw
Copyright 2008-2009 Gemius SA, 2013-2015 Skytechnology sp. z o.o.
LizardFS is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, version 3.
LizardFS is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
LizardFS. If not, see http://www.gnu.org/licenses/.