Provided by: moosefs-master_3.0.116-1ubuntu2_amd64 bug

NAME
       mfsexports.cfg - MooseFS access control for mfsmounts


DESCRIPTION
       The file mfsexports.cfg contains MooseFS access list for mfsmount clients.


SYNTAX
       Syntax is:

       ADDRESS DIRECTORY [OPTIONS]

       Lines starting with # character are ignored as comments.

       ADDRESS can be specified in several forms:

       *                   all addresses
       n.n.n.n             single IP address
       n.n.n.n/b           IP class specified by network address and number of significant bits
       n.n.n.n/m.m.m.m     IP class specified by network address and mask
       f.f.f.f-t.t.t.t     IP range specified by from-to addresses (inclusive)

       DIRECTORY can be / or path relative to MooseFS root; special value . means MFSMETA companion filesystem.

       OPTIONS list:

       ro, readonly
              export tree in read-only mode; this is default

       rw, readwrite
              export tree in read-write mode

       alldirs
              allows to mount any subdirectory of specified directory (similarly to NFS)

       dynamicip
              allows  reconnecting  of already authenticated client from any IP address (the default is to check
              IP address on reconnect)

       ignoregid
              disable testing of group access at mfsmaster level (it's still done at mfsmount level) -  in  this
              case  "group" and "other" permissions are logically added; needed for supplementary groups to work
              (mfsmaster receives only user primary group information)

       admin  administrative privileges -  currently:  allow  changing  of  quota  values  and  storage  classes
              management

       maproot=USER[:GROUP]
              maps  root  (uid=0)  accesses to given user and group (similarly to maproot option in NFS mounts);
              USER and GROUP can be given either as name or number; if no group  is  specified,  USER's  primary
              group is used. Names are resolved on mfsmaster side (see note below).

       mapall=USER[:GROUP]
              like  above but maps all non privileged users (uid!=0) accesses to given user and group (see notes
              below).

       password=PASS, md5pass=MD5
              requires password authentication in order to access specified resource

       minversion=VER
              rejects access from clients older than specified

       mingoal=N, maxgoal=N
              specify range in which goal can be set by users

       mintrashtime=TDUR, maxtrashtime=TDUR
              specify range in which trashtime can be set by users

       disable=OPERATION[:OPERATION[:...]]
              do not allow the client to perform certain operations

       Default options are: ro, maproot=999:999, mingoal=1, maxgoal=9, mintrashtime=0, maxtrashtime=4294967295.


NOTES
       USER and GROUP names (if not specified by explicit uid/gid number) are resolved on mfsmaster host.

       TDUR can be specified as number without time unit (number of seconds) or combination of numbers with time
       units.  Time  units  are:  W,D,H,M,S.  Order  is important - less significant time units can't be defined
       before more significant time units.  Time units are case insensitive.

       Option mapall works  in  MooseFS  in  different  way  than  in  NFS,  because  MooseFS  is  using  FUSE's
       "default_permissions"  option. When mapall option is used, users see all objects with uid equal to mapped
       uid as their own and all other as root's objects. Similarly objects with gid equal to mapped gid are seen
       as  objects  with  current  user's  primary  group and all other objects as objects with group 0 (usually
       wheel). With mapall option set attribute cache in kernel is always turned off.

       Option disable can take many parameters (operations to disable) in two  ways:  as  a  list  separated  by
       colons (:) or by repeating the option many times.  List of operations that can be disabled:
       chown        - don't allow the client to perform the chown operation
       chmod        - don't allow the client to perform the chmod operation
       symlink      - don't allow the client to create symbolic links
       mkfifo       - don't allow the client to create FIFOs
       mkdev        - don't allow the client to create devices
       mksock       - don't allow the client to create sockets
       mkdir        - don't allow the client to create directories
       unlink       - don't allow the client to remove non directory objects (will also deny move/rename operation if target inode already exists!)
       rmdir        - don't allow the client to remove directories (will also deny move/rename operation if target inode already exists!)
       rename       - don't allow the client to change inodes (files, directories) names
       move         - don't allow the client to move inodes (files, directories) to another path
       link         - don't allow the client to create hard links
       create       - don't allow the client to create new files
       readdir      - don't allow the client to list directories ('ls' command will not work)
       read         - don't allow the client to read from files
       write        - don't allow the client to write to files
       truncate     - don't allow the client to shorten the length of a file with truncate command
       setlength    - don't allow the client to increase the length of a file with truncate command
       appendchunks - don't allow the client to add chunks from one file to another (mfsappendchunks)
       snapshot     - don't allow the client to create snapshots
       settrash     - don't allow the client to change trash retention time
       setsclass    - don't allow the client to set storage classes
       seteattr     - don't allow the client to set mfs extra attributes
       setxattr     - don't allow the client to set XATTRs
       setfacl      - don't allow the client to set ACLs


EXAMPLES
       *                    /       ro
       192.168.1.0/24       /       rw
       192.168.1.0/24       /       rw,alldirs,maproot=0,password=passcode
       10.0.0.0-10.0.0.5    /test   rw,maproot=nobody,password=test
       10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000
       10.2.0.0/16          /       rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w
       192.168.1.0/24       /       rw,disable=unlink:rmdir:truncate
       192.168.1.0/24       /       rw,disable=unlink,disable=rmdir,disable=truncate


REPORTING BUGS
       Report bugs to <bugs@moosefs.com>.


COPYRIGHT
       Copyright (C) 2021 Jakub Kruszona-Zawadzki, Core Technology Sp. z o.o.

       This file is part of MooseFS.

       MooseFS  is  free  software;  you can redistribute it and/or modify it under the terms of the GNU General
       Public License as published by the Free Software Foundation, version 2 (only).

       MooseFS is distributed in the hope that it will be useful, but WITHOUT ANY  WARRANTY;  without  even  the
       implied  warranty  of  MERCHANTABILITY  or  FITNESS  FOR A PARTICULAR PURPOSE. See the GNU General Public
       License for more details.

       You should have received a copy of the GNU General Public License along with MooseFS; if  not,  write  to
       the  Free  Software  Foundation,  Inc.,  51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA or visit
       http://www.gnu.org/licenses/gpl-2.0.html


SEE ALSO
       mfsmaster(8), mfsmaster.cfg(5)