440
441
442
443 share [-F fstype] [-p] [-o optionlist] [-d description] [pathname
444 [resourcename]]
445
446 Shares the specified path in the default share group. This
447 subcommand implements the share(1M) functionality. Shares that are
448 shared in this manner will be transient shares. Use of the -p
449 option causes the shares to be persistent.
450
451
452 unshare [-F fstype] [-p] [-o optionlist] sharepath
453
454 Unshares the specified share. This subcommand implements the
455 unshare(1M) functionality. By default, the unshare is temporary.
456 The -p option is provided to remove the share from the
457 configuration in a way that persists across reboots.
458
459
460 Supported Properties
461 Properties are protocol-specific. Currently, only the NFS and SMB
462 protocols are supported. Properties have the following characteristics:
463
464 o Values of type boolean take either true or false.
465
466 o Values of type value take a numeric value.
467
468 o Values of type file take a file name and not a file path.
469
470 o Values of type access-list are described in detail following
471 the descriptions of the NFS properties.
472
473
474 The general properties supported for NFS are:
475
476 abe=boolean
477
478 Set the access-based enumeration (ABE) policy for a share. When
479 set to true, ABE filtering is enabled on this share and directory
480 entries to which the requesting user has no access will be omitted
481 from directory listings returned to the client. When set to false
482 or not defined, ABE filtering will not be performed on this share.
483 This property is not defined by default.
484
485 disabled
486
487 Disable ABE for this share.
488
489
490 enabled
491
492 Enable ABE for this share.
493
494
495
496 aclok=boolean
497
498 Allows the NFS server to do access control for NFS Version 2
499 clients (running SunOS 2.4 or earlier). When aclok is set on the
500 server, maximum access is given to all clients. For example, with
501 aclok set, if anyone has read permissions, then everyone does. If
502 aclok is not set, minimum access is given to all clients.
503
504
505 ad-container
506
507 Specifies the AD container in which to publish shares.
508
509 The AD container is specified as a comma-separated list of
510 attribute name-value pairs using the LDAP distinguished name (DN)
511 or relative distinguished name (RDN) format. The DN or RDN must be
512 specified in LDAP format using the cn=, ou=, and dc= prefixes:
513
514 o cn represents the common name
515
516 o ou represents the organizational unit
517
518 o dc represents the domain component
519 cn=, ou= and dc= are attribute types. The attribute type used to
520 describe an object's RDN is called the naming attribute, which, for
521 ADS, includes the following object classes:
522
523 o cn for the user object class
524
525 o ou for the organizational unit (OU) object class
526
527 o dc for the domainDns object class
528
529
530 anon=uid
531
532 Set uid to be the effective user ID of unknown users. By default,
533 unknown users are given the effective user ID UID_NOBODY. If uid is
534 set to -1, access is denied.
535
536
537 catia=boolean
538
539 CATIA V4 uses characters in file names that are considered to be
540 invalid by Windows. CATIA V5 is available on Windows. A CATIA V4
541 file could be inaccessible to Windows clients if the file name
542 contains any of the characters that are considered illegal in
543 Windows. By default, CATIA character substitution is not performed.
544
545 If the catia property is set to true, the following character
546 substitution is applied to file names.
547
548 CATIA CATIA
549 V4 UNIX V5 Windows
550 " \250 0x00a8 Dieresis
551 * \244 0x00a4 Currency Sign
552 / \370 0x00f8 Latin Small Letter O with Stroke
553 : \367 0x00f7 Division Sign
554 < \253 0x00ab Left-Pointing Double Angle Quotation Mark
555 > \273 0x00bb Right-Pointing Double Angle Quotation Mark
556 ? \277 0x00bf Inverted Question Mark
557 \ \377 0x00ff Latin Small Letter Y with Dieresis
558 | \246 0x00a6 Broken Bar
559
560
561
562
563 cksum=cksumlist
564
565 Set the share to attempt to use end-to-end checksums. The value
566 cksumlist specifies the checksum algorithms that should be used.
567
568
569 csc=value
570
571 Set the client-side caching policy for a share. Client-side caching
572 is a client feature and offline files are managed entirely by the
573 clients.
574
575
576 The following are valid values for the csc property:
577
578 o manual - Clients are permitted to cache files from the
579 specified share for offline use as requested by users.
580 However, automatic file-by-file reintegration is not
581 permitted. manual is the default value.
582
583 o auto - Clients are permitted to automatically cache
584 files from the specified share for offline use and file-
585 by-file reintegration is permitted.
586
587 o vdo - Clients are permitted to automatically cache files
588 from the specified share for offline use, file-by-file
589 reintegration is permitted, and clients are permitted to
590 work from their local cache even while offline.
591
592 o disabled - Client-side caching is not permitted for this
593 share.
594
595
596 guestok=boolean
597
598 Set the guest access policy for the share. When set to true guest
599 access is allowed on this share. When set to false or not defined
600 guest access is not allowed on this share. This property is not
601 defined by default.
602
603 An idmap(1M) name-based rule can be used to map guest to any local
604 username, such as guest or nobody. If the local account has a
605 password in /var/smb/smbpasswd the guest connection will be
606 authenticated against that password. Any connection made using an
607 account that maps to the local guest account will be treated as a
608 guest connection.
609
610 Example name-based rule:
611
612 # idmap add winname:Guest unixuser:guest
613
614
615
616
617 index=file
618
619 Load file rather than a listing of the directory containing this
620 file when the directory is referenced by an NFS URL.
621
622
623 log=tag
624
625 Enables NFS server logging for the specified system. The optional
626 tag determines the location of the related log files. The tag is
627 defined in etc/nfs/nfslog.conf. If no tag is specified, the default
628 values associated with the global tag in etc/nfs/nfslog.conf is
629 used. Support of NFS server logging is available only for NFS
630 Version 2 and Version 3 requests.
631
632
633 nosub=boolean
634
635 Prevents clients from mounting subdirectories of shared
636 directories. For example, if /export is shared with the nosub
637 option on server wool then an NFS client cannot do:
638
639 # mount -F nfs wool:/export/home/mnt
640
641
642 NFS Version 4 does not use the MOUNT protocol. The nosub option
643 applies only to NFS Version 2 and Version 3 requests.
644
645
646 nosuid=boolean
647
648 By default, clients are allowed to create files on a shared file
649 system with the setuid or setgid mode enabled. Specifying nosuid
650 causes the server file system to silently ignore any attempt to
651 enable the setuid or setgid mode bits.
652
653
654 public=boolean
655
656 Moves the location of the public file handle from root (/) to the
657 exported directory for WebNFS-enabled browsers and clients. This
658 option does not enable WebNFS service; WebNFS is always on. Only
659 one file system per server can have the public property. You can
660 apply the public property only to a share and not to a group.
661
662
663
664 NFS also supports negotiated optionsets for supported security modes.
665 The security modes are documented in nfssec(5). The properties
666 supported for these optionsets are:
667
668 charset=access-list
669
670 Where charset is one of: euc-cn, euc-jp, euc-jpms, euc-kr, euc-tw,
671 iso8859-1, iso8859-2, iso8859-5, iso8859-6, iso8859-7, iso8859-8,
672 iso8859-9, iso8859-13, iso8859-15, koi8-r.
673
674 Clients that match the access-list for one of these properties will
675 be assumed to be using that character set and file and path names
676 will be converted to UTF-8 for the server.
677
678
679 ro=access-list
680
681 Sharing is read-only to the clients listed in access-list;
682 overrides the rw suboption for the clients specified. See the
683 description of access-list below.
684
685
686 rw=access-list
687
688 Sharing is read-write to the clients listed in access-list;
689 overrides the ro suboption for the clients specified. See the
690 description of access-list below.
691
692
693 none=access-list
694
695 Access is not allowed to any client that matches the access list.
696 The exception is when the access list is an asterisk (*), in which
697 case ro or rw can override none.
698
699
700 root=access-list
701
702 Only root users from the hosts specified in access-list have root
703 access. See details on access-list below. By default, no host has
704 root access, so root users are mapped to an anonymous user ID (see
705 the anon=uid option described above). Netgroups can be used if the
706 file system shared is using UNIX authentication (AUTH_SYS).
707
708
709 root_mapping=uid
710
711 For a client that is allowed root access, map the root UID to the
712 specified user id.
713
714
715 window=value
716
717 When sharing with sec=dh (see nfssec(5)), set the maximum lifetime
718 (in seconds) of the RPC request's credential (in the authentication
719 header) that the NFS server allows. If a credential arrives with a
720 lifetime larger than what is allowed, the NFS server rejects the
721 request. The default value is 30000 seconds (8.3 hours). This
722 property is ignored for security modes other than dh.
723
724
725
726 The general properties supported for SMB are:
727
728 ro=access-list
729
730 Sharing is read-only to the clients listed in access-list;
731 overrides the rw suboption for the clients specified. See the
732 description of access-list below.
733
734
735 rw=access-list
736
737 Sharing is read-write to the clients listed in access-list;
738 overrides the ro suboption for the clients specified. See the
739 description of access-list below.
740
741
742 none=access-list
743
744 Access is not allowed to any client that matches the access list.
745 The exception is when the access list is an asterisk (*), in which
746 case ro or rw can override none.
747
748
749 Access List Argument
750 The access-list argument is either the string "*" to represent all
751 hosts or a colon-separated list whose components can be any number of
752 the following:
753
754 hostname
755
756 The name of a host. With a server configured for DNS or LDAP naming
757 in the nsswitch.conf(4) hosts entry, a hostname must be represented
758 as a fully qualified DNS or LDAP name.
759
760
761 netgroup
762
763 A netgroup contains a number of hostnames. With a server configured
764 for DNS or LDAP naming in the nsswitch.conf(4) hosts entry, any
765 hostname in a netgroup must be represented as a fully qualified DNS
766 or LDAP name.
767
768
769 domainname.suffix
770
771 To use domain membership the server must use DNS or LDAP, rather
772 than, for example, NIS, to resolve hostnames to IP addresses. That
773 is, the hosts entry in the nsswitch.conf(4) must specify dns or
774 ldap ahead of nis, because only DNS and LDAP return the full domain
775 name of the host. Other name services, such as NIS, cannot be used
776 to resolve hostnames on the server because, when mapping an IP
777 address to a hostname, they do not return domain information. For
778 example, for the IP address 172.16.45.9:
779
780 NIS
781
782 Returns: myhost
783
784
785 DNS or LDAP
786
787 Returns: myhost.mydomain.mycompany.com
788
789 The domain name suffix is distinguished from hostnames and
790 netgroups by a prefixed dot. For example:
791
792 rw=.mydomain.mycompany.com
793
794 A single dot can be used to match a hostname with no suffix. For
795 example, the specification:
796
797 rw=.
798
799 ...matches mydomain but not mydomain.mycompany.com. This feature
800 can be used to match hosts resolved through NIS rather than DNS and
801 LDAP.
802
803
804 network
805
806 The network or subnet component is preceded by an at-sign (@). It
807 can be either a name or a dotted address. If a name, it is
808 converted to a dotted address by getnetbyname(3SOCKET). For
809 example:
810
811 =@mynet
812
813 ...is equivalent to:
814
815 =@172.16 or =@172.16.0.0
816
817 The network prefix assumes an octet-aligned netmask determined from
818 the zeroth octet in the low-order part of the address up to and
819 including the high-order octet, if you want to specify a single IP
820 address. In the case where network prefixes are not byte-aligned,
821 the syntax allows a mask length to be specified explicitly
822 following a slash (/) delimiter. For example:
823
824 =@theothernet/17 or =@172.16.132/22
825
826 ...where the mask is the number of leftmost contiguous significant
827 bits in the corresponding IP address.
828
829
830
831 A prefixed minus sign (-) denies access to a component of access-list.
832 The list is searched sequentially until a match is found that either
833 grants or denies access, or until the end of the list is reached. For
834 example, if host terra is in the netgroup engineering, then:
835
836 rw=-terra:engineering
837
838
839
840 ...denies access to terra, but:
841
842 rw=engineering:-terra
843
844
845
846 ...grants access to terra.
847
848 EXIT STATUS
849 0
850 Successful completion.
851
852
853 98
854 Service is offline and cannot be enabled (start
855 only).
856
857
858 other non-zero
859 Command failed.
860
861
862 FILES
863 /usr/include/libshare.h
864 Error codes used for exit status.
865
866
867 ATTRIBUTES
868 See attributes(5) for descriptions of the following attributes:
869
870
871
872
873 +--------------------+-----------------+
874 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
875 +--------------------+-----------------+
876 |Interface Stability | Committed |
877 +--------------------+-----------------+
878
879 SEE ALSO
880 idmap(1M), sharectl(1M), zfs(1M), attributes(5), nfssec(5), smf(5),
881 standards(5)
882
883
884
885 February 25, 2017 SHAREMGR(1M)
|
440
441
442
443 share [-F fstype] [-p] [-o optionlist] [-d description] [pathname
444 [resourcename]]
445
446 Shares the specified path in the default share group. This
447 subcommand implements the share(1M) functionality. Shares that are
448 shared in this manner will be transient shares. Use of the -p
449 option causes the shares to be persistent.
450
451
452 unshare [-F fstype] [-p] [-o optionlist] sharepath
453
454 Unshares the specified share. This subcommand implements the
455 unshare(1M) functionality. By default, the unshare is temporary.
456 The -p option is provided to remove the share from the
457 configuration in a way that persists across reboots.
458
459
460 EXIT STATUS
461 0
462 Successful completion.
463
464
465 98
466 Service is offline and cannot be enabled (start
467 only).
468
469
470 other non-zero
471 Command failed.
472
473
474 FILES
475 /usr/include/libshare.h
476 Error codes used for exit status.
477
478
479 ATTRIBUTES
480 See attributes(5) for descriptions of the following attributes:
481
482
483
484
485 +--------------------+-----------------+
486 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
487 +--------------------+-----------------+
488 |Interface Stability | Committed |
489 +--------------------+-----------------+
490
491 SEE ALSO
492 idmap(1M), sharectl(1M), zfs(1M), attributes(5), nfssec(5),
493 shareacl(5), sharenfs(5), sharesmb(5), smf(5), standards(5)
494
495
496
497 September 5, 2017 SHAREMGR(1M)
|