big-one Old usr/src/man/man1m/sharemgr.1m

   1 '\" te
   2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   4 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
   5 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH SHAREMGR 1M "Feb 25, 2017"
   7 .SH NAME
   8 sharemgr \- configure and manage file sharing
   9 .SH SYNOPSIS
  10 .LP
  11 .nf
  12 \fBsharemgr\fR \fIsubcommand\fR [\fIoptions\fR]
  13 .fi
  14 
  15 .LP
  16 .nf
  17 \fBadd-share\fR [\fB-nth\fR] [\fB-r\fR \fIresource-name\fR] [\fB-d\fR "\fIdescription text\fR"]
  18  \fB-s\fR \fIsharepath\fR \fIgroup\fR
  19 .fi
  20 
  21 .LP
  22 .nf
  23 \fBcreate\fR [\fB-nvh\fR] [\fB-P\fR \fIproto\fR [\fB-p\fR \fIproperty\fR=\fIvalue\fR]] \fIgroup\fR
  24 .fi
  25 
  26 .LP
  27 .nf
  28 \fBdelete\fR [\fB-nvh\fR] [\fB-P\fR \fIproto\fR] [\fB-f\fR] \fIgroup\fR
  29 .fi
  30 
  31 .LP
  32 .nf
  33 \fBdisable\fR [\fB-nvh\fR] [\fB-a\fR | \fIgroup\fR...]
  34 .fi
  35 
  36 .LP
  37 .nf
  38 \fBenable\fR [\fB-nvh\fR] [\fB-a\fR | \fIgroup\fR...]
  39 .fi
  40 
  41 .LP
  42 .nf
  43 \fBlist\fR [\fB-vh\fR] [\fB-P\fR \fIproto\fR]
  44 .fi
  45 
  46 .LP
  47 .nf
  48 \fBmove-share\fR [\fB-nv\fR] \fB-s\fR \fIsharepath\fR \fIdestination-group\fR
  49 .fi
  50 
  51 .LP
  52 .nf
  53 \fBremove-share\fR [\fB-fnvh\fR] \fB-s\fR \fIsharepath\fR \fIgroup\fR
  54 .fi
  55 
  56 .LP
  57 .nf
  58 \fBset\fR [\fB-nvh\fR] \fB-P\fR \fIproto\fR [\fB-p\fR \fIproperty\fR=\fIvalue\fR]... [\fB-S\fR \fIoptionset\fR]
  59  [\fB-s\fR \fIsharepath\fR] \fIgroup\fR
  60 .fi
  61 
  62 .LP
  63 .nf
  64 \fBset-share\fR [\fB-nh\fR] [\fB-r\fR \fIresource\fR] [\fB-d\fR "\fIdescription text\fR"]
  65  \fB-s\fR \fIsharepath\fR \fIgroup\fR
  66 .fi
  67 
  68 .LP
  69 .nf
  70 \fBshow\fR [\fB-pvxh\fR] [\fB-P\fR \fIproto\fR] [\fIgroup\fR]...
  71 .fi
  72 
  73 .LP
  74 .nf
  75 \fBunset\fR [\fB-nvh\fR] \fB-P\fR \fIproto\fR [\fB-S\fR \fIoptionset\fR] [\fB-p\fR \fIproperty\fR]...
  76  \fIgroup\fR
  77 .fi
  78 
  79 .LP
  80 .nf
  81 \fBshare\fR [\fB-F\fR \fIfstype\fR] [\fB-p\fR] [\fB-o\fR \fIoptionlist\fR] [\fB-d\fR \fIdescription\fR]
  82  [\fIpathname\fR [\fIresourcename\fR]]
  83 .fi
  84 
  85 .LP
  86 .nf
  87 \fBunshare\fR [\fB-F\fR \fIfstype\fR] [\fB-p\fR] [\fB-o\fR \fIoptionlist\fR] \fIsharepath\fR
  88 .fi
  89 
  90 .SH DESCRIPTION
  91 .LP
  92 The \fBsharemgr\fR command configures share groups and the shares contained
  93 within them.
  94 .sp
  95 .LP
  96 A group name must conform to service management facility (SMF) (see
  97 \fBsmf\fR(5)) service-naming conventions, thus is limited to starting with an
  98 alphabetic character, with the rest of the name consisting only of alphanumeric
  99 characters plus \fB-\fR (hyphen) and \fB_\fR (underbar).
 100 .sp
 101 .LP
 102 Subcommands that result in a configuration change support a dry-run option.
 103 When dry-run (\fB-n\fR) is specified, the syntax and validity of the command is
 104 tested but the configuration is not actually updated.
 105 .sp
 106 .LP
 107 For all subcommands, the \fB-h\fR option lists usage and help information.
 108 .sp
 109 .LP
 110 For subcommands with the verbose (\fB-v\fR) option, additional information will
 111 be provided. For example, in conjunction with the \fB-n\fR option, verbose mode
 112 will also indicate whether the current user has sufficient permissions to
 113 accomplish the operation.
 114 .sp
 115 .LP
 116 There are two groups that are created automatically. The \fBdefault\fR group
 117 always exists and covers legacy NFS shares only. The \fBzfs\fR group will be
 118 created when ZFS shares are enabled.
 119 .sp
 120 .LP
 121 The options shown in the SYNOPSIS section are described in the context of each
 122 subcommand. All subcommands except \fBlist\fR and \fBshow\fR require root
 123 privileges or that you assume the Primary Administrator role.
 124 .SS "Subcommands"
 125 .LP
 126 With no subcommand entered, a \fBsharemgr\fR command with the \fB-h\fR option
 127 displays a usage message for all subcommands.
 128 .sp
 129 .LP
 130 The following subcommands follow \fBsharemgr\fR on a command line. Commands
 131 take the form:
 132 .sp
 133 .in +2
 134 .nf
 135 % \fBsharemgr \fI<subcommand>\fR [\fIoptions\fR]\fR
 136 .fi
 137 .in -2
 138 .sp
 139 
 140 .sp
 141 .ne 2
 142 .na
 143 \fB\fBcreate\fR \fB[-nvh] [-P \fIproto\fR [-p \fIproperty\fR=\fIvalue\fR]]
 144 \fIgroup\fR\fR\fR
 145 .ad
 146 .sp .6
 147 .RS 4n
 148 Create a new group with specified name.
 149 .sp
 150 If \fB-n\fR is specified, the command checks only the validity of the command
 151 and that the group does not already exist.
 152 .sp
 153 If no protocol is specified, all known protocols are enabled for the specified
 154 group. If a protocol is specified, only that protocol is enabled. You can
 155 specify properties for a specified protocol.
 156 .sp
 157 If \fIgroup\fR exists, use of \fB-P\fR adds the specified protocol to that
 158 group.
 159 .sp
 160 As an example of the \fBcreate\fR subcommand, the following command creates a
 161 new group with the name \fBmygroup\fR.
 162 .sp
 163 .in +2
 164 .nf
 165 # \fBsharemgr create mygroup\fR
 166 .fi
 167 .in -2
 168 .sp
 169 
 170 Because no protocol was specified in the preceding command, all defined
 171 protocols will be enabled on the group.
 172 .RE
 173 
 174 .sp
 175 .ne 2
 176 .na
 177 \fB\fBdelete\fR \fB[-nvh] [-P \fIproto\fR] [-f] \fIgroup\fR\fR\fR
 178 .ad
 179 .sp .6
 180 .RS 4n
 181 Delete the specified group. If the group is not empty, you can use the \fB-f\fR
 182 option to force the deletion, which unshares and removes all shares from the
 183 group before removing the group itself.
 184 .sp
 185 If you specify a protocol, rather than deleting the whole group, this
 186 subcommand deletes the protocol from the group.
 187 .sp
 188 The \fB-n\fR option can be used to test the syntax of the command.
 189 .sp
 190 As an example, the following command removes the group \fBmygroup\fR from the
 191 configuration if it is empty.
 192 .sp
 193 .in +2
 194 .nf
 195 # \fBsharemgr delete mygroup\fR
 196 .fi
 197 .in -2
 198 .sp
 199 
 200 The following command removes any existing shares prior to removing the group.
 201 .sp
 202 .in +2
 203 .nf
 204 # \fBsharemgr delete -f mygroup\fR
 205 .fi
 206 .in -2
 207 .sp
 208 
 209 Note the use of the force (\fB-f\fR) option, above.
 210 .RE
 211 
 212 .sp
 213 .ne 2
 214 .na
 215 \fB\fBlist\fR \fB[-vh] [-P \fIproto\fR]\fR\fR
 216 .ad
 217 .sp .6
 218 .RS 4n
 219 List the defined groups.
 220 .sp
 221 If a protocol is specified, list only those groups that have the specified
 222 protocol defined.
 223 .sp
 224 If the verbose option is specified, the current state of the group and all
 225 protocols enabled on the group are listed as well. For example:
 226 .sp
 227 .in +2
 228 .nf
 229 # \fBsharemgr list -v\fR
 230 mygroup    enabled    nfs
 231 rdonlygrp  disabled   nfs
 232 .fi
 233 .in -2
 234 .sp
 235 
 236 .RE
 237 
 238 .sp
 239 .ne 2
 240 .na
 241 \fB\fBshow\fR \fB[-pvxh] [-P \fIproto\fR] [\fIgroup\fR...]\fR\fR
 242 .ad
 243 .sp .6
 244 .RS 4n
 245 Shows the contents of the specified group(s).
 246 .sp
 247 If the verbose option is specified, the resource name and description of each
 248 share is displayed if they are defined. Otherwise, only the share paths are
 249 displayed. Also, when temporary shares are listed, they are prefixed with an
 250 asterisk (\fB*\fR).
 251 .sp
 252 If the \fB-p\fR option is specified, all options defined for the protocols of
 253 the group are displayed, in addition to the display without options. If the
 254 \fB-P\fR option is used, the output is limited to those groups that have the
 255 specified protocol enabled. If the \fB-x\fR option is specified, output is in
 256 XML format and the \fB-p\fR and \fB-v\fR options are ignored, because all
 257 information is included in the XML.
 258 .sp
 259 The following example illustrates the use of the \fB-p\fR option.
 260 .sp
 261 .in +2
 262 .nf
 263 # \fBsharemgr show -p mygroup\fR
 264 default nfs=()
 265     * /data/backup
 266 mygroup nfs=(nosuid=true)
 267       /export/home/home0
 268       /export/home/home1
 269 .fi
 270 .in -2
 271 .sp
 272 
 273 The following example illustrates the use of the \fB-v\fR option.
 274 .sp
 275 .in +2
 276 .nf
 277 # \fBsharemgr show -v mygroup\fR
 278 mygroup
 279     HOME0=/export/home/home0    "Home directory set 0"
 280     HOME1=/export/home/home1    "Home directory set 1"
 281 .fi
 282 .in -2
 283 .sp
 284 
 285 ZFS managed shares are handled in a way similar to the way NFS shares are
 286 handled. These shares appear as subgroups within the parent group \fBzfs\fR.
 287 The subgroups are always prefixed with \fBzfs/\fR and use the ZFS dataset name
 288 for the rest of the name. The mount point and any sub-mounts that inherit
 289 sharing are shown as the shares of the subgroup. For example:
 290 .sp
 291 .in +2
 292 .nf
 293 # \fBsharemgr show -vp zfs\fR
 294 zfs        nfs=()
 295     zfs/ztest
 296           /ztest
 297           /ztest/backups
 298 .fi
 299 .in -2
 300 .sp
 301 
 302 .RE
 303 
 304 .sp
 305 .ne 2
 306 .na
 307 \fB\fBset\fR \fB[-nvh] -P \fIproto\fR [-S \fIoptionset\fR] [-p
 308 \fIproperty\fR=\fIvalue\fR]* [-s \fIshare path\fR] \fIgroup\fR\fR\fR
 309 .ad
 310 .sp .6
 311 .RS 4n
 312 Set protocol-specific properties on the specified group.
 313 .sp
 314 The \fB-P\fR option is required and must specify a valid protocol.
 315 .sp
 316 Optionsets are protocol-specific sets of properties that can be negotiated by
 317 the protocol client. For NFS, optionsets are equivalent to security modes as
 318 defined in \fBnfssec\fR(5). If \fB-S\fR \fIoptionset\fR is specified, the
 319 properties are applied to the selected optionset. Otherwise they are applied to
 320 the general optionset.
 321 .sp
 322 Together, \fB-P\fR and \fB-S\fR select a specific view of the group's options
 323 on which to work.
 324 .sp
 325 Property values are strings. A specified property is set to a new value if the
 326 property already exists or is added to the protocol if it does not already
 327 exist.
 328 .sp
 329 In the general case, at least one property must be set. If \fB-S\fR is
 330 specified, properties can be omitted and the specified optionset is enabled for
 331 the protocol.
 332 .sp
 333 The \fB-s\fR option allows setting properties on a per-share basis. While this
 334 is supported, it should be limited to managing legacy shares and to the
 335 occasional need for an override of a group-level property or placing an
 336 additional property on one share within a group.
 337 .sp
 338 An example of this subcommand:
 339 .sp
 340 .in +2
 341 .nf
 342 # \fBsharemgr set -P nfs -p anon=1234 mygroup\fR
 343 .fi
 344 .in -2
 345 .sp
 346 
 347 The preceding command adds the property \fBanon=1234\fR to the \fBnfs\fR view
 348 of group \fBmygroup\fR. If \fBmygroup\fR has existing shares, they will all be
 349 reshared with the new property value(s).
 350 .RE
 351 
 352 .sp
 353 .ne 2
 354 .na
 355 \fB\fBunset\fR \fB[-nvh] -P proto [-S \fIoptionset\fR] [-p \fIproperty\fR]* [-s
 356 \fIsharepath\fR ] \fIgroup\fR\fR\fR
 357 .ad
 358 .sp .6
 359 .RS 4n
 360 Unset the specified properties for the protocol or for the specified
 361 \fIoptionset\fR of the protocol.
 362 .sp
 363 In the general case, at least one property must be set. If \fB-S\fR is
 364 specified, properties can be omitted and the specified optionset is removed
 365 from the protocol.
 366 .sp
 367 The \fB-s\fR option allows removing a share-specific property.
 368 .sp
 369 An example of this subcommand:
 370 .sp
 371 .in +2
 372 .nf
 373 # \fBsharemgr unset -P nfs -p anon mygroup\fR
 374 .fi
 375 .in -2
 376 .sp
 377 
 378 The preceding command removes the \fBanon=\fR property from the \fBnfs\fR view
 379 of group \fBmygroup\fR. If \fBmygroup\fR has existing shares, they will all be
 380 reshared with the new property value(s).
 381 .RE
 382 
 383 .sp
 384 .ne 2
 385 .na
 386 \fB\fBadd-share\fR \fB[-nth] [-r \fIresource-name\fR] [-d "\fIdescription
 387 text\fR"] -s \fIsharepath\fR \fIgroup\fR\fR\fR
 388 .ad
 389 .sp .6
 390 .RS 4n
 391 Add a new share to the specified group.
 392 .sp
 393 The \fB-s\fR option is mandatory and takes a full directory path.
 394 .sp
 395 If either or both of \fB-d\fR and \fB-r\fR are specified, they specify values
 396 associated with the share. \fB-d\fR provides a description string to document
 397 the share and \fB-r\fR provides a protocol-independent resource name. Resource
 398 names are not used by NFS at this time but can be specified. These names
 399 currently follow the same naming rules as group names.
 400 .sp
 401 The temporary option (\fB-t\fR) results in the share being shared but not
 402 stored in the configuration repository. This option is intended for shares that
 403 should not survive a reboot or server restart, or for testing purposes.
 404 Temporary shares are indicated in the \fBshow\fR subcommand output with an
 405 asterisk (\fB*\fR) preceding the share.
 406 .sp
 407 If \fIsharepath\fR is a ZFS path and that path is added to the \fBzfs\fR group,
 408 \fBsharemgr\fR creates a new ZFS subgroup; the new share is added to that
 409 subgroup. Any ZFS sub-filesystems under the ZFS filesystem designated by
 410 \fIsharepath\fR will inherit the shared status of \fIsharepath\fR.
 411 .sp
 412 The effect of the \fBadd-share\fR subcommand on a ZFS dataset is determined by
 413 the values of the \fBsharesmb\fR and \fBsharenfs\fR properties of that dataset.
 414 .sp
 415 See \fBzfs\fR(1M) for a description of the \fBsharesmb\fR and \fBsharenfs\fR
 416 properties.
 417 .sp
 418 The following are examples of the \fBadd-share\fR subcommand.
 419 .sp
 420 .in +2
 421 .nf
 422 # \fBsharemgr add-share -s /export/home/home0 -d "home \e
 423 directory set 0" -r HOME0 mygroup\fR
 424 
 425 # \fBsharemgr add-share -s /export/home/home1 -d "home \e
 426 directory set 1" -r HOME1 mygroup\fR
 427 .fi
 428 .in -2
 429 .sp
 430 
 431 The preceding commands add \fB/export/home/home0\fR and
 432 \fB/export/home/home1\fR to the group \fBmygroup\fR. A descriptive comment and
 433 a resource name are included.
 434 .RE
 435 
 436 .sp
 437 .ne 2
 438 .na
 439 \fB\fBmove-share\fR \fB[-nvh] -s \fIsharepath\fR \fIdestination-group\fR\fR\fR
 440 .ad
 441 .sp .6
 442 .RS 4n
 443 Move the specified share from the group it is currently in to the specified
 444 destination group. The \fBmove-share\fR subcommand does not create a group. A
 445 specified group must exist for the command to succeed.
 446 .sp
 447 The following is an example of this subcommand.
 448 .sp
 449 .in +2
 450 .nf
 451 # \fBsharemgr move-share -s /export/home/home1 newgroup\fR
 452 .fi
 453 .in -2
 454 .sp
 455 
 456 Assuming \fB/export/home/home1\fR is in the group \fBmygroup\fR, the preceding
 457 command moves \fB/export/home/home1\fR to the group \fBnewgroup\fR and unshares
 458 and then reshares the directory with the properties associated with
 459 \fBnewgroup\fR.
 460 .RE
 461 
 462 .sp
 463 .ne 2
 464 .na
 465 \fB\fBremove-share\fR \fB[-fnvh] -s \fIsharepath\fR \fIgroup\fR\fR\fR
 466 .ad
 467 .sp .6
 468 .RS 4n
 469 Remove the specified share from the specified group. The force (\fB-f\fR)
 470 option forces the share to be removed even if it is busy.
 471 .sp
 472 You must specify the full path for \fIsharepath\fR. For group, use the subgroup
 473 as displayed in the output of the \fBsharemgr show\fR command. Note that if
 474 there are subshares that were created by inheritance, these will be removed,
 475 along with the parent shares.
 476 .RE
 477 
 478 .sp
 479 .ne 2
 480 .na
 481 \fB\fBset-share\fR \fB[-nvh] [-r \fIresource\fR] [-d "\fIdescription text\fR"]
 482 -s \fIsharepath\fR \fIgroup\fR\fR\fR
 483 .ad
 484 .sp .6
 485 .RS 4n
 486 Set or change the specified share's description and resource values. One use of
 487 \fBset-share\fR is to rename a resource. The syntax for this use of the
 488 subcommand is:
 489 .sp
 490 .in +2
 491 .nf
 492 # \fBsharemgr set-share -r \fIcurrent_name\fR=\fInew_name\fR -s \fIsharepath\fR \fIgroup\fR\fR
 493 .fi
 494 .in -2
 495 .sp
 496 
 497 .RE
 498 
 499 .sp
 500 .ne 2
 501 .na
 502 \fB\fBenable\fR \fB[-nvh] [\fIgroup\fR... | -a]\fR\fR
 503 .ad
 504 .sp .6
 505 .RS 4n
 506 Enable the specified group(s), or (with \fB-a\fR) all groups, and start sharing
 507 the contained shares. This state persists across reboots.
 508 .sp
 509 An enabled group will be shared whenever the corresponding SMF service instance
 510 is enabled. \fBsharemgr\fR will start the SMF service instance if it is not
 511 currently online.
 512 .RE
 513 
 514 .sp
 515 .ne 2
 516 .na
 517 \fB\fBdisable\fR \fB[-nvh] [\fIgroup\fR... | -a]\fR\fR
 518 .ad
 519 .sp .6
 520 .RS 4n
 521 Disable the specified group(s), or (with \fB-a\fR) all groups, and unshare the
 522 shares that they contain. This state persists across reboots.
 523 .sp
 524 A disabled group will not be shared even if the corresponding SMF service
 525 instance is online. This feature is useful when you do not want a group of
 526 shares to be started at boot time.
 527 .RE
 528 
 529 .sp
 530 .ne 2
 531 .na
 532 \fB\fBstart\fR \fB[-vh] [-P \fIproto\fR] [\fIgroup\fR... | -a]\fR\fR
 533 .ad
 534 .sp .6
 535 .RS 4n
 536 Start the specified group, or (with \fB-a\fR) all groups. The \fBstart\fR
 537 subcommand is similar to \fBenable\fR in that all shares are started, but
 538 \fBstart\fR works only on groups that are enabled. \fBstart\fR is used by the
 539 SMF to start sharing at system boot.
 540 .sp
 541 A group will not start sharing if it is in the \fBsharemgr\fR \fBdisabled\fR
 542 state. However, the corresponding SMF service instance will be started.
 543 .sp
 544 Note that the \fBstart\fR subcommand is similar to the \fBshareall\fR(1M)
 545 command in that it starts up only the configured shares. That is, the enabled
 546 shares will start being shared, but the configuration state is left the same.
 547 The command:
 548 .sp
 549 .in +2
 550 .nf
 551 # \fBsharemgr start -a\fR
 552 .fi
 553 .in -2
 554 .sp
 555 
 556 \&...is equivalent to:
 557 .sp
 558 .in +2
 559 .nf
 560 # \fBshareall\fR
 561 .fi
 562 .in -2
 563 .sp
 564 
 565 .RE
 566 
 567 .sp
 568 .ne 2
 569 .na
 570 \fB\fBstop\fR \fB[-vh] [-P \fIproto\fR] [\fIgroup\fR... | -a]\fR\fR
 571 .ad
 572 .sp .6
 573 .RS 4n
 574 Stop the specified group, or (with \fB-a\fR) all groups. The \fBstop\fR
 575 subcommand is similar to \fBdisable\fR in that all shares are no longer shared,
 576 but it works only on groups that are enabled. \fBstop\fR is used by the SMF to
 577 stop sharing at system shutdown.
 578 .sp
 579 Note that the \fBstop\fR subcommand is similar to the \fBunshareall\fR(1M)
 580 command in that all active shares are unshared, but the configuration is left
 581 the same. That is, the shares are stopped but the service instances are left
 582 enabled. The command:
 583 .sp
 584 .in +2
 585 .nf
 586 # \fBsharemgr stop -a\fR
 587 .fi
 588 .in -2
 589 .sp
 590 
 591 \&...is equivalent to:
 592 .sp
 593 .in +2
 594 .nf
 595 # \fBunshareall\fR
 596 .fi
 597 .in -2
 598 .sp
 599 
 600 .RE
 601 
 602 .sp
 603 .ne 2
 604 .na
 605 \fB\fBshare\fR \fB[-F \fIfstype\fR] [-p] [-o \fIoptionlist\fR] [-d
 606 \fIdescription\fR] [\fIpathname\fR [\fIresourcename\fR]]\fR\fR
 607 .ad
 608 .sp .6
 609 .RS 4n
 610 Shares the specified path in the \fBdefault\fR share group. This subcommand
 611 implements the \fBshare\fR(1M) functionality. Shares that are shared in this
 612 manner will be transient shares. Use of the \fB-p\fR option causes the shares
 613 to be persistent.
 614 .RE
 615 
 616 .sp
 617 .ne 2
 618 .na
 619 \fB\fBunshare\fR \fB[-F \fIfstype\fR] [-p] [-o \fIoptionlist\fR]
 620 \fIsharepath\fR\fR\fR
 621 .ad
 622 .sp .6
 623 .RS 4n
 624 Unshares the specified share. This subcommand implements the \fBunshare\fR(1M)
 625 functionality. By default, the \fBunshare\fR is temporary. The \fB-p\fR option
 626 is provided to remove the share from the configuration in a way that persists
 627 across reboots.
 628 .RE
 629 
 630 .SS "Supported Properties"
 631 .LP
 632 Properties are protocol-specific. Currently, only the NFS and SMB protocols are
 633 supported. Properties have the following characteristics:
 634 .RS +4
 635 .TP
 636 .ie t \(bu
 637 .el o
 638 Values of type \fIboolean\fR take either \fBtrue\fR or \fBfalse\fR.
 639 .RE
 640 .RS +4
 641 .TP
 642 .ie t \(bu
 643 .el o
 644 Values of type \fIvalue\fR take a numeric value.
 645 .RE
 646 .RS +4
 647 .TP
 648 .ie t \(bu
 649 .el o
 650 Values of type \fIfile\fR take a file name and not a file path.
 651 .RE
 652 .RS +4
 653 .TP
 654 .ie t \(bu
 655 .el o
 656 Values of type \fIaccess-list\fR are described in detail following the
 657 descriptions of the NFS properties.
 658 .RE
 659 .sp
 660 .LP
 661 The general properties supported for NFS are:
 662 .sp
 663 .ne 2
 664 .na
 665 \fB\fBabe=\fR\fIboolean\fR\fR
 666 .ad
 667 .sp .6
 668 .RS 4n
 669 Set the access-based enumeration (ABE) policy for a share.  When set to
 670 \fBtrue\fR, ABE filtering is enabled on this share and directory entries to
 671 which the requesting user has no access will be omitted from directory listings
 672 returned to the client. When set to \fBfalse\fR or not defined, ABE filtering
 673 will not be performed on  this share. This property is not defined by default.
 674 .sp
 675 .ne 2
 676 .na
 677 \fB\fBdisabled\fR\fR
 678 .ad
 679 .sp .6
 680 .RS 4n
 681 Disable ABE for this share.
 682 .RE
 683 
 684 .sp
 685 .ne 2
 686 .na
 687 \fB\fBenabled\fR\fR
 688 .ad
 689 .sp .6
 690 .RS 4n
 691 Enable ABE for this share.
 692 .RE
 693 
 694 .RE
 695 
 696 .sp
 697 .ne 2
 698 .na
 699 \fB\fBaclok=\fIboolean\fR\fR\fR
 700 .ad
 701 .sp .6
 702 .RS 4n
 703 Allows the NFS server to do access control for NFS Version 2 clients (running
 704 SunOS 2.4 or earlier). When \fBaclok\fR is set on the server, maximum access is
 705 given to all clients. For example, with \fBaclok\fR set, if anyone has read
 706 permissions, then everyone does. If \fBaclok\fR is not set, minimum access is
 707 given to all clients.
 708 .RE
 709 
 710 .sp
 711 .ne 2
 712 .na
 713 \fB\fBad-container\fR\fR
 714 .ad
 715 .sp .6
 716 .RS 4n
 717 Specifies the AD container in which to publish shares.
 718 .sp
 719 The AD container is specified as a comma-separated list of attribute name-value
 720 pairs using the LDAP distinguished name (DN) or relative distinguished name
 721 (RDN) format. The DN or RDN must be specified in LDAP format using the
 722 \fBcn=\fR, \fBou=\fR, and \fBdc=\fR prefixes:
 723 .RS +4
 724 .TP
 725 .ie t \(bu
 726 .el o
 727 \fBcn\fR represents the common name
 728 .RE
 729 .RS +4
 730 .TP
 731 .ie t \(bu
 732 .el o
 733 \fBou\fR represents the organizational unit
 734 .RE
 735 .RS +4
 736 .TP
 737 .ie t \(bu
 738 .el o
 739 \fBdc\fR represents the domain component
 740 .RE
 741 \fBcn=\fR, \fBou=\fR and \fBdc=\fR are attribute types. The attribute type used
 742 to describe an object's RDN is called the naming attribute, which, for ADS,
 743 includes the following object classes:
 744 .RS +4
 745 .TP
 746 .ie t \(bu
 747 .el o
 748 \fBcn\fR for the \fBuser\fR object class
 749 .RE
 750 .RS +4
 751 .TP
 752 .ie t \(bu
 753 .el o
 754 \fBou\fR for the organizational unit (\fBOU\fR) object class
 755 .RE
 756 .RS +4
 757 .TP
 758 .ie t \(bu
 759 .el o
 760 \fBdc\fR for the \fBdomainDns\fR object class
 761 .RE
 762 .RE
 763 
 764 .sp
 765 .ne 2
 766 .na
 767 \fB\fBanon=\fIuid\fR\fR\fR
 768 .ad
 769 .sp .6
 770 .RS 4n
 771 Set \fIuid\fR to be the effective user ID of unknown users. By default, unknown
 772 users are given the effective user ID \fBUID_NOBODY\fR. If uid is set to
 773 \fB-1\fR, access is denied.
 774 .RE
 775 
 776 .sp
 777 .ne 2
 778 .na
 779 \fB\fBcatia=\fIboolean\fR\fR\fR
 780 .ad
 781 .sp .6
 782 .RS 4n
 783 CATIA V4 uses characters in file names that are considered to be invalid by
 784 Windows. CATIA V5 is available on Windows. A CATIA V4 file could be
 785 inaccessible to Windows clients if the file name contains any of the characters
 786 that are considered illegal in Windows. By default, CATIA character
 787 substitution is not performed.
 788 .sp
 789 If the \fBcatia\fR property is set to true, the following character
 790 substitution is applied to file names.
 791 .sp
 792 .in +2
 793 .nf
 794 CATIA    CATIA
 795 V4 UNIX  V5 Windows
 796   "      \e250   0x00a8  Dieresis
 797   *      \e244   0x00a4  Currency Sign
 798   /      \e370   0x00f8  Latin Small Letter O with Stroke
 799   :      \e367   0x00f7  Division Sign
 800   <      \e253   0x00ab  Left-Pointing Double Angle Quotation Mark
 801   >      \e273   0x00bb  Right-Pointing Double Angle Quotation Mark
 802   ?      \e277   0x00bf  Inverted Question Mark
 803   \e      \e377   0x00ff  Latin Small Letter Y with Dieresis
 804   |      \e246   0x00a6  Broken Bar
 805 .fi
 806 .in -2
 807 .sp
 808 
 809 .RE
 810 
 811 .sp
 812 .ne 2
 813 .na
 814 \fB\fBcksum=\fIcksumlist\fR\fR\fR
 815 .ad
 816 .sp .6
 817 .RS 4n
 818 Set the share to attempt to use end-to-end checksums. The value \fIcksumlist\fR
 819 specifies the checksum algorithms that should be used.
 820 .RE
 821 
 822 .sp
 823 .ne 2
 824 .na
 825 \fB\fBcsc=\fR\fIvalue\fR\fR
 826 .ad
 827 .sp .6
 828 .RS 4n
 829 Set the client-side caching policy for a share. Client-side caching is a client
 830 feature and offline files are managed entirely by the clients.
 831 .sp
 832 .LP
 833 The following are valid values for the \fBcsc\fR property:
 834 .RS +4
 835 .TP
 836 .ie t \(bu
 837 .el o
 838 \fBmanual\fR \fB-\fR Clients are permitted to cache files from the specified
 839 share for offline use as requested by users. However, automatic file-by-file
 840 reintegration is not permitted. \fBmanual\fR is the default value.
 841 .RE
 842 .RS +4
 843 .TP
 844 .ie t \(bu
 845 .el o
 846 \fBauto\fR \fB-\fR Clients are permitted to automatically cache files from the
 847 specified share for offline use and file-by-file reintegration is permitted.
 848 .RE
 849 .RS +4
 850 .TP
 851 .ie t \(bu
 852 .el o
 853 \fBvdo\fR \fB-\fR Clients are permitted to automatically cache files from the
 854 specified share for offline use, file-by-file reintegration is permitted, and
 855 clients are permitted to work from their local cache even while offline.
 856 .RE
 857 .RS +4
 858 .TP
 859 .ie t \(bu
 860 .el o
 861 \fBdisabled\fR \fB-\fR Client-side caching is not permitted for this share.
 862 .RE
 863 .RE
 864 
 865 .sp
 866 .ne 2
 867 .na
 868 \fB\fBguestok=\fR\fIboolean\fR\fR
 869 .ad
 870 .sp .6
 871 .RS 4n
 872 Set the guest access policy for the share. When set to \fBtrue\fR guest access
 873 is allowed on this share. When set to \fBfalse\fR or not defined guest access
 874 is not allowed on this share. This property is not defined by default.
 875 .sp
 876 An \fBidmap\fR(1M) name-based rule can be used to map \fBguest\fR to any local
 877 username, such as \fBguest\fR or \fBnobody\fR. If the local account has a
 878 password in \fB/var/smb/smbpasswd\fR the guest connection will be authenticated
 879 against that password. Any connection made using an account that maps to the
 880 local guest account will be treated as a guest connection.
 881 .sp
 882 Example name-based rule:
 883 .sp
 884 .in +2
 885 .nf
 886 # \fBidmap add winname:Guest unixuser:guest\fR
 887 .fi
 888 .in -2
 889 .sp
 890 
 891 .RE
 892 
 893 .sp
 894 .ne 2
 895 .na
 896 \fB\fBindex=\fIfile\fR\fR\fR
 897 .ad
 898 .sp .6
 899 .RS 4n
 900 Load \fIfile\fR rather than a listing of the directory containing this file
 901 when the directory is referenced by an NFS URL.
 902 .RE
 903 
 904 .sp
 905 .ne 2
 906 .na
 907 \fB\fBlog=\fItag\fR\fR\fR
 908 .ad
 909 .sp .6
 910 .RS 4n
 911 Enables NFS server logging for the specified system. The optional tag
 912 determines the location of the related log files. The tag is defined in
 913 \fBetc/nfs/nfslog.conf\fR. If no tag is specified, the default values
 914 associated with the global tag in \fBetc/nfs/nfslog.conf\fR is used. Support of
 915 NFS server logging is available only for NFS Version 2 and Version 3 requests.
 916 .RE
 917 
 918 .sp
 919 .ne 2
 920 .na
 921 \fB\fBnosub=\fIboolean\fR\fR\fR
 922 .ad
 923 .sp .6
 924 .RS 4n
 925 Prevents clients from mounting subdirectories of shared directories. For
 926 example, if \fB/export\fR is shared with the \fBnosub\fR option on server
 927 \fBwool\fR then an NFS client cannot do:
 928 .sp
 929 .in +2
 930 .nf
 931 # \fBmount -F nfs wool:/export/home/mnt\fR
 932 .fi
 933 .in -2
 934 .sp
 935 
 936 NFS Version 4 does not use the MOUNT protocol. The \fBnosub\fR option applies
 937 only to NFS Version 2 and Version 3 requests.
 938 .RE
 939 
 940 .sp
 941 .ne 2
 942 .na
 943 \fB\fBnosuid=\fIboolean\fR\fR\fR
 944 .ad
 945 .sp .6
 946 .RS 4n
 947 By default, clients are allowed to create files on a shared file system with
 948 the \fBsetuid\fR or \fBsetgid\fR mode enabled. Specifying \fBnosuid\fR causes
 949 the server file system to silently ignore any attempt to enable the
 950 \fBsetuid\fR or \fBsetgid\fR mode bits.
 951 .RE
 952 
 953 .sp
 954 .ne 2
 955 .na
 956 \fB\fBpublic=\fIboolean\fR\fR\fR
 957 .ad
 958 .sp .6
 959 .RS 4n
 960 Moves the location of the public file handle from root (\fB/\fR) to the
 961 exported directory for WebNFS-enabled browsers and clients. This option does
 962 not enable WebNFS service; WebNFS is always on. Only one file system per server
 963 can have the \fBpublic\fR property. You can apply the \fBpublic\fR property
 964 only to a share and not to a group.
 965 .RE
 966 
 967 .sp
 968 .LP
 969 NFS also supports negotiated optionsets for supported security modes. The
 970 security modes are documented in \fBnfssec\fR(5). The properties supported for
 971 these optionsets are:
 972 .sp
 973 .ne 2
 974 .na
 975 \fB\fIcharset\fR=\fIaccess-list\fR\fR
 976 .ad
 977 .sp .6
 978 .RS 4n
 979 Where \fIcharset\fR is one of: \fBeuc-cn\fR, \fBeuc-jp\fR, \fBeuc-jpms\fR,
 980 \fBeuc-kr\fR, \fBeuc-tw\fR, \fBiso8859-1\fR, \fBiso8859-2\fR, \fBiso8859-5\fR,
 981 \fBiso8859-6\fR, \fBiso8859-7\fR, \fBiso8859-8\fR, \fBiso8859-9\fR,
 982 \fBiso8859-13\fR, \fBiso8859-15\fR, \fBkoi8-r\fR.
 983 .sp
 984 Clients that match the \fIaccess-list\fR for one of these properties will be
 985 assumed to be using that character set and file and path names will be
 986 converted to UTF-8 for the server.
 987 .RE
 988 
 989 .sp
 990 .ne 2
 991 .na
 992 \fB\fBro=\fIaccess-list\fR\fR\fR
 993 .ad
 994 .sp .6
 995 .RS 4n
 996 Sharing is read-only to the clients listed in \fIaccess-list\fR; overrides the
 997 \fBrw\fR suboption for the clients specified. See the description of
 998 \fIaccess-list\fR below.
 999 .RE
1000 
1001 .sp
1002 .ne 2
1003 .na
1004 \fB\fBrw=\fIaccess-list\fR\fR\fR
1005 .ad
1006 .sp .6
1007 .RS 4n
1008 Sharing is read-write to the clients listed in \fIaccess-list\fR; overrides the
1009 \fBro\fR suboption for the clients specified. See the description of
1010 \fIaccess-list\fR below.
1011 .RE
1012 
1013 .sp
1014 .ne 2
1015 .na
1016 \fB\fBnone=\fIaccess-list\fR\fR\fR
1017 .ad
1018 .sp .6
1019 .RS 4n
1020 Access is not allowed to any client that matches the access list. The exception
1021 is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or
1022 \fBrw\fR can override \fBnone\fR.
1023 .RE
1024 
1025 .sp
1026 .ne 2
1027 .na
1028 \fB\fBroot=\fIaccess-list\fR\fR\fR
1029 .ad
1030 .sp .6
1031 .RS 4n
1032 Only root users from the hosts specified in \fIaccess-list\fR have root access.
1033 See details on \fIaccess-list\fR below. By default, no host has root access, so
1034 root users are mapped to an anonymous user ID (see the \fBanon=uid\fR option
1035 described above). Netgroups can be used if the file system shared is using UNIX
1036 authentication (\fBAUTH_SYS\fR).
1037 .RE
1038 
1039 .sp
1040 .ne 2
1041 .na
1042 \fB\fBroot_mapping=\fIuid\fR\fR\fR
1043 .ad
1044 .sp .6
1045 .RS 4n
1046 For a client that is allowed root access, map the root UID to the specified
1047 user id.
1048 .RE
1049 
1050 .sp
1051 .ne 2
1052 .na
1053 \fB\fBwindow=\fIvalue\fR\fR\fR
1054 .ad
1055 .sp .6
1056 .RS 4n
1057 When sharing with \fBsec=dh\fR (see \fBnfssec\fR(5)), set the maximum lifetime
1058 (in seconds) of the RPC request's credential (in the authentication header)
1059 that the NFS server allows. If a credential arrives with a lifetime larger than
1060 what is allowed, the NFS server rejects the request. The default value is 30000
1061 seconds (8.3 hours). This property is ignored for security modes other than
1062 \fBdh\fR.
1063 .RE
1064 
1065 .sp
1066 .LP
1067 The general properties supported for SMB are:
1068 .sp
1069 .ne 2
1070 .na
1071 \fB\fBro=\fIaccess-list\fR\fR\fR
1072 .ad
1073 .sp .6
1074 .RS 4n
1075 Sharing is read-only to the clients listed in \fIaccess-list\fR; overrides the
1076 \fBrw\fR suboption for the clients specified. See the description of
1077 \fIaccess-list\fR below.
1078 .RE
1079 
1080 .sp
1081 .ne 2
1082 .na
1083 \fB\fBrw=\fIaccess-list\fR\fR\fR
1084 .ad
1085 .sp .6
1086 .RS 4n
1087 Sharing is read-write to the clients listed in \fIaccess-list\fR; overrides the
1088 \fBro\fR suboption for the clients specified. See the description of
1089 \fIaccess-list\fR below.
1090 .RE
1091 
1092 .sp
1093 .ne 2
1094 .na
1095 \fB\fBnone=\fIaccess-list\fR\fR\fR
1096 .ad
1097 .sp .6
1098 .RS 4n
1099 Access is not allowed to any client that matches the access list. The exception
1100 is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or
1101 \fBrw\fR can override \fBnone\fR.
1102 .RE
1103 
1104 .SS "Access List Argument"
1105 .LP
1106 The \fIaccess-list\fR argument is either the string \fB"*"\fR to represent all
1107 hosts or a colon-separated list whose components can be any number of the
1108 following:
1109 .sp
1110 .ne 2
1111 .na
1112 \fB\fIhostname\fR\fR
1113 .ad
1114 .sp .6
1115 .RS 4n
1116 The name of a host. With a server configured for DNS or LDAP naming in the
1117 \fBnsswitch.conf\fR(4) \fBhosts\fR entry, a hostname must be represented as a
1118 fully qualified DNS or LDAP name.
1119 .RE
1120 
1121 .sp
1122 .ne 2
1123 .na
1124 \fB\fInetgroup\fR\fR
1125 .ad
1126 .sp .6
1127 .RS 4n
1128 A \fInetgroup\fR contains a number of hostnames. With a server configured for
1129 DNS or LDAP naming in the \fBnsswitch.conf\fR(4) \fBhosts\fR entry, any
1130 hostname in a netgroup must be represented as a fully qualified DNS or LDAP
1131 name.
1132 .RE
1133 
1134 .sp
1135 .ne 2
1136 .na
1137 \fB\fIdomainname\fR.\fIsuffix\fR\fR
1138 .ad
1139 .sp .6
1140 .RS 4n
1141 To use domain membership the server must use DNS or LDAP, rather than, for
1142 example, NIS, to resolve hostnames to IP addresses. That is, the
1143 \fBhosts\fR entry in the \fBnsswitch.conf\fR(4) must specify \fBdns\fR or
1144 \fBldap\fR ahead of \fBnis\fR, because only DNS and LDAP
1145 return the full domain name of the host. Other name services, such as NIS,
1146 cannot be used to resolve hostnames on the server because, when mapping
1147 an IP address to a hostname, they do not return domain information. For
1148 example, for the IP address 172.16.45.9:
1149 .sp
1150 .ne 2
1151 .na
1152 \fBNIS\fR
1153 .ad
1154 .sp .6
1155 .RS 4n
1156 Returns: \fBmyhost\fR
1157 .RE
1158 
1159 .sp
1160 .ne 2
1161 .na
1162 \fBDNS or LDAP\fR
1163 .ad
1164 .sp .6
1165 .RS 4n
1166 Returns: \fBmyhost.mydomain.mycompany.com\fR
1167 .RE
1168 
1169 The domain name suffix is distinguished from hostnames and netgroups by a
1170 prefixed dot. For example:
1171 .sp
1172 .in +2
1173 .nf
1174 rw=.mydomain.mycompany.com
1175 .fi
1176 .in -2
1177 
1178 A single dot can be used to match a hostname with no suffix. For example, the
1179 specification:
1180 .sp
1181 .in +2
1182 .nf
1183 rw=.
1184 .fi
1185 .in -2
1186 
1187 \&...matches \fBmydomain\fR but not \fBmydomain.mycompany.com\fR. This feature
1188 can be used to match hosts resolved through NIS rather than DNS and
1189 LDAP.
1190 .RE
1191 
1192 .sp
1193 .ne 2
1194 .na
1195 \fB\fInetwork\fR\fR
1196 .ad
1197 .sp .6
1198 .RS 4n
1199 The network or subnet component is preceded by an at-sign (\fB@\fR). It can be
1200 either a name or a dotted address. If a name, it is converted to a dotted
1201 address by \fBgetnetbyname\fR(3SOCKET). For example:
1202 .sp
1203 .in +2
1204 .nf
1205 =@mynet
1206 .fi
1207 .in -2
1208 
1209 \&...is equivalent to:
1210 .sp
1211 .in +2
1212 .nf
1213 =@172.16 or =@172.16.0.0
1214 .fi
1215 .in -2
1216 
1217 The network prefix assumes an octet-aligned netmask determined from the zeroth
1218 octet in the low-order part of the address up to and including the high-order
1219 octet, if you want to specify a single IP address. In the case where network
1220 prefixes are not byte-aligned, the syntax allows a mask length to be specified
1221 explicitly following a slash (\fB/\fR) delimiter. For example:
1222 .sp
1223 .in +2
1224 .nf
1225 =@theothernet/17 or =@172.16.132/22
1226 .fi
1227 .in -2
1228 
1229 \&...where the mask is the number of leftmost contiguous significant bits in
1230 the corresponding IP address.
1231 .RE
1232 
1233 .sp
1234 .LP
1235 A prefixed minus sign (\fB-\fR) denies access to a component of
1236 \fIaccess-list\fR. The list is searched sequentially until a match is found
1237 that either grants or denies access, or until the end of the list is reached.
1238 For example, if host \fBterra\fR is in the netgroup \fBengineering\fR, then:
1239 .sp
1240 .in +2
1241 .nf
1242 rw=-terra:engineering
1243 .fi
1244 .in -2
1245 
1246 .sp
1247 .LP
1248 \&...denies access to \fBterra\fR, but:
1249 .sp
1250 .in +2
1251 .nf
1252 rw=engineering:-terra
1253 .fi
1254 .in -2
1255 
1256 .sp
1257 .LP
1258 \&...grants access to \fBterra\fR.
1259 .SH EXIT STATUS
1260 .ne 2
1261 .na
1262 \fB\fB0\fR\fR
1263 .ad
1264 .RS 18n
1265 Successful completion.
1266 .RE
1267 
1268 .sp
1269 .ne 2
1270 .na
1271 \fB\fB98\fR\fR
1272 .ad
1273 .RS 18n
1274 Service is offline and cannot be enabled (start only).
1275 .RE
1276 
1277 .sp
1278 .ne 2
1279 .na
1280 \fB\fIother non-zero\fR\fR
1281 .ad
1282 .RS 18n
1283 Command failed.
1284 .RE
1285 
1286 .SH FILES
1287 .ne 2
1288 .na
1289 \fB\fB/usr/include/libshare.h\fR\fR
1290 .ad
1291 .RS 27n
1292 Error codes used for exit status.
1293 .RE
1294 
1295 .SH ATTRIBUTES
1296 .LP
1297 See \fBattributes\fR(5) for descriptions of the following attributes:
1298 .sp
1299 
1300 .sp
1301 .TS
1302 box;
1303 c | c
1304 l | l .
1305 ATTRIBUTE TYPE  ATTRIBUTE VALUE
1306 _
1307 Interface Stability     Committed
1308 .TE
1309 
1310 .SH SEE ALSO
1311 .LP
1312 \fBidmap\fR(1M), \fBsharectl\fR(1M), \fBzfs\fR(1M), \fBattributes\fR(5),
1313 \fBnfssec\fR(5), \fBsmf\fR(5), \fBstandards\fR(5)