1sharemgr(1M) System Administration Commands sharemgr(1M)
2
6 sharemgr - configure and manage file sharing
7
9 sharemgr subcommand [options]
10 add-share [-nth] [-r resource-name] [-d "description text"]
13 -s sharepath group
14 create [-nvh] [-P proto [-p property=value]] group
17 delete [-nvh] [-P proto] [-f] group
20 disable [-nvh] [-a | group...]
23 enable [-nvh] [-a | group...]
26 list [-vh] [-P proto]
29 move-share [-nv] -s sharepath destination-group
32 remove-share [-fnvh] -s sharepath group
35 set [-nvh] -P proto [-p property=value]... [-S optionset]
38 [-s sharepath] group
39 set-share [-nh] [-r resource] [-d "description text"]
42 -s sharepath group
43 show [-pvxh] [-P proto] [group]...
46 unset [-nvh] -P proto [-S optionset] [-p property]...
49 group
50 share [-F fstype] [-p] [-o optionlist] [-d description]
53 [pathname [resourcename]]
54 unshare [-F fstype] [-p] [-o optionlist] sharepath
57
60 The sharemgr command configures share groups and the shares contained
61 within them.
62 A group name must conform to service management facility (SMF) (see
65 smf(5)) service-naming conventions, thus is limited to starting with an
66 alphabetic character, with the rest of the name consisting only of
67 alphanumeric characters plus - (hyphen) and _ (underbar).
68 Subcommands that result in a configuration change support a dry-run
71 option. When dry-run (-n) is specified, the syntax and validity of the
72 command is tested but the configuration is not actually updated.
73 For all subcommands, the -h option lists usage and help information.
76 For subcommands with the verbose (-v) option, additional information
79 will be provided. For example, in conjunction with the -n option, ver‐
80 bose mode will also indicate whether the current user has sufficient
81 permissions to accomplish the operation.
82 There are two groups that are created automatically. The default group
85 always exists and covers legacy NFS shares only. The zfs group will be
86 created when ZFS shares are enabled.
87 The options shown in the SYNOPSIS section are described in the context
90 of each subcommand. All subcommands except list and show require root
91 privileges or that you assume the Primary Administrator role.
92 Subcommands
94 With no subcommand entered, a sharemgr command with the -h option dis‐
95 plays a usage message for all subcommands.
96 The following subcommands follow sharemgr on a command line. Commands
99 take the form:
100 % sharemgr <subcommand> [options]
102 create [-nvh] [-P proto [-p property=value]] group
106 Create a new group with specified name.
108 If -n is specified, the command checks only the validity of the
110 command and that the group does not already exist.
111 If no protocol is specified, all known protocols are enabled for
113 the specified group. If a protocol is specified, only that protocol
114 is enabled. You can specify properties for a specified protocol.
115 If group exists, use of -P adds the specified protocol to that
117 group.
118 As an example of the create subcommand, the following command cre‐
120 ates a new group with the name mygroup.
121 # sharemgr create mygroup
123 Because no protocol was specified in the preceding command, all
126 defined protocols will be enabled on the group.
127 delete [-nvh] [-P proto] [-f] group
130 Delete the specified group. If the group is not empty, you can use
132 the -f option to force the deletion, which unshares and removes all
133 shares from the group before removing the group itself.
134 If you specify a protocol, rather than deleting the whole group,
136 this subcommand deletes the protocol from the group.
137 The -n option can be used to test the syntax of the command.
139 As an example, the following command removes the group mygroup from
141 the configuration if it is empty.
142 # sharemgr delete mygroup
144 The following command removes any existing shares prior to removing
147 the group.
148 # sharemgr delete -f mygroup
150 Note the use of the force (-f) option, above.
153 list [-vh] [-P proto]
156 List the defined groups.
158 If a protocol is specified, list only those groups that have the
160 specified protocol defined.
161 If the verbose option is specified, the current state of the group
163 and all protocols enabled on the group are listed as well. For
164 example:
165 # sharemgr list -v
167 mygroup enabled nfs
168 rdonlygrp disabled nfs
169 show [-pvxh] [-P proto] [group...]
174 Shows the contents of the specified group(s).
176 If the verbose option is specified, the resource name and descrip‐
178 tion of each share is displayed if they are defined. Otherwise,
179 only the share paths are displayed. Also, when temporary shares are
180 listed, they are prefixed with an asterisk (*).
181 If the -p option is specified, all options defined for the proto‐
183 cols of the group are displayed, in addition to the display without
184 options. If the -P option is used, the output is limited to those
185 groups that have the specified protocol enabled. If the -x option
186 is specified, output is in XML format and the -p and -v options are
187 ignored, because all information is included in the XML.
188 The following example illustrates the use of the -p option.
190 # sharemgr show -p mygroup
192 default nfs=()
193 * /data/backup
194 mygroup nfs=(nosuid=true)
195 /export/home/home0
196 /export/home/home1
197 The following example illustrates the use of the -v option.
200 # sharemgr show -v mygroup
202 mygroup
203 HOME0=/export/home/home0 "Home directory set 0"
204 HOME1=/export/home/home1 "Home directory set 1"
205 ZFS managed shares are handled in a way similar to the way NFS
208 shares are handled. These shares appear as subgroups within the
209 parent group zfs. The subgroups are always prefixed with zfs/ and
210 use the ZFS dataset name for the rest of the name. The mount point
211 and any sub-mounts that inherit sharing are shown as the shares of
212 the subgroup. For example:
213 # sharemgr show -vp zfs
215 zfs nfs=()
216 zfs/ztest
217 /ztest
218 /ztest/backups
219 set [-nvh] -P proto [-S optionset] [-p property=value]* [-s share path]
224 group
225 Set protocol-specific properties on the specified group.
227 The -P option is required and must specify a valid protocol.
229 Optionsets are protocol-specific sets of properties that can be
231 negotiated by the protocol client. For NFS, optionsets are equiva‐
232 lent to security modes as defined in nfssec(5). If -S optionset is
233 specified, the properties are applied to the selected optionset.
234 Otherwise they are applied to the general optionset.
235 Together, -P and -S select a specific view of the group's options
237 on which to work.
238 Property values are strings. A specified property is set to a new
240 value if the property already exists or is added to the protocol if
241 it does not already exist.
242 In the general case, at least one property must be set. If -S is
244 specified, properties can be omitted and the specified optionset is
245 enabled for the protocol.
246 The -s option allows setting properties on a per-share basis. While
248 this is supported, it should be limited to managing legacy shares
249 and to the occasional need for an override of a group-level prop‐
250 erty or placing an additional property on one share within a group.
251 An example of this subcommand:
253 # sharemgr set -P nfs -p anon=1234 mygroup
255 The preceding command adds the property anon=1234 to the nfs view
258 of group mygroup. If mygroup has existing shares, they will all be
259 reshared with the new property value(s).
260 unset [-nvh] -P proto [-S optionset] [-p property]* [-s sharepath ]
263 group
264 Unset the specified properties for the protocol or for the speci‐
266 fied optionset of the protocol.
267 In the general case, at least one property must be set. If -S is
269 specified, properties can be omitted and the specified optionset is
270 removed from the protocol.
271 The -s option allows removing a share-specific property.
273 An example of this subcommand:
275 # sharemgr unset -P nfs -p anon mygroup
277 The preceding command removes the anon= property from the nfs view
280 of group mygroup. If mygroup has existing shares, they will all be
281 reshared with the new property value(s).
282 add-share [-nth] [-r resource-name] [-d "description text"] -s
285 sharepath group
286 Add a new share to the specified group.
288 The -s option is mandatory and takes a full directory path.
290 If either or both of -d and -r are specified, they specify values
292 associated with the share. -d provides a description string to doc‐
293 ument the share and -r provides a protocol-independent resource
294 name. Resource names are not used by NFS at this time but can be
295 specified. These names currently follow the same naming rules as
296 group names.
297 The temporary option (-t) results in the share being shared but not
299 stored in the configuration repository. This option is intended for
300 shares that should not survive a reboot or server restart, or for
301 testing purposes. Temporary shares are indicated in the show sub‐
302 command output with an asterisk (*) preceding the share.
303 If sharepath is a ZFS path and that path is added to the zfs group,
305 sharemgr creates a new ZFS subgroup; the new share is added to that
306 subgroup. Any ZFS sub-filesystems under the ZFS filesystem desig‐
307 nated by sharepath will inherit the shared status of sharepath.
308 The effect of the add-share subcommand on a ZFS dataset is deter‐
310 mined by the values of the sharesmb and sharenfs properties of that
311 dataset.
312 See zfs(1M) for a description of the sharesmb and sharenfs proper‐
314 ties.
315 The following are examples of the add-share subcommand.
317 # sharemgr add-share -s /export/home/home0 -d "home \
319 directory set 0" -r HOME0 mygroup
320 # sharemgr add-share -s /export/home/home1 -d "home \
322 directory set 1" -r HOME1 mygroup
323 The preceding commands add /export/home/home0 and
326 /export/home/home1 to the group mygroup. A descriptive comment and
327 a resource name are included.
328 move-share [-nvh] -s sharepath destination-group
331 Move the specified share from the group it is currently in to the
333 specified destination group. The move-share subcommand does not
334 create a group. A specified group must exist for the command to
335 succeed.
336 The following is an example of this subcommand.
338 # sharemgr move-share -s /export/home/home1 newgroup
340 Assuming /export/home/home1 is in the group mygroup, the preceding
343 command moves /export/home/home1 to the group newgroup and unshares
344 and then reshares the directory with the properties associated with
345 newgroup.
346 remove-share [-fnvh] -s sharepath group
349 Remove the specified share from the specified group. The force (-f)
351 option forces the share to be removed even if it is busy.
352 You must specify the full path for sharepath. For group, use the
354 subgroup as displayed in the output of the sharemgr show command.
355 Note that if there are subshares that were created by inheritance,
356 these will be removed, along with the parent shares.
357 set-share [-nvh] [-r resource] [-d "description text"] -s sharepath
360 group
361 Set or change the specified share's description and resource val‐
363 ues. One use of set-share is to rename a resource. The syntax for
364 this use of the subcommand is:
365 # sharemgr set-share -r current_name=new_name -s sharepath group
367 enable [-nvh] [group... | -a]
372 Enable the specified group(s), or (with -a) all groups, and start
374 sharing the contained shares. This state persists across reboots.
375 An enabled group will be shared whenever the corresponding SMF ser‐
377 vice instance is enabled. sharemgr will start the SMF service
378 instance if it is not currently online.
379 disable [-nvh] [group... | -a]
382 Disable the specified group(s), or (with -a) all groups, and
384 unshare the shares that they contain. This state persists across
385 reboots.
386 A disabled group will not be shared even if the corresponding SMF
388 service instance is online. This feature is useful when you do not
389 want a group of shares to be started at boot time.
390 start [-vh] [-P proto] [group... | -a]
393 Start the specified group, or (with -a) all groups. The start sub‐
395 command is similar to enable in that all shares are started, but
396 start works only on groups that are enabled. start is used by the
397 SMF to start sharing at system boot.
398 A group will not start sharing if it is in the sharemgr disabled
400 state. However, the corresponding SMF service instance will be
401 started.
402 Note that the start subcommand is similar to the shareall(1M) com‐
404 mand in that it starts up only the configured shares. That is, the
405 enabled shares will start being shared, but the configuration state
406 is left the same. The command:
407 # sharemgr start -a
409 ...is equivalent to:
412 # shareall
414 stop [-vh] [-P proto] [group... | -a]
419 Stop the specified group, or (with -a) all groups. The stop subcom‐
421 mand is similar to disable in that all shares are no longer shared,
422 but it works only on groups that are enabled. stop is used by the
423 SMF to stop sharing at system shutdown.
424 Note that the stop subcommand is similar to the unshareall(1M) com‐
426 mand in that all active shares are unshared, but the configuration
427 is left the same. That is, the shares are stopped but the service
428 instances are left enabled. The command:
429 # sharemgr stop -a
431 ...is equivalent to:
434 # unshareall
436 share [-F fstype] [-p] [-o optionlist] [-d description] [pathname
441 [resourcename]]
442 Shares the specified path in the default share group. This subcom‐
444 mand implements the share(1M) functionality. Shares that are shared
445 in this manner will be transient shares. Use of the -p option
446 causes the shares to be persistent.
447 unshare [-F fstype] [-p] [-o optionlist] sharepath
450 Unshares the specified share. This subcommand implements the
452 unshare(1M) functionality. By default, the unshare is temporary.
453 The -p option is provided to remove the share from the configura‐
454 tion in a way that persists across reboots.
455 Supported Properties
458 Properties are protocol-specific. Currently, only the NFS and SMB pro‐
459 tocols are supported. Properties have the following characteristics:
460 o Values of type boolean take either true or false.
462 o Values of type value take a numeric value.
464 o Values of type file take a file name and not a file path.
466 o Values of type access-list are described in detail following
468 the descriptions of the NFS properties.
469 The general properties supported for NFS are:
472 abe=boolean
474 Set the access-based enumeration (ABE) policy for a share. When
476 set to true, ABE filtering is enabled on this share and directory
477 entries to which the requesting user has no access will be omitted
478 from directory listings returned to the client. When set to false
479 or not defined, ABE filtering will not be performed on this share.
480 This property is not defined by default.
481 disabled
483 Disable ABE for this share.
485 enabled
488 Enable ABE for this share.
490 aclok=boolean
494 Allows the NFS server to do access control for NFS Version 2
496 clients (running SunOS 2.4 or earlier). When aclok is set on the
497 server, maximum access is given to all clients. For example, with
498 aclok set, if anyone has read permissions, then everyone does. If
499 aclok is not set, minimum access is given to all clients.
500 ad-container
503 Specifies the AD container in which to publish shares.
505 The AD container is specified as a comma-separated list of
507 attribute name-value pairs using the LDAP distinguished name (DN)
508 or relative distinguished name (RDN) format. The DN or RDN must be
509 specified in LDAP format using the cn=, ou=, and dc= prefixes:
510 o cn represents the common name
512 o ou represents the organizational unit
514 o dc represents the domain component
516 cn=, ou= and dc= are attribute types. The attribute type used to
517 describe an object's RDN is called the naming attribute, which, for
518 ADS, includes the following object classes:
519 o cn for the user object class
521 o ou for the organizational unit (OU) object class
523 o dc for the domainDns object class
525 anon=uid
528 Set uid to be the effective user ID of unknown users. By default,
530 unknown users are given the effective user ID UID_NOBODY. If uid is
531 set to -1, access is denied.
532 catia=boolean
535 CATIA V4 uses characters in file names that are considered to be
537 invalid by Windows. CATIA V5 is available on Windows. A CATIA V4
538 file could be inaccessible to Windows clients if the file name con‐
539 tains any of the characters that are considered illegal in Windows.
540 By default, CATIA character substitution is not performed.
541 If the catia property is set to true, the following character sub‐
543 stitution is applied to file names.
544 CATIA CATIA
546 V4 UNIX V5 Windows
547 " \250 0x00a8 Dieresis
548 * \244 0x00a4 Currency Sign
549 / \370 0x00f8 Latin Small Letter O with Stroke
550 : \367 0x00f7 Division Sign
551 < \253 0x00ab Left-Pointing Double Angle Quotation Mark
552 > \273 0x00bb Right-Pointing Double Angle Quotation Mark
553 ? \277 0x00bf Inverted Question Mark
554 \ \377 0x00ff Latin Small Letter Y with Dieresis
555 | \246 0x00a6 Broken Bar
556 cksum=cksumlist
561 Set the share to attempt to use end-to-end checksums. The value
563 cksumlist specifies the checksum algorithms that should be used.
564 csc=value
567 Set the client-side caching policy for a share. Client-side caching
569 is a client feature and offline files are managed entirely by the
570 clients.
571 The following are valid values for the csc property:
574 o manual - Clients are permitted to cache files from the
576 specified share for offline use as requested by users.
577 However, automatic file-by-file reintegration is not
578 permitted. manual is the default value.
579 o auto - Clients are permitted to automatically cache
581 files from the specified share for offline use and file-
582 by-file reintegration is permitted.
583 o vdo - Clients are permitted to automatically cache files
585 from the specified share for offline use, file-by-file
586 reintegration is permitted, and clients are permitted to
587 work from their local cache even while offline.
588 o disabled - Client-side caching is not permitted for this
590 share.
591 guestok=boolean
594 Set the guest access policy for the share. When set to true guest
596 access is allowed on this share. When set to false or not defined
597 guest access is not allowed on this share. This property is not
598 defined by default.
599 An idmap(1M) name-based rule can be used to map guest to any local
601 username, such as guest or nobody. If the local account has a pass‐
602 word in /var/smb/smbpasswd the guest connection will be authenti‐
603 cated against that password. Any connection made using an account
604 that maps to the local guest account will be treated as a guest
605 connection.
606 Example name-based rule:
608 # idmap add winname:Guest unixuser:guest
610 index=file
615 Load file rather than a listing of the directory containing this
617 file when the directory is referenced by an NFS URL.
618 log=tag
621 Enables NFS server logging for the specified system. The optional
623 tag determines the location of the related log files. The tag is
624 defined in etc/nfs/nfslog.conf. If no tag is specified, the default
625 values associated with the global tag in etc/nfs/nfslog.conf is
626 used. Support of NFS server logging is available only for NFS Ver‐
627 sion 2 and Version 3 requests.
628 nosub=boolean
631 Prevents clients from mounting subdirectories of shared directo‐
633 ries. For example, if /export is shared with the nosub option on
634 server wool then an NFS client cannot do:
635 # mount -F nfs wool:/export/home/mnt
637 NFS Version 4 does not use the MOUNT protocol. The nosub option
640 applies only to NFS Version 2 and Version 3 requests.
641 nosuid=boolean
644 By default, clients are allowed to create files on a shared file
646 system with the setuid or setgid mode enabled. Specifying nosuid
647 causes the server file system to silently ignore any attempt to
648 enable the setuid or setgid mode bits.
649 public=boolean
652 Moves the location of the public file handle from root (/) to the
654 exported directory for WebNFS-enabled browsers and clients. This
655 option does not enable WebNFS service; WebNFS is always on. Only
656 one file system per server can have the public property. You can
657 apply the public property only to a share and not to a group.
658 NFS also supports negotiated optionsets for supported security modes.
662 The security modes are documented in nfssec(5). The properties sup‐
663 ported for these optionsets are:
664 charset=access-list
666 Where charset is one of: euc-cn, euc-jp, euc-jpms, euc-kr, euc-tw,
668 iso8859-1, iso8859-2, iso8859-5, iso8859-6, iso8859-7, iso8859-8,
669 iso8859-9, iso8859-13, iso8859-15, koi8-r.
670 Clients that match the access-list for one of these properties will
672 be assumed to be using that character set and file and path names
673 will be converted to UTF-8 for the server.
674 ro=access-list
677 Sharing is read-only to the clients listed in access-list; over‐
679 rides the rw suboption for the clients specified. See the descrip‐
680 tion of access-list below.
681 rw=access-list
684 Sharing is read-write to the clients listed in access-list; over‐
686 rides the ro suboption for the clients specified. See the descrip‐
687 tion of access-list below.
688 none=access-list
691 Access is not allowed to any client that matches the access list.
693 The exception is when the access list is an asterisk (*), in which
694 case ro or rw can override none.
695 root=access-list
698 Only root users from the hosts specified in access-list have root
700 access. See details on access-list below. By default, no host has
701 root access, so root users are mapped to an anonymous user ID (see
702 the anon=uid option described above). Netgroups can be used if the
703 file system shared is using UNIX authentication (AUTH_SYS).
704 root_mapping=uid
707 For a client that is allowed root access, map the root UID to the
709 specified user id.
710 window=value
713 When sharing with sec=dh (see nfssec(5)), set the maximum lifetime
715 (in seconds) of the RPC request's credential (in the authentication
716 header) that the NFS server allows. If a credential arrives with a
717 lifetime larger than what is allowed, the NFS server rejects the
718 request. The default value is 30000 seconds (8.3 hours). This prop‐
719 erty is ignored for security modes other than dh.
720 The general properties supported for SMB are:
724 ro=access-list
726 Sharing is read-only to the clients listed in access-list; over‐
728 rides the rw suboption for the clients specified. See the descrip‐
729 tion of access-list below.
730 rw=access-list
733 Sharing is read-write to the clients listed in access-list; over‐
735 rides the ro suboption for the clients specified. See the descrip‐
736 tion of access-list below.
737 none=access-list
740 Access is not allowed to any client that matches the access list.
742 The exception is when the access list is an asterisk (*), in which
743 case ro or rw can override none.
744 Access List Argument
747 The access-list argument is either the string "*" to represent all
748 hosts or a colon-separated list whose components can be any number of
749 the following:
750 hostname
752 The name of a host. With a server configured for DNS or LDAP naming
754 in the nsswitch.conf(4) hosts entry, a hostname must be represented
755 as a fully qualified DNS or LDAP name.
756 netgroup
759 A netgroup contains a number of hostnames. With a server configured
761 for DNS or LDAP naming in the nsswitch.conf(4) hosts entry, any
762 hostname in a netgroup must be represented as a fully qualified DNS
763 or LDAP name.
764 domainname.suffix
767 To use domain membership the server must use DNS or LDAP, rather
769 than, for example, NIS or NIS+, to resolve hostnames to IP
770 addresses. That is, the hosts entry in the nsswitch.conf(4) must
771 specify dns or ldap ahead of nis or nisplus, because only DNS and
772 LDAP return the full domain name of the host. Other name services,
773 such as NIS or NIS+, cannot be used to resolve hostnames on the
774 server because, when mapping an IP address to a hostname, they do
775 not return domain information. For example, for the IP address
776 172.16.45.9:
777 NIS or NIS+
779 Returns: myhost
781 DNS or LDAP
784 Returns: myhost.mydomain.mycompany.com
786 The domain name suffix is distinguished from hostnames and net‐
788 groups by a prefixed dot. For example:
789 rw=.mydomain.mycompany.com
791 A single dot can be used to match a hostname with no suffix. For
793 example, the specification:
794 rw=.
796 ...matches mydomain but not mydomain.mycompany.com. This feature
798 can be used to match hosts resolved through NIS and NIS+ rather
799 than DNS and LDAP.
800 network
803 The network or subnet component is preceded by an at-sign (@). It
805 can be either a name or a dotted address. If a name, it is con‐
806 verted to a dotted address by getnetbyname(3SOCKET). For example:
807 =@mynet
809 ...is equivalent to:
811 =@172.16 or =@172.16.0.0
813 The network prefix assumes an octet-aligned netmask determined from
815 the zeroth octet in the low-order part of the address up to and
816 including the high-order octet, if you want to specify a single IP
817 address. In the case where network prefixes are not byte-aligned,
818 the syntax allows a mask length to be specified explicitly follow‐
819 ing a slash (/) delimiter. For example:
820 =@theothernet/17 or =@172.16.132/22
822 ...where the mask is the number of leftmost contiguous significant
824 bits in the corresponding IP address.
825 A prefixed minus sign (-) denies access to a component of access-list.
829 The list is searched sequentially until a match is found that either
830 grants or denies access, or until the end of the list is reached. For
831 example, if host terra is in the netgroup engineering, then:
832 rw=-terra:engineering
834 ...denies access to terra, but:
838 rw=engineering:-terra
840 ...grants access to terra.
844
846 0 Successful completion.
847 98 Service is offline and cannot be enabled (start
850 only).
851 other non-zero Command failed.
854
857 /usr/include/libshare.h Error codes used for exit status.
858
861 See attributes(5) for descriptions of the following attributes:
862 ┌─────────────────────────────┬─────────────────────────────┐
867 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
868 ├─────────────────────────────┼─────────────────────────────┤
869 │Availability │SUNWcsu │
870 ├─────────────────────────────┼─────────────────────────────┤
871 │Interface Stability │Committed │
872 └─────────────────────────────┴─────────────────────────────┘
873
875 idmap(1M), sharectl(1M), zfs(1M), attributes(5), nfssec(5), smf(5),
876 standards(5)
877SunOS 5.11 21 Sep 2009 sharemgr(1M)