* [PATCH] nfs-utils: add client match order information to exports.man
@ 2011-06-06 12:19 James Pearson
[not found] ` <4DECC5B6.8040009-5Ol4pYTxKWu0ML75eksnrtBPR1lH4CV8@public.gmane.org>
0 siblings, 1 reply; 2+ messages in thread
From: James Pearson @ 2011-06-06 12:19 UTC (permalink / raw)
To: linux-nfs; +Cc: steved, bfields
Add details to the exports man page on the client match order against
the various Machine Name Format specifications.
Signed-off-by: James Pearson <james-p@moving-picture.com>
--- a/utils/exportfs/exports.man 2010-09-28 13:24:16.000000000 +0100
+++ b/utils/exportfs/exports.man 2011-06-05 22:57:55.232662000 +0100
@@ -45,22 +45,8 @@
.SS Machine Name Formats
NFS clients may be specified in a number of ways:
.IP "single host
-This is the most common format. You may specify a host either by an
-abbreviated name recognized be the resolver, the fully qualified domain
-name, or an IP address.
-.IP "netgroups
-NIS netgroups may be given as
-.IR @group .
-Only the host part of each
-netgroup members is consider in checking for membership. Empty host
-parts or those containing a single dash (\-) are ignored.
-.IP "wildcards
-Machine names may contain the wildcard characters \fI*\fR and \fI?\fR.
-This can be used to make the \fIexports\fR file more compact; for instance,
-\fI*.cs.foo.edu\fR matches all hosts in the domain
-\fIcs.foo.edu\fR. As these characters also match the dots in a domain
-name, the given pattern will also match all hosts within any subdomain
-of \fIcs.foo.edu\fR.
+You may specify a host either by an abbreviated name recognized be the
+resolver, the fully qualified domain name, or an IP address.
.IP "IP networks
You can also export directories to all hosts on an IP (sub-) network
simultaneously. This is done by specifying an IP address and netmask pair
@@ -72,6 +58,25 @@
to the network base IPv4 address results in identical subnetworks with
10 bits of
host. Wildcard characters generally do not work on IP addresses,
though they
may work by accident when reverse DNS lookups fail.
+.IP "wildcards
+Machine names may contain the wildcard characters \fI*\fR and \fI?\fR.
+This can be used to make the \fIexports\fR file more compact; for instance,
+\fI*.cs.foo.edu\fR matches all hosts in the domain
+\fIcs.foo.edu\fR. As these characters also match the dots in a domain
+name, the given pattern will also match all hosts within any subdomain
+of \fIcs.foo.edu\fR.
+.IP "netgroups
+NIS netgroups may be given as
+.IR @group .
+Only the host part of each
+netgroup members is consider in checking for membership. Empty host
+parts or those containing a single dash (\-) are ignored.
+.IP "anonymous
+This is specified by a single
+.I *
+character (not to be confused with the
+.I wildcard
+entry above) and will match all clients.
'''.TP
'''.B =public
'''This is a special ``hostname'' that identifies the given directory name
@@ -92,6 +97,12 @@
'''.B \-\-public\-root
'''option. Multiple specifications of a public root will be ignored.
.PP
+If a client matches more than one of the specifications above, then
+the first match from the above list order takes precedence - regardless of
+the order they appear on the export line. However, if a client matches
+more than one of the same type of specification (e.g. two netgroups),
+then the first match from the order they appear on the export line takes
+precedence.
.SS RPCSEC_GSS security
You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p"
to restrict access to clients using rpcsec_gss security. However, this
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] nfs-utils: add client match order information to exports.man
[not found] ` <4DECC5B6.8040009-5Ol4pYTxKWu0ML75eksnrtBPR1lH4CV8@public.gmane.org>
@ 2011-06-06 18:30 ` J. Bruce Fields
0 siblings, 0 replies; 2+ messages in thread
From: J. Bruce Fields @ 2011-06-06 18:30 UTC (permalink / raw)
To: James Pearson; +Cc: linux-nfs, steved
On Mon, Jun 06, 2011 at 01:19:02PM +0100, James Pearson wrote:
> Add details to the exports man page on the client match order
> against the various Machine Name Format specifications.
Looks good to me.--b.
>
> Signed-off-by: James Pearson <james-p-5Ol4pYTxKWu0ML75eksnrtBPR1lH4CV8@public.gmane.org>
>
> --- a/utils/exportfs/exports.man 2010-09-28 13:24:16.000000000 +0100
> +++ b/utils/exportfs/exports.man 2011-06-05 22:57:55.232662000 +0100
> @@ -45,22 +45,8 @@
> .SS Machine Name Formats
> NFS clients may be specified in a number of ways:
> .IP "single host
> -This is the most common format. You may specify a host either by an
> -abbreviated name recognized be the resolver, the fully qualified domain
> -name, or an IP address.
> -.IP "netgroups
> -NIS netgroups may be given as
> -.IR @group .
> -Only the host part of each
> -netgroup members is consider in checking for membership. Empty host
> -parts or those containing a single dash (\-) are ignored.
> -.IP "wildcards
> -Machine names may contain the wildcard characters \fI*\fR and \fI?\fR.
> -This can be used to make the \fIexports\fR file more compact; for instance,
> -\fI*.cs.foo.edu\fR matches all hosts in the domain
> -\fIcs.foo.edu\fR. As these characters also match the dots in a domain
> -name, the given pattern will also match all hosts within any subdomain
> -of \fIcs.foo.edu\fR.
> +You may specify a host either by an abbreviated name recognized be the
> +resolver, the fully qualified domain name, or an IP address.
> .IP "IP networks
> You can also export directories to all hosts on an IP (sub-) network
> simultaneously. This is done by specifying an IP address and netmask pair
> @@ -72,6 +58,25 @@
> to the network base IPv4 address results in identical subnetworks
> with 10 bits of
> host. Wildcard characters generally do not work on IP addresses,
> though they
> may work by accident when reverse DNS lookups fail.
> +.IP "wildcards
> +Machine names may contain the wildcard characters \fI*\fR and \fI?\fR.
> +This can be used to make the \fIexports\fR file more compact; for instance,
> +\fI*.cs.foo.edu\fR matches all hosts in the domain
> +\fIcs.foo.edu\fR. As these characters also match the dots in a domain
> +name, the given pattern will also match all hosts within any subdomain
> +of \fIcs.foo.edu\fR.
> +.IP "netgroups
> +NIS netgroups may be given as
> +.IR @group .
> +Only the host part of each
> +netgroup members is consider in checking for membership. Empty host
> +parts or those containing a single dash (\-) are ignored.
> +.IP "anonymous
> +This is specified by a single
> +.I *
> +character (not to be confused with the
> +.I wildcard
> +entry above) and will match all clients.
> '''.TP
> '''.B =public
> '''This is a special ``hostname'' that identifies the given directory name
> @@ -92,6 +97,12 @@
> '''.B \-\-public\-root
> '''option. Multiple specifications of a public root will be ignored.
> .PP
> +If a client matches more than one of the specifications above, then
> +the first match from the above list order takes precedence - regardless of
> +the order they appear on the export line. However, if a client matches
> +more than one of the same type of specification (e.g. two netgroups),
> +then the first match from the order they appear on the export line takes
> +precedence.
> .SS RPCSEC_GSS security
> You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p"
> to restrict access to clients using rpcsec_gss security. However, this
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-06-06 18:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-06-06 12:19 [PATCH] nfs-utils: add client match order information to exports.man James Pearson
[not found] ` <4DECC5B6.8040009-5Ol4pYTxKWu0ML75eksnrtBPR1lH4CV8@public.gmane.org>
2011-06-06 18:30 ` J. Bruce Fields
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).