Print this page
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-9808 SMB3 persistent handles
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15425 rework share man pages
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-15425 rework share man pages
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/sharemgr.1m.man.txt
+++ new/usr/src/man/man1m/sharemgr.1m.man.txt
1 1 SHAREMGR(1M) Maintenance Commands SHAREMGR(1M)
2 2
3 3
4 4
5 5 NAME
6 6 sharemgr - configure and manage file sharing
7 7
8 8 SYNOPSIS
9 9 sharemgr subcommand [options]
10 10
11 11
12 12 add-share [-nth] [-r resource-name] [-d "description text"]
13 13 -s sharepath group
14 14
15 15
16 16 create [-nvh] [-P proto [-p property=value]] group
17 17
18 18
19 19 delete [-nvh] [-P proto] [-f] group
20 20
21 21
22 22 disable [-nvh] [-a | group...]
23 23
24 24
25 25 enable [-nvh] [-a | group...]
26 26
27 27
28 28 list [-vh] [-P proto]
29 29
30 30
31 31 move-share [-nv] -s sharepath destination-group
32 32
33 33
34 34 remove-share [-fnvh] -s sharepath group
35 35
36 36
37 37 set [-nvh] -P proto [-p property=value]... [-S optionset]
38 38 [-s sharepath] group
39 39
40 40
41 41 set-share [-nh] [-r resource] [-d "description text"]
42 42 -s sharepath group
43 43
44 44
45 45 show [-pvxh] [-P proto] [group]...
46 46
47 47
48 48 unset [-nvh] -P proto [-S optionset] [-p property]...
49 49 group
50 50
51 51
52 52 share [-F fstype] [-p] [-o optionlist] [-d description]
53 53 [pathname [resourcename]]
54 54
55 55
56 56 unshare [-F fstype] [-p] [-o optionlist] sharepath
57 57
58 58
59 59 DESCRIPTION
60 60 The sharemgr command configures share groups and the shares contained
61 61 within them.
62 62
63 63
64 64 A group name must conform to service management facility (SMF) (see
65 65 smf(5)) service-naming conventions, thus is limited to starting with an
66 66 alphabetic character, with the rest of the name consisting only of
67 67 alphanumeric characters plus - (hyphen) and _ (underbar).
68 68
69 69
70 70 Subcommands that result in a configuration change support a dry-run
71 71 option. When dry-run (-n) is specified, the syntax and validity of the
72 72 command is tested but the configuration is not actually updated.
73 73
74 74
75 75 For all subcommands, the -h option lists usage and help information.
76 76
77 77
78 78 For subcommands with the verbose (-v) option, additional information
79 79 will be provided. For example, in conjunction with the -n option,
80 80 verbose mode will also indicate whether the current user has sufficient
81 81 permissions to accomplish the operation.
82 82
83 83
84 84 There are two groups that are created automatically. The default group
85 85 always exists and covers legacy NFS shares only. The zfs group will be
86 86 created when ZFS shares are enabled.
87 87
88 88
89 89 The options shown in the SYNOPSIS section are described in the context
90 90 of each subcommand. All subcommands except list and show require root
91 91 privileges or that you assume the Primary Administrator role.
92 92
93 93 Subcommands
94 94 With no subcommand entered, a sharemgr command with the -h option
95 95 displays a usage message for all subcommands.
96 96
97 97
98 98 The following subcommands follow sharemgr on a command line. Commands
99 99 take the form:
100 100
101 101 % sharemgr <subcommand> [options]
102 102
103 103
104 104
105 105 create [-nvh] [-P proto [-p property=value]] group
106 106
107 107 Create a new group with specified name.
108 108
109 109 If -n is specified, the command checks only the validity of the
110 110 command and that the group does not already exist.
111 111
112 112 If no protocol is specified, all known protocols are enabled for
113 113 the specified group. If a protocol is specified, only that protocol
114 114 is enabled. You can specify properties for a specified protocol.
115 115
116 116 If group exists, use of -P adds the specified protocol to that
117 117 group.
118 118
119 119 As an example of the create subcommand, the following command
120 120 creates a new group with the name mygroup.
121 121
122 122 # sharemgr create mygroup
123 123
124 124
125 125 Because no protocol was specified in the preceding command, all
126 126 defined protocols will be enabled on the group.
127 127
128 128
129 129 delete [-nvh] [-P proto] [-f] group
130 130
131 131 Delete the specified group. If the group is not empty, you can use
132 132 the -f option to force the deletion, which unshares and removes all
133 133 shares from the group before removing the group itself.
134 134
135 135 If you specify a protocol, rather than deleting the whole group,
136 136 this subcommand deletes the protocol from the group.
137 137
138 138 The -n option can be used to test the syntax of the command.
139 139
140 140 As an example, the following command removes the group mygroup from
141 141 the configuration if it is empty.
142 142
143 143 # sharemgr delete mygroup
144 144
145 145
146 146 The following command removes any existing shares prior to removing
147 147 the group.
148 148
149 149 # sharemgr delete -f mygroup
150 150
151 151
152 152 Note the use of the force (-f) option, above.
153 153
154 154
155 155 list [-vh] [-P proto]
156 156
157 157 List the defined groups.
158 158
159 159 If a protocol is specified, list only those groups that have the
160 160 specified protocol defined.
161 161
162 162 If the verbose option is specified, the current state of the group
163 163 and all protocols enabled on the group are listed as well. For
164 164 example:
165 165
166 166 # sharemgr list -v
167 167 mygroup enabled nfs
168 168 rdonlygrp disabled nfs
169 169
170 170
171 171
172 172
173 173 show [-pvxh] [-P proto] [group...]
174 174
175 175 Shows the contents of the specified group(s).
176 176
177 177 If the verbose option is specified, the resource name and
178 178 description of each share is displayed if they are defined.
179 179 Otherwise, only the share paths are displayed. Also, when temporary
180 180 shares are listed, they are prefixed with an asterisk (*).
181 181
182 182 If the -p option is specified, all options defined for the
183 183 protocols of the group are displayed, in addition to the display
184 184 without options. If the -P option is used, the output is limited to
185 185 those groups that have the specified protocol enabled. If the -x
186 186 option is specified, output is in XML format and the -p and -v
187 187 options are ignored, because all information is included in the
188 188 XML.
189 189
190 190 The following example illustrates the use of the -p option.
191 191
192 192 # sharemgr show -p mygroup
193 193 default nfs=()
194 194 * /data/backup
195 195 mygroup nfs=(nosuid=true)
196 196 /export/home/home0
197 197 /export/home/home1
198 198
199 199
200 200 The following example illustrates the use of the -v option.
201 201
202 202 # sharemgr show -v mygroup
203 203 mygroup
204 204 HOME0=/export/home/home0 "Home directory set 0"
205 205 HOME1=/export/home/home1 "Home directory set 1"
206 206
207 207
208 208 ZFS managed shares are handled in a way similar to the way NFS
209 209 shares are handled. These shares appear as subgroups within the
210 210 parent group zfs. The subgroups are always prefixed with zfs/ and
211 211 use the ZFS dataset name for the rest of the name. The mount point
212 212 and any sub-mounts that inherit sharing are shown as the shares of
213 213 the subgroup. For example:
214 214
215 215 # sharemgr show -vp zfs
216 216 zfs nfs=()
217 217 zfs/ztest
218 218 /ztest
219 219 /ztest/backups
220 220
221 221
222 222
223 223
224 224 set [-nvh] -P proto [-S optionset] [-p property=value]* [-s share path]
225 225 group
226 226
227 227 Set protocol-specific properties on the specified group.
228 228
229 229 The -P option is required and must specify a valid protocol.
230 230
231 231 Optionsets are protocol-specific sets of properties that can be
232 232 negotiated by the protocol client. For NFS, optionsets are
233 233 equivalent to security modes as defined in nfssec(5). If -S
234 234 optionset is specified, the properties are applied to the selected
235 235 optionset. Otherwise they are applied to the general optionset.
236 236
237 237 Together, -P and -S select a specific view of the group's options
238 238 on which to work.
239 239
240 240 Property values are strings. A specified property is set to a new
241 241 value if the property already exists or is added to the protocol if
242 242 it does not already exist.
243 243
244 244 In the general case, at least one property must be set. If -S is
245 245 specified, properties can be omitted and the specified optionset is
246 246 enabled for the protocol.
247 247
248 248 The -s option allows setting properties on a per-share basis. While
249 249 this is supported, it should be limited to managing legacy shares
250 250 and to the occasional need for an override of a group-level
251 251 property or placing an additional property on one share within a
252 252 group.
253 253
254 254 An example of this subcommand:
255 255
256 256 # sharemgr set -P nfs -p anon=1234 mygroup
257 257
258 258
259 259 The preceding command adds the property anon=1234 to the nfs view
260 260 of group mygroup. If mygroup has existing shares, they will all be
261 261 reshared with the new property value(s).
262 262
263 263
264 264 unset [-nvh] -P proto [-S optionset] [-p property]* [-s sharepath ]
265 265 group
266 266
267 267 Unset the specified properties for the protocol or for the
268 268 specified optionset of the protocol.
269 269
270 270 In the general case, at least one property must be set. If -S is
271 271 specified, properties can be omitted and the specified optionset is
272 272 removed from the protocol.
273 273
274 274 The -s option allows removing a share-specific property.
275 275
276 276 An example of this subcommand:
277 277
278 278 # sharemgr unset -P nfs -p anon mygroup
279 279
280 280
281 281 The preceding command removes the anon= property from the nfs view
282 282 of group mygroup. If mygroup has existing shares, they will all be
283 283 reshared with the new property value(s).
284 284
285 285
286 286 add-share [-nth] [-r resource-name] [-d "description text"] -s
287 287 sharepath group
288 288
289 289 Add a new share to the specified group.
290 290
291 291 The -s option is mandatory and takes a full directory path.
292 292
293 293 If either or both of -d and -r are specified, they specify values
294 294 associated with the share. -d provides a description string to
295 295 document the share and -r provides a protocol-independent resource
296 296 name. Resource names are not used by NFS at this time but can be
297 297 specified. These names currently follow the same naming rules as
298 298 group names.
299 299
300 300 The temporary option (-t) results in the share being shared but not
301 301 stored in the configuration repository. This option is intended for
302 302 shares that should not survive a reboot or server restart, or for
303 303 testing purposes. Temporary shares are indicated in the show
304 304 subcommand output with an asterisk (*) preceding the share.
305 305
306 306 If sharepath is a ZFS path and that path is added to the zfs group,
307 307 sharemgr creates a new ZFS subgroup; the new share is added to that
308 308 subgroup. Any ZFS sub-filesystems under the ZFS filesystem
309 309 designated by sharepath will inherit the shared status of
310 310 sharepath.
311 311
312 312 The effect of the add-share subcommand on a ZFS dataset is
313 313 determined by the values of the sharesmb and sharenfs properties of
314 314 that dataset.
315 315
316 316 See zfs(1M) for a description of the sharesmb and sharenfs
317 317 properties.
318 318
319 319 The following are examples of the add-share subcommand.
320 320
321 321 # sharemgr add-share -s /export/home/home0 -d "home \
322 322 directory set 0" -r HOME0 mygroup
323 323
324 324 # sharemgr add-share -s /export/home/home1 -d "home \
325 325 directory set 1" -r HOME1 mygroup
326 326
327 327
328 328 The preceding commands add /export/home/home0 and
329 329 /export/home/home1 to the group mygroup. A descriptive comment and
330 330 a resource name are included.
331 331
332 332
333 333 move-share [-nvh] -s sharepath destination-group
334 334
335 335 Move the specified share from the group it is currently in to the
336 336 specified destination group. The move-share subcommand does not
337 337 create a group. A specified group must exist for the command to
338 338 succeed.
339 339
340 340 The following is an example of this subcommand.
341 341
342 342 # sharemgr move-share -s /export/home/home1 newgroup
343 343
344 344
345 345 Assuming /export/home/home1 is in the group mygroup, the preceding
346 346 command moves /export/home/home1 to the group newgroup and unshares
347 347 and then reshares the directory with the properties associated with
348 348 newgroup.
349 349
350 350
351 351 remove-share [-fnvh] -s sharepath group
352 352
353 353 Remove the specified share from the specified group. The force (-f)
354 354 option forces the share to be removed even if it is busy.
355 355
356 356 You must specify the full path for sharepath. For group, use the
357 357 subgroup as displayed in the output of the sharemgr show command.
358 358 Note that if there are subshares that were created by inheritance,
359 359 these will be removed, along with the parent shares.
360 360
361 361
362 362 set-share [-nvh] [-r resource] [-d "description text"] -s sharepath
363 363 group
364 364
365 365 Set or change the specified share's description and resource
366 366 values. One use of set-share is to rename a resource. The syntax
367 367 for this use of the subcommand is:
368 368
369 369 # sharemgr set-share -r current_name=new_name -s sharepath group
370 370
371 371
372 372
373 373
374 374 enable [-nvh] [group... | -a]
375 375
376 376 Enable the specified group(s), or (with -a) all groups, and start
377 377 sharing the contained shares. This state persists across reboots.
378 378
379 379 An enabled group will be shared whenever the corresponding SMF
380 380 service instance is enabled. sharemgr will start the SMF service
381 381 instance if it is not currently online.
382 382
383 383
384 384 disable [-nvh] [group... | -a]
385 385
386 386 Disable the specified group(s), or (with -a) all groups, and
387 387 unshare the shares that they contain. This state persists across
388 388 reboots.
389 389
390 390 A disabled group will not be shared even if the corresponding SMF
391 391 service instance is online. This feature is useful when you do not
392 392 want a group of shares to be started at boot time.
393 393
394 394
395 395 start [-vh] [-P proto] [group... | -a]
396 396
397 397 Start the specified group, or (with -a) all groups. The start
398 398 subcommand is similar to enable in that all shares are started, but
399 399 start works only on groups that are enabled. start is used by the
400 400 SMF to start sharing at system boot.
401 401
402 402 A group will not start sharing if it is in the sharemgr disabled
403 403 state. However, the corresponding SMF service instance will be
404 404 started.
405 405
406 406 Note that the start subcommand is similar to the shareall(1M)
407 407 command in that it starts up only the configured shares. That is,
408 408 the enabled shares will start being shared, but the configuration
409 409 state is left the same. The command:
410 410
411 411 # sharemgr start -a
412 412
413 413
414 414 ...is equivalent to:
415 415
416 416 # shareall
417 417
418 418
419 419
420 420
421 421 stop [-vh] [-P proto] [group... | -a]
422 422
423 423 Stop the specified group, or (with -a) all groups. The stop
424 424 subcommand is similar to disable in that all shares are no longer
425 425 shared, but it works only on groups that are enabled. stop is used
426 426 by the SMF to stop sharing at system shutdown.
427 427
428 428 Note that the stop subcommand is similar to the unshareall(1M)
429 429 command in that all active shares are unshared, but the
430 430 configuration is left the same. That is, the shares are stopped but
431 431 the service instances are left enabled. The command:
432 432
433 433 # sharemgr stop -a
434 434
435 435
436 436 ...is equivalent to:
437 437
438 438 # unshareall
439 439
440 440
441 441
442 442
443 443 share [-F fstype] [-p] [-o optionlist] [-d description] [pathname
444 444 [resourcename]]
445 445
446 446 Shares the specified path in the default share group. This
447 447 subcommand implements the share(1M) functionality. Shares that are
448 448 shared in this manner will be transient shares. Use of the -p
449 449 option causes the shares to be persistent.
|
↓ open down ↓ |
449 lines elided |
↑ open up ↑ |
450 450
451 451
452 452 unshare [-F fstype] [-p] [-o optionlist] sharepath
453 453
454 454 Unshares the specified share. This subcommand implements the
455 455 unshare(1M) functionality. By default, the unshare is temporary.
456 456 The -p option is provided to remove the share from the
457 457 configuration in a way that persists across reboots.
458 458
459 459
460 - Supported Properties
461 - Properties are protocol-specific. Currently, only the NFS and SMB
462 - protocols are supported. Properties have the following characteristics:
463 -
464 - o Values of type boolean take either true or false.
465 -
466 - o Values of type value take a numeric value.
467 -
468 - o Values of type file take a file name and not a file path.
469 -
470 - o Values of type access-list are described in detail following
471 - the descriptions of the NFS properties.
472 -
473 -
474 - The general properties supported for NFS are:
475 -
476 - abe=boolean
477 -
478 - Set the access-based enumeration (ABE) policy for a share. When
479 - set to true, ABE filtering is enabled on this share and directory
480 - entries to which the requesting user has no access will be omitted
481 - from directory listings returned to the client. When set to false
482 - or not defined, ABE filtering will not be performed on this share.
483 - This property is not defined by default.
484 -
485 - disabled
486 -
487 - Disable ABE for this share.
488 -
489 -
490 - enabled
491 -
492 - Enable ABE for this share.
493 -
494 -
495 -
496 - aclok=boolean
497 -
498 - Allows the NFS server to do access control for NFS Version 2
499 - clients (running SunOS 2.4 or earlier). When aclok is set on the
500 - server, maximum access is given to all clients. For example, with
501 - aclok set, if anyone has read permissions, then everyone does. If
502 - aclok is not set, minimum access is given to all clients.
503 -
504 -
505 - ad-container
506 -
507 - Specifies the AD container in which to publish shares.
508 -
509 - The AD container is specified as a comma-separated list of
510 - attribute name-value pairs using the LDAP distinguished name (DN)
511 - or relative distinguished name (RDN) format. The DN or RDN must be
512 - specified in LDAP format using the cn=, ou=, and dc= prefixes:
513 -
514 - o cn represents the common name
515 -
516 - o ou represents the organizational unit
517 -
518 - o dc represents the domain component
519 - cn=, ou= and dc= are attribute types. The attribute type used to
520 - describe an object's RDN is called the naming attribute, which, for
521 - ADS, includes the following object classes:
522 -
523 - o cn for the user object class
524 -
525 - o ou for the organizational unit (OU) object class
526 -
527 - o dc for the domainDns object class
528 -
529 -
530 - anon=uid
531 -
532 - Set uid to be the effective user ID of unknown users. By default,
533 - unknown users are given the effective user ID UID_NOBODY. If uid is
534 - set to -1, access is denied.
535 -
536 -
537 - catia=boolean
538 -
539 - CATIA V4 uses characters in file names that are considered to be
540 - invalid by Windows. CATIA V5 is available on Windows. A CATIA V4
541 - file could be inaccessible to Windows clients if the file name
542 - contains any of the characters that are considered illegal in
543 - Windows. By default, CATIA character substitution is not performed.
544 -
545 - If the catia property is set to true, the following character
546 - substitution is applied to file names.
547 -
548 - CATIA CATIA
549 - V4 UNIX V5 Windows
550 - " \250 0x00a8 Dieresis
551 - * \244 0x00a4 Currency Sign
552 - / \370 0x00f8 Latin Small Letter O with Stroke
553 - : \367 0x00f7 Division Sign
554 - < \253 0x00ab Left-Pointing Double Angle Quotation Mark
555 - > \273 0x00bb Right-Pointing Double Angle Quotation Mark
556 - ? \277 0x00bf Inverted Question Mark
557 - \ \377 0x00ff Latin Small Letter Y with Dieresis
558 - | \246 0x00a6 Broken Bar
559 -
560 -
561 -
562 -
563 - cksum=cksumlist
564 -
565 - Set the share to attempt to use end-to-end checksums. The value
566 - cksumlist specifies the checksum algorithms that should be used.
567 -
568 -
569 - csc=value
570 -
571 - Set the client-side caching policy for a share. Client-side caching
572 - is a client feature and offline files are managed entirely by the
573 - clients.
574 -
575 -
576 - The following are valid values for the csc property:
577 -
578 - o manual - Clients are permitted to cache files from the
579 - specified share for offline use as requested by users.
580 - However, automatic file-by-file reintegration is not
581 - permitted. manual is the default value.
582 -
583 - o auto - Clients are permitted to automatically cache
584 - files from the specified share for offline use and file-
585 - by-file reintegration is permitted.
586 -
587 - o vdo - Clients are permitted to automatically cache files
588 - from the specified share for offline use, file-by-file
589 - reintegration is permitted, and clients are permitted to
590 - work from their local cache even while offline.
591 -
592 - o disabled - Client-side caching is not permitted for this
593 - share.
594 -
595 -
596 - guestok=boolean
597 -
598 - Set the guest access policy for the share. When set to true guest
599 - access is allowed on this share. When set to false or not defined
600 - guest access is not allowed on this share. This property is not
601 - defined by default.
602 -
603 - An idmap(1M) name-based rule can be used to map guest to any local
604 - username, such as guest or nobody. If the local account has a
605 - password in /var/smb/smbpasswd the guest connection will be
606 - authenticated against that password. Any connection made using an
607 - account that maps to the local guest account will be treated as a
608 - guest connection.
609 -
610 - Example name-based rule:
611 -
612 - # idmap add winname:Guest unixuser:guest
613 -
614 -
615 -
616 -
617 - index=file
618 -
619 - Load file rather than a listing of the directory containing this
620 - file when the directory is referenced by an NFS URL.
621 -
622 -
623 - log=tag
624 -
625 - Enables NFS server logging for the specified system. The optional
626 - tag determines the location of the related log files. The tag is
627 - defined in etc/nfs/nfslog.conf. If no tag is specified, the default
628 - values associated with the global tag in etc/nfs/nfslog.conf is
629 - used. Support of NFS server logging is available only for NFS
630 - Version 2 and Version 3 requests.
631 -
632 -
633 - nosub=boolean
634 -
635 - Prevents clients from mounting subdirectories of shared
636 - directories. For example, if /export is shared with the nosub
637 - option on server wool then an NFS client cannot do:
638 -
639 - # mount -F nfs wool:/export/home/mnt
640 -
641 -
642 - NFS Version 4 does not use the MOUNT protocol. The nosub option
643 - applies only to NFS Version 2 and Version 3 requests.
644 -
645 -
646 - nosuid=boolean
647 -
648 - By default, clients are allowed to create files on a shared file
649 - system with the setuid or setgid mode enabled. Specifying nosuid
650 - causes the server file system to silently ignore any attempt to
651 - enable the setuid or setgid mode bits.
652 -
653 -
654 - public=boolean
655 -
656 - Moves the location of the public file handle from root (/) to the
657 - exported directory for WebNFS-enabled browsers and clients. This
658 - option does not enable WebNFS service; WebNFS is always on. Only
659 - one file system per server can have the public property. You can
660 - apply the public property only to a share and not to a group.
661 -
662 -
663 -
664 - NFS also supports negotiated optionsets for supported security modes.
665 - The security modes are documented in nfssec(5). The properties
666 - supported for these optionsets are:
667 -
668 - charset=access-list
669 -
670 - Where charset is one of: euc-cn, euc-jp, euc-jpms, euc-kr, euc-tw,
671 - iso8859-1, iso8859-2, iso8859-5, iso8859-6, iso8859-7, iso8859-8,
672 - iso8859-9, iso8859-13, iso8859-15, koi8-r.
673 -
674 - Clients that match the access-list for one of these properties will
675 - be assumed to be using that character set and file and path names
676 - will be converted to UTF-8 for the server.
677 -
678 -
679 - ro=access-list
680 -
681 - Sharing is read-only to the clients listed in access-list;
682 - overrides the rw suboption for the clients specified. See the
683 - description of access-list below.
684 -
685 -
686 - rw=access-list
687 -
688 - Sharing is read-write to the clients listed in access-list;
689 - overrides the ro suboption for the clients specified. See the
690 - description of access-list below.
691 -
692 -
693 - none=access-list
694 -
695 - Access is not allowed to any client that matches the access list.
696 - The exception is when the access list is an asterisk (*), in which
697 - case ro or rw can override none.
698 -
699 -
700 - root=access-list
701 -
702 - Only root users from the hosts specified in access-list have root
703 - access. See details on access-list below. By default, no host has
704 - root access, so root users are mapped to an anonymous user ID (see
705 - the anon=uid option described above). Netgroups can be used if the
706 - file system shared is using UNIX authentication (AUTH_SYS).
707 -
708 -
709 - root_mapping=uid
710 -
711 - For a client that is allowed root access, map the root UID to the
712 - specified user id.
713 -
714 -
715 - window=value
716 -
717 - When sharing with sec=dh (see nfssec(5)), set the maximum lifetime
718 - (in seconds) of the RPC request's credential (in the authentication
719 - header) that the NFS server allows. If a credential arrives with a
720 - lifetime larger than what is allowed, the NFS server rejects the
721 - request. The default value is 30000 seconds (8.3 hours). This
722 - property is ignored for security modes other than dh.
723 -
724 -
725 -
726 - The general properties supported for SMB are:
727 -
728 - ro=access-list
729 -
730 - Sharing is read-only to the clients listed in access-list;
731 - overrides the rw suboption for the clients specified. See the
732 - description of access-list below.
733 -
734 -
735 - rw=access-list
736 -
737 - Sharing is read-write to the clients listed in access-list;
738 - overrides the ro suboption for the clients specified. See the
739 - description of access-list below.
740 -
741 -
742 - none=access-list
743 -
744 - Access is not allowed to any client that matches the access list.
745 - The exception is when the access list is an asterisk (*), in which
746 - case ro or rw can override none.
747 -
748 -
749 - Access List Argument
750 - The access-list argument is either the string "*" to represent all
751 - hosts or a colon-separated list whose components can be any number of
752 - the following:
753 -
754 - hostname
755 -
756 - The name of a host. With a server configured for DNS or LDAP naming
757 - in the nsswitch.conf(4) hosts entry, a hostname must be represented
758 - as a fully qualified DNS or LDAP name.
759 -
760 -
761 - netgroup
762 -
763 - A netgroup contains a number of hostnames. With a server configured
764 - for DNS or LDAP naming in the nsswitch.conf(4) hosts entry, any
765 - hostname in a netgroup must be represented as a fully qualified DNS
766 - or LDAP name.
767 -
768 -
769 - domainname.suffix
770 -
771 - To use domain membership the server must use DNS or LDAP, rather
772 - than, for example, NIS, to resolve hostnames to IP addresses. That
773 - is, the hosts entry in the nsswitch.conf(4) must specify dns or
774 - ldap ahead of nis, because only DNS and LDAP return the full domain
775 - name of the host. Other name services, such as NIS, cannot be used
776 - to resolve hostnames on the server because, when mapping an IP
777 - address to a hostname, they do not return domain information. For
778 - example, for the IP address 172.16.45.9:
779 -
780 - NIS
781 -
782 - Returns: myhost
783 -
784 -
785 - DNS or LDAP
786 -
787 - Returns: myhost.mydomain.mycompany.com
788 -
789 - The domain name suffix is distinguished from hostnames and
790 - netgroups by a prefixed dot. For example:
791 -
792 - rw=.mydomain.mycompany.com
793 -
794 - A single dot can be used to match a hostname with no suffix. For
795 - example, the specification:
796 -
797 - rw=.
798 -
799 - ...matches mydomain but not mydomain.mycompany.com. This feature
800 - can be used to match hosts resolved through NIS rather than DNS and
801 - LDAP.
802 -
803 -
804 - network
805 -
806 - The network or subnet component is preceded by an at-sign (@). It
807 - can be either a name or a dotted address. If a name, it is
808 - converted to a dotted address by getnetbyname(3SOCKET). For
809 - example:
810 -
811 - =@mynet
812 -
813 - ...is equivalent to:
814 -
815 - =@172.16 or =@172.16.0.0
816 -
817 - The network prefix assumes an octet-aligned netmask determined from
818 - the zeroth octet in the low-order part of the address up to and
819 - including the high-order octet, if you want to specify a single IP
820 - address. In the case where network prefixes are not byte-aligned,
821 - the syntax allows a mask length to be specified explicitly
822 - following a slash (/) delimiter. For example:
823 -
824 - =@theothernet/17 or =@172.16.132/22
825 -
826 - ...where the mask is the number of leftmost contiguous significant
827 - bits in the corresponding IP address.
828 -
829 -
830 -
831 - A prefixed minus sign (-) denies access to a component of access-list.
832 - The list is searched sequentially until a match is found that either
833 - grants or denies access, or until the end of the list is reached. For
834 - example, if host terra is in the netgroup engineering, then:
835 -
836 - rw=-terra:engineering
837 -
838 -
839 -
840 - ...denies access to terra, but:
841 -
842 - rw=engineering:-terra
843 -
844 -
845 -
846 - ...grants access to terra.
847 -
848 460 EXIT STATUS
849 461 0
850 462 Successful completion.
851 463
852 464
853 465 98
854 466 Service is offline and cannot be enabled (start
855 467 only).
856 468
857 469
858 470 other non-zero
859 471 Command failed.
860 472
861 473
862 474 FILES
863 475 /usr/include/libshare.h
864 476 Error codes used for exit status.
865 477
866 478
867 479 ATTRIBUTES
868 480 See attributes(5) for descriptions of the following attributes:
869 481
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
870 482
871 483
872 484
873 485 +--------------------+-----------------+
874 486 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
875 487 +--------------------+-----------------+
876 488 |Interface Stability | Committed |
877 489 +--------------------+-----------------+
878 490
879 491 SEE ALSO
880 - idmap(1M), sharectl(1M), zfs(1M), attributes(5), nfssec(5), smf(5),
881 - standards(5)
492 + idmap(1M), sharectl(1M), zfs(1M), attributes(5), nfssec(5),
493 + shareacl(5), sharenfs(5), sharesmb(5), smf(5), standards(5)
882 494
883 495
884 496
885 - February 25, 2017 SHAREMGR(1M)
497 + September 5, 2017 SHAREMGR(1M)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX