auto.master - Master Map for automounter
The auto.master map is consulted to set up automount managed mount
points when the autofs(8) script is invoked or the automount(8) program
is run. Each line describes a mount point and refers to an autofs map
describing file systems to be mounted under the mount point.
The default location of the master map is /etc/auto.master but an
alternate name may be given on the command line when running the
automounter and the default master map may changed by setting the
MASTER_MAP_NAME configuration variable in /etc/default/autofs. If the
master map name has no path then the system Name Service Switch
configuration will be consulted and each of the sources searched in
line with the rules given in the Name Service Switch configuration.
Access to mounts in maps is governed by a key.
For direct maps the mount point is always specified as:
and the key used within the direct map is the full path to the mount
For indirect maps access is by using the path scheme:
where mount-point is one of the entries listed in the master map. The
key is a single directory component and is matched against entries in
the map given in the entry (See autofs(5)).
Additionally, a map may be included from its source as if it were
itself present in the master map by including a line of the form:
+ [maptype,format:]map[options] and automount(8) will process the map
according to the specification described below for map entries.
Master map entries have three fields separated by an arbitrary number
of spaces or tabs. Lines beginning with # are comments. The first field
is the mount point described above and the second field is the name of
the map to be consulted for the mount point followed by the third field
which contains options to be applied to all entries in the map.
The format of a master map entry is:
mount-point [map-type[,format]:]map [options]
Base location for the autofs filesystem to be mounted. For
indirect maps this directory will be created (as with mkdir -p)
and is removed when the autofs filesystem is umounted.
Type of map used for this mount point. The following are valid
file The map is a regular text file.
The map is an executable program, which is passed a key
on the command line and returns an entry (everything
besides the key) on stdout if successful.
yp The map is a NIS (YP) database.
The map is a NIS+ database.
hesiod The map is a hesiod database whose filsys entries are
used for maps.
ldap or ldaps
The map is stored in an LDAP directory. If ldaps is used
the appropriate certificate must be configured in the
multi This map type allows the specification of multiple maps
separated by "--". These maps are searched in order to
resolve key lookups.
format Format of the map data; currently the only formats recognized
are sun, which is a subset of the Sun automounter map format,
and hesiod, for hesiod filesys entries. If the format is left
unspecified, it defaults to sun for all map types except hesiod.
map Name of the map to use. This is an absolute UNIX pathname for
maps of types file or program, and the name of a database in the
case for maps of type yp, nisplus, or hesiod or the dn of an
LDAP entry for maps of type ldap.
Any remaining command line arguments without leading dashes (-)
are taken as options (-o) to mount. Arguments with leading
dashes are considered options for the maps.
The sun format supports the following options:
Replace variable with value in map substitutions.
Treat errors when mounting file systems as fatal. This is
important when multiple file systems should be mounted
(‘multimounts’). If this option is given, no file system
is mounted at all if at least one file system can’t be
This is an autofs specific option that is a pseudo mount
option and so is given without a leading dash.
Historically this option was used to prevent symlinking
of local NFS mounts. Nowadays it can be used to prevent
bind mounting of local NFS filesystems as well. If you
need to prevent bind mounting for only specific entrys in
a map then this can be done by adding the "port=" mount
option to the given entries.
Enables the use of ramdom selection when choosing a host
from a list of replicated servers. This option is applied
to this mount only, overriding the global setting that
may be specified on the command line.
-n, --negative-timeout <seconds>
Set the timeout for caching failed key lookups. This
option can be used to override the global default given
either on the command line or in the configuration.
GENERAL SYSTEM DEFAULTS CONFIGURATION
The default value of several general settings may be changed in the
configuration file /etc/default/autofs. They are:
sets the default mount timeout (program default 600).
Set the default timeout for caching failed key lookups (program
default 60). If the equivalent command line option is given it
will override this setting.
Set the default time to wait for a response from a spawned
mount(8) before sending it a SIGTERM. Note that we still need to
wait for the RPC layer to timeout before the sub-process exits
so this isn’t ideal but it is the best we can do. The default is
to wait until mount(8) returns without intervention.
Set the default time to wait for a response from a spawned
umount(8) before sending it a SIGTERM. Note that we still need
to wait for the RPC layer to timeout before the sub-process
exits so this isn’t ideal but it is the best we can do.
Maps are browsable by default (program default "yes").
Specify the default protocol used by mount.nfs(8) (program
default 3). Since we can’t identify this default automatically
we need to set it in the autofs configuration. This option will
only make a difference for replicated map entries as
availability probing isn’t used for single host map entries.
Determine whether global options, given on the command line or
per mount in the master map, are appended to map entry options
or if the map entry options replace the global options (program
default "yes", append options).
set default log level "none", "verbose" or "debug" (program
BUILTIN MAP -hosts
If "-hosts" is given as the map then accessing a key under the mount
point which corresponds to a hostname will allow access to the exports
of that host.
For example, with an entry in the master map of /net -hosts accessing
/net/myserver will mount exports from myserver on directories below
NOTE: mounts done from a hosts map will be mounted with the
"nosuid,nodev,intr" options unless overridden by explicily specifying
the "suid", "dev" or "nointr" options in the master map entry.
If the map type ldap is specified the mapname is of the form
[//servername/]dn, where the optional servername is the name of the
LDAP server to query, and dn is the Distinguished Name of a subtree to
search for map entries. The old style ldap:servername:mapname is also
understood. Alternatively, the type can be obtained from the Name
Service Switch configuration, in which case the map name alone must be
If no schema is set in the autofs configuration then autofs will check
each of the commonly used schema for a valid entry and if one is found
it will used for subsequent lookups.
There are three common schemas in use:
nisMap Entries in the nisMap schema are nisObject objects in the
specified subtree, where the cn attribute is the key (the
wildcard key is "/"), and the nisMapEntry attribute contains the
information used by the automounter.
The automountMap schema has two variations that differ in the
attribute used for the map key. Entries in the automountMap
schema are automount objects in the specified subtree, where the
cn or automountKey attribute (depending on local usage) is the
key (the wildcard key is "/"), and the automountInformation
attribute contains the information used by the automounter. Note
that the cn attribute is case insensitive.
The object classes and attributes used for accessing automount maps in
LDAP can be changed by setting entries in the autofs configuration
located in /etc/default/autofs.
NOTE: If a schema is given in the configuration then all the schema
configuration values must be set, any partial schema
specification will be ignored.
The configuration settings available are:
Set the network response timeout (default 8). Set timeout value
for the synchronous API calls. The default is the LDAP library
default of an infinite timeout.
Set the network response timeout (default 8).
A space seperated list of server uris of the form
<proto>://<server>[/] where <proto> can be ldap or ldaps. The
option can be given multiple times. Map entries that include a
server name override this option and it is then not used.
Default is an empty list in which case either the server given
in a map entry or the LDAP configured default is used. This uri
list is read at startup and whenever the daemon receives a HUP
This configuration option can also be used to request autofs lookup SRV
RRs for a domain of the form <proto>:///[<domain dn>]. Note that a
trailing "/" is not allowed when using this form. If the domain dn is
not specified the dns domain name (if any) is used to construct the
domain dn for the SRV RR lookup. The server list returned from an SRV
RR lookup is refreshed according to the minimum ttl found in the SRV RR
records or after one hour, whichever is less.
The base dn to use when searching for amap base dn. This entry
may be given multiple times and each will be checked for a map
base dn in the order they occur in the configuration. The search
base list is read at startup and whenever the daemon recieves a
The map object class. In the nisMap schema this corresponds to
the class nisMap and in the automountMap schema it corresponds
to the class automountMap.
The map entry object class. In the nisMap schema this
corresponds to the class nisObject and in the automountMap
schema it corresponds to the class automount.
The attribute used to identify the name of the map to which this
entry belongs. In the nisMap schema this corresponds to the
attribute nisMapName and in the automountMap schema it
corresponds to the attribute ou or automountMapName.
The attribute used to identify a map key. In the nisMap schema
this corresponds to the attribute cn and in the automountMap
schema it corresponds to the attribute automountKey.
The attribute used to identify the value of the map entry. In
the nisMap schema this corresponds to the attribute nisMapEntry
and in the automountMap schema it corresponds to the attribute
NOTE: It is essential that entries use class and attribute in a
consistent manner for correct operation of autofs. For example
mixing cn and automountKey attributes in automount schema map
entries won’t work as expected.
LDAP AUTHENTICATION, ENCRYPTED AND CERTIFIED CONNECTIONS
LDAP authenticated binds, TLS encrypted connections and certification
may be used by setting appropriate values in the autofs authentication
configuration file and configuring the LDAP client with appropriate
settings. The default location of this file is
/etc/autofs_ldap_auth.conf. If this file exists it will be used to
establish whether TLS or authentication should be used.
An example of this file is:
<?xml version="1.0" ?>
If TLS encryption is to be used the location of the Certificate
Authority certificate must be set within the LDAP client configuration
in order to validate the server certificate. If, in addition, a
certified connection is to be used then the client certificate and
private key file locations must also be configured within the LDAP
In OpenLDAP these may be configured in the ldap.conf file or in the
per-user configuration. For example it may be sensible to use the
system wide configuration for the location of the Certificate Authority
certificate and set the location of the client certificate and private
key in the per-user configuration. The location of these files and the
configuration entry requirements is system dependent so the
documentation for your installation will need to be consulted to get
See autofs_ldap_auth.conf(5) for more information.
This will generate two mountpoints for /home and /mnt and install
direct mount triggers for each entry in the direct mount map auto.data.
All accesses to /home will lead to the consultation of the map in
/etc/auto.home and all accesses to /mnt will consult the NIS map
mnt.map. All accesses to paths in the map auto.data will trigger
mounts when they are accessed and the Name Service Switch configuration
will be used to locate the source of the map auto.data.
automount(8), autofs(5), autofs(8). autofs_ldap_auth.conf(5)
This manual page was written by Christoph Lameter <firstname.lastname@example.org>,
for the Dean GNU/Linux system. Edited by <email@example.com> and Ian
Kent <firstname.lastname@example.org> .
11 Apr 2006