6324 Add an `ndp' tool for manipulating the neighbors table

[illumos-gate.git] / usr / src / man / man1m / sharemgr.1m

'\" te
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
.\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
.\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH SHAREMGR 1M "Sep 21, 2009"
.SH NAME
sharemgr \- configure and manage file sharing
.SH SYNOPSIS
.LP
.nf
\fBsharemgr\fR \fIsubcommand\fR [\fIoptions\fR]
.fi

.LP
.nf
\fBadd-share\fR [\fB-nth\fR] [\fB-r\fR \fIresource-name\fR] [\fB-d\fR "\fIdescription text\fR"]
 \fB-s\fR \fIsharepath\fR \fIgroup\fR
.fi

.LP
.nf
\fBcreate\fR [\fB-nvh\fR] [\fB-P\fR \fIproto\fR [\fB-p\fR \fIproperty\fR=\fIvalue\fR]] \fIgroup\fR
.fi

.LP
.nf
\fBdelete\fR [\fB-nvh\fR] [\fB-P\fR \fIproto\fR] [\fB-f\fR] \fIgroup\fR
.fi

.LP
.nf
\fBdisable\fR [\fB-nvh\fR] [\fB-a\fR | \fIgroup\fR...]
.fi

.LP
.nf
\fBenable\fR [\fB-nvh\fR] [\fB-a\fR | \fIgroup\fR...]
.fi

.LP
.nf
\fBlist\fR [\fB-vh\fR] [\fB-P\fR \fIproto\fR]
.fi

.LP
.nf
\fBmove-share\fR [\fB-nv\fR] \fB-s\fR \fIsharepath\fR \fIdestination-group\fR
.fi

.LP
.nf
\fBremove-share\fR [\fB-fnvh\fR] \fB-s\fR \fIsharepath\fR \fIgroup\fR
.fi

.LP
.nf
\fBset\fR [\fB-nvh\fR] \fB-P\fR \fIproto\fR [\fB-p\fR \fIproperty\fR=\fIvalue\fR]... [\fB-S\fR \fIoptionset\fR]
 [\fB-s\fR \fIsharepath\fR] \fIgroup\fR
.fi

.LP
.nf
\fBset-share\fR [\fB-nh\fR] [\fB-r\fR \fIresource\fR] [\fB-d\fR "\fIdescription text\fR"]
 \fB-s\fR \fIsharepath\fR \fIgroup\fR
.fi

.LP
.nf
\fBshow\fR [\fB-pvxh\fR] [\fB-P\fR \fIproto\fR] [\fIgroup\fR]...
.fi

.LP
.nf
\fBunset\fR [\fB-nvh\fR] \fB-P\fR \fIproto\fR [\fB-S\fR \fIoptionset\fR] [\fB-p\fR \fIproperty\fR]...
 \fIgroup\fR
.fi

.LP
.nf
\fBshare\fR [\fB-F\fR \fIfstype\fR] [\fB-p\fR] [\fB-o\fR \fIoptionlist\fR] [\fB-d\fR \fIdescription\fR]
 [\fIpathname\fR [\fIresourcename\fR]]
.fi

.LP
.nf
\fBunshare\fR [\fB-F\fR \fIfstype\fR] [\fB-p\fR] [\fB-o\fR \fIoptionlist\fR] \fIsharepath\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBsharemgr\fR command configures share groups and the shares contained
within them.
.sp
.LP
A group name must conform to service management facility (SMF) (see
\fBsmf\fR(5)) service-naming conventions, thus is limited to starting with an
alphabetic character, with the rest of the name consisting only of alphanumeric
characters plus \fB-\fR (hyphen) and \fB_\fR (underbar).
.sp
.LP
Subcommands that result in a configuration change support a dry-run option.
When dry-run (\fB-n\fR) is specified, the syntax and validity of the command is
tested but the configuration is not actually updated.
.sp
.LP
For all subcommands, the \fB-h\fR option lists usage and help information.
.sp
.LP
For subcommands with the verbose (\fB-v\fR) option, additional information will
be provided. For example, in conjunction with the \fB-n\fR option, verbose mode
will also indicate whether the current user has sufficient permissions to
accomplish the operation.
.sp
.LP
There are two groups that are created automatically. The \fBdefault\fR group
always exists and covers legacy NFS shares only. The \fBzfs\fR group will be
created when ZFS shares are enabled.
.sp
.LP
The options shown in the SYNOPSIS section are described in the context of each
subcommand. All subcommands except \fBlist\fR and \fBshow\fR require root
privileges or that you assume the Primary Administrator role.
.SS "Subcommands"
.sp
.LP
With no subcommand entered, a \fBsharemgr\fR command with the \fB-h\fR option
displays a usage message for all subcommands.
.sp
.LP
The following subcommands follow \fBsharemgr\fR on a command line. Commands
take the form:
.sp
.in +2
.nf
% \fBsharemgr \fI<subcommand>\fR [\fIoptions\fR]\fR
.fi
.in -2
.sp

.sp
.ne 2
.na
\fB\fBcreate\fR \fB[-nvh] [-P \fIproto\fR [-p \fIproperty\fR=\fIvalue\fR]]
\fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Create a new group with specified name.
.sp
If \fB-n\fR is specified, the command checks only the validity of the command
and that the group does not already exist.
.sp
If no protocol is specified, all known protocols are enabled for the specified
group. If a protocol is specified, only that protocol is enabled. You can
specify properties for a specified protocol.
.sp
If \fIgroup\fR exists, use of \fB-P\fR adds the specified protocol to that
group.
.sp
As an example of the \fBcreate\fR subcommand, the following command creates a
new group with the name \fBmygroup\fR.
.sp
.in +2
.nf
# \fBsharemgr create mygroup\fR
.fi
.in -2
.sp

Because no protocol was specified in the preceding command, all defined
protocols will be enabled on the group.
.RE

.sp
.ne 2
.na
\fB\fBdelete\fR \fB[-nvh] [-P \fIproto\fR] [-f] \fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Delete the specified group. If the group is not empty, you can use the \fB-f\fR
option to force the deletion, which unshares and removes all shares from the
group before removing the group itself.
.sp
If you specify a protocol, rather than deleting the whole group, this
subcommand deletes the protocol from the group.
.sp
The \fB-n\fR option can be used to test the syntax of the command.
.sp
As an example, the following command removes the group \fBmygroup\fR from the
configuration if it is empty.
.sp
.in +2
.nf
# \fBsharemgr delete mygroup\fR
.fi
.in -2
.sp

The following command removes any existing shares prior to removing the group.
.sp
.in +2
.nf
# \fBsharemgr delete -f mygroup\fR
.fi
.in -2
.sp

Note the use of the force (\fB-f\fR) option, above.
.RE

.sp
.ne 2
.na
\fB\fBlist\fR \fB[-vh] [-P \fIproto\fR]\fR\fR
.ad
.sp .6
.RS 4n
List the defined groups.
.sp
If a protocol is specified, list only those groups that have the specified
protocol defined.
.sp
If the verbose option is specified, the current state of the group and all
protocols enabled on the group are listed as well. For example:
.sp
.in +2
.nf
# \fBsharemgr list -v\fR
mygroup    enabled    nfs
rdonlygrp  disabled   nfs
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBshow\fR \fB[-pvxh] [-P \fIproto\fR] [\fIgroup\fR...]\fR\fR
.ad
.sp .6
.RS 4n
Shows the contents of the specified group(s).
.sp
If the verbose option is specified, the resource name and description of each
share is displayed if they are defined. Otherwise, only the share paths are
displayed. Also, when temporary shares are listed, they are prefixed with an
asterisk (\fB*\fR).
.sp
If the \fB-p\fR option is specified, all options defined for the protocols of
the group are displayed, in addition to the display without options. If the
\fB-P\fR option is used, the output is limited to those groups that have the
specified protocol enabled. If the \fB-x\fR option is specified, output is in
XML format and the \fB-p\fR and \fB-v\fR options are ignored, because all
information is included in the XML.
.sp
The following example illustrates the use of the \fB-p\fR option.
.sp
.in +2
.nf
# \fBsharemgr show -p mygroup\fR
default nfs=()
    * /data/backup
mygroup nfs=(nosuid=true)
      /export/home/home0
      /export/home/home1
.fi
.in -2
.sp

The following example illustrates the use of the \fB-v\fR option.
.sp
.in +2
.nf
# \fBsharemgr show -v mygroup\fR
mygroup
    HOME0=/export/home/home0    "Home directory set 0"
    HOME1=/export/home/home1    "Home directory set 1"
.fi
.in -2
.sp

ZFS managed shares are handled in a way similar to the way NFS shares are
handled. These shares appear as subgroups within the parent group \fBzfs\fR.
The subgroups are always prefixed with \fBzfs/\fR and use the ZFS dataset name
for the rest of the name. The mount point and any sub-mounts that inherit
sharing are shown as the shares of the subgroup. For example:
.sp
.in +2
.nf
# \fBsharemgr show -vp zfs\fR
zfs        nfs=()
    zfs/ztest
          /ztest
          /ztest/backups
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBset\fR \fB[-nvh] -P \fIproto\fR [-S \fIoptionset\fR] [-p
\fIproperty\fR=\fIvalue\fR]* [-s \fIshare path\fR] \fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Set protocol-specific properties on the specified group.
.sp
The \fB-P\fR option is required and must specify a valid protocol.
.sp
Optionsets are protocol-specific sets of properties that can be negotiated by
the protocol client. For NFS, optionsets are equivalent to security modes as
defined in \fBnfssec\fR(5). If \fB-S\fR \fIoptionset\fR is specified, the
properties are applied to the selected optionset. Otherwise they are applied to
the general optionset.
.sp
Together, \fB-P\fR and \fB-S\fR select a specific view of the group's options
on which to work.
.sp
Property values are strings. A specified property is set to a new value if the
property already exists or is added to the protocol if it does not already
exist.
.sp
In the general case, at least one property must be set. If \fB-S\fR is
specified, properties can be omitted and the specified optionset is enabled for
the protocol.
.sp
The \fB-s\fR option allows setting properties on a per-share basis. While this
is supported, it should be limited to managing legacy shares and to the
occasional need for an override of a group-level property or placing an
additional property on one share within a group.
.sp
An example of this subcommand:
.sp
.in +2
.nf
# \fBsharemgr set -P nfs -p anon=1234 mygroup\fR
.fi
.in -2
.sp

The preceding command adds the property \fBanon=1234\fR to the \fBnfs\fR view
of group \fBmygroup\fR. If \fBmygroup\fR has existing shares, they will all be
reshared with the new property value(s).
.RE

.sp
.ne 2
.na
\fB\fBunset\fR \fB[-nvh] -P proto [-S \fIoptionset\fR] [-p \fIproperty\fR]* [-s
\fIsharepath\fR ] \fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Unset the specified properties for the protocol or for the specified
\fIoptionset\fR of the protocol.
.sp
In the general case, at least one property must be set. If \fB-S\fR is
specified, properties can be omitted and the specified optionset is removed
from the protocol.
.sp
The \fB-s\fR option allows removing a share-specific property.
.sp
An example of this subcommand:
.sp
.in +2
.nf
# \fBsharemgr unset -P nfs -p anon mygroup\fR
.fi
.in -2
.sp

The preceding command removes the \fBanon=\fR property from the \fBnfs\fR view
of group \fBmygroup\fR. If \fBmygroup\fR has existing shares, they will all be
reshared with the new property value(s).
.RE

.sp
.ne 2
.na
\fB\fBadd-share\fR \fB[-nth] [-r \fIresource-name\fR] [-d "\fIdescription
text\fR"] -s \fIsharepath\fR \fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Add a new share to the specified group.
.sp
The \fB-s\fR option is mandatory and takes a full directory path.
.sp
If either or both of \fB-d\fR and \fB-r\fR are specified, they specify values
associated with the share. \fB-d\fR provides a description string to document
the share and \fB-r\fR provides a protocol-independent resource name. Resource
names are not used by NFS at this time but can be specified. These names
currently follow the same naming rules as group names.
.sp
The temporary option (\fB-t\fR) results in the share being shared but not
stored in the configuration repository. This option is intended for shares that
should not survive a reboot or server restart, or for testing purposes.
Temporary shares are indicated in the \fBshow\fR subcommand output with an
asterisk (\fB*\fR) preceding the share.
.sp
If \fIsharepath\fR is a ZFS path and that path is added to the \fBzfs\fR group,
\fBsharemgr\fR creates a new ZFS subgroup; the new share is added to that
subgroup. Any ZFS sub-filesystems under the ZFS filesystem designated by
\fIsharepath\fR will inherit the shared status of \fIsharepath\fR.
.sp
The effect of the \fBadd-share\fR subcommand on a ZFS dataset is determined by
the values of the \fBsharesmb\fR and \fBsharenfs\fR properties of that dataset.
.sp
See \fBzfs\fR(1M) for a description of the \fBsharesmb\fR and \fBsharenfs\fR
properties.
.sp
The following are examples of the \fBadd-share\fR subcommand.
.sp
.in +2
.nf
# \fBsharemgr add-share -s /export/home/home0 -d "home \e
directory set 0" -r HOME0 mygroup\fR

# \fBsharemgr add-share -s /export/home/home1 -d "home \e
directory set 1" -r HOME1 mygroup\fR
.fi
.in -2
.sp

The preceding commands add \fB/export/home/home0\fR and
\fB/export/home/home1\fR to the group \fBmygroup\fR. A descriptive comment and
a resource name are included.
.RE

.sp
.ne 2
.na
\fB\fBmove-share\fR \fB[-nvh] -s \fIsharepath\fR \fIdestination-group\fR\fR\fR
.ad
.sp .6
.RS 4n
Move the specified share from the group it is currently in to the specified
destination group. The \fBmove-share\fR subcommand does not create a group. A
specified group must exist for the command to succeed.
.sp
The following is an example of this subcommand.
.sp
.in +2
.nf
# \fBsharemgr move-share -s /export/home/home1 newgroup\fR
.fi
.in -2
.sp

Assuming \fB/export/home/home1\fR is in the group \fBmygroup\fR, the preceding
command moves \fB/export/home/home1\fR to the group \fBnewgroup\fR and unshares
and then reshares the directory with the properties associated with
\fBnewgroup\fR.
.RE

.sp
.ne 2
.na
\fB\fBremove-share\fR \fB[-fnvh] -s \fIsharepath\fR \fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Remove the specified share from the specified group. The force (\fB-f\fR)
option forces the share to be removed even if it is busy.
.sp
You must specify the full path for \fIsharepath\fR. For group, use the subgroup
as displayed in the output of the \fBsharemgr show\fR command. Note that if
there are subshares that were created by inheritance, these will be removed,
along with the parent shares.
.RE

.sp
.ne 2
.na
\fB\fBset-share\fR \fB[-nvh] [-r \fIresource\fR] [-d "\fIdescription text\fR"]
-s \fIsharepath\fR \fIgroup\fR\fR\fR
.ad
.sp .6
.RS 4n
Set or change the specified share's description and resource values. One use of
\fBset-share\fR is to rename a resource. The syntax for this use of the
subcommand is:
.sp
.in +2
.nf
# \fBsharemgr set-share -r \fIcurrent_name\fR=\fInew_name\fR -s \fIsharepath\fR \fIgroup\fR\fR
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBenable\fR \fB[-nvh] [\fIgroup\fR... | -a]\fR\fR
.ad
.sp .6
.RS 4n
Enable the specified group(s), or (with \fB-a\fR) all groups, and start sharing
the contained shares. This state persists across reboots.
.sp
An enabled group will be shared whenever the corresponding SMF service instance
is enabled. \fBsharemgr\fR will start the SMF service instance if it is not
currently online.
.RE

.sp
.ne 2
.na
\fB\fBdisable\fR \fB[-nvh] [\fIgroup\fR... | -a]\fR\fR
.ad
.sp .6
.RS 4n
Disable the specified group(s), or (with \fB-a\fR) all groups, and unshare the
shares that they contain. This state persists across reboots.
.sp
A disabled group will not be shared even if the corresponding SMF service
instance is online. This feature is useful when you do not want a group of
shares to be started at boot time.
.RE

.sp
.ne 2
.na
\fB\fBstart\fR \fB[-vh] [-P \fIproto\fR] [\fIgroup\fR... | -a]\fR\fR
.ad
.sp .6
.RS 4n
Start the specified group, or (with \fB-a\fR) all groups. The \fBstart\fR
subcommand is similar to \fBenable\fR in that all shares are started, but
\fBstart\fR works only on groups that are enabled. \fBstart\fR is used by the
SMF to start sharing at system boot.
.sp
A group will not start sharing if it is in the \fBsharemgr\fR \fBdisabled\fR
state. However, the corresponding SMF service instance will be started.
.sp
Note that the \fBstart\fR subcommand is similar to the \fBshareall\fR(1M)
command in that it starts up only the configured shares. That is, the enabled
shares will start being shared, but the configuration state is left the same.
The command:
.sp
.in +2
.nf
# \fBsharemgr start -a\fR
.fi
.in -2
.sp

\&...is equivalent to:
.sp
.in +2
.nf
# \fBshareall\fR
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBstop\fR \fB[-vh] [-P \fIproto\fR] [\fIgroup\fR... | -a]\fR\fR
.ad
.sp .6
.RS 4n
Stop the specified group, or (with \fB-a\fR) all groups. The \fBstop\fR
subcommand is similar to \fBdisable\fR in that all shares are no longer shared,
but it works only on groups that are enabled. \fBstop\fR is used by the SMF to
stop sharing at system shutdown.
.sp
Note that the \fBstop\fR subcommand is similar to the \fBunshareall\fR(1M)
command in that all active shares are unshared, but the configuration is left
the same. That is, the shares are stopped but the service instances are left
enabled. The command:
.sp
.in +2
.nf
# \fBsharemgr stop -a\fR
.fi
.in -2
.sp

\&...is equivalent to:
.sp
.in +2
.nf
# \fBunshareall\fR
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBshare\fR \fB[-F \fIfstype\fR] [-p] [-o \fIoptionlist\fR] [-d
\fIdescription\fR] [\fIpathname\fR [\fIresourcename\fR]]\fR\fR
.ad
.sp .6
.RS 4n
Shares the specified path in the \fBdefault\fR share group. This subcommand
implements the \fBshare\fR(1M) functionality. Shares that are shared in this
manner will be transient shares. Use of the \fB-p\fR option causes the shares
to be persistent.
.RE

.sp
.ne 2
.na
\fB\fBunshare\fR \fB[-F \fIfstype\fR] [-p] [-o \fIoptionlist\fR]
\fIsharepath\fR\fR\fR
.ad
.sp .6
.RS 4n
Unshares the specified share. This subcommand implements the \fBunshare\fR(1M)
functionality. By default, the \fBunshare\fR is temporary. The \fB-p\fR option
is provided to remove the share from the configuration in a way that persists
across reboots.
.RE

.SS "Supported Properties"
.sp
.LP
Properties are protocol-specific. Currently, only the NFS and SMB protocols are
supported. Properties have the following characteristics:
.RS +4
.TP
.ie t \(bu
.el o
Values of type \fIboolean\fR take either \fBtrue\fR or \fBfalse\fR.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Values of type \fIvalue\fR take a numeric value.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Values of type \fIfile\fR take a file name and not a file path.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Values of type \fIaccess-list\fR are described in detail following the
descriptions of the NFS properties.
.RE
.sp
.LP
The general properties supported for NFS are:
.sp
.ne 2
.na
\fB\fBabe=\fR\fIboolean\fR\fR
.ad
.sp .6
.RS 4n
Set the access-based enumeration (ABE) policy for a share.  When set to
\fBtrue\fR, ABE filtering is enabled on this share and directory entries to
which the requesting user has no access will be omitted from directory listings
returned to the client. When set to \fBfalse\fR or not defined, ABE filtering
will not be performed on  this share. This property is not defined by default.
.sp
.ne 2
.na
\fB\fBdisabled\fR\fR
.ad
.sp .6
.RS 4n
Disable ABE for this share.
.RE

.sp
.ne 2
.na
\fB\fBenabled\fR\fR
.ad
.sp .6
.RS 4n
Enable ABE for this share.
.RE

.RE

.sp
.ne 2
.na
\fB\fBaclok=\fIboolean\fR\fR\fR
.ad
.sp .6
.RS 4n
Allows the NFS server to do access control for NFS Version 2 clients (running
SunOS 2.4 or earlier). When \fBaclok\fR is set on the server, maximum access is
given to all clients. For example, with \fBaclok\fR set, if anyone has read
permissions, then everyone does. If \fBaclok\fR is not set, minimum access is
given to all clients.
.RE

.sp
.ne 2
.na
\fB\fBad-container\fR\fR
.ad
.sp .6
.RS 4n
Specifies the AD container in which to publish shares.
.sp
The AD container is specified as a comma-separated list of attribute name-value
pairs using the LDAP distinguished name (DN) or relative distinguished name
(RDN) format. The DN or RDN must be specified in LDAP format using the
\fBcn=\fR, \fBou=\fR, and \fBdc=\fR prefixes:
.RS +4
.TP
.ie t \(bu
.el o
\fBcn\fR represents the common name
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBou\fR represents the organizational unit
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBdc\fR represents the domain component
.RE
\fBcn=\fR, \fBou=\fR and \fBdc=\fR are attribute types. The attribute type used
to describe an object's RDN is called the naming attribute, which, for ADS,
includes the following object classes:
.RS +4
.TP
.ie t \(bu
.el o
\fBcn\fR for the \fBuser\fR object class
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBou\fR for the organizational unit (\fBOU\fR) object class
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBdc\fR for the \fBdomainDns\fR object class
.RE
.RE

.sp
.ne 2
.na
\fB\fBanon=\fIuid\fR\fR\fR
.ad
.sp .6
.RS 4n
Set \fIuid\fR to be the effective user ID of unknown users. By default, unknown
users are given the effective user ID \fBUID_NOBODY\fR. If uid is set to
\fB-1\fR, access is denied.
.RE

.sp
.ne 2
.na
\fB\fBcatia=\fIboolean\fR\fR\fR
.ad
.sp .6
.RS 4n
CATIA V4 uses characters in file names that are considered to be invalid by
Windows. CATIA V5 is available on Windows. A CATIA V4 file could be
inaccessible to Windows clients if the file name contains any of the characters
that are considered illegal in Windows. By default, CATIA character
substitution is not performed.
.sp
If the \fBcatia\fR property is set to true, the following character
substitution is applied to file names.
.sp
.in +2
.nf
CATIA    CATIA
V4 UNIX  V5 Windows
  "      \e250   0x00a8  Dieresis
  *      \e244   0x00a4  Currency Sign
  /      \e370   0x00f8  Latin Small Letter O with Stroke
  :      \e367   0x00f7  Division Sign
  <      \e253   0x00ab  Left-Pointing Double Angle Quotation Mark
  >      \e273   0x00bb  Right-Pointing Double Angle Quotation Mark
  ?      \e277   0x00bf  Inverted Question Mark
  \e      \e377   0x00ff  Latin Small Letter Y with Dieresis
  |      \e246   0x00a6  Broken Bar
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBcksum=\fIcksumlist\fR\fR\fR
.ad
.sp .6
.RS 4n
Set the share to attempt to use end-to-end checksums. The value \fIcksumlist\fR
specifies the checksum algorithms that should be used.
.RE

.sp
.ne 2
.na
\fB\fBcsc=\fR\fIvalue\fR\fR
.ad
.sp .6
.RS 4n
Set the client-side caching policy for a share. Client-side caching is a client
feature and offline files are managed entirely by the clients.
.sp
.LP
The following are valid values for the \fBcsc\fR property:
.RS +4
.TP
.ie t \(bu
.el o
\fBmanual\fR \fB-\fR Clients are permitted to cache files from the specified
share for offline use as requested by users. However, automatic file-by-file
reintegration is not permitted. \fBmanual\fR is the default value.
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBauto\fR \fB-\fR Clients are permitted to automatically cache files from the
specified share for offline use and file-by-file reintegration is permitted.
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBvdo\fR \fB-\fR Clients are permitted to automatically cache files from the
specified share for offline use, file-by-file reintegration is permitted, and
clients are permitted to work from their local cache even while offline.
.RE
.RS +4
.TP
.ie t \(bu
.el o
\fBdisabled\fR \fB-\fR Client-side caching is not permitted for this share.
.RE
.RE

.sp
.ne 2
.na
\fB\fBguestok=\fR\fIboolean\fR\fR
.ad
.sp .6
.RS 4n
Set the guest access policy for the share. When set to \fBtrue\fR guest access
is allowed on this share. When set to \fBfalse\fR or not defined guest access
is not allowed on this share. This property is not defined by default.
.sp
An \fBidmap\fR(1M) name-based rule can be used to map \fBguest\fR to any local
username, such as \fBguest\fR or \fBnobody\fR. If the local account has a
password in \fB/var/smb/smbpasswd\fR the guest connection will be authenticated
against that password. Any connection made using an account that maps to the
local guest account will be treated as a guest connection.
.sp
Example name-based rule:
.sp
.in +2
.nf
# \fBidmap add winname:Guest unixuser:guest\fR
.fi
.in -2
.sp

.RE

.sp
.ne 2
.na
\fB\fBindex=\fIfile\fR\fR\fR
.ad
.sp .6
.RS 4n
Load \fIfile\fR rather than a listing of the directory containing this file
when the directory is referenced by an NFS URL.
.RE

.sp
.ne 2
.na
\fB\fBlog=\fItag\fR\fR\fR
.ad
.sp .6
.RS 4n
Enables NFS server logging for the specified system. The optional tag
determines the location of the related log files. The tag is defined in
\fBetc/nfs/nfslog.conf\fR. If no tag is specified, the default values
associated with the global tag in \fBetc/nfs/nfslog.conf\fR is used. Support of
NFS server logging is available only for NFS Version 2 and Version 3 requests.
.RE

.sp
.ne 2
.na
\fB\fBnosub=\fIboolean\fR\fR\fR
.ad
.sp .6
.RS 4n
Prevents clients from mounting subdirectories of shared directories. For
example, if \fB/export\fR is shared with the \fBnosub\fR option on server
\fBwool\fR then an NFS client cannot do:
.sp
.in +2
.nf
# \fBmount -F nfs wool:/export/home/mnt\fR
.fi
.in -2
.sp

NFS Version 4 does not use the MOUNT protocol. The \fBnosub\fR option applies
only to NFS Version 2 and Version 3 requests.
.RE

.sp
.ne 2
.na
\fB\fBnosuid=\fIboolean\fR\fR\fR
.ad
.sp .6
.RS 4n
By default, clients are allowed to create files on a shared file system with
the \fBsetuid\fR or \fBsetgid\fR mode enabled. Specifying \fBnosuid\fR causes
the server file system to silently ignore any attempt to enable the
\fBsetuid\fR or \fBsetgid\fR mode bits.
.RE

.sp
.ne 2
.na
\fB\fBpublic=\fIboolean\fR\fR\fR
.ad
.sp .6
.RS 4n
Moves the location of the public file handle from root (\fB/\fR) to the
exported directory for WebNFS-enabled browsers and clients. This option does
not enable WebNFS service; WebNFS is always on. Only one file system per server
can have the \fBpublic\fR property. You can apply the \fBpublic\fR property
only to a share and not to a group.
.RE

.sp
.LP
NFS also supports negotiated optionsets for supported security modes. The
security modes are documented in \fBnfssec\fR(5). The properties supported for
these optionsets are:
.sp
.ne 2
.na
\fB\fIcharset\fR=\fIaccess-list\fR\fR
.ad
.sp .6
.RS 4n
Where \fIcharset\fR is one of: \fBeuc-cn\fR, \fBeuc-jp\fR, \fBeuc-jpms\fR,
\fBeuc-kr\fR, \fBeuc-tw\fR, \fBiso8859-1\fR, \fBiso8859-2\fR, \fBiso8859-5\fR,
\fBiso8859-6\fR, \fBiso8859-7\fR, \fBiso8859-8\fR, \fBiso8859-9\fR,
\fBiso8859-13\fR, \fBiso8859-15\fR, \fBkoi8-r\fR.
.sp
Clients that match the \fIaccess-list\fR for one of these properties will be
assumed to be using that character set and file and path names will be
converted to UTF-8 for the server.
.RE

.sp
.ne 2
.na
\fB\fBro=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Sharing is read-only to the clients listed in \fIaccess-list\fR; overrides the
\fBrw\fR suboption for the clients specified. See the description of
\fIaccess-list\fR below.
.RE

.sp
.ne 2
.na
\fB\fBrw=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Sharing is read-write to the clients listed in \fIaccess-list\fR; overrides the
\fBro\fR suboption for the clients specified. See the description of
\fIaccess-list\fR below.
.RE

.sp
.ne 2
.na
\fB\fBnone=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Access is not allowed to any client that matches the access list. The exception
is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or
\fBrw\fR can override \fBnone\fR.
.RE

.sp
.ne 2
.na
\fB\fBroot=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Only root users from the hosts specified in \fIaccess-list\fR have root access.
See details on \fIaccess-list\fR below. By default, no host has root access, so
root users are mapped to an anonymous user ID (see the \fBanon=uid\fR option
described above). Netgroups can be used if the file system shared is using UNIX
authentication (\fBAUTH_SYS\fR).
.RE

.sp
.ne 2
.na
\fB\fBroot_mapping=\fIuid\fR\fR\fR
.ad
.sp .6
.RS 4n
For a client that is allowed root access, map the root UID to the specified
user id.
.RE

.sp
.ne 2
.na
\fB\fBwindow=\fIvalue\fR\fR\fR
.ad
.sp .6
.RS 4n
When sharing with \fBsec=dh\fR (see \fBnfssec\fR(5)), set the maximum lifetime
(in seconds) of the RPC request's credential (in the authentication header)
that the NFS server allows. If a credential arrives with a lifetime larger than
what is allowed, the NFS server rejects the request. The default value is 30000
seconds (8.3 hours). This property is ignored for security modes other than
\fBdh\fR.
.RE

.sp
.LP
The general properties supported for SMB are:
.sp
.ne 2
.na
\fB\fBro=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Sharing is read-only to the clients listed in \fIaccess-list\fR; overrides the
\fBrw\fR suboption for the clients specified. See the description of
\fIaccess-list\fR below.
.RE

.sp
.ne 2
.na
\fB\fBrw=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Sharing is read-write to the clients listed in \fIaccess-list\fR; overrides the
\fBro\fR suboption for the clients specified. See the description of
\fIaccess-list\fR below.
.RE

.sp
.ne 2
.na
\fB\fBnone=\fIaccess-list\fR\fR\fR
.ad
.sp .6
.RS 4n
Access is not allowed to any client that matches the access list. The exception
is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or
\fBrw\fR can override \fBnone\fR.
.RE

.SS "Access List Argument"
.sp
.LP
The \fIaccess-list\fR argument is either the string \fB"*"\fR to represent all
hosts or a colon-separated list whose components can be any number of the
following:
.sp
.ne 2
.na
\fB\fIhostname\fR\fR
.ad
.sp .6
.RS 4n
The name of a host. With a server configured for DNS or LDAP naming in the
\fBnsswitch.conf\fR(4) \fBhosts\fR entry, a hostname must be represented as a
fully qualified DNS or LDAP name.
.RE

.sp
.ne 2
.na
\fB\fInetgroup\fR\fR
.ad
.sp .6
.RS 4n
A \fInetgroup\fR contains a number of hostnames. With a server configured for
DNS or LDAP naming in the \fBnsswitch.conf\fR(4) \fBhosts\fR entry, any
hostname in a netgroup must be represented as a fully qualified DNS or LDAP
name.
.RE

.sp
.ne 2
.na
\fB\fIdomainname\fR.\fIsuffix\fR\fR
.ad
.sp .6
.RS 4n
To use domain membership the server must use DNS or LDAP, rather than, for
example, NIS or NIS+, to resolve hostnames to IP addresses. That is, the
\fBhosts\fR entry in the \fBnsswitch.conf\fR(4) must specify \fBdns\fR or
\fBldap\fR ahead of \fBnis\fR or \fBnisplus\fR, because only DNS and LDAP
return the full domain name of the host. Other name services, such as NIS or
NIS+, cannot be used to resolve hostnames on the server because, when mapping
an IP address to a hostname, they do not return domain information. For
example, for the IP address 172.16.45.9:
.sp
.ne 2
.na
\fBNIS or NIS+\fR
.ad
.sp .6
.RS 4n
Returns: \fBmyhost\fR
.RE

.sp
.ne 2
.na
\fBDNS or LDAP\fR
.ad
.sp .6
.RS 4n
Returns: \fBmyhost.mydomain.mycompany.com\fR
.RE

The domain name suffix is distinguished from hostnames and netgroups by a
prefixed dot. For example:
.sp
.in +2
.nf
rw=.mydomain.mycompany.com
.fi
.in -2

A single dot can be used to match a hostname with no suffix. For example, the
specification:
.sp
.in +2
.nf
rw=.
.fi
.in -2

\&...matches \fBmydomain\fR but not \fBmydomain.mycompany.com\fR. This feature
can be used to match hosts resolved through NIS and NIS+ rather than DNS and
LDAP.
.RE

.sp
.ne 2
.na
\fB\fInetwork\fR\fR
.ad
.sp .6
.RS 4n
The network or subnet component is preceded by an at-sign (\fB@\fR). It can be
either a name or a dotted address. If a name, it is converted to a dotted
address by \fBgetnetbyname\fR(3SOCKET). For example:
.sp
.in +2
.nf
=@mynet
.fi
.in -2

\&...is equivalent to:
.sp
.in +2
.nf
=@172.16 or =@172.16.0.0
.fi
.in -2

The network prefix assumes an octet-aligned netmask determined from the zeroth
octet in the low-order part of the address up to and including the high-order
octet, if you want to specify a single IP address. In the case where network
prefixes are not byte-aligned, the syntax allows a mask length to be specified
explicitly following a slash (\fB/\fR) delimiter. For example:
.sp
.in +2
.nf
=@theothernet/17 or =@172.16.132/22
.fi
.in -2

\&...where the mask is the number of leftmost contiguous significant bits in
the corresponding IP address.
.RE

.sp
.LP
A prefixed minus sign (\fB-\fR) denies access to a component of
\fIaccess-list\fR. The list is searched sequentially until a match is found
that either grants or denies access, or until the end of the list is reached.
For example, if host \fBterra\fR is in the netgroup \fBengineering\fR, then:
.sp
.in +2
.nf
rw=-terra:engineering
.fi
.in -2

.sp
.LP
\&...denies access to \fBterra\fR, but:
.sp
.in +2
.nf
rw=engineering:-terra
.fi
.in -2

.sp
.LP
\&...grants access to \fBterra\fR.
.SH EXIT STATUS
.sp
.ne 2
.na
\fB\fB0\fR\fR
.ad
.RS 18n
Successful completion.
.RE

.sp
.ne 2
.na
\fB\fB98\fR\fR
.ad
.RS 18n
Service is offline and cannot be enabled (start only).
.RE

.sp
.ne 2
.na
\fB\fIother non-zero\fR\fR
.ad
.RS 18n
Command failed.
.RE

.SH FILES
.sp
.ne 2
.na
\fB\fB/usr/include/libshare.h\fR\fR
.ad
.RS 27n
Error codes used for exit status.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE  ATTRIBUTE VALUE
_
Interface Stability     Committed
.TE

.SH SEE ALSO
.sp
.LP
\fBidmap\fR(1M), \fBsharectl\fR(1M), \fBzfs\fR(1M), \fBattributes\fR(5),
\fBnfssec\fR(5), \fBsmf\fR(5), \fBstandards\fR(5)