When the mountd and nfsd daemons are running, you can use the share command to make file resources available:
share [ -F nfs ] [ -o options ] [ -d description ] [ pathname ]
where:
share Command Options
Option |
Description |
-F nfs |
Specifies the file system type. This option is not typically required, because NFS is the default remote file system type. |
-o options |
Controls a client’s access to an NFS shared resource. |
-d description |
Describes the shared file resource. |
pathname |
Specifies the absolute path name of the resource for sharing. |
Note: Unless you specify an option to the share command, for example, -F nfs, the system
uses the file system type from the first line of the /etc/dfs/fstypes file
To share a file resource from the command line, you can use the share command. For
example, to share the /usr/local/data directory as a read-only shared resource, perform the command:
#share -o ro /usr/local/data
By default, NFS-mounted resources are available with read and write privileges based on standard Solaris OS file permissions. Access decisions are based ona comparison of the user ID (UID) of the client and the owner.
The share Command
Option |
Description |
ro
|
Informs clients that the server accepts only read requests. |
rw
|
Allows the server to accept read and write requests from the client |
root=client
|
Informs clients that the root user on the specified client system or systems can perform superuser-privileged requests on the shared resource |
ro=access-list
|
Allows read requests from the specified access list |
rw=access-list
|
Allows read and write requests from the specified access list, as shown in the table |
Access List Options
Option |
Description |
access-list=client:client
|
Allows access based on a colon-separated list of one |
access-list=@network
|
Allows access based on a network number (for example, @192.168.100) or a network name (for example, @mydomain.com). The network name must be defined in the /etc/networks file. |
access-list=.domain
|
Allows access based on a Domain Name System (DNS) domain; the dot (.) identifies the value as a DNS domain. |
access-list=netgroup_name
|
Allows access based on a configured net group (Network Information Service [NIS] or Network Information Service Plus [NIS+] only). |
anon=n
|
Sets n to be the effective user ID (EUID) of anonymous users. By default, anonymous users are given the EUID 60001 (UID_NOBODY). If n is set to -1, access is denied. |
You can combine these options by separating each option with commas, which forms
intricate accessrestrictions. The following examples show some of the more commonly used options:
# share -F nfs -o ro directory
This command restricts access to NFS-mounted resources to read-only access.
# share -F nfs -o ro,rw=client1 directory
This command restricts access to NFS-mounted resources to read-only access;
however, the NFS server accepts both read and write requests from the client
named client1.
# share -F nfs -o root=client2 directory
This command allows the root user on the client named client2 to have
superuser access to the NFS-mounted resources.
# share -F nfs -o ro,anon=0 directory
By setting the option anon=0, the EUID for access to shared resources
by an anonymous user is set to 0.The access is also set to read-only.
While setting the EUID to 0, the same UID as the root user,
might seem to open up security access, the UID of 0 is converted to
the user identity of nobody.This has the effect that an anonymous user
from a client host,where the UID of that user is not known
on the server host, is treated as the user called nobody by
the server (UID=60001).
# share -F nfs \
-o ro=client1:client2,rw=client3:client4,root=client4 directory
This command shares the directory to the four named hosts only. The hosts,
client1 and client2,have read-only access. The hosts client3 and client4 have
read-write access. The root user from host client4 has root privilege access
to the shared directory and its contents.
The share command writes information for all shared file resources to the
/etc/dfs/sharetab file. The file contains a table of the local shared resources.
Note: If no argument is specified, the share command displays a list of
all the currently shared file resources.
# share
- /usr/local/data ro "Shared data files"
- /rdbms_files rw,root=sys01 "Database files"
Making File Resources Unavailable for Mounting
Use the unshare command to make file resources unavailable for mount operations.
This command reads the /etc/dfs/sharetab file.
unshare [ -F nfs ] pathname
Where:
unshare Command
Option |
Description |
-F nfs
|
Specifies NFS as the file system type. Because NFS is the default remote file system type, you do not have to specify this option. |
pathname
|
Specifies the path name of the file resource to unshare. |
For example, to make the /export/sys44_data directory unavailable for
client-side mount operations,perform the command:# unshare /usr/local/data
Sharing and Unsharing All NFS Resources
Use the shareall and unshareall commands to share and unshare all NFS resources.
The shareall command, when used without arguments, shares all resources listed
in the /etc/dfs/dfstab file.
shareall [ -F nfs ]
The unshareall command, when used without arguments, unshares currently
shared file resources listed in the /etc/dfs/sharetab file.
unshareall [ -F nfs ]
0.000000
0.000000