jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 15:30:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
37cdc71132
openafs/doc/man-pages/pod1/fs_exportafs.pod
Andrew Deason 90398d0787 doc: fs manpage fixes 
- fs_whichcell: Fix formatting typo

 - fs_setcbaddr: Change -host to -addr

 - Add missing -help to fs_setcbaddr and fs_rxstatproc

 - fs_getfid: Add missing -literal to synopsis

 - fs_exportafs: List on/off options in single =item. Doing this in
   two separate consecutive =items confuses the manpage generator.

 - fs_exportafs: Add missing -clipags and -pagcb

Change-Id: I4e986543292f1000fc00456fde486d7da573c9c3
Reviewed-on: http://gerrit.openafs.org/10396
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
2013-11-04 04:09:26 -08:00

246 lines
8.7 KiB
Plaintext
Raw Blame History

=head1 NAME
fs_exportafs - Configures export of AFS to clients of other file systems
=head1 SYNOPSIS
=for html
<div class="synopsis">
B<fs exportafs> S<<< B<-type> <I<exporter name>> >>>
S<<< [B<-start> <I<start/stop translator (on | off)>>] >>>
S<<< [B<-convert> <I<convert from afs to unix mode (on | off)>>] >>>
S<<< [B<-uidcheck> <I<run on strict 'uid check' mode (on | off)>>] >>>
S<<< [B<-submounts> <I<allow nfs mounts to subdirs of /afs/.. (on | off)>>] >>>
S<<< [B<-clipags> <I<use client-assigned PAGs (on | off)>>] >>>
S<<< [B<-pagcb> <I<callback clients to get creds (on | off)>>] >>>
[B<-help>]
B<fs exp> S<<< B<-t> <I<exporter name>> >>>
S<<< [B<-st> <I<start/stop translator (on | off)>>] >>>
S<<< [B<-co> <I<convert from afs to unix mode (on | off)>>] >>>
S<<< [B<-u> <I<run on strict 'uid check' mode (on | off)>>] >>>
S<<< [B<-su> <I<allow nfs mounts to subdirs of /afs/.. (on | off)>>] >>>
S<<< [B<-cl> <I<use client-assigned PAGs (on | off)>>] >>>
S<<< [B<-p> <I<callback clients to get creds (on | off)>>] >>>
[B<-h>]
=for html
</div>
=head1 DESCRIPTION
The B<fs exportafs> command sets (if the B<-start> argument is provided)
or reports (if it is omitted) whether the machine can reexport the AFS
filespace to clients of a non-AFS file system. To control certain features
of the translation protocol, use the following arguments:
=over 4
=item *
To control whether the UNIX group and other mode bits on an AFS file or
directory are set to match the owner mode bits when it is exported to the
non-AFS file system, use the B<-convert> argument.
=item *
To control whether tokens can be placed in a credential structure
identified by a UID that differs from the local UID of the entity that is
placing the tokens in the structure, use the B<-uidcheck> argument. The
most common use is to control whether issuers of the B<knfs> command can
specify a value for its B<-id> argument that does not match their local
UID on the NFS/AFS translator machine.
=item *
To control whether users can create mounts in the non-AFS filespace to an
AFS directory other than F</afs>, use the B<-submounts> argument.
=back
=head1 OPTIONS
=over 4
=item B<-type> <I<exporter name>>
Names the alternate file system to which to reexport the AFS
filespace. The only acceptable value is C<nfs>, in lowercase letters only.
=item B<-start> <on | off>
Enables the local machine to reexport the AFS filespace if the value is
C<on>, or disables it if the value is C<off>. Omit this argument to report
the current setting for all of the configurable parameters.
=item B<-convert> <on | off>
Controls the setting of the UNIX group and other mode bits on AFS files
and directories exported to the non-AFS file system. If the value is
C<on>, they are set to match the B<owner> mode bits. If the value is
C<off>, the bits are not changed. If this argument is omitted, the default
value is C<on>.
=item B<-uidcheck> <on | off>
Controls whether tokens can be placed in a credential structure identified
by a UID that differs from the local UID of the entity that is placing the
tokens in the structure.
=over 4
=item *
If the value is on, the UID that identifies the credential structure must
match the local UID.
With respect to the B<knfs> command, this value means that the value of
B<-id> argument must match the issuer's local UID on the translator
machine. In practice, this setting makes it pointless to include the
B<-id> argument to the B<knfs> command, because the only acceptable value
(the issuer's local UID) is already used when the B<-id> argument is
omitted.
Enabling UID checking also makes it impossible to issue the B<klog> and
B<pagsh> commands on a client machine of the non-AFS file system even
though it is a system type supported by AFS. For an explanation, see
L<klog(1)>.
=item *
If the value is off (the default), tokens can be assigned to a local UID
in the non-AFS file system that does not match the local UID of the entity
assigning the tokens.
With respect to the B<knfs> command, it means that the issuer can use the
B<-id> argument to assign tokens to a local UID on the NFS client machine
that does not match his or her local UID on the translator machine. (An
example is assigning tokens to the MFS client machine's local superuser
C<root>.) This setting allows more than one issuer of the B<knfs> command
to make tokens available to the same user on the NFS client machine. Each
time a different user issues the B<knfs> command with the same value for
the B<-id> argument, that user's tokens overwrite the existing ones. This
can result in unpredictable access for the user on the NFS client machine.
=back
=item B<-submounts> <on | off>
Controls whether a user of the non-AFS filesystem can mount any directory
in the AFS filespace other than the top-level F</afs> directory. If the
value is C<on>, such submounts are allowed. If the value is C<off>, only
mounts of the F</afs> directory are allowed. If this argument is omitted,
the default value is C<off>.
=item B<-clipags> <on | off>
Turning on this option enables support for "client-assigned PAGs". With
client-assigned PAGs, an NFS client can manage its own AFS pags, and inform the
NFS translator machine what PAG we are using, instead of the NFS translator
machine keeping track of PAGs. An NFS client machine can do this if it has the
"afspag" kernel module loaded, which tracks PAGs but otherwise does not
implement AFS functionality, and forwards all requests to the NFS translator
machine.
You should only turn on this option if you are making use of client-assigned
PAGs, and you trust the NFS client machines making use of the translator. This
option is off by default.
=item B<-pagcb> <on | off>
Turning on this option means that the NFS translator machine will contact new
NFS clients in order to obtain their credentials and sysnames. This option can
be useful so that client credentials are not lost if the translator machine is
rebooted, or if an NFS client is "moved" to using a different translator. This
functionality will only work with NFS clients that are also running the
"afspag" kernel module.
Using this option with NFS clients not running with the "afspag" kernel module
would cause long timeouts when the translator machine attempts to contact the
client to obtain its credentials and sysname list. This option is off by
default.
=item B<-help>
Prints the online help for this command. All other valid options are
ignored.
=back
=head1 OUTPUT
If the machine is not even configured as a server of the non-AFS file
system, the following message appears:
Sorry, the <file_system>-exporter type is currently not supported on
this AFS client
If the machine is configured as a server of the non-AFS file system but is
not currently enabled to reexport AFS to it (because the B<-start>
argument to this command is not set to C<on>), the message is as follows:
'<file_system>' translator is disabled
If the machine is enabled to reexport AFS, the following message precedes
messages that report the settings of the other parameters.
'<file_system>' translator is enabled with the following options:
The following messages indicate that the B<-convert> argument is set to
C<on> or C<off> respectively:
Running in convert owner mode bits to world/other mode
Running in strict unix mode
The following messages indicate that the B<-uidcheck> argument is set to
C<on> or C<off> respectively:
Running in strict 'passwd sync' mode
Running in no 'passwd sync' mode
The following messages indicate that the B<-submounts> argument is set to
C<on> or C<off> respectively:
Allow mounts of /afs/.. subdirs
Only mounts to /afs allowed
=head1 EXAMPLES
The following example shows that the local machine can export AFS to NFS
client machines.
% fs exportafs nfs
'nfs' translator is enabled with the following options:
Running in convert owner mode bits to world/other mode
Running in no 'passwd sync' mode
Only mounts to /afs allowed
The following example enables the machine as an NFS server and converts
the UNIX group and other mode bits on exported AFS directories and files
to match the UNIX owner mode bits.
% fs exportafs -type nfs -start on -convert on
The following example disables the machine from reexporting AFS to NFS
client machines:
% fs exportafs -type nfs -start off
=head1 PRIVILEGE REQUIRED
The issuer must be logged in as the local superuser root.
=head1 SEE ALSO
L<klog(1)>,
L<knfs(1)>
=head1 COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Reference in New Issue View Git Blame Copy Permalink