Scroll to navigation

SFSEXPORTS.CFG(5)   SFSEXPORTS.CFG(5)

NAME

sfsexports.cfg - SaunaFS access control for sfsmounts

DESCRIPTION

The file sfsexports.cfg contains SaunaFS access list for sfsmount clients.

SYNTAX

Syntax is:

ADDRESS DIRECTORY [OPTIONS]

Lines starting with # character are ignored.

ADDRESS can be specified in several forms:

* all addresses

n.n.n.n single IP address

n.n.n.n/b IP class specified by network address and bits number

n.n.n.n/m.m.m.m IP class specified by network address and mask

f.f.f.f-t.t.t.t IP range specified by from-to addresses (inclusive)

DIRECTORY could be / or path relative to SaunaFS root; special value . means SFSMETA companion filesystem.

OPTIONS

ro, readonly

export tree in read-only mode (default)

rw, readwrite

export tree in read-write mode

ignoregid

disable testing of group access at sfsmaster level (it’s still done at sfsmount level) - in this case "group" and "other" permissions are logically added; needed for supplementary groups to work (sfsmaster receives only user primary group information)

caseinsensitive

This option allows the client to treat all file and folder names as case-insensitive. When enabled, the client will not differentiate between uppercase and lowercase characters in file and folder names.

dynamicip

allows reconnecting of already authenticated client from any IP address (the default is to check IP address on reconnect)

maproot=USER[:GROUP]

maps root (uid=0) accesses to given user and group (similarly to maproot option in NFS mounts); USER and GROUP can be given either as name or number; if no group is specified, USER's primary group is used. Names are resolved on sfsmaster side (see note below).

mapall=USER[:GROUP]

like above but maps all non privileged users (uid!=0) accesses to given user and group (see notes below).

minversion=VER

rejects access from clients older than specified

mingoal=N, maxgoal=N

specify range in which goal can be set by users

mintrashtime=TDUR, maxtrashtime=TDUR

specify range in which trashtime can be set by users

password=PASS, md5pass=MD5

requires password authentication in order to access specified resource

alldirs

allows to mount any subdirectory of specified directory (similarly to NFS)

nonrootmeta

allows non-root users to use filesystem mounted in the meta mode (option available only in this mode)

Default options are: ro,maproot=999:999.

NOTES

USER and GROUP names (if not specified by explicit uid/gid number) are resolved on sfsmaster host.

TDUR can be specified as number without time unit (number of seconds) or combination of numbers with time units. Time units are: W,D,H,M,S. Order is important - less significant time units can’t be defined before more significant time units.

Option mapall works in SaunaFS in different way than in NFS, because of using FUSE’s "default_permissions" option. When mapall option is used, users see all objects with uid equal to mapped uid as their own and all other as root’s objects. Similarly objects with gid equal to mapped gid are seen as objects with current user’s primary group and all other objects as objects with group 0 (usually wheel). With mapall option set attribute cache in kernel is always turned off.

EXAMPLES

* / ro

192.168.1.0/24 / rw

192.168.1.0/24 / rw,alldirs,maproot=0,password=passcode

10.0.0.0-10.0.0.5 /test rw,maproot=nobody,password=test

10.1.0.0/255.255.0.0 /public rw,mapall=1000:1000

10.2.0.0/16 / rw,alldirs,maproot=0,mintrashtime=2h30m,maxtrashtime=2w

REPORTING BUGS

Report bugs to the Github repository https://github.com/leil/saunafs as an issue.

COPYRIGHT

Copyright 2008-2009 Gemius SA

Copyright 2013-2019 Skytechnology sp. z o.o.

Copyright 2023-2024 Leil Storage OÜ

SaunaFS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3.

SaunaFS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with SaunaFS. If not, see http://www.gnu.org/licenses/.

SEE ALSO

sfsmaster(8), sfsmaster.cfg(5)

08/28/2025