--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
+<HTML><HEAD>
+<TITLE>Administration Reference</TITLE>
+<!-- Begin Header Records ========================================== -->
+<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
+<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
+<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
+<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
+<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
+</HEAD><BODY>
+<!-- (C) IBM Corporation 2000. All Rights Reserved -->
+<BODY bgcolor="ffffff">
+<!-- End Header Records ============================================ -->
+<A NAME="Top_Of_Page"></A>
+<H1>Administration Reference</H1>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf138.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf140.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<P>
+<H2><A NAME="HDRFS_EXPORTAFS" HREF="auarf002.htm#ToC_153">fs exportafs</A></H2>
+<A NAME="IDX4796"></A>
+<A NAME="IDX4797"></A>
+<A NAME="IDX4798"></A>
+<A NAME="IDX4799"></A>
+<A NAME="IDX4800"></A>
+<A NAME="IDX4801"></A>
+<A NAME="IDX4802"></A>
+<A NAME="IDX4803"></A>
+<A NAME="IDX4804"></A>
+<A NAME="IDX4805"></A>
+<P><STRONG>Purpose</STRONG>
+<P>Reports or sets whether the machine can export AFS to clients of other file
+systems
+<P><STRONG>Synopsis</STRONG>
+<PRE><B>fs exportafs -type</B> <<VAR>exporter name</VAR>>
+ [<B>-start</B> <<VAR>start/stop translator (on | off)</VAR>>]
+ [<B>-convert</B> <<VAR>convert from afs to unix mode (on | off)</VAR>>]
+ [<B>-uidcheck</B> <<VAR>run on strict 'uid check' mode (on | off)</VAR>>]
+ [<B>-submounts</B> <<VAR>allow nfs mounts to subdirs of /afs/.. (on | off)</VAR>>]
+ [<B>-help</B>]
+
+<B>fs exp -t</B> <<VAR>exporter name</VAR>>
+ [<B>-st</B> <<VAR>start/stop translator (on | off)</VAR>>]
+ [<B>-c</B> <<VAR>convert from afs to unix mode (on | off)</VAR>>]
+ [<B>-u</B> <<VAR>run on strict 'uid check' mode (on | off)</VAR>>]
+ [<B>-su</B> <<VAR>allow nfs mounts to subdirs of /afs/.. (on | off)</VAR>>]
+ [<B>-help</B>]
+</PRE>
+<P><STRONG>Description</STRONG>
+<P>The <B>fs exportafs</B> command sets (if the <B>-start</B> argument
+is provided) or reports (if it is omitted) whether the machine can reexport
+the AFS filespace to clients of a non-AFS file system. To control
+certain features of the translation protocol, use the following
+arguments:
+<UL>
+<P><LI>To control whether the UNIX <B>group</B> and <B>other</B> mode
+bits on an AFS file or directory are set to match the <B>owner</B> mode
+bits when it is exported to the non-AFS file system, use the
+<B>-convert</B> argument.
+<P><LI>To control whether tokens can be placed in a credential structure
+identified by a UID that differs from the local UID of the entity that is
+placing the tokens in the structure, use the <B>-uidcheck</B>
+argument. The most common use is to control whether issuers of the
+<B>knfs</B> command can specify a value for its <B>-id</B> argument
+that does not match their local UID on the NFS/AFS translator machine.
+<P><LI>To control whether users can create mounts in the non-AFS filespace to an
+AFS directory other than <B>/afs</B>, use the <B>-submounts</B>
+argument.
+</UL>
+<P><STRONG>Options</STRONG>
+<DL>
+<P><DT><B>-type
+</B><DD>Names the alternate file system to which to reexport the AFS
+filespace. The only acceptable value is <B>nfs</B>, in lowercase
+letters only.
+<P><DT><B>-start
+</B><DD>Enables the local machine to reexport the AFS filespace if the value is
+<B>on</B>, or disables it if the value is <B>off</B>. Omit this
+argument to report the current setting for all of the configurable
+parameters.
+<P><DT><B>-convert
+</B><DD>Controls the setting of the UNIX <B>group</B> and <B>other</B>
+mode bits on AFS files and directories exported to the non-AFS file
+system. If the value is <B>on</B>, they are set to match the
+<B>owner</B> mode bits. If the value is <B>off</B>, the bits
+are not changed. If this argument is omitted, the default value is
+<B>on</B>.
+<P><DT><B>-uidcheck
+</B><DD>Controls whether tokens can be placed in a credential structure identified
+by a UID that differs from the local UID of the entity that is placing the
+tokens in the structure.
+<UL>
+<P><LI>If the value is <B>on</B>, the UID that identifies the credential
+structure must match the local UID.
+<P>With respect to the <B>knfs</B> command, this value means that the
+value of <B>-id</B> argument must match the issuer's local UID on the
+translator machine. In practice, this setting makes it pointless to
+include the <B>-id</B> argument to the <B>knfs</B> command, because
+the only acceptable value (the issuer's local UID) is already used when
+the <B>-id</B> argument is omitted.
+<P>Enabling UID checking also makes it impossible to issue the <B>klog</B>
+and <B> pagsh</B> commands on a client machine of the non-AFS file system
+even though it is a system type supported by AFS. For an explanation,
+see the reference page for the <B>klog</B> command.
+<P><LI>If the value is <B>off</B> (the default), tokens can be assigned to a
+local UID in the non-AFS file system that does not match the local UID of the
+entity assigning the tokens.
+<P>With respect to the <B>knfs</B> command, it means that the issuer can
+use the <B>-id</B> argument to assign tokens to a local UID on the NFS
+client machine that does not match his or her local UID on the translator
+machine. (An example is assigning tokens to the MFS client
+machine's local superuser <B>root</B>.) This setting allows
+more than one issuer of the <B>knfs</B> command to make tokens available
+to the same user on the NFS client machine. Each time a different user
+issues the <B>knfs</B> command with the same value for the <B>-id</B>
+argument, that user's tokens overwrite the existing ones. This can
+result in unpredictable access for the user on the NFS client machine.
+</UL>
+<P><DT><B>-submounts
+</B><DD>Controls whether a user of the non-AFS filesystem can mount any directory
+in the AFS filespace other than the top-level <B>/afs</B>
+directory. If the value is <B>on</B>, such submounts are
+allowed. If the value is off, only mounts of the <B>/afs</B>
+directory are allowed. If this argument is omitted, the default value
+is <B>off</B>.
+<P><DT><B>-help
+</B><DD>Prints the online help for this command. All other valid options
+are ignored.
+</DL>
+<P><STRONG>Output</STRONG>
+<P>If the machine is not even configured as a server of the non-AFS file
+system, the following message appears:
+<PRE> Sorry, the <VAR>file_system</VAR>-exporter type is currently not supported on
+ this AFS client
+
+</PRE>
+<P>If the machine is configured as a server of the non-AFS file system but is
+not currently enabled to reexport AFS to it (because the <B>-start</B>
+argument to this command is not set to <B>on</B>), the message is as
+follows:
+<PRE> '<VAR>file_system</VAR>' translator is disabled
+
+</PRE>
+<P>If the machine is enabled to reexport AFS, the following message precedes
+messages that report the settings of the other parameters.
+<PRE> '<VAR>file_system</VAR>' translator is enabled with the following options:
+
+</PRE>
+<P>The following messages indicate that the <B>-convert</B> argument is
+set to <B>on</B> or <B>off</B> respectively:
+<PRE> Running in convert owner mode bits to world/other mode
+ Running in strict unix mode
+
+</PRE>
+<P>The following messages indicate that the <B>-uidcheck</B> argument is
+set to <B>on</B> or <B>off</B> respectively:
+<PRE> Running in strict 'passwd sync' mode
+ Running in no 'passwd sync' mode
+
+</PRE>
+<P>The following messages indicate that the <B>-submounts</B> argument is
+set to <B>on</B> or <B>off</B> respectively:
+<PRE> Allow mounts of /afs/.. subdirs
+ Only mounts to /afs allowed
+
+</PRE>
+<P><STRONG>Examples</STRONG>
+<P>The following example shows that the local machine can export AFS to NFS
+client machines.
+<PRE> % <B>fs exportafs nfs</B>
+ 'nfs' translator is enabled with the following options:
+ Running in convert owner mode bits to world/other mode
+ Running in no 'passwd sync' mode
+ Only mounts to /afs allowed
+
+</PRE>
+<P>The following example enables the machine as an NFS server and converts the
+UNIX <B>group</B> and <B>other</B> mode bits on exported AFS
+directories and files to match the UNIX <B>owner</B> mode bits.
+<PRE> % <B>fs exportafs -type nfs -start on -convert on</B>
+
+</PRE>
+<P>The following example disables the machine from reexporting AFS to NFS
+client machines:
+<PRE> %<B> fs exportafs -type nfs -start off</B>
+
+</PRE>
+<P><STRONG>Privilege Required</STRONG>
+<P>The issuer must be logged in as the local superuser <B>root</B>.
+<P><STRONG>Related Information</STRONG>
+<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
+<P><A HREF="auarf201.htm#HDRKNFS">knfs</A>
+<P>
+<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf138.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf140.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
+<!-- Begin Footer Records ========================================== -->
+<P><HR><B>
+<br>© <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
+</B>
+<!-- End Footer Records ============================================ -->
+<A NAME="Bot_Of_Page"></A>
+</BODY></HTML>
git://git.openafs.org / openafs.git / blobdiff