[hcoop/debian/openafs.git] / doc / man-pages / pod1 / fs_exportafs.pod

=head1 NAME

fs_exportafs - Configures export of AFS to clients of other file systems

=head1 SYNOPSIS

=for html
<div class="synopsis">

B<fs exportafs> S<<< B<-type> <I<exporter name>> >>>
    S<<< [B<-start> <I<start/stop translator (on | off)>>] >>>
    S<<< [B<-convert> <I<convert from afs to unix mode (on | off)>>] >>>
    S<<< [B<-uidcheck> <I<run on strict 'uid check' mode (on | off)>>] >>>
    S<<< [B<-submounts> <I<allow nfs mounts to subdirs of /afs/.. (on | off)>>] >>>
    S<<< [B<-clipags> <I<use client-assigned PAGs (on | off)>>] >>>
    S<<< [B<-pagcb> <I<callback clients to get creds (on | off)>>] >>>
    [B<-help>]

B<fs exp> S<<< B<-t> <I<exporter name>> >>>
    S<<< [B<-st> <I<start/stop translator (on | off)>>] >>>
    S<<< [B<-co> <I<convert from afs to unix mode (on | off)>>] >>>
    S<<< [B<-u> <I<run on strict 'uid check' mode (on | off)>>] >>>
    S<<< [B<-su> <I<allow nfs mounts to subdirs of /afs/.. (on | off)>>] >>>
    S<<< [B<-cl> <I<use client-assigned PAGs (on | off)>>] >>>
    S<<< [B<-p> <I<callback clients to get creds (on | off)>>] >>>
    [B<-h>]

=for html
</div>

=head1 DESCRIPTION

The B<fs exportafs> command sets (if the B<-start> argument is provided)
or reports (if it is omitted) whether the machine can reexport the AFS
filespace to clients of a non-AFS file system. To control certain features
of the translation protocol, use the following arguments:

=over 4

=item *

To control whether the UNIX group and other mode bits on an AFS file or
directory are set to match the owner mode bits when it is exported to the
non-AFS file system, use the B<-convert> argument.

=item *

To control whether tokens can be placed in a credential structure
identified by a UID that differs from the local UID of the entity that is
placing the tokens in the structure, use the B<-uidcheck> argument. The
most common use is to control whether issuers of the B<knfs> command can
specify a value for its B<-id> argument that does not match their local
UID on the NFS/AFS translator machine.

=item *

To control whether users can create mounts in the non-AFS filespace to an
AFS directory other than F</afs>, use the B<-submounts> argument.

=back

=head1 OPTIONS

=over 4

=item B<-type> <I<exporter name>>

Names the alternate file system to which to reexport the AFS
filespace. The only acceptable value is C<nfs>, in lowercase letters only.

=item B<-start> <on | off>

Enables the local machine to reexport the AFS filespace if the value is
C<on>, or disables it if the value is C<off>. Omit this argument to report
the current setting for all of the configurable parameters.

=item B<-convert> <on | off>

Controls the setting of the UNIX group and other mode bits on AFS files
and directories exported to the non-AFS file system. If the value is
C<on>, they are set to match the B<owner> mode bits. If the value is
C<off>, the bits are not changed. If this argument is omitted, the default
value is C<on>.

=item B<-uidcheck> <on | off>

Controls whether tokens can be placed in a credential structure identified
by a UID that differs from the local UID of the entity that is placing the
tokens in the structure.

=over 4

=item *

If the value is on, the UID that identifies the credential structure must
match the local UID.

With respect to the B<knfs> command, this value means that the value of
B<-id> argument must match the issuer's local UID on the translator
machine. In practice, this setting makes it pointless to include the
B<-id> argument to the B<knfs> command, because the only acceptable value
(the issuer's local UID) is already used when the B<-id> argument is
omitted.

Enabling UID checking also makes it impossible to issue the B<klog> and
B<pagsh> commands on a client machine of the non-AFS file system even
though it is a system type supported by AFS. For an explanation, see
L<klog(1)>.

=item *

If the value is off (the default), tokens can be assigned to a local UID
in the non-AFS file system that does not match the local UID of the entity
assigning the tokens.

With respect to the B<knfs> command, it means that the issuer can use the
B<-id> argument to assign tokens to a local UID on the NFS client machine
that does not match his or her local UID on the translator machine. (An
example is assigning tokens to the MFS client machine's local superuser
C<root>.) This setting allows more than one issuer of the B<knfs> command
to make tokens available to the same user on the NFS client machine. Each
time a different user issues the B<knfs> command with the same value for
the B<-id> argument, that user's tokens overwrite the existing ones. This
can result in unpredictable access for the user on the NFS client machine.

=back

=item B<-submounts> <on | off>

Controls whether a user of the non-AFS filesystem can mount any directory
in the AFS filespace other than the top-level F</afs> directory. If the
value is C<on>, such submounts are allowed. If the value is C<off>, only
mounts of the F</afs> directory are allowed. If this argument is omitted,
the default value is C<off>.

=item B<-clipags> <on | off>

Turning on this option enables support for "client-assigned PAGs". With
client-assigned PAGs, an NFS client can manage its own AFS pags, and inform the
NFS translator machine what PAG we are using, instead of the NFS translator
machine keeping track of PAGs. An NFS client machine can do this if it has the
"afspag" kernel module loaded, which tracks PAGs but otherwise does not
implement AFS functionality, and forwards all requests to the NFS translator
machine.

You should only turn on this option if you are making use of client-assigned
PAGs, and you trust the NFS client machines making use of the translator. This
option is off by default.

=item B<-pagcb> <on | off>

Turning on this option means that the NFS translator machine will contact new
NFS clients in order to obtain their credentials and sysnames. This option can
be useful so that client credentials are not lost if the translator machine is
rebooted, or if an NFS client is "moved" to using a different translator. This
functionality will only work with NFS clients that are also running the
"afspag" kernel module.

Using this option with NFS clients not running with the "afspag" kernel module
would cause long timeouts when the translator machine attempts to contact the
client to obtain its credentials and sysname list. This option is off by
default.

=item B<-help>

Prints the online help for this command. All other valid options are
ignored.

=back

=head1 OUTPUT

If the machine is not even configured as a server of the non-AFS file
system, the following message appears:

   Sorry, the <file_system>-exporter type is currently not supported on
   this AFS client

If the machine is configured as a server of the non-AFS file system but is
not currently enabled to reexport AFS to it (because the B<-start>
argument to this command is not set to C<on>), the message is as follows:

   '<file_system>' translator is disabled

If the machine is enabled to reexport AFS, the following message precedes
messages that report the settings of the other parameters.

   '<file_system>' translator is enabled with the following options:

The following messages indicate that the B<-convert> argument is set to
C<on> or C<off> respectively:

   Running in convert owner mode bits to world/other mode
   Running in strict unix mode

The following messages indicate that the B<-uidcheck> argument is set to
C<on> or C<off> respectively:

   Running in strict 'passwd sync' mode
   Running in no 'passwd sync' mode

The following messages indicate that the B<-submounts> argument is set to
C<on> or C<off> respectively:

   Allow mounts of /afs/.. subdirs
   Only mounts to /afs allowed

=head1 EXAMPLES

The following example shows that the local machine can export AFS to NFS
client machines.

   % fs exportafs nfs
   'nfs' translator is enabled with the following options:
        Running in convert owner mode bits to world/other mode
        Running in no 'passwd sync' mode
        Only mounts to /afs allowed

The following example enables the machine as an NFS server and converts
the UNIX group and other mode bits on exported AFS directories and files
to match the UNIX owner mode bits.

   % fs exportafs -type nfs -start on -convert on

The following example disables the machine from reexporting AFS to NFS
client machines:

   % fs exportafs -type nfs -start off

=head1 PRIVILEGE REQUIRED

The issuer must be logged in as the local superuser root.

=head1 SEE ALSO

L<klog(1)>,
L<knfs(1)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	fs_exportafs - Configures export of AFS to clients of other file systems
	4
	5	=head1 SYNOPSIS
	6
	7	=for html
	8	<div class="synopsis">
	9
	10	B<fs exportafs> S<<< B<-type> <I<exporter name>> >>>
	11	S<<< [B<-start> <I<start/stop translator (on \| off)>>] >>>
	12	S<<< [B<-convert> <I<convert from afs to unix mode (on \| off)>>] >>>
	13	S<<< [B<-uidcheck> <I<run on strict 'uid check' mode (on \| off)>>] >>>
	14	S<<< [B<-submounts> <I<allow nfs mounts to subdirs of /afs/.. (on \| off)>>] >>>
	15	S<<< [B<-clipags> <I<use client-assigned PAGs (on \| off)>>] >>>
	16	S<<< [B<-pagcb> <I<callback clients to get creds (on \| off)>>] >>>
	17	[B<-help>]
	18
	19	B<fs exp> S<<< B<-t> <I<exporter name>> >>>
	20	S<<< [B<-st> <I<start/stop translator (on \| off)>>] >>>
	21	S<<< [B<-co> <I<convert from afs to unix mode (on \| off)>>] >>>
	22	S<<< [B<-u> <I<run on strict 'uid check' mode (on \| off)>>] >>>
	23	S<<< [B<-su> <I<allow nfs mounts to subdirs of /afs/.. (on \| off)>>] >>>
	24	S<<< [B<-cl> <I<use client-assigned PAGs (on \| off)>>] >>>
	25	S<<< [B<-p> <I<callback clients to get creds (on \| off)>>] >>>
	26	[B<-h>]
	27
	28	=for html
	29	</div>
	30
	31	=head1 DESCRIPTION
	32
	33	The B<fs exportafs> command sets (if the B<-start> argument is provided)
	34	or reports (if it is omitted) whether the machine can reexport the AFS
	35	filespace to clients of a non-AFS file system. To control certain features
	36	of the translation protocol, use the following arguments:
	37
	38	=over 4
	39
	40	=item *
	41
	42	To control whether the UNIX group and other mode bits on an AFS file or
	43	directory are set to match the owner mode bits when it is exported to the
	44	non-AFS file system, use the B<-convert> argument.
	45
	46	=item *
	47
	48	To control whether tokens can be placed in a credential structure
	49	identified by a UID that differs from the local UID of the entity that is
	50	placing the tokens in the structure, use the B<-uidcheck> argument. The
	51	most common use is to control whether issuers of the B<knfs> command can
	52	specify a value for its B<-id> argument that does not match their local
	53	UID on the NFS/AFS translator machine.
	54
	55	=item *
	56
	57	To control whether users can create mounts in the non-AFS filespace to an
	58	AFS directory other than F</afs>, use the B<-submounts> argument.
	59
	60	=back
	61
	62	=head1 OPTIONS
	63
	64	=over 4
65
66	=item B<-type> <I<exporter name>>
67
68	Names the alternate file system to which to reexport the AFS
69	filespace. The only acceptable value is C<nfs>, in lowercase letters only.
70
71	=item B<-start> <on \| off>
72
73	Enables the local machine to reexport the AFS filespace if the value is
74	C<on>, or disables it if the value is C<off>. Omit this argument to report
75	the current setting for all of the configurable parameters.
76
77	=item B<-convert> <on \| off>
78
79	Controls the setting of the UNIX group and other mode bits on AFS files
80	and directories exported to the non-AFS file system. If the value is
81	C<on>, they are set to match the B<owner> mode bits. If the value is
82	C<off>, the bits are not changed. If this argument is omitted, the default
83	value is C<on>.
84
85	=item B<-uidcheck> <on \| off>
86
87	Controls whether tokens can be placed in a credential structure identified
88	by a UID that differs from the local UID of the entity that is placing the
89	tokens in the structure.
90
91	=over 4
92
93	=item *
94
95	If the value is on, the UID that identifies the credential structure must
96	match the local UID.
97
98	With respect to the B<knfs> command, this value means that the value of
99	B<-id> argument must match the issuer's local UID on the translator
100	machine. In practice, this setting makes it pointless to include the
101	B<-id> argument to the B<knfs> command, because the only acceptable value
102	(the issuer's local UID) is already used when the B<-id> argument is
103	omitted.
104
105	Enabling UID checking also makes it impossible to issue the B<klog> and
106	B<pagsh> commands on a client machine of the non-AFS file system even
107	though it is a system type supported by AFS. For an explanation, see
108	L<klog(1)>.
109
110	=item *
111
112	If the value is off (the default), tokens can be assigned to a local UID
113	in the non-AFS file system that does not match the local UID of the entity
114	assigning the tokens.
115
116	With respect to the B<knfs> command, it means that the issuer can use the
117	B<-id> argument to assign tokens to a local UID on the NFS client machine
118	that does not match his or her local UID on the translator machine. (An
119	example is assigning tokens to the MFS client machine's local superuser
120	C<root>.) This setting allows more than one issuer of the B<knfs> command
121	to make tokens available to the same user on the NFS client machine. Each
122	time a different user issues the B<knfs> command with the same value for
123	the B<-id> argument, that user's tokens overwrite the existing ones. This
124	can result in unpredictable access for the user on the NFS client machine.
125
126	=back
127
128	=item B<-submounts> <on \| off>
129
130	Controls whether a user of the non-AFS filesystem can mount any directory
131	in the AFS filespace other than the top-level F</afs> directory. If the
132	value is C<on>, such submounts are allowed. If the value is C<off>, only
133	mounts of the F</afs> directory are allowed. If this argument is omitted,
134	the default value is C<off>.
135
136	=item B<-clipags> <on \| off>
137
138	Turning on this option enables support for "client-assigned PAGs". With
139	client-assigned PAGs, an NFS client can manage its own AFS pags, and inform the
140	NFS translator machine what PAG we are using, instead of the NFS translator
141	machine keeping track of PAGs. An NFS client machine can do this if it has the
142	"afspag" kernel module loaded, which tracks PAGs but otherwise does not
143	implement AFS functionality, and forwards all requests to the NFS translator
144	machine.
145
146	You should only turn on this option if you are making use of client-assigned
147	PAGs, and you trust the NFS client machines making use of the translator. This
148	option is off by default.
149
150	=item B<-pagcb> <on \| off>
151
152	Turning on this option means that the NFS translator machine will contact new
153	NFS clients in order to obtain their credentials and sysnames. This option can
154	be useful so that client credentials are not lost if the translator machine is
155	rebooted, or if an NFS client is "moved" to using a different translator. This
156	functionality will only work with NFS clients that are also running the
157	"afspag" kernel module.
158
159	Using this option with NFS clients not running with the "afspag" kernel module
160	would cause long timeouts when the translator machine attempts to contact the
161	client to obtain its credentials and sysname list. This option is off by
162	default.
163
164	=item B<-help>
165
166	Prints the online help for this command. All other valid options are
167	ignored.
168
169	=back
170
171	=head1 OUTPUT
172
173	If the machine is not even configured as a server of the non-AFS file
174	system, the following message appears:
175
176	Sorry, the <file_system>-exporter type is currently not supported on
177	this AFS client
178
179	If the machine is configured as a server of the non-AFS file system but is
180	not currently enabled to reexport AFS to it (because the B<-start>
181	argument to this command is not set to C<on>), the message is as follows:
182
183	'<file_system>' translator is disabled
184
185	If the machine is enabled to reexport AFS, the following message precedes
186	messages that report the settings of the other parameters.
187
188	'<file_system>' translator is enabled with the following options:
189
190	The following messages indicate that the B<-convert> argument is set to
191	C<on> or C<off> respectively:
192
193	Running in convert owner mode bits to world/other mode
194	Running in strict unix mode
195
196	The following messages indicate that the B<-uidcheck> argument is set to
197	C<on> or C<off> respectively:
198
199	Running in strict 'passwd sync' mode
200	Running in no 'passwd sync' mode
201
202	The following messages indicate that the B<-submounts> argument is set to
203	C<on> or C<off> respectively:
204
205	Allow mounts of /afs/.. subdirs
206	Only mounts to /afs allowed
207
208	=head1 EXAMPLES
209
210	The following example shows that the local machine can export AFS to NFS
211	client machines.
212
213	% fs exportafs nfs
214	'nfs' translator is enabled with the following options:
215	Running in convert owner mode bits to world/other mode
216	Running in no 'passwd sync' mode
217	Only mounts to /afs allowed
218
219	The following example enables the machine as an NFS server and converts
220	the UNIX group and other mode bits on exported AFS directories and files
221	to match the UNIX owner mode bits.
222
223	% fs exportafs -type nfs -start on -convert on
224
225	The following example disables the machine from reexporting AFS to NFS
226	client machines:
227
228	% fs exportafs -type nfs -start off
229
230	=head1 PRIVILEGE REQUIRED
231
232	The issuer must be logged in as the local superuser root.
233
234	=head1 SEE ALSO
235
236	L<klog(1)>,
237	L<knfs(1)>
238
239	=head1 COPYRIGHT
240
241	IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
242
243	This documentation is covered by the IBM Public License Version 1.0. It was
244	converted from HTML to POD by software written by Chas Williams and Russ
245	Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.