exportfs Command: Tutorial & Examples

Manage and display NFS exported file systems on a Linux server

The exportfs command is a fundamental Linux utility used to manage the list of file systems exported to remote clients via the NFS (Network File System) protocol. It allows administrators to export directories, control client access permissions, refresh exports without restarting services, and display current export status. Understanding exportfs is essential for configuring and maintaining secure and efficient NFS shares on a Linux server.

How It Works

The exportfs command manages NFS exports by reading the /etc/exports configuration file, which specifies directories to be shared and their access options for different clients. When invoked, exportfs updates the kernel's export table and maintains the /var/lib/nfs/etab file, which stores the current export list state.

The NFS server kernel module references this export table to determine which file systems are accessible to remote clients and what permissions apply. This way, exportfs acts as an interface between the static exports configuration and the active NFS kernel exports.

What It Is Used For

The primary uses of exportfs include:

• Exporting specified directories to clients or networks.
• Unexporting (removing) directories from the export list.
• Displaying the current list of active exports.
• Refreshing or reloading exports after changes to the /etc/exports file without restarting the NFS service.

These actions enable dynamic management of NFS shares, improving administration flexibility and uptime.

Why It Is Important

In networked Linux environments, sharing files securely and efficiently is critical. exportfs provides fine-grained control over which directories are shared, which clients can access them, and with what permissions. It ensures that only authorized clients can mount exported file systems, contributing to both accessibility and security in multi-user or multi-host setups.

Common Command Line Parameters and Options

Below are frequent parameters used with exportfs:

Display Current Exports

exportfs -v

Shows a verbose list of currently exported directories, clients, and associated options.

Export All Directories From Exports File

exportfs -a

Exports all directories defined in /etc/exports.

Unexport All Currently Exported Directories

exportfs -u -a

Removes all active exports.

Export Specific Directory To A Client

exportfs -o rw,sync,no_subtree_check client_ip:/srv/nfs

Exports /srv/nfs directory to the client with IP address client_ip with specified options.

Refresh Exports

exportfs -r

Re-reads the /etc/exports file and applies any changes without restarting the NFS service.

Explanation of Export Options

Common export options used with -o include:

• rw: Grants read-write access.
• ro: Grants read-only access.
• sync: Replies to client requests only after changes have been committed to stable storage, ensuring data integrity.
• async: Replies immediately without waiting for data to be written to disk, improving performance but risking data loss on crash.
• nosubtreecheck: Disables subtree checking, improving performance especially for large directories.
• root_squash: Maps root user requests from clients to the anonymous user for security (default).
• norootsquash: Allows root on clients to act as root on the server (security risk).
• insecure: Allows connections from non-privileged ports (needed for some clients).
• all_squash: Maps all client users to anonymous user.
• noallsquash: Disables user mapping for all users.

Technical Background

The NFS server kernel module maintains an in-kernel export table that controls which directories are shared and how. The exportfs command updates this kernel export table using system calls and by writing the export list to /var/lib/nfs/etab.

When exportfs is run with the -a or -r options, it parses the /etc/exports file, validates syntax, and applies exports. This avoids restarting the NFS daemon, allowing live updates.

The kernel uses the export table to enforce access controls and export options for clients mounting the NFS shares.

Security Considerations

Proper configuration of export options is critical for system security:

• root_squash is enabled by default to prevent remote root users from having root privileges on the server, mitigating risk of unauthorized access.
• Using norootsquash should be avoided unless absolutely necessary and in trusted environments.
• The insecure option allows clients to connect from non-privileged ports, which can be a security concern; use only if required.
• Exporting directories with write permissions (rw) should be done cautiously to prevent unauthorized modification.
• Restrict exports to specific client IPs or subnets to minimize exposure.
• Regularly review the exports list and permissions to avoid accidental data exposure.

Common Errors and Troubleshooting

When working with exportfs, you may encounter:

• Permission Denied or Function Not Implemented

  exportfs: /mnt/nfs: Function not implemented

  This usually indicates missing NFS server support or insufficient privileges. Run commands as root or with sudo.

• Syntax Errors in /etc/exports

  A malformed entry can prevent exports. Validate syntax carefully:

  /srv/nfs 192.168.1.0/24(rw,sync,nosubtreecheck)

• Clients Unable to Mount Exports

  Check for network issue, firewall settings blocking NFS ports, or incorrect IP restrictions in exports.

• Exports Not Updated After Editing /etc/exports

  Run exportfs -r to reload exports without restarting the NFS server.

Practical Examples

Below are examples demonstrating common exportfs usage. Replace client_ip with the actual client IP or hostname.

Example 1: Exporting A Directory To A Client With Options

sudo exportfs -o rw,sync,no_subtree_check 192.168.1.100:/srv/nfs

Exports /srv/nfs with read-write access to client 192.168.1.100. The sync option ensures data integrity, and no_subtree_check improves performance.

Example 2: Unexporting A Specific Directory For A Client

sudo exportfs -u 192.168.1.100:/srv/nfs

Removes the export of /srv/nfs for client 192.168.1.100.

Example 3: Exporting All Directories From Exports File

sudo exportfs -a

Exports all directories defined in /etc/exports.

Example 4: Refreshing Exports After Changes

sudo exportfs -r

Reloads exports from /etc/exports without restarting NFS.

Example 5: Displaying Current Exports Verbosely

sudo exportfs -v

Sample output:

/srv/nfs  192.168.1.100(rw,sync,wdelay,hide,no_subtree_check,insecure,root_squash,no_all_squash)

Shows the exported directory, client, and active options.

Advanced Usage

Automating Export Reloads

To automatically reload exports after editing /etc/exports, you can script:

sudo exportfs -r

and schedule it with cron or a systemd timer.

Scripting Export Management

You can use exportfs in scripts to dynamically add or remove exports based on system events, for example:

# Export /data/nfs to a client
exportfs -o rw,sync client_ip:/data/nfs

# Later unexport it
exportfs -u client_ip:/data/nfs

This can be integrated into configuration management tools or deployment scripts.

Performance Considerations

• Using no_subtree_check reduces overhead by disabling subtree checking; beneficial for large directories.
• The sync option ensures data integrity but can reduce performance; async improves speed but risks data loss on crashes.
• Avoid exporting too many directories or overly broad networks to reduce server load.
• Monitor server load and NFS-related statistics to optimize export configurations.

See Also

• /etc/exports
• /var/lib/nfs/etab
• mount
• showmount
• NFS
• cron
• network issue

Further Reading

• Linux for Networking Professionals by Rob Vandenbrink (partner link)
• Understanding Linux Network Internals by Christian Benvenuti (partner link)
• Linux Networking Cookbook by Carla Schroder (partner link)

As an Amazon Associate, I earn from qualifying purchases.