NAME
fs_exportafs - Configures export of AFS to clients of other file
systems
SYNOPSIS
fs exportafs -type <exporter name>
[-start <start/stop translator (on | off)>]
[-convert <convert from afs to unix mode (on | off)>]
[-uidcheck <run on strict uid check mode (on | off)>]
[-submounts <allow nfs mounts to subdirs of /afs/.. (on | off)>]
[-help]
fs exp -t <exporter name>
[-st <start/stop translator (on | off)>]
[-c <convert from afs to unix mode (on | off)>]
[-u <run on strict uid check mode (on | off)>]
[-su <allow nfs mounts to subdirs of /afs/.. (on | off)>]
[-h]
DESCRIPTION
The fs exportafs command sets (if the -start argument is provided) or
reports (if it is omitted) whether the machine can reexport the AFS
filespace to clients of a non-AFS file system. To control certain
features of the translation protocol, use the following arguments:
· To control whether the UNIX group and other mode bits on an AFS
file or directory are set to match the owner mode bits when it is
exported to the non-AFS file system, use the -convert argument.
· To control whether tokens can be placed in a credential structure
identified by a UID that differs from the local UID of the entity
that is placing the tokens in the structure, use the -uidcheck
argument. The most common use is to control whether issuers of the
knfs command can specify a value for its -id argument that does not
match their local UID on the NFS/AFS translator machine.
· To control whether users can create mounts in the non-AFS filespace
to an AFS directory other than /afs, use the -submounts argument.
OPTIONS
-type <exporter name>
Names the alternate file system to which to reexport the AFS
filespace. The only acceptable value is "nfs", in lowercase letters
only.
-start on =item -start off
Enables the local machine to reexport the AFS filespace if the
value is "on", or disables it if the value is "off". Omit this
argument to report the current setting for all of the configurable
parameters.
-convert on =item -convert off
Controls the setting of the UNIX group and other mode bits on AFS
files and directories exported to the non-AFS file system. If the
value is "on", they are set to match the owner mode bits. If the
value is "off", the bits are not changed. If this argument is
omitted, the default value is "on".
-uidcheck on =item -uidcheck off
Controls whether tokens can be placed in a credential structure
identified by a UID that differs from the local UID of the entity
that is placing the tokens in the structure.
· If the value is on, the UID that identifies the credential
structure must match the local UID.
With respect to the knfs command, this value means that the
value of -id argument must match the issuer’s local UID on the
translator machine. In practice, this setting makes it
pointless to include the -id argument to the knfs command,
because the only acceptable value (the issuer’s local UID) is
already used when the -id argument is omitted.
Enabling UID checking also makes it impossible to issue the
klog and pagsh commands on a client machine of the non-AFS file
system even though it is a system type supported by AFS. For an
explanation, see klog(1).
· If the value is off (the default), tokens can be assigned to a
local UID in the non-AFS file system that does not match the
local UID of the entity assigning the tokens.
With respect to the knfs command, it means that the issuer can
use the -id argument to assign tokens to a local UID on the NFS
client machine that does not match his or her local UID on the
translator machine. (An example is assigning tokens to the MFS
client machine’s local superuser "root".) This setting allows
more than one issuer of the knfs command to make tokens
available to the same user on the NFS client machine. Each time
a different user issues the knfs command with the same value
for the -id argument, that user’s tokens overwrite the existing
ones. This can result in unpredictable access for the user on
the NFS client machine.
-submounts on =item -submounts off
Controls whether a user of the non-AFS filesystem can mount any
directory in the AFS filespace other than the top-level /afs
directory. If the value is "on", such submounts are allowed. If the
value is "off", only mounts of the /afs directory are allowed. If
this argument is omitted, the default value is "off".
-help
Prints the online help for this command. All other valid options
are ignored.
OUTPUT
If the machine is not even configured as a server of the non-AFS file
system, the following message appears:
Sorry, the <file_system>-exporter type is currently not supported on
this AFS client
If the machine is configured as a server of the non-AFS file system but
is not currently enabled to reexport AFS to it (because the -start
argument to this command is not set to "on"), the message is as
follows:
'<file_system>' translator is disabled
If the machine is enabled to reexport AFS, the following message
precedes messages that report the settings of the other parameters.
'<file_system>' translator is enabled with the following options:
The following messages indicate that the -convert argument is set to
"on" or "off" respectively:
Running in convert owner mode bits to world/other mode
Running in strict unix mode
The following messages indicate that the -uidcheck argument is set to
"on" or "off" respectively:
Running in strict 'passwd sync' mode
Running in no 'passwd sync' mode
The following messages indicate that the -submounts argument is set to
"on" or "off" respectively:
Allow mounts of /afs/.. subdirs
Only mounts to /afs allowed
EXAMPLES
The following example shows that the local machine can export AFS to
NFS client machines.
% fs exportafs nfs
'nfs' translator is enabled with the following options:
Running in convert owner mode bits to world/other mode
Running in no 'passwd sync' mode
Only mounts to /afs allowed
The following example enables the machine as an NFS server and converts
the UNIX group and other mode bits on exported AFS directories and
files to match the UNIX owner mode bits.
% fs exportafs -type nfs -start on -convert on
The following example disables the machine from reexporting AFS to NFS
client machines:
% fs exportafs -type nfs -start off
PRIVILEGE REQUIRED
The issuer must be logged in as the local superuser root.
SEE ALSO
klog(1), knfs(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.