Man pages sections > man5 > mfsexports

mfsexports.cfg - LizardFS access control for mfsmounts

MFSEXPORTS.CFG(5)   MFSEXPORTS.CFG(5)

NAME

mfsexports.cfg - LizardFS access control for mfsmounts

DESCRIPTION

The file mfsexports.cfg contains LizardFS access list for mfsmount clients.

SYNTAX

Syntax is:
 
ADDRESS DIRECTORY [OPTIONS]
 
Lines starting with # character are ignored.
 
ADDRESS can be specified in several forms:
 
* all addresses
 
n.n.n.n single IP address
 
n.n.n.n/b IP class specified by network address and bits number
 
n.n.n.n/m.m.m.m IP class specified by network address and mask
 
f.f.f.f-t.t.t.t IP range specified by from-to addresses (inclusive)
 
DIRECTORY could be / or path relative to LizardFS root; special value . means MFSMETA companion filesystem.

OPTIONS

ro, readonly
export tree in read-only mode (default)
rw, readwrite
export tree in read-write mode
ignoregid
disable testing of group access at mfsmaster level (it’s still done at mfsmount level) - in this case "group" and "other" permissions are logically added; needed for supplementary groups to work ( mfsmaster receives only user primary group information)
dynamicip
allows reconnecting of already authenticated client from any IP address (the default is to check IP address on reconnect)
maproot=USER[:GROUP]
maps root (uid=0) accesses to given user and group (similarly to maproot option in NFS mounts); USER and GROUP can be given either as name or number; if no group is specified, USER's primary group is used. Names are resolved on mfsmaster side (see note below).
mapall=USER[:GROUP]
like above but maps all non privileged users (uid!=0) accesses to given user and group (see notes below).
minversion=VER
rejects access from clients older than specified
mingoal=N, maxgoal=N
specify range in which goal can be set by users
mintrashtime=TDUR, maxtrashtime=TDUR
specify range in which trashtime can be set by users
password=PASS, md5pass=MD5
requires password authentication in order to access specified resource
alldirs
allows to mount any subdirectory of specified directory (similarly to NFS)
nonrootmeta
allows non-root users to use filesystem mounted in the meta mode (option available only in this mode)
 
Default options are: ro,maproot=999:999.

NOTES

USER and GROUP names (if not specified by explicit uid/gid number) are resolved on mfsmaster host.
 
TDUR can be specified as number without time unit (number of seconds) or combination of numbers with time units. Time units are: W,D,H, M,S. Order is important - less significant time units can’t be defined before more significant time units.
 
Option mapall works in LizardFS in different way than in NFS, because of using FUSE’s "default_permissions" option. When mapall option is used, users see all objects with uid equal to mapped uid as their own and all other as root’s objects. Similarly objects with gid equal to mapped gid are seen as objects with current user’s primary group and all other objects as objects with group 0 (usually wheel). With mapall option set attribute cache in kernel is always turned off.

EXAMPLES

* / ro
 
192.168.1.0/24 / rw
 
192.168.1.0/24 / rw,alldirs,maproot=0,password=passcode
 
10.0.0.0-10.0.0.5 /test rw,maproot=nobody,password=test
 
10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000
 
10.2.0.0/16 / rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w
Copyright 2008-2009 Gemius SA, 2013-2015 Skytechnology sp. z o.o.
 
LizardFS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3.
 
LizardFS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License along with LizardFS. If not, see http://www.gnu.org/licenses/.

SEE ALSO

mfsmaster(8), mfsmaster.cfg(5)
09/10/2017