From owner-svn-src-all@freebsd.org  Mon Feb 11 15:51:29 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20A3E14DA927;
 Mon, 11 Feb 2019 15:51:29 +0000 (UTC)
 (envelope-from cracauer@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id AA216734D0;
 Mon, 11 Feb 2019 15:51:28 +0000 (UTC)
 (envelope-from cracauer@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A02931FDB;
 Mon, 11 Feb 2019 15:51:28 +0000 (UTC)
 (envelope-from cracauer@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x1BFpS8s050758;
 Mon, 11 Feb 2019 15:51:28 GMT (envelope-from cracauer@FreeBSD.org)
Received: (from cracauer@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x1BFpS2T050748;
 Mon, 11 Feb 2019 15:51:28 GMT (envelope-from cracauer@FreeBSD.org)
Message-Id: <201902111551.x1BFpS2T050748@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cracauer set sender to
 cracauer@FreeBSD.org using -f
From: Martin Cracauer <cracauer@FreeBSD.org>
Date: Mon, 11 Feb 2019 15:51:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r344013 - head/usr.sbin/mountd
X-SVN-Group: head
X-SVN-Commit-Author: cracauer
X-SVN-Commit-Paths: head/usr.sbin/mountd
X-SVN-Commit-Revision: 344013
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: AA216734D0
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.997,0];
 NEURAL_HAM_SHORT(-0.96)[-0.964,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 15:51:29 -0000

Author: cracauer
Date: Mon Feb 11 15:51:28 2019
New Revision: 344013
URL: https://svnweb.freebsd.org/changeset/base/344013

Log:
  Clarify NFSv4 /etc/exports semantics, with working example.
  The existing wording has been confusing users for years.

Modified:
  head/usr.sbin/mountd/exports.5

Modified: head/usr.sbin/mountd/exports.5
==============================================================================
--- head/usr.sbin/mountd/exports.5	Mon Feb 11 15:38:05 2019	(r344012)
+++ head/usr.sbin/mountd/exports.5	Mon Feb 11 15:51:28 2019	(r344013)
@@ -498,6 +498,40 @@ and any client within the 131.104.48 subnet is permitt
 operations on the server, so long as valid Kerberos credentials are provided.
 The machine grumpy.cis.uoguelph.ca is permitted to perform NFSv4 state
 operations on the server using AUTH_SYS credentials, as well as Kerberos ones.
+.Pp
+In the following example some directories are exported as NFSv3 and NFSv4:
+.Bd -literal -offset indent
+V4: /wingsdl/nfsv4
+/wingsdl/nfsv4/usr-ports -maproot=root -network 172.16.0.0 -mask 255.255.0.0
+/wingsdl/nfsv4/clasper   -maproot=root clasper
+.Ed
+.Pp
+Only one V4: line is needed or allowed to declare where NFSv4 is
+rooted.  The other lines declare specific exported directories with
+their absolute paths given in /etc/exports.
+.Pp
+The exported directories' paths are used for both v3 and v4.
+However, they are interpreted differently for v3 and v4.  A client
+mount command for usr-ports would use the server-absolute name when
+using nfsv3:
+.Bd -literal -offset indent
+mount server:/wingsdl/nfsv4/usr-ports /mnt/tmp
+.Ed
+.Pp
+A mount command using NFSv4 would use the path relative to the NFSv4
+root:
+.Bd -literal -offset indent
+mount server:/usr-ports /mnt/tmp
+.Ed
+.Pp
+This also differentiates which version you want if the client can do
+both v3 and v4.  The former will only ever do a v3 mount and the
+latter will only ever do a v4 mount.
+.Pp
+Note that due to different mount behavior between NFSv3 and NFSv4 a
+NFSv4 mount request for a directory that the client does not have
+permission for will succeed and read/write access will fail
+afterwards, whereas NFSv3 rejects the mount request.
 .Sh SEE ALSO
 .Xr nfsv4 4 ,
 .Xr netgroup 5 ,