An NFS server maintains a table of local physical file systems that
are accessible to NFS clients. Each file system in this table is
referred to as an exported file system, or export, for short.
The exportfs command maintains the current table of exports for the
NFS server. The master export table is kept in a file named
/var/lib/nfs/etab. This file is read by rpc.mountd when a client
sends an NFS MOUNT request.
Normally the master export table is initialized with the contents of
/etc/exports and files under /etc/exports.d by invoking exportfs -a.
However, a system administrator can choose to add or delete exports
without modifying /etc/exports or files under /etc/exports.d by using
the exportfs command.
exportfs and its partner program rpc.mountd work in one of two modes:
a legacy mode which applies to 2.4 and earlier versions of the Linux
kernel, and a new mode which applies to 2.6 and later versions,
providing the nfsd virtual filesystem has been mounted at
/proc/fs/nfsd or /proc/fs/nfs. On 2.6 kernels, if this filesystem is
not mounted, the legacy mode is used.
In the new mode, exportfs does not give any information to the
kernel, but provides it only to rpc.mountd through the
/var/lib/nfs/etab file. rpc.mountd then manages kernel requests for
information about exports, as needed.
In the legacy mode, exports which identify a specific host, rather
than a subnet or netgroup, are entered directly into the kernel's
export table, as well as being written to /var/lib/nfs/etab.
Further, exports listed in /var/lib/nfs/rmtab which match a non host-
specific export request will cause an appropriate export entry for
the host given in rmtab to be added to the kernel's export table.
-d kind or --debug kind
Turn on debugging. Valid kinds are: all, auth, call, general
and parse. Debugging can also be turned on by setting debug=
in the [exportfs] section of /etc/nfs.conf.
-a Export or unexport all directories.
Specify a list of export options in the same manner as in
-i Ignore the /etc/exports file and files under /etc/exports.d
directory. Only default options and options given on the
command line are used.
-r Reexport all directories, synchronizing /var/lib/nfs/etab with
/etc/exports and files under /etc/exports.d. This option
removes entries in /var/lib/nfs/etab which have been deleted
from /etc/exports or files under /etc/exports.d, and removes
any entries from the kernel export table which are no longer
-u Unexport one or more directories.
-f If /proc/fs/nfsd or /proc/fs/nfs is mounted, flush everything
out of the kernel's export table. Fresh entries for active
clients are added to the kernel's export table by rpc.mountd
when they make their next NFS mount request.
-v Be verbose. When exporting or unexporting, show what's going
on. When displaying the current export list, also display the
list of export options.
-s Display the current export list suitable for /etc/exports.
The [exportfs] section of the /etc/nfs.conf configuration file can
contain a debug value, which can be one or more from the list
general, call, auth, parse, all. When a list is given, the members
should be comma-separated.
exportfs will also recognize the state-directory-path value from the
The first synopsis shows how to invoke exportfs when adding new
entries to the export table. When using exportfs -a, all exports
listed in /etc/exports and files under /etc/exports.d are added to
/var/lib/nfs/etab. The kernel's export table is also updated as
The host:/path argument specifies a local directory to export, along
with the client or clients who are permitted to access it. See
exports(5) for a description of supported options and access list
IPv6 presentation addresses contain colons, which are already used to
separate the "host" and "path" command line arguments. When
specifying a client using a raw IPv6 address, enclose the address in
square brackets. For IPv6 network addresses, place the prefix just
after the closing bracket.
To export a directory to the world, simply specify :/path.
The export options for a particular host/directory pair derive from
several sources. The default export options are
sync,ro,root_squash,wdelay. These can be overridden by entries in
/etc/exports or files under /etc/exports.d.
A system administrator may override options from these sources using
the -o command-line option on exportfs. This option takes a comma-
separated list of options in the same fashion as one would specify
them in /etc/exports. In this way exportfs can be used to modify the
export options of an already exported directory.
The third synopsis shows how to unexport a currently exported
directory. When using exportfs -ua, all entries listed in
/var/lib/nfs/etab are removed from the kernel export tables, and the
file is cleared. This effectively shuts down all NFS activity.
To remove an export, specify a host:/path pair. This deletes the
specified entry from /var/lib/nfs/etab and removes the corresponding
kernel entry (if any).
Dumping the Export Table
Invoking exportfs without options shows the current list of exported
file systems. Adding the -v option causes exportfs to display the
export options for each export.
The following adds all directories listed in /etc/exports and files
under /etc/exports.d to /var/lib/nfs/etab and pushes the resulting
export entries into the kernel:
# exportfs -a
To export the /usr/tmp directory to host django, allowing insecure
file locking requests from clients:
# exportfs -o insecure_locks django:/usr/tmp
To unexport the /usr/tmp directory:
# exportfs -u django:/usr/tmp
To unexport all exports listed in /etc/exports and files under
# exportfs -au
To export the /usr/tmp directory to IPv6 link-local clients:
# exportfs [fe80::]/64:/usr/tmp
Exporting to IP networks or DNS and NIS domains does not enable
clients from these groups to access NFS immediately. Rather, these
sorts of exports are hints to rpc.mountd(8) to grant any mount
requests from these clients. This is usually not a problem, because
any existing mounts are preserved in rmtab across reboots.
When unexporting a network or domain entry, any current exports to
members of this group will be checked against the remaining valid
exports and if they themselves are no longer valid they will be
/etc/exports input file listing exports, export options,
and access control lists
/etc/exports.d directory where extra input files are
stored. Note: only files that end with
.exports are used.
/var/lib/nfs/etab master table of exports
/var/lib/nfs/rmtab table of clients accessing server's exports