mfsexports.cfg - MooseFS access control for mfsmount
The file mfsexports.cfg
contains MooseFS access list for mfsmount
- ADDRESS DIRECTORY [OPTIONS]
Lines starting with #
character are ignored as comments.
can be specified in several forms:
* all addresses
n.n.n.n single IP address
n.n.n.n/b IP class specified by network address and number of significant bits
n.n.n.n/m.m.m.m IP class specified by network address and mask
f.f.f.f-t.t.t.t IP range specified by from-to addresses (inclusive)
can be /
or path relative to MooseFS root; special value
means MFSMETA companion filesystem.
- ro, readonly
- export tree in read-only mode; this is default
- rw, readwrite
- export tree in read-write mode
- allows to mount any subdirectory of specified directory (similarly to
- allows reconnecting of already authenticated client from any IP address
(the default is to check IP address on reconnect)
- disable testing of group access at mfsmaster level (it's still done
at mfsmount level) - in this case "group" and
"other" permissions are logically added; needed for
supplementary groups to work ( mfsmaster receives only user primary
- administrative privileges - currently: allow changing of quota values and
storage classes management
- maps root (uid=0) accesses to given user and group (similarly to maproot
option in NFS mounts); USER and GROUP can be given either as
name or number; if no group is specified, USER's primary group is
used. Names are resolved on mfsmaster side (see note below).
- like above but maps all non privileged users (uid!=0) accesses to given
user and group (see notes below).
- password=PASS, md5pass=MD5
- requires password authentication in order to access specified
- rejects access from clients older than specified
- mingoal=N, maxgoal=N
- specify range in which goal can be set by users
- mintrashtime=TDUR, maxtrashtime=TDUR
- specify range in which trashtime can be set by users
Default options are: ro, maproot=999:999, mingoal=1, maxgoal=9,
names (if not specified by explicit uid/gid number)
are resolved on mfsmaster
TDUR can be specified as number without time unit (number of seconds) or
combination of numbers with time units. Time units are:
. Order is important - less
significant time units can't be defined before more significant time units.
Time units are case insensitive.
works in MooseFS in different way than in NFS, because
MooseFS is using FUSE's "default_permissions" option. When
option is used, users see all objects with uid equal to mapped
uid as their own and all other as root's objects. Similarly objects with gid
equal to mapped gid are seen as objects with current user's primary group and
all other objects as objects with group 0 (usually wheel). With mapall
option set attribute cache in kernel is always turned off.
* / ro
192.168.1.0/24 / rw
192.168.1.0/24 / rw,alldirs,maproot=0,password=passcode
10.0.0.0-10.0.0.5 /test rw,maproot=nobody,password=test
10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000
10.2.0.0/16 / rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w
Report bugs to <email@example.com>.
Copyright (C) 2018 Jakub Kruszona-Zawadzki, Core Technology Sp. z o.o.
This file is part of MooseFS.
MooseFS is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, version 2 (only).
MooseFS is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
MooseFS; if not, write to the Free Software Foundation, Inc., 51 Franklin St,
Fifth Floor, Boston, MA 02111-1301, USA or visit