From owner-svn-src-stable-12@freebsd.org  Sun Dec  6 07:47:11 2020
Return-Path: <owner-svn-src-stable-12@freebsd.org>
Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 26394474C79;
 Sun,  6 Dec 2020 07:47:11 +0000 (UTC) (envelope-from gbe@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CpdnW0cr7z3KcH;
 Sun,  6 Dec 2020 07:47:11 +0000 (UTC) (envelope-from gbe@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0826844E4;
 Sun,  6 Dec 2020 07:47:11 +0000 (UTC) (envelope-from gbe@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0B67lA45068762;
 Sun, 6 Dec 2020 07:47:10 GMT (envelope-from gbe@FreeBSD.org)
Received: (from gbe@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0B67lAs4068761;
 Sun, 6 Dec 2020 07:47:10 GMT (envelope-from gbe@FreeBSD.org)
Message-Id: <202012060747.0B67lAs4068761@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: gbe set sender to gbe@FreeBSD.org
 using -f
From: Gordon Bergling <gbe@FreeBSD.org>
Date: Sun, 6 Dec 2020 07:47:10 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r368379 - stable/12/usr.sbin/mountd
X-SVN-Group: stable-12
X-SVN-Commit-Author: gbe
X-SVN-Commit-Paths: stable/12/usr.sbin/mountd
X-SVN-Commit-Revision: 368379
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable-12@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: SVN commit messages for only the 12-stable src tree
 <svn-src-stable-12.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-12>, 
 <mailto:svn-src-stable-12-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-12/>
List-Post: <mailto:svn-src-stable-12@freebsd.org>
List-Help: <mailto:svn-src-stable-12-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-12>, 
 <mailto:svn-src-stable-12-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Dec 2020 07:47:11 -0000

Author: gbe (doc committer)
Date: Sun Dec  6 07:47:10 2020
New Revision: 368379
URL: https://svnweb.freebsd.org/changeset/base/368379

Log:
  MFC r344013 and r344015 (by cracauer)
  
  r344013:
  Clarify NFSv4 /etc/exports semantics, with working example.
  The existing wording has been confusing users for years.
  
  r344015:
  Bump .Dd for today's edit.
  
  Thank you Enji Cooper

Modified:
  stable/12/usr.sbin/mountd/exports.5
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/usr.sbin/mountd/exports.5
==============================================================================
--- stable/12/usr.sbin/mountd/exports.5	Sun Dec  6 07:38:58 2020	(r368378)
+++ stable/12/usr.sbin/mountd/exports.5	Sun Dec  6 07:47:10 2020	(r368379)
@@ -28,7 +28,7 @@
 .\"     @(#)exports.5	8.3 (Berkeley) 3/29/95
 .\" $FreeBSD$
 .\"
-.Dd May 20, 2017
+.Dd Feb 11, 2019
 .Dt EXPORTS 5
 .Os
 .Sh NAME
@@ -498,6 +498,40 @@ and any client within the 131.104.48 subnet is permitt
 operations on the server, so long as valid Kerberos credentials are provided.
 The machine grumpy.cis.uoguelph.ca is permitted to perform NFSv4 state
 operations on the server using AUTH_SYS credentials, as well as Kerberos ones.
+.Pp
+In the following example some directories are exported as NFSv3 and NFSv4:
+.Bd -literal -offset indent
+V4: /wingsdl/nfsv4
+/wingsdl/nfsv4/usr-ports -maproot=root -network 172.16.0.0 -mask 255.255.0.0
+/wingsdl/nfsv4/clasper   -maproot=root clasper
+.Ed
+.Pp
+Only one V4: line is needed or allowed to declare where NFSv4 is
+rooted.  The other lines declare specific exported directories with
+their absolute paths given in /etc/exports.
+.Pp
+The exported directories' paths are used for both v3 and v4.
+However, they are interpreted differently for v3 and v4.  A client
+mount command for usr-ports would use the server-absolute name when
+using nfsv3:
+.Bd -literal -offset indent
+mount server:/wingsdl/nfsv4/usr-ports /mnt/tmp
+.Ed
+.Pp
+A mount command using NFSv4 would use the path relative to the NFSv4
+root:
+.Bd -literal -offset indent
+mount server:/usr-ports /mnt/tmp
+.Ed
+.Pp
+This also differentiates which version you want if the client can do
+both v3 and v4.  The former will only ever do a v3 mount and the
+latter will only ever do a v4 mount.
+.Pp
+Note that due to different mount behavior between NFSv3 and NFSv4 a
+NFSv4 mount request for a directory that the client does not have
+permission for will succeed and read/write access will fail
+afterwards, whereas NFSv3 rejects the mount request.
 .Sh SEE ALSO
 .Xr nfsv4 4 ,
 .Xr netgroup 5 ,