Search code examples
linuxnetwork-programmingnfs

Explanation regarding `showmount -e` needed - what does "@" mean?

As stated in the title: What does the @... in the output below mean? I don't think they are hostnames, because I think the @-sign is reserved for mailing. Normally there stands a IP-subnet or simply an IP-address - but nothing is the case here. I also know I can put hostnames in there, but I don't think I could put such @... into the hosts file to restrict the access to only some IPs... Sooo, what is this?

glaforge@enterprise: showmount -e [REMOVED]
Export list for [REMOVED]:
[REMOVED]   *
[REMOVED]   @somenamea,@somenameb
Solution

  • In the list of exports shown by showmount -e any names with an @ are netgroups, not individual hosts.

    A netgroup is a list of hosts. They're typically defined in /etc/netgroup on the NFS server (but could also be in NIS, LDAP, etc. depending on how /etc/nsswitch.conf is configured).

    Using netgroups to define your exports saves a lot of typing compared to exporting to each host separately. (I find that it reduces the chances of making typos. Or if I do make a typo in one of my exports, I'll find it faster as it'll affect all the machines in the netgroup rather than just one machine.)

    Example

    On my NFS server I could have the following netgroups defined in /net/netgroup:

    nuts    (walnut,,) (almond,,) (pistachio,,) (hazelnut,,)
flowers (rose,,) (tulip,,) (iris,,)

    Each entry in a netgroup is defined as a tuple of (hostname, user, NIS domain) but NFS only cares about the hostname so just leave the other parts blank. The NIS domain is not the same thing as a DNS domain. If you need to specify a full DNS name, e.g., foo.example.com, put it all in the host part: (foo.example.com,,)

    And then my exports file could look like this:

    /vol/home    @nuts(rw) @flowers(rw)
/vol/web     @nuts(rw)
/vol/dns     @nuts(ro) almond(rw)

    Now the hosts in the flowers netgroup can mount home read-write but can't access web or dns. The host almond has read-write access to everything, but the rest of the machines in the nuts netgroup only have read-only access to dns.

    If I were to run showmount -e it would look something like this:

    % showmount -e
Export list for example.com:
/vol/home @nuts,@flowers
/vol/web  @nuts
/vol/dns  @nuts,almond