mfsexports.cfg(5)

NAME

mfsexports.cfg - LizardFS access control for mfsmounts

DESCRIPTION

The file mfsexports.cfg contains LizardFS access list for mfsmount clients.

SYNTAX

ADDRESS DIRECTORY [OPTIONS]

Lines starting with a # character are ignored.

ADDRESS is an IP address, network or address range and can be specified in several forms:

*
all addresses
n.n.n.n
single IP address
n.n.n.n/b
IP class specified by network address and bits number
n.n.n.n/m.m.m.m
IP class specified by network address and mask
f.f.f.f-t.t.t.t
IP range specified by from-to addresses (inclusive)

DIRECTORY can be / or a path relative to your LizardFS namespaces root; the special value . stands for the MFSMETA companion filesystem.

OPTIONS

ro, readonly
export tree in read-only mode (default)

rw, readwrite export tree in read-write mode

ignoregid
disable testing of group access at mfsmaster level (it’s still done at mfsmount level) - in this case “group” and “other” permissions are logically added; needed for supplementary groups to work (mfsmaster receives only user primary group information)
dynamicip
allows reconnecting of already authenticated client from any IP address (the default is to check the IP address on reconnect)
maproot=USER[:GROUP]

maps root (uid=0) accesses to given user and group (similarly to maproot option in NFS mounts);

USER’ and GROUP can be given either as name or number; if no group is specified, USER’s primary group is used. Names are resolved on mfsmaster side (see note below).

mapall=USER[:GROUP]
like above but maps all non privileged users (uid!=0) accesses to given user and group (see notes below).
minversion=VER
rejects access from clients older than specified
mingoal=N, maxgoal=N
specify range in which goals can be set by users
mintrashtime=TDUR, maxtrashtime=TDUR
specify range in which trashtime can be set by users
password=PASS, md5pass=MD5
requires password authentication in order to access specified resource
alldirs
allows to mount any subdirectory of specified directory (similarly to NFS)
nonrootmeta
allows non-root users to use filesystem mounted in the meta mode (option available only in this mode)

Default options are: ro,maproot=999:999.

NOTES

USER and GROUP names (if not specified by explicit uid/gid number) are resolved on mfsmaster host.

TDUR can be specified as number without time unit (number of seconds) or combination of numbers with time units. Time units are: W, D, H, M, S. Order is important - less significant time units can’t be defined before more significant time units.

Option mapall works in LizardFS in different way than in NFS, because of using FUSE’s “default_permissions” option. When mapall option is used, users see all objects with uid equal to mapped uid as their own and all other as root’s objects. Similarly objects with gid equal to mappedgid are seen as objects with current user’s primary group and all other objects as objects with group 0 (usually wheel). With mapall option set attribute cache in kernel is always turned off.

EXAMPLES

*                    /       ro
192.168.1.0/24       /       rw
192.168.1.0/24       /       rw,alldirs,maproot=0,password=passcode
10.0.0.0-10.0.0.5    /test   rw,maproot=nobody,password=test*
10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000*
10.2.0.0/16          /       rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w

REPORTING BUGS

Report bugs to <contact@lizardfs.org>.

SEE ALSO

mfsmaster(8), mfsmaster.cfg(5)