# NFSv4 /etc/exports syntax and overall docs



## da1 (Apr 29, 2011)

Hi guys,

I've started playing/learning NFSv4 on a amd64 8.2-RELEASE box and I have to admit I didn't come across any docs that will explain the /etc/exports syntax from A to Z and all the options in it. I've read the man pages for exports, nfsv4, nfsd, checked on google but the syntax example I always come across is something like this:

```
/export    192.168.0.12(rw,fsid=0,no_subtree_check,async,no_root_squash)
/export/music 192.168.0.12(rw,no_subtree_check,async,no_root_squash)
```
but this fails with "bad export list".

Currently I have:

```
# V4 definitions
V4: /
/usr/ports   -network 192.168.0.0 -mask 255.255.0.0
```
and I was surprised to see that I cannot use "192.168.0.0/16" instead of "-network 192.168.0.0 -mask 255.255.0.0".

Docs anyone ?


----------



## phoenix (Apr 29, 2011)

exports(5)

It's all the exports man page *for FreeBSD*.  FreeBSD NFS uses a different exports syntax from Linux NFS.

Generally, V4 lines should go at the end of the /etc/exports file.


----------



## da1 (Apr 29, 2011)

phoenix said:
			
		

> exports(5)FreeBSD NFS uses a different exports syntax from Linux NFS.



Ok, good to know; I was going slightly mad not finding anything else.

With that aside, I have to admit I don't see that much of a difference beetween V3 and V4 (as far as the export file goes).


----------



## phoenix (Apr 29, 2011)

The major difference between NFSv3 and NFSv4 is how the mounting of shares works.

With NFSv3, the client needs to know the full path to the shared directory on the server.  And the exports line includes the full path to the shared folder.  So, if you have /home/coolstuff listed in the exports file, the client mounts it like so:
`$ mount -t nfs myserver:/home/coolstuff`

With NFSv4, the client mounts are relative to the shared directory.  Thus, whatever is listed in the exports file is considered */* (root) when the client mounts it.  So, if you have /home/coolstuff in the exports file, then the client mounts it like so:
`$ mount -t nfs myserver:/`

To get the "old-style" client mount commands to work, you have to export */* on the server.

If you don't want clients to have access to your whole filesystem, then you put the path into the exports file, and the clients mount */*.

This makes some things easier (hiding the path to the files on the server) and other things harder (6 clients all use / in the mount command, but have access to 6 different directories on the server; which one is mounting which directory can't be determined on the client side of things).


----------



## Carpetsmoker (Apr 29, 2011)

While we're on the subject of NFSv4:
Is it stable in production use?

Last I checked, it wasn't. But that was a few years ago ...


----------



## da1 (Apr 29, 2011)

We have it at work and it does it's job (so far) but it is still considered experimental


----------



## phoenix (Apr 29, 2011)

The "experimental" NFS server and client are now the default in -CURRENT, as of this week.  As far as they can tell, so far, it is a drop-in replacement for the old NFS server/client code.  For those using NFSv3, there's no noticable changes.  And for those wanting to use NFSv4, they can.  

Using NFSv4 at home between my FreeBSD storage box and my Linux media player without issues.  But, that's a read-mostly setup with only a single client.


----------



## da1 (May 1, 2011)

I ran into some error at the exports file. Apparently:

```
# V4 definitions
V4: /   -network 192.168.0.0 -mask 255.255.0.0
/usr/src -alldirs -maproot=root
/usr/obj -alldirs -maproot=root
```
 is wrong. Now, as far as I've read the man for exports, this should work but something is slipping me.

If I understood correctly, with v4 you set the "root" export (not exported by default) and then you can export any of its subtree directories but it doesn't work.

My logic seems to be wrong somewhere. Any help is appreciated.

PS: I also tried:

```
V4: /usr   -network 192.168.0.0 -mask 255.255.0.0
src -alldirs -maproot=root
obj -alldirs -maproot=root
```
 but it didn't work.


----------



## phoenix (May 2, 2011)

Are you trying to share different folders as V3 and V4?

Only the V4: line can be mounted via NFSv4, the other two lines only apply to NFSv3 clients.


----------



## da1 (May 2, 2011)

V4 only.


----------



## phoenix (May 2, 2011)

Okay.  And you want to be able to mount /usr/src and /usr/obj via NFSv4?  From multiple clients on the same network?


----------



## da1 (May 2, 2011)

That's the point, yeah.
So I imagine I need to set the "root" ( "/" ) and the the subtree ( "usr" and "obj" ).


----------



## phoenix (May 2, 2011)

On the server, you only need the V4 line in the exports file, with all the security settings on there.

Then, on the client, mount */usr/src* and */usr/obj* via nfsv4.

Or, is that not working?

What's the mount command you are using on the clients?  Any error messages on the server?  Do you have all the NFSv4 daemons running?


----------



## da1 (May 3, 2011)

Ah, my bad.

Server (192.168.0.1) rc.conf

```
nfs_client_enable="YES"                                          # Enable NFS client
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
#nfsuserd_flags=""                                               # Flags for nfsuserd
nfscbd_enable="YES"                                              # NFSv4 client side callback daemon
#nfscbd_flags=""                                                 # Flags for nfscbd

nfs_server_enable="YES"                                          # Enable the NFS Server
nfs_server_flags="-u -t -n 6"                                    # -u(dp), -t(cp), -n(umber of servers to create (6), use between 4 and 6)
nfsv4_server_enable="YES"                                        # Enable NFSv4 server
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
rpcbind_enable="YES"                                             # Run the portmapper service
mountd_flags="-r"                                                # Flags to mountd
```
/etc/exports

```
# V4 definitions
V4: /   -network 192.168.0.0 -mask 255.255.0.0
V4: /usr/ports -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
V4: /usr/obj -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
```

Client (192.168.1.1) /etc/rc.conf

```
nfs_client_enable="YES"                                          # Enable NFS client
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
#nfsuserd_flags=""                                               # Flags for nfsuserd
nfscbd_enable="YES"                                              # NFSv4 client side callback daemon
#nfscbd_flags=""                                                 # Flags for nfscbd

nfs_server_enable="YES"                                          # Enable the NFS Server
nfs_server_flags="-u -t -n 6"                                    # -u(dp), -t(cp), -n(umber of servers to create (6), use between 4 and 6)
nfsv4_server_enable="YES"                                        # Enable NFSv4 server
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
rpcbind_enable="YES"                                             # Run the portmapper service
mountd_flags="-r"                                                # Flags to mountd
```
no settings in /etc/exports yet.

I'm not sure how correct is the syntax I have in the "server" exports file but the cmd I use to mount the nfs share is:

```
mount_nfs -o nfsv4 192.168.0.1:/usr/src /usr/src
```

The idea is to have the sources on the "client", mount them via NFS to the "server" and compile the world/kernel there (the "server" is a core2duo CPU vs the 200MHz of the "client").


----------



## da1 (May 12, 2011)

Anyone ?


----------



## obscurant (May 24, 2011)

/etc/exports

```
# V4 definitions
V4: /   -network 192.168.0.0 -mask 255.255.0.0
V4: /usr/ports -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
V4: /usr/obj -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
```

That does not look correct - you have defined the V4 roots, which is what the V4: lines do, but you have not exported any filesystems.

In my working kerberized nfs4 setup, I have the following:

/etc/exports

```
/export -sec=krb5:krb5i:krb5p -network 192.168.255.0 -mask 255.255.255.0 
V4: /export -sec=krb5:krb5i:krb5p -network 192.168.255.0 -mask 255.255.255.0
```


----------



## phoenix (May 24, 2011)

Each of those V4 lines exports those directories, using NFSv4.

In your second example, the /export line shares that directory using NFSv3, while the V4 line below it shares the exact same directory using NFSv4.


----------



## obscurant (May 25, 2011)

I disagree, based upon my experience - I thought so too until I tried to get it setup with just V4 lines. V4 line just sets the root, at least in 8.1.

From exports(5), which could be clearer, imo:


> ...This location can be any directory and does not
> need to be within an exported file system. If it is not in an exported
> file system, a very limited set of operations are permitted, so that an
> NFSv4 client can traverse the tree to an exported file system.  Although
> ...



If you attempt to mount with just V4 line in exports, you should get a no file handle errror (10020). If you have multiple V4 directories, you'll get an error for different V4 dirpath. Check mountd.c, it notes that "V4: just indicates that it is the v4 root point"

Here's a mailing list post by one of the devs regarding this.


----------



## da1 (Jun 3, 2011)

```
# nfsV4 definitions below:
V4: /
/usr/src /usr/ports -maproot=root -network 192.168.1.0 -mask 255.255.255.0
/usr/home -ro
```

Based on the last posts by obscurant, I modified my exports file and I tried a couple of things. This is what I've noticed:

1) There can be only 1 "V4" line in the exports file (and that has to be the "root tree" declaration). If there is more than 1 "V4" line `/etc/rc.d/mountd onereload` will fail with "*bad export list*" (see /var/log/messages)
2) All other export lines have to be written in "old" V3 style.
3) Having a "V4" line and all other export lines in "old" V3 style, allows one to choose how to mount the exported FS (as "V3" or as "V4") by simply doing either (for V3):
`mount -v -t nfs <IP/hostname>:/path/to/dir /local/dir`
or (for "V4")
`mount -v -t nfs [COLOR=Red][B]-o nfsv4[/B][/COLOR] <IP/hostname>:/path/to/dir /local/dir`
4) As long as a "V4" (root) line is present in the exports file, there is no restrain as to where the "V4" line itself is situated (long ago it had to be at the end of the file).
5) The last export is set to be readonly. However, it gets mounted as readwrite; using:
`mount -v -t nfs -o nfsv4 192.168.1.27:/usr/home /mnt/home/`. Ideas?


----------



## obscurant (Jun 4, 2011)

I am seeing the same thing in my setup - specifying '-ro' is ignored. If I find out more I'll update this thread.

There can be multiple V4: lines, but nfsv4 root has to be the same in each. The purpose here I guess would be if you wanted to specify different security flavors for subnets/hosts.


----------



## da1 (Jun 7, 2011)

http://www.freebsd.org/cgi/query-pr.cgi?pr=157684 - PR for the "-ro" problem.


----------

