mfsexports.cfg(5)
=================

== NAME

mfsexports.cfg - LizardFS access control for mfsmounts

== DESCRIPTION

The file *mfsexports.cfg* contains LizardFS access list for *mfsmount*
clients.

== SYNTAX

Syntax is:

'ADDRESS' 'DIRECTORY' ['OPTIONS']

Lines starting with *#* character are ignored.

'ADDRESS' can be specified in several forms:

- *** all addresses

- *n.n.n.n* single IP address

- *n.n.n.n/b* IP class specified by network address and bits number

- *n.n.n.n/m.m.m.m* IP class specified by network address and mask

- *f.f.f.f-t.t.t.t* IP range specified by from-to addresses (inclusive)

'DIRECTORY' could be */* or path relative to LizardFS root; special value *.* means MFSMETA companion
filesystem.

== OPTIONS

*ro*, *readonly*::
export tree in read-only mode (default)

*rw*, *readwrite*::
export tree in read-write mode

*ignoregid*::
disable testing of group access at *mfsmaster* level (it's still done at *mfsmount* level) - in this
case "group" and "other" permissions are logically added; needed for supplementary groups to work
(*mfsmaster* receives only user primary group information)

*dynamicip*::
allows reconnecting of already authenticated client from any IP address (the default is to check IP
address on reconnect)

*maproot=*'USER'[*:*'GROUP']::
maps root (uid=0) accesses to given user and group (similarly to maproot option in NFS mounts);
'USER' and 'GROUP' can be given either as name or number; if no group is specified, 'USER''s primary
group is used. Names are resolved on *mfsmaster* side (see note below).

*mapall=*'USER'[*:*'GROUP']::
like above but maps all non privileged users (uid!=0) accesses to given user and group (see notes
below).

*minversion=*'VER'::
rejects access from clients older than specified

*mingoal=*'N', *maxgoal=*'N'::
specify range in which goal can be set by users

*mintrashtime=*'TDUR', *maxtrashtime=*'TDUR'::
specify range in which trashtime can be set by users

*password=*'PASS', *md5pass=*'MD5'::
requires password authentication in order to access specified resource

*alldirs*::
allows to mount any subdirectory of specified directory (similarly to NFS)

*nonrootmeta*::
allows non-root users to use filesystem mounted in the meta mode (option available only in this mode)

Default options are: *ro,maproot=999:999*.

== NOTES

'USER' and 'GROUP' names (if not specified by explicit uid/gid number) are resolved on *mfsmaster*
host.

TDUR can be specified as number without time unit (number of seconds) or combination of numbers with
time units. Time units are: *W*,*D*,*H*,*M*,*S*. Order is important - less significant time units
can't be defined before more significant time units.

Option *mapall* works in LizardFS in different way than in NFS, because of using FUSE's
"default_permissions" option. When mapall option is used, users see all objects with uid equal to
mapped uid as their own and all other as root's objects. Similarly objects with gid equal to mapped
gid are seen as objects with current user's primary group and all other objects as objects with
group 0 (usually wheel). With *mapall* option set attribute cache in kernel is always turned off.

== EXAMPLES

- **                    /       ro*

- *192.168.1.0/24       /       rw*

- *192.168.1.0/24       /       rw,alldirs,maproot=0,password=passcode*

- *10.0.0.0-10.0.0.5    /test   rw,maproot=nobody,password=test*

- *10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000*

- *10.2.0.0/16          /       rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w*

== COPYRIGHT

Copyright 2008-2009 Gemius SA, 2013-2015 Skytechnology sp. z o.o.

LizardFS is free software: you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation, version 3.

LizardFS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License for more details.

You should have received a copy of the GNU General Public License along with LizardFS. If not, see
<http://www.gnu.org/licenses/>.

== SEE ALSO

mfsmaster(8), mfsmaster.cfg(5)
