chnfsexp Command

Purpose

Changes the options used to export a directory to NFS clients.

Syntax

/usr/sbin/chnfsexp -d Directory [ -V ExportedVersion] [ -f Exports_file ] [ -e ExternalName ] [ -t { rw | ro | remove } {rm -h HostName [ ,HostName ... ] } ] [ -a UID ] [ -r HostName [ , HostName ... ] ] [ -c HostName , HostName ... ] ] [ -D {yes | no} ] [ -s | -n ] [-S flavor ] [ -G rootpath@host[+host][:rootpath@host[+host]] ] [ -g rootpath@host[+host][:rootpath@host[+host]] ] [-o Ordering] [ -x ] [ -X ] [ -I | -B | -N ] [ -P | -p ] [ -v number [ , number ... ] ]

Description

The chnfsexp command takes as a parameter a directory that is currently exported to NFS clients and changes the options used to export that directory. The options specified on the command line will replace those currently being used.

Flags

Item Description
-a UID Uses the UID parameter as the effective user ID only if a request comes from an unknown user. The default value of this option is -2.
Note: Root users (uid 0) are always considered "unknown" by the NFS server, unless they are included in the root option. Setting the value of UID to -1 disables anonymous access. The UID parameter can be either uid or username.
-B Updates the entry in the /etc/exports file and the exportfs command is executed to again export the directory immediately.
-c HostName [ , HostName ] ... Gives mount access to each of the clients listed. A client can either be a host or a netgroup. The default is to allow all hosts access.
-d Directory Specifies the exported directory that is to be changed.
-D {yes | no} Enables or disables file delegation for the specified export. This option overrides the system-wide delegation enablement for this export. The system-wide enablement is done through nfso.
-e ExternalName Exports the directory specified by the ExternalName parameter. The external name must begin with the nfsroot name. This option is useful if you have run the chnfs -r command to change root to something other than /. See the description of the /etc/exports file for a description of the nfsroot name. This option applies only to directories exported for access by the NFS version 4 protocol.
-f Exports_file Specifies the full path name of the exports file to use if other than the /etc/exports file.
-G rootpath@host[+host][:rootpath@host[+host]] A namespace referral will be created at the specified path. The referral directs clients to the specified alternate locations where they can continue operations. A referral is a special object. If a nonreferral object exists at the specified path, the export is disallowed and an error message is printed. If nothing exists at the specified path, a referral object is created there that includes the path name directories leading to the object. A referral cannot be specified for the nfsroot. The name localhost cannot be used as a hostname. The -G option is allowed only for version 4 exports. If the export specification allows version 2 or version 3 access, an error message will be printed and the export will be disallowed. The administrator should ensure that appropriate data exists at the referral locations.
Note: A referral or replica export can only be made if replication is enabled on the server. Use chnfs -R on to enable replication.
-g rootpath@host[+host][:rootpath@host[+host]] The specified directory will be marked with replica information. If the server becomes unreachable by an NFS client, the client can switch to one of the specified servers. This option is only accessible using NFS version 4 protocol, and version 4 access must be specified in the options. Because the directory is being exported for client access, specifying NFS version 2 or version 3 access will not cause an error, but the request will simply be ignored by the version 2 or version 3 server. This option cannot be specified with the -G flag. Only the host part of each specification is verified. The administrator must ensure that the specified rootpaths are valid and that the target servers contain appropriate data. If the directory being exported is not in the replica list, that directory will be added as the first replica location. The administrator should ensure that appropriate data exists at the replica locations. The -g option is available only on AIX® 5.3 with 5300-03 or later.
Note: A referral or replica export can only be made if replication is enabled on the server. Use chnfs -R on to enable replication.
-h Hostname [ , HostName ] ... Specifies which hosts have read-write access to the directory. This option is valid only when the directory is exported read-mostly.
-I Adds an entry in the /etc/exports file so that the next time the exportfs command is run, usually during system restart, the directory will be exported.
-N Does not modify the entry in the /etc/exports file but the exportfs command is run with the correct parameters so that the export is changed.
-n Does not require client to use the more secure protocol. This flag is the default.
-o Ordering Defines how the alternate locations list is generated from the servers that are specified on the refer or replicas option of the exportfs command. The option applies only to directories exported for access by NFS version 4 protocol. The Ordering parameter has the following values:
full
All of the servers are scattered to form the combinations of alternate locations.
partial
The first location of all combinations is fixed to the first server that is specified on the refer or replicas option of the exportfs command. The remaining locations besides the first location are scattered as if they are scattered using the scatter=full method.
none
No scatter is to be used. The value can also be used to disable scattering if you previously enabled it.
-P Specifies that the exported directory is to be a public directory.
-p Specifies that the exported directory is not a public directory.
-r HostName [ , HostName ] ... Gives root users on specified hosts access to the directory. The default is for no hosts to be granted root access.
-s Requires clients to use a more secure protocol when accessing the directory.
-S flavor May be used in conjunction with the -c, -t, or -r options to specify which occurrence of the option to change. Most exportfs options can be clustered using the sec option. Any number of sec stanzas may be specified, but each security method can be specified only once. If the entry in /etc/exports specified by the -d option contains a clause of the specified flavor, then that clause is updated to reflect the new parameters. Otherwise, a new sec= clause with the specified parameters will be appended to the current options list.
Allowable flavor values are:
sys
UNIX authentication.
dh
DES authentication.
none
Use the anonymous ID if it has a value other than -1. Otherwise, a weak auth error is returned.
krb5
Kerberos. Authentication only.
krb5i
Kerberos. Authentication and integrity.
krb5p
Authentication, integrity, and privacy.
-t Type Specifies one of the following types of mount access allowed to clients:
rw
Exports the directory with read-write permission. This is the default.
ro
Exports the directory with read-only permission.
remove
You must specify the -t remove option with the -S flavor option. Both the security flavor and the type of mount access (rw, ro, or rm) from the existing NFS export for the specified security flavor are removed.
rm
Exports the directory with read-mostly permission. If this type is chosen, the -h flag must be used to specify hosts that have read-write permission.
-v number [ , number ... ] The directory specified by the -d option is made available to clients using the specified NFS versions. Valid values are 2, 3, or 4.
-V ExportedVersion Specifies the version of the exported directory that is to be changed. Valid version numbers are 2, 3 and 4.
-x Accepts the replica location information specified with the -g option as-is. Does not insert the server's primary hostname into the list if it is not present. This flag is intended for use with servers with multiple network interfaces. If none of the server's hostnames are in the replica list, NFSv4 clients might treat the location information as faulty and discard it.
-X Enables the primary host name to be automatically inserted into the replica list. If you do not specify the primary host name of the server in the replica list, the host name is added as the first replica location.

Examples

  1. To change the list of hosts that have access to an exported directory and to make this change occur immediately and upon each subsequent system restart, enter: 
    chnfsexp     -d     /usr     -t     rw     -c     host1,host3,host29,grp3,grp2     -B
    In this example, the chnfsexp command changes the attributes of the /usr directory to give read and write permission to the host1, host3, and host29 hosts, and the grp3 and grp2 netgroups.
  2. To change the list of hosts that have access to an exported directory, to specify the path name of the exports file, and to make this change occur immediately and upon each subsequent system restart, enter: 
    chnfsexp     -d     /usr     -t     rw     -c     host1,host3,host29,grp3,grp2
             -f     /etc/exports.other     -B
    In this example, the chnfsexp command changes the attributes of the /usr directory to give read and write permission to the host1, host3, and host29 hosts: the grp3 and grp2 netgroups; and specifies the path name of the exports file as /etc/exports.other.
  3. To change the version accessibility of the /common/documents directory to allow access only to clients using NFS version 4 protocol, enter: 
    chnfsexp -d /common/documents -v 4
  4. To change the root access of the /common/documents directory to client1 and client2 for clients using krb5 access, enter: 
    chnfsexp -d /common/documents -S krb5 -r client1,client2
  5. To change the options for the /common/documents directory that is exported only as version 3, enter the following command: 
    chnfsexp -d /common/documents -V 3 -S krb5
  6. To do a full scatter for the alternate locations specified in refer or replicas option for the /common/documents directory, enter the following command: 
    chnfsexp -d /common/documents -o full
  7. To add a list of alternate replica locations and do a partial scatter for the /common/doc directory, enter the following command: 
    chnfsexp -d /common/doc -g /common/doc@s1:/common/doc@s2:/common/doc@s3 -o partial

Files

Item Description
/etc/exports Lists directories the server can export.

Security

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.