diff options
| author | Keith M Wesolowski <wesolows@foobazco.org> | 2014-11-25 16:13:40 +0000 |
|---|---|---|
| committer | Keith M Wesolowski <wesolows@foobazco.org> | 2014-11-25 16:13:40 +0000 |
| commit | b066c7fd813238a22e4319be910ac8e955e77b8b (patch) | |
| tree | 8943c1014201b87cb64fb474b165e52468ffc6f2 /usr/src | |
| parent | f54f2e6228e9c5cc433bae3d6fe5126b60ed1c2c (diff) | |
| parent | 9e573dcc6440324d76c37be570afdef86f045685 (diff) | |
| download | illumos-joyent-b066c7fd813238a22e4319be910ac8e955e77b8b.tar.gz | |
[illumos-gate merge]
commit 9e573dcc6440324d76c37be570afdef86f045685
5104 reboot should check for (and remove) extra -B zfs-bootfs options.
commit 21920a0a2f368f65491623e68d7c66dfd09c46f4
4228 chmod(1): SFI NFSv4 ACL inheritance flags are not documented
commit 2f183016d19cb0c342edba0c4f2c9058f07298a9
3614 The 'offline' and 'sparse' extended system attributes should be documented in man pages
commit 22fec8cf7c90530cbbeb80ea11190db467cb2e21
4305 rpc(3nsl): svc_sendreply is in rpc_svc_calls(3nsl)
commit 6aa4fc89ec1cf2cdf7d7c3b9ec059802ac9abe65
4324 hosts_access(3): Missing symlinks for hosts_ctl, request_init, and request_set
commit 3689c709de099274714d61c877dcc1aa333f3f41
4328 sigprocmask(2) talks about the 'how' argument
commit db26b99f059a8c142f2792443c9feacf20492ce7
4325 rpc_svc_calls(3nsl): svc_getrpccaller() description should be improved
commit 17452594f0e9de79709558488fe1aa553bedaa68
4321 rpc_svc_calls(3nsl): svc_run() can return
commit 67c6b9aa14d625ebd5b266131566d95298d2d993
4306 rpc_svc_calls(3nsl): Messed svc_sendreply/svc_max_pollfd
commit c235b016b0b38466c37f5fe5360c79e58fa3062d
4320 rpc_svc_reg(3nsl): svc_pollfd is modified too
commit b64d5d97b0f8212e45e2f214bddc101b35839fde
4240 lofs(7fs): Missing quotes
commit 56df543bd1506bfa8639c4f131c22460558bf4af
3833 err(3c): 'status' should be changed to 'eval'
commit c7b6bf90757979f50e793af7ea98d3120668214f
4199 acl_trivial(3sec): The definition of trivial ACL is incorrect
commit 229fca2669c724519f75f27dbd16b96f35b82589
4192 acl(5): issues in the man page
commit 870bcdc9e2be873a751e202d1425b07267029c70
4201 fopen(3c): The w mode should be bold, not italic
commit 5619b3f84733e187bc34bca49abbec8bdfcd7d99
4181 zfs(1m): 'zfs allow' examples in the man page are outdated
commit 62824eff3eecef0153856851a0ecd8da820e02a1
3622 nfslogd(1M): Note about svc:/network/nfs/log is needed
commit 073ec901764f0ff4a9110de0cfbc6b5ce426d99a
5299 share_nfs(1m) should be converted to mdoc
3607 share_nfs(1M): tag in the log option is optional
4893 share_nfs(1m): Typo 'node' vs. 'mode'
commit fdb8cf8c1b80da286f448f5e748b65f9115d7043
5291 x86 {high,low}bit rely on undefined behavior
Manifests:
usr/src/pkg/manifests/library-security-tcp-wrapper.mf
Diffstat (limited to 'usr/src')
25 files changed, 1051 insertions, 1201 deletions
diff --git a/usr/src/cmd/halt/halt.c b/usr/src/cmd/halt/halt.c index aa6909b643..3b57e02c64 100644 --- a/usr/src/cmd/halt/halt.c +++ b/usr/src/cmd/halt/halt.c @@ -1211,8 +1211,13 @@ parse_fastboot_args(char *bootargs_buf, size_t buf_size, } if (is_zfs && (buflen != 0 || bename != NULL)) { - /* LINTED E_SEC_SPRINTF_UNBOUNDED_COPY */ - off += sprintf(bootargs_buf + off, "%s ", bootfs_arg); + /* do not copy existing zfs boot args */ + if (strstr(&bootargs_saved[rootlen], "-B") == NULL || + strstr(&bootargs_saved[rootlen], "zfs-bootfs=") == NULL || + (strstr(&bootargs_saved[rootlen], "bootpath=") == NULL && + strstr(&bootargs_saved[rootlen], "diskdevid=") == NULL)) + /* LINTED E_SEC_SPRINTF_UNBOUNDED_COPY */ + off += sprintf(bootargs_buf + off, "%s ", bootfs_arg); } /* diff --git a/usr/src/man/man1/chmod.1 b/usr/src/man/man1/chmod.1 index b5c0ca924d..4c04e2ce32 100644 --- a/usr/src/man/man1/chmod.1 +++ b/usr/src/man/man1/chmod.1 @@ -1,4 +1,5 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright 1989 AT&T. .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. .\" Portions Copyright (c) 1992, X/Open Company Limited All Rights Reserved @@ -10,7 +11,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH CHMOD 1 "Dec 11, 2008" +.TH CHMOD 1 "Nov 24, 2014" .SH NAME chmod \- change the permissions mode of a file .SH SYNOPSIS @@ -35,7 +36,6 @@ chmod \- change the permissions mode of a file .fi .SH DESCRIPTION -.sp .LP The \fBchmod\fR utility changes or assigns the mode of a file. .sp @@ -44,7 +44,6 @@ The \fBchmod\fR utility changes or assigns the mode of a file. directories, and to modify boolean read-write system attributes on regular files, directories, and opaque extended attribute files. .SS "Absolute Mode" -.sp .LP An absolute mode command line has the following format: .sp @@ -213,7 +212,6 @@ For directories, the \fBsetgid\fR bit cannot be set (or cleared) in absolute mode; it must be set (or cleared) in symbolic mode using \fBg+s\fR (or \fBg-s\fR). .SS "Symbolic Mode" -.sp .LP A symbolic mode command line has the following format: .sp @@ -483,7 +481,6 @@ set. .RE .SS "ACL Operation" -.sp .LP An ACL Operation command line has the following format: .sp @@ -1088,6 +1085,35 @@ either \fBfile_inherit\fR and or \fBdir_inherit\fR also being specified. .RE .sp +.ne 2 +.na +\fBsuccessful_access (\fBS\fR)\fR +.ad +.RS 20n +Indicates whether an alarm or audit record should be initiated upon successful +accesses. Used with audit/alarm ACE types. +.RE + +.sp +.ne 2 +.na +\fBfailed_access (\fBF\fR)\fR +.ad +.RS 20n +Indicates whether an alarm or audit record should be initiated when access +fails. Used with audit/alarm ACE types. +.RE + +.sp +.ne 2 +.na +\fBinherited (\fBI\fR)\fR +.ad +.RS 20n +ACE was inherited. +.RE + +.sp .LP The inheritance flags listed can also be specified in the compact format or as positional arguments similar to the \fBls\fR \fB-V\fR format. A hyphen @@ -1108,7 +1134,7 @@ file_inherit/dir_inherit/no_propagate .sp .in +2 .nf -fd-n-- +fd-n--- .fi .in -2 .sp @@ -1135,7 +1161,6 @@ user:bob:read_data:allow .sp .SS "Attribute Operation" -.sp .LP An attribute operation command line has the following format: .sp @@ -1368,8 +1393,25 @@ The following is a list of \fBAttribute Names and Abbreviation Characters\fR: \fBm\fR .RE -.SH OPTIONS .sp +.ne 2 +.na +\fB\fBoffline\fR\fR +.ad +.RS 18n +\fBO\fR +.RE + +.sp +.ne 2 +.na +\fB\fBsparse\fR\fR +.ad +.RS 18n +\fBs\fR +.RE + +.SH OPTIONS .LP The following options are supported: .sp @@ -1414,7 +1456,6 @@ attribute file of the file operand and the file operand itself. .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -1479,10 +1520,9 @@ A path name of a file whose file mode bits are to be modified. .RE .SH USAGE -.sp .LP See \fBlargefile\fR(5) for the description of the behavior of \fBchmod\fR when -encountering files greater than or equal to 2 Gbyte ( 2^31 bytes). +encountering files greater than or equal to 2 Gbyte (2^31 bytes). .SH EXAMPLES .LP \fBExample 1 \fRDenying \fBexecute\fR Permission @@ -1691,13 +1731,13 @@ First, display the ACL to pick a location to insert a new ACE. .nf % ls -V file.1 -rw-r--r--+ 1 root root 0 Oct 6 12:16 file.1 - user:lp:rw------------:------:allow - owner@:--x-----------:------:deny - owner@:rw-p---A-W-Co-:------:allow - group@:-wxp----------:------:deny - group@:r-------------:------:allow - everyone@:-wxp---A-W-Co-:------:deny - everyone@:r-----a-R-c--s:------:allow + user:lp:rw------------:-------:allow + owner@:--x-----------:-------:deny + owner@:rw-p---A-W-Co-:-------:allow + group@:-wxp----------:-------:deny + group@:r-------------:-------:allow + everyone@:-wxp---A-W-Co-:-------:deny + everyone@:r-----a-R-c--s:-------:allow .fi .in -2 .sp @@ -1728,14 +1768,14 @@ Display the new ACL: .nf $ ls -V file.1 -rw-r--r--+ 1 root staff 0 Feb 3 14:13 file.1 - user:lp:rw------------:------:allow - owner@:--x-----------:------:deny - owner@:rw-p---A-W-Co-:------:allow - user:marks:r-------------:------:deny - group@:-wxp----------:------:deny - group@:r-------------:------:allow - everyone@:-wxp---A-W-Co-:------:deny - everyone@:r-----a-R-c--s:------:allow + user:lp:rw------------:-------:allow + owner@:--x-----------:-------:deny + owner@:rw-p---A-W-Co-:-------:allow + user:marks:r-------------:-------:deny + group@:-wxp----------:-------:deny + group@:r-------------:-------:allow + everyone@:-wxp---A-W-Co-:-------:deny + everyone@:r-----a-R-c--s:-------:allow .fi .in -2 .sp @@ -2219,7 +2259,7 @@ The following examples replace system attributes of a ZFS file: .nf $ chmod S=v{archive,hidden,readonly,system,appendonly,\e nonodump,immutable,noav_modified,noav_quarantined,\e - nounlink} file1 + nounlink,nooffline,nosparse} file1 .fi .in -2 .sp @@ -2243,7 +2283,7 @@ or .sp .in +2 .nf -$ chmod S=c{AHRSa-i--u} file1 +$ chmod S=c{AHRSa-i--u--} file1 .fi .in -2 .sp @@ -2278,8 +2318,8 @@ Assuming appropriate privileges, this results in the following system attributes of \fBfile1\fR being set: \fBarchive\fR, \fBhidden\fR, \fBreadonly\fR, \fBsystem\fR, \fBappendonly\fR, \fBimmutable\fR, and \fBnounlink\fR. Assuming appropriate privileges, the following system -attributes of \fBfile1\fR are cleared: \fBnodump\fR, \fBav_modified\fR, and -\fBav_quarantined\fR. +attributes of \fBfile1\fR are cleared: \fBnodump\fR, \fBav_modified\fR, +\fBav_quarantined\fR, \fBoffline\fR, and \fBsparse\fR. .LP \fBExample 21 \fRClearing All System Attributes of a ZFS File @@ -2439,7 +2479,7 @@ or .sp .in +2 .nf -$ chmod S+c{-HS--------} file1 +$ chmod S+c{-H-S--------} file1 .fi .in -2 .sp @@ -2550,13 +2590,11 @@ set are also set on \fBfile2\fR. All system attributes of \fBfile1\fR that are cleared are also cleared on \fBfile2\fR. .SH ENVIRONMENT VARIABLES -.sp .LP See \fBenviron\fR(5) for descriptions of the following environment variables that affect the execution of \fBchmod\fR: \fBLANG\fR, \fBLC_ALL\fR, \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR, and \fBNLSPATH\fR. .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -2578,7 +2616,6 @@ An error occurred. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -2596,13 +2633,11 @@ Interface Stability Committed .TE .SH SEE ALSO -.sp .LP \fBgetfacl\fR(1), \fBls\fR(1), \fBsetfacl\fR(1), \fBchmod\fR(2), \fBfgetattr\fR(3C), \fBacl\fR(5), \fBattributes\fR(5), \fBenviron\fR(5), \fBfsattr\fR(5), \fBlargefile\fR(5), \fBstandards\fR(5) .SH NOTES -.sp .LP Absolute changes do not work for the set-group-\fBID\fR bit of a directory. You must use \fBg+s\fR or \fBg-s\fR. @@ -2622,5 +2657,5 @@ with \fBACL\fR entries, both the file group owner permissions and the \fBACL\fR mask are changed to the new permissions. Be aware that the new \fBACL\fR mask permissions can change the effective permissions for additional users and groups who have \fBACL\fR entries on the file. Use the \fBgetfacl\fR(1) or -\fBls\fR(1)command to make sure the appropriate permissions are set for all +\fBls\fR(1) command to make sure the appropriate permissions are set for all \fBACL\fR entries. diff --git a/usr/src/man/man1/ls.1 b/usr/src/man/man1/ls.1 index 8327abc700..9f35b76a62 100644 --- a/usr/src/man/man1/ls.1 +++ b/usr/src/man/man1/ls.1 @@ -1,4 +1,5 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright 1989 AT&T .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved .\" Portions Copyright (c) 1992, X/Open Company Limited All Rights Reserved @@ -10,7 +11,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LS 1 "Jun 3, 2009" +.TH LS 1 "Nov 24, 2014" .SH NAME ls \- list contents of directory .SH SYNOPSIS @@ -39,7 +40,6 @@ ls \- list contents of directory .fi .SH DESCRIPTION -.sp .LP For each \fIfile\fR that is a directory, \fBls\fR lists the contents of the directory. For each \fIfile\fR that is an ordinary file, \fBls\fR repeats its @@ -177,13 +177,14 @@ looks as follows: .nf $ls -/ c file -rw-r--r-- 1 root root 0 May 10 14:17 file - {AHRSadim-u} + {AHRSadim-u--} $ls -/ v file -rw-r--r-- 1 root root 0 May 10 14:17 file - {archive,hidden,readonly,system,appendonly\e - nodump,immutable, av_modified,\e - noav_quarantined,nounlink} + {archive,hidden,readonly,system,\e + appendonly,nodump,immutable,av_modified,\e + noav_quarantined,nounlink,nooffline,\e + nosparse} $ls -l -% all file -rw-r--r-- 1 root root 0 May 10 14:17 file @@ -317,7 +318,6 @@ The 1000 bit is turned on, and execution is off (undefined bit-state). .RE .SS "/usr/bin/ls" -.sp .ne 2 .na \fB\fBl\fR\fR @@ -329,7 +329,6 @@ is on and the group execution bit is off). .RE .SS "/usr/xpg4/bin/ls and /usr/xpg6/bin/ls" -.sp .ne 2 .na \fB\fBL\fR\fR @@ -359,7 +358,6 @@ permissions during access. For others permissions, the third position can be occupied by \fBt\fR or \fBT\fR. These refer to the state of the sticky bit and execution permissions. .SS "Color Output" -.sp .LP If color output is enabled, the environment variable LS_COLORS is checked. If it exists, it's contents are used to control the colors used to display @@ -817,11 +815,9 @@ The appropriate color codes are chosen by selecting the most specific match, starting with the file suffixes and proceeding with the file types until a match is found. The \fBno\fR (normal file) type matches any file. .SH OPTIONS -.sp .LP The following options are supported: .SS "/usr/bin/ls, /usr/xpg4/bin/ls, and /usr/xpg6/bin/ls" -.sp .LP The following options are supported for all three versions: .sp @@ -1610,7 +1606,7 @@ either \fBfile_inherit\fR and or \fBdir_inherit\fR also being specified. .ad .sp .6 .RS 4n -Indicates if an alarm or audit record should be initiated upon successful +Indicates whether an alarm or audit record should be initiated upon successful accesses. Used with audit/alarm ACE types. .RE @@ -1621,8 +1617,8 @@ accesses. Used with audit/alarm ACE types. .ad .sp .6 .RS 4n -Indicates if an alarm or audit record should be initiated when access fails. -Used with audit/alarm ACE types. +Indicates whether an alarm or audit record should be initiated when access +fails. Used with audit/alarm ACE types. .RE .sp @@ -1773,7 +1769,7 @@ for files that have extended attributes. .sp .ne 2 .na -\fB\fB-c\fR | \fB-v\fR\fR +\fB\fB-/ c\fR | \fBv\fR\fR .ad .sp .6 .RS 4n @@ -1888,6 +1884,17 @@ when attempting to unlink or rename files and directories that are marked as .sp .ne 2 .na +\fB\fBoffline\fR\fR +.ad +.sp .6 +.RS 4n +Indicate that a file is offline. Solaris systems have no special semantics for +this attribute. +.RE + +.sp +.ne 2 +.na \fB\fBreadonly\fR\fR .ad .sp .6 @@ -1900,6 +1907,19 @@ still be modified. .sp .ne 2 .na +\fB\fBsparse\fR\fR +.ad +.sp .6 +.RS 4n +Indicate that a file can be interpreted as sparse. It does not indicate that +the file is actually sparse or not. The sparse attribute is cleared when the +file is truncated to zero length. Solaris systems have no other special +semantics for this attribute. +.RE + +.sp +.ne 2 +.na \fB\fBsystem\fR\fR .ad .sp .6 @@ -1926,13 +1946,15 @@ immutable i av_modified m av_quarantined q nounlink u +offline O +sparse s .fi .in -2 .sp .sp .LP -The display in verbose mode (/ v) uses full attribute names when it is set and +The display in verbose mode (\fB-/ v\fR) uses full attribute names when it is set and the name prefixed by 'no' when it is not set. .sp .LP @@ -1949,17 +1971,19 @@ The display positions are as follows: .sp .in +2 .nf -{||||||||||} - |||||||||+- u (nounlink) - ||||||||+-- q (av_quarantined) - |||||||+--- m (av_modified) - ||||||+---- i (immutable) - |||||+----- d (nodump) - ||||+------ a (appendonly) - |||+------- S (system) - ||+-------- R (readonly) - |+--------- H (hidden) - +---------- A (archive) +{||||||||||||} + |||||||||||+- s (sparse) + ||||||||||+-- O (offline) + |||||||||+--- u (nounlink) + ||||||||+---- q (av_quarantined) + |||||||+----- m (av_modified) + ||||||+------ i (immutable) + |||||+------- d (nodump) + ||||+-------- a (appendonly) + |||+--------- S (system) + ||+---------- R (readonly) + |+----------- H (hidden) + +------------ A (archive) .fi .in -2 .sp @@ -2019,9 +2043,9 @@ If extended system attributes are not supported or if the user does not have not set, \fBcrtime\fR is treated as a synonym for \fBmtime\fR. .sp .LP -When option argument \fB-all\fR is specified, all available timestamps are -printed which includes \fB-atime\fR, \fB-ctime\fR, \fB-mtime\fR and on the -extended system attribute supporting file systems, \fB-crtime\fR (create time). +When option argument \fBall\fR is specified, all available timestamps are +printed which includes \fBatime\fR, \fBctime\fR, \fBmtime\fR and on the +extended system attribute supporting file systems, \fBcrtime\fR (create time). The option \fB-% all\fR does not effect which timestamp is displayed in long format and does not affect sorting. .sp @@ -2205,7 +2229,6 @@ all files. .RE .SS "/usr/bin/ls" -.sp .ne 2 .na \fB\fB-F\fR\fR @@ -2247,7 +2270,6 @@ groups is not considered an error: \fB-C\fR and \fB-1\fR (one), \fB-H\fR and determines the timestamps used for sorting or in long format listings. The last option \fB-t\fR, \fB-S\fR, or \fB-U\fR determines the sorting behavior. .SS "/usr/xpg4/bin/ls" -.sp .ne 2 .na \fB\fB-F\fR\fR @@ -2284,7 +2306,6 @@ option specifying a specific timestamp (\fB-c\fR, \fB-u\fR, \fB-% atime\fR , used for sorting or in long format listings. The last \fB-t\fR, \fB-S\fR, or \fB-U\fR option determines the sorting behavior. .SS "/usr/xpg6/bin/ls" -.sp .ne 2 .na \fB\fB-F\fR\fR @@ -2323,7 +2344,6 @@ crtime\fR, \fB-% ctime\fR, and \fB-% mtime\fR) determines the timestamps used for sorting or in long format listings. The last \fB-t\fR, \fB-S\fR, or \fB-U\fR option determines the sorting behavior. .SH OPERANDS -.sp .LP The following operand is supported: .sp @@ -2338,7 +2358,6 @@ diagnostic message is output on standard error. .RE .SH USAGE -.sp .LP See \fBlargefile\fR(5) for the description of the behavior of \fBls\fR when encountering files greater than or equal to 2 Gbyte ( 2^31 bytes). @@ -2517,22 +2536,24 @@ including indirect blocks, is printed. .nf example% ls -/ c file (extended system attribute in compact mode) -rw-r--r-- 1 root root 0 May 10 14:17 file - {AHRSadim-u} + {AHRSadim-u--} .fi .in -2 .sp .sp .LP -In this example, \fBav_quarantined\fR is not set. +In this example, \fBav_quarantined\fR, \fBoffline\fR, and \fBsparse\fR +are not set. .sp .in +2 .nf example% ls -/ v file (extended system attribute in verbose mode) -rw-r--r-- 1 root root 0 May 10 14:17 file - {archive,hidden,readonly,system,appendonly\e - nodump,immutable,av_modified,\e - noav_quarantined,nounlink} + {archive,hidden,readonly,system,\e + appendonly,nodump,immutable,av_modified,\e + noav_quarantined,nounlink,nooffline,\e + nosparse} example% ls -/ v file (no extended system attribute) -rw-r--r-- 1 root staff 0 May 16 14:48 file @@ -2542,7 +2563,7 @@ example% ls -/ c file (extended system attribute supported file system) -rw-r--r-- 1 root staff 3 Jun 4 22:04 file - {A------m--} + {A------m----} .fi .in -2 .sp @@ -2557,7 +2578,7 @@ extended system attribute supported file. example% ls -/ c -%crtime file -rw-r--r-- root root 0 May 10 14:17 file - {AHRSadim-u} + {AHRSadim-u--} .fi .in -2 .sp @@ -2588,7 +2609,6 @@ example% ls -%crtime -tl file* .LP In this example the files are sorted by creation time. .SH ENVIRONMENT VARIABLES -.sp .LP See \fBenviron\fR(5) for descriptions of the following environment variables that affect the execution of \fBls\fR: \fBLANG\fR, \fBLC_ALL\fR, @@ -2634,7 +2654,6 @@ is generated regardless of the value of the --color option. .RE .SH EXIT STATUS -.sp .ne 2 .na \fB\fB0\fR\fR @@ -2653,7 +2672,6 @@ An error occurred. .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/group\fR\fR @@ -2684,13 +2702,10 @@ terminal information database .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .SS "/usr/bin/ls" -.sp -.sp .TS box; c | c @@ -2715,9 +2730,7 @@ For all options except \fB-A\fR, \fB-b\fR, \fB-e\fR, \fB-E,\fR \fB-h\fR, \fB--numeric-uid-gid\fR, \fB--reverse\fR, \fB--recursive\fR, \fB--si\fR, \fB--size\fR, and \fB--time-style\fR, see \fBstandards\fR(5). .SS "/usr/xpg4/bin/ls" -.sp -.sp .TS box; c | c @@ -2742,9 +2755,7 @@ For all options except \fB-A\fR, \fB-b\fR, \fB-e\fR, \fB-E,\fR \fB-h\fR, \fB--numeric-uid-gid\fR, \fB--reverse\fR, \fB--recursive\fR, \fB--si\fR, \fB--size\fR, and \fB--time-style\fR, see \fBstandards\fR(5). .SS "/usr/xpg6/bin/ls" -.sp -.sp .TS box; c | c @@ -2769,13 +2780,11 @@ For all options except \fB-A\fR, \fB-b\fR, \fB-e\fR, \fB-E,\fR \fB-h\fR, \fB--numeric-uid-gid\fR, \fB--reverse\fR, \fB--recursive\fR, \fB--si\fR, \fB--size\fR, and \fB--time-style\fR, see \fBstandards\fR(5). .SH SEE ALSO -.sp .LP \fBchmod\fR(1), \fBcp\fR(1), \fBsetfacl\fR(1), \fBfgetattr\fR(3C), \fBstrftime\fR(3C), \fBterminfo\fR(4), \fBacl\fR(5), \fBattributes\fR(5), \fBenviron\fR(5), \fBfsattr\fR(5), \fBlargefile\fR(5), \fBstandards\fR(5) .SH NOTES -.sp .LP Unprintable characters in file names can confuse the columnar output options. .sp diff --git a/usr/src/man/man1m/nfslogd.1m b/usr/src/man/man1m/nfslogd.1m index 6667c4b525..e5346cb861 100644 --- a/usr/src/man/man1m/nfslogd.1m +++ b/usr/src/man/man1m/nfslogd.1m @@ -1,10 +1,11 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright (c) 1999, Sun Microsystems, Inc. .\" All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH NFSLOGD 1M "Dec 2, 2004" +.TH NFSLOGD 1M "Nov 24, 2014" .SH NAME nfslogd \- nfs logging daemon .SH SYNOPSIS @@ -14,7 +15,6 @@ nfslogd \- nfs logging daemon .fi .SH DESCRIPTION -.sp .LP The \fBnfslogd\fR daemon provides operational logging to the Solaris \fBNFS\fR server. It is the \fBnfslogd\fR daemon's job to generate the activity log by @@ -179,7 +179,6 @@ must be between 1 and \fBINT_MAX\fR. .RE .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -201,7 +200,6 @@ Daemon failed to start. .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/nfs/nfslogtab\fR \fR @@ -229,6 +227,25 @@ Daemon failed to start. .RE .SH SEE ALSO -.sp .LP \fBshare_nfs\fR(1M), \fBnfslog.conf\fR(4), \fBattributes\fR(5) +.sp +.LP +\fI\fR +.SH NOTES +.LP +The \fBnfslogd\fR service is managed by the service management facility, +\fBsmf\fR(5), under the service identifier: +.sp +.in +2 +.nf +svc:/network/nfs/log +.fi +.in -2 +.sp + +.sp +.LP +Administrative actions on this service, such as enabling, disabling, or +requesting restart, can be performed using \fBsvcadm\fR(1M). The service's +status can be queried using the \fBsvcs\fR(1) command. diff --git a/usr/src/man/man1m/share_nfs.1m b/usr/src/man/man1m/share_nfs.1m index 8d6a1a6013..f95320cc7b 100644 --- a/usr/src/man/man1m/share_nfs.1m +++ b/usr/src/man/man1m/share_nfs.1m @@ -1,872 +1,740 @@ -'\" te -.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. +.\" +.\" CDDL HEADER START +.\" +.\" The contents of this file are subject to the terms of the +.\" Common Development and Distribution License (the "License"). +.\" You may not use this file except in compliance with the License. +.\" +.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +.\" or http://www.opensolaris.org/os/licensing. +.\" See the License for the specific language governing permissions +.\" and limitations under the License. +.\" +.\" When distributing Covered Code, include this CDDL HEADER in each +.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE. +.\" If applicable, add the following below this CDDL HEADER, with the +.\" fields enclosed by brackets "[]" replaced with your own identifying +.\" information: Portions Copyright [yyyy] [name of copyright owner] +.\" +.\" CDDL HEADER END +.\" +.\" .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH SHARE_NFS 1M "Jun 30, 2014" -.SH NAME -share_nfs \- make local NFS file systems available for mounting by remote -systems -.SH SYNOPSIS -.LP -.nf -\fBshare\fR [\fB-d\fR \fIdescription\fR] [\fB-F\fR nfs] [\fB-o\fR \fIspecific_options\fR] \fIpathname\fR -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBshare\fR utility makes local file systems available for mounting by -remote systems. It starts the \fBnfsd\fR(1M) and \fBmountd\fR(1M) daemons if -they are not already running. -.sp -.LP -If no argument is specified, then \fBshare\fR displays all file systems -currently shared, including \fBNFS\fR file systems and file systems shared -through other distributed file system packages. -.SH OPTIONS -.sp -.LP +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. +.\" +.Dd November 10, 2014 +.Dt SHARE_NFS 1M +.Os +.Sh NAME +.Nm share_nfs +.Nd make local NFS file systems available for mounting by remote systems +.Sh SYNOPSIS +.Nm share +.Op Fl d Ar description +.Op Fl F Sy nfs +.Op Fl o Ar specific_options +.Ar pathname +.Sh DESCRIPTION +The +.Nm share +utility makes local file systems available for mounting by remote systems. It +starts the +.Xr nfsd 1M +and +.Xr mountd 1M +daemons if they are not already running. +.Pp +If no argument is specified, then +.Nm share +displays all file systems currently shared, including NFS file systems and file +systems shared through other distributed file system packages. +.Sh OPTIONS The following options are supported: -.sp -.ne 2 -.na -\fB\fB-d\fR \fIdescription\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "indented" +.It Fl d Ar description Provide a comment that describes the file system to be shared. -.RE - -.sp -.ne 2 -.na -\fB\fB\fR\fB-F\fR \fBnfs\fR\fR -.ad -.sp .6 -.RS 4n -Share \fBNFS\fR file system type. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIspecific_options\fR\fR -.ad -.sp .6 -.RS 4n -Specify \fIspecific_options\fR in a comma-separated list of keywords and -attribute-value-assertions for interpretation by the file-system-type-specific -command. If \fIspecific_options\fR is not specified, then by default sharing is -read-write to all clients. \fIspecific_options\fR can be any combination of the -following: -.sp -.ne 2 -.na -\fB\fBaclok\fR\fR -.ad -.sp .6 -.RS 4n -Allows the \fBNFS\fR server to do access control for \fBNFS\fR Version 2 -clients (running SunOS 2.4 or earlier). When \fBaclok\fR is set on the server, -maximal access is given to all clients. For example, with \fBaclok\fR set, if -anyone has read permissions, then everyone does. If \fBaclok\fR is not set, -minimal access is given to all clients. -.RE - -.sp -.ne 2 -.na -\fB\fBanon=\fR\fIuid\fR\fR -.ad -.sp .6 -.RS 4n -Set \fIuid\fR to be the effective user \fBID\fR of unknown users. By default, -unknown users are given the effective user \fBID\fR \fBUID_NOBODY\fR. If -\fIuid\fR is set to \fB\(mi1\fR, access is denied. -.RE - -.sp -.ne 2 -.na -\fB\fIcharset\fR=\fIaccess_list\fR\fR -.ad -.sp .6 -.RS 4n -Where \fIcharset\fR is one of: \fBeuc-cn\fR, \fBeuc-jp\fR, \fBeuc-jpms\fR, -\fBeuc-kr\fR, \fBeuc-tw\fR, \fBiso8859-1\fR, \fBiso8859-2\fR, \fBiso8859-5\fR, -\fBiso8859-6\fR, \fBiso8859-7\fR, \fBiso8859-8\fR, \fBiso8859-9\fR, -\fBiso8859-13\fR, \fBiso8859-15\fR, \fBkoi8-r\fR. -.sp -Clients that match the \fIaccess_list\fR for one of these properties will be -assumed to be using that character set and file and path names will be -converted to UTF-8 for the server. -.RE - -.sp -.ne 2 -.na -\fB\fBgidmap=\fR\fImapping\fR[\fB~\fR\fImapping\fR]...\fR -.ad -.sp .6 -.RS 4n -Where \fImapping\fR is: -.sp -[\fIclnt\fR]\fB:\fR[\fIsrv\fR]\fB:\fR\fIaccess_list\fR -.sp +.It Fl F Sy nfs +Share NFS file system type. +.It Fl o Ar specific_options +Specify +.Ar specific_options +in a comma-separated list of keywords and attribute-value-assertions for +interpretation by the file-system-type-specific command. If +.Ar specific_options +is not specified, then by default sharing is read-write to all clients. +.Ar specific_options +can be any combination of the following: +.Bl -tag -width "indented" +.It Sy aclok +Allows the NFS server to do access control for NFS Version 2 clients (running +SunOS 2.4 or earlier). When +.Sy aclok +is set on the server, maximal access is given to all clients. For example, with +.Sy aclok +set, if anyone has read permissions, then everyone does. If +.Sy aclok +is not set, minimal access is given to all clients. +.It Sy anon Ns = Ns Ar uid +Set +.Ar uid +to be the effective user ID of unknown users. By default, unknown users are +given the effective user ID UID_NOBODY. If uid is set to -1, access is denied. +.It Ar charset Ns = Ns Ar access_list +Where +.Ar charset +is one of: euc-cn, euc-jp, euc-jpms, euc-kr, euc-tw, iso8859-1, iso8859-2, +iso8859-5, iso8859-6, iso8859-7, iso8859-8, iso8859-9, iso8859-13, iso8859-15, +koi8-r. +.Pp +Clients that match the +.Ar access_list +for one of these properties will be assumed to be using that character set and +file and path names will be converted to UTF-8 for the server. +.It Sy gidmap Ns = Ns Ar mapping Ns Oo ~ Ns Ar mapping Oc Ns ... +Where +.Ar mapping +is: +.Oo Ar clnt Oc : Ns Oo Ar srv Oc : Ns Ar access_list +.Pp Allows remapping the group ID (gid) in the incoming request to some other gid. This effectively changes the identity of the user in the request to that of some other local user. -.sp -For clients where the gid in the incoming request is \fIclnt\fR and the client -matches the \fIaccess_list\fR, change the group ID to \fIsrv\fR. If \fIclnt\fR -is asterisk (*), all groups are mapped by this rule. If \fIclnt\fR is omitted, -all unknown groups are mapped by this rule. If \fIsrv\fR is set to \(mi1, -access is denied. If \fIsrv\fR is omitted, the gid is mapped to -\fBUID_NOBODY\fR. -.sp -The particular \fImapping\fRs are separated in the \fBgidmap=\fR option -by tilde (~) and are evaluated in the specified order until a match is -found. Both \fBroot=\fR and \fBroot_mapping=\fR options (if specified) are -evaluated before the \fBgidmap=\fR option. The \fBgidmap=\fR option is -skipped in the case where the client matches the \fBroot=\fR option. -.sp -The \fBgidmap=\fR option is evaluated before the \fBanon=\fR option. -.sp -This option is supported only for \fBAUTH_SYS\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBindex=\fR\fBfile\fR\fR -.ad -.sp .6 -.RS 4n -Load \fBfile\fR rather than a listing of the directory containing this file -when the directory is referenced by an \fBNFS URL\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBlog=tag\fR\fR -.ad -.sp .6 -.RS 4n -Enables \fBNFS\fR server logging for the specified file system. The optional -tag determines the location of the related log files. The \fBtag\fR is defined -in \fBetc/nfs/nfslog.conf\fR. If no \fBtag\fR is specified, the default values -associated with the \fBglobal\fR \fBtag\fR in \fBetc/nfs/nfslog.conf\fR is -used. Support of NFS server logging is only available for NFS Version 2 and +.Pp +For clients where the gid in the incoming request is +.Ar clnt +and the client matches the +.Ar access_list Ns +, change the group ID to +.Ar srv Ns . If +.Ar clnt +is asterisk (*), all groups are mapped by this rule. If +.Ar clnt +is omitted, all unknown groups are mapped by this rule. If +.Ar srv +is set to -1, access is denied. If +.Ar srv +is omitted, the gid is mapped to UID_NOBODY. +.Pp +The particular +.Ar mapping Ns s +are separated in the +.Sy gidmap Ns = +option by tilde (~) and are evaluated in the specified order until a match is +found. Both +.Sy root Ns = +and +.Sy root_mapping Ns = +options (if specified) are evaluated before the +.Sy gidmap Ns = +option. The +.Sy gidmap Ns = +option is skipped in the case where the client matches the +.Sy root Ns = +option. +.Pp +The +.Sy gidmap Ns = +option is evaluated before the +.Sy anon Ns = +option. +.Pp +This option is supported only for AUTH_SYS. +.It Sy index Ns = Ns Ar file +Load +.Ar file +rather than a listing of the directory containing this file when the +directory is referenced by an NFS URL. +.It Sy log Ns Oo = Ns Ar tag Oc +Enables NFS server logging for the specified file system. The optional +.Ar tag +determines the location of the related log files. The +.Ar tag +is defined in +.Pa /etc/nfs/nfslog.conf . +If no +.Ar tag +is specified, the default values associated with the global tag in +.Pa /etc/nfs/nfslog.conf +are used. Support of NFS server logging is only available for NFS Version 2 and Version 3 requests. -.RE - -.sp -.ne 2 -.na -\fB\fBnone=\fR\fIaccess_list\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy none Ns = Ns Ar access_list Access is not allowed to any client that matches the access list. The exception -is when the access list is an asterisk (\fB*\fR), in which case \fBro\fR or -\fBrw\fR can override \fBnone\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBnosub\fR\fR -.ad -.sp .6 -.RS 4n +is when the access list is an asterisk (*), in which case +.Sy ro +or +.Sy rw +can override +.Sy none . +.It Sy nosub Prevents clients from mounting subdirectories of shared directories. For -example, if \fB/export\fR is shared with the \fBnosub\fR option on server -\fIfooey\fR then a \fBNFS\fR client cannot do: -.sp -.in +2 -.nf +example, if +.Pa /export +is shared with the +.Sy nosub +option on server +.Qq fooey +then a NFS client cannot do: +.Bd -literal -offset indent mount -F nfs fooey:/export/home/mnt -.fi -.in -2 -.sp - -NFS Version 4 does not use the \fBMOUNT\fR protocol. The \fBnosub\fR option -only applies to NFS Version 2 and Version 3 requests. -.RE - -.sp -.ne 2 -.na -\fB\fBnosuid\fR\fR -.ad -.sp .6 -.RS 4n +.Ed +.Pp +NFS Version 4 does not use the MOUNT protocol. The +.Sy nosub +option only applies to NFS Version 2 and Version 3 requests. +.It Sy nosuid By default, clients are allowed to create files on the shared file system with -the setuid or setgid mode enabled. Specifying \fBnosuid\fR causes the server -file system to silently ignore any attempt to enable the setuid or setgid mode -bits. -.RE - -.sp -.ne 2 -.na -\fB\fBpublic\fR\fR -.ad -.sp .6 -.RS 4n -Moves the location of the public file handle from \fBroot\fR (\fB/\fR) to the -exported directory for Web\fBNFS\fR-enabled browsers and clients. This option -does not enable Web\fBNFS\fR service; Web\fBNFS\fR is always on. Only one file -system per server may use this option. Any other option, including the -\fB-ro=list\fR and \fB-rw=list\fR options can be included with the \fBpublic\fR +the setuid or setgid mode enabled. Specifying +.Sy nosuid +causes the server file system to silently ignore any attempt to enable the +setuid or setgid mode bits. +.It Sy public +Moves the location of the public file handle from root +.Pa ( / ) +to the exported directory for WebNFS-enabled browsers and clients. This option +does not enable WebNFS service; WebNFS is always on. Only one file system per +server may use this option. Any other option, including the +.Sy ro Ns = Ns Ar list +and +.Sy rw Ns = Ns Ar list +options can be included with the +.Sy public option. -.RE - -.sp -.ne 2 -.na -\fB\fBro\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy ro Sharing is read-only to all clients. -.RE - -.sp -.ne 2 -.na -\fB\fBro=\fR\fIaccess_list\fR\fR -.ad -.sp .6 -.RS 4n -Sharing is read-only to the clients listed in \fIaccess_list\fR; overrides the -\fBrw\fR suboption for the clients specified. See \fIaccess_list\fR below. -.RE - -.sp -.ne 2 -.na -\fB\fBroot=\fR\fIaccess_list\fR\fR -.ad -.sp .6 -.RS 4n -Only root users from the hosts specified in \fIaccess_list\fR have root access. -See \fIaccess_list\fR below. By default, no host has root access, so root users -are mapped to an anonymous user \fBID\fR (see the \fBanon=\fR\fIuid\fR option -described above). Netgroups can be used if the file system shared is using UNIX -authentication (\fBAUTH_SYS\fR). -.RE - -.sp -.ne 2 -.na -\fB\fBroot_mapping=\fIuid\fR\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy ro Ns = Ns Ar access_list +Sharing is read-only to the clients listed in +.Ar access_list ; +overrides the +.Sy rw +suboption for the clients specified. See +.Sx access_list +below. +.It Sy root Ns = Ns Ar access_list +Only root users from the hosts specified in +.Ar access_list +have root access. See +.Sx access_list +below. By default, no host has root access, so root users are mapped to an +anonymous user ID (see the +.Sy anon Ns = Ns Ar uid +option described above). Netgroups can be used if the file system shared is +using UNIX authentication (AUTH_SYS). +.It Sy root_mapping Ns = Ns Ar uid For a client that is allowed root access, map the root UID to the specified user id. -.RE - -.sp -.ne 2 -.na -\fB\fBrw\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy rw Sharing is read-write to all clients. -.RE - -.sp -.ne 2 -.na -\fB\fBrw=\fR\fIaccess_list\fR\fR -.ad -.sp .6 -.RS 4n -Sharing is read-write to the clients listed in \fIaccess_list\fR; overrides the -\fBro\fR suboption for the clients specified. See \fIaccess_list\fR below. -.RE - -.sp -.ne 2 -.na -\fB\fBsec=\fR\fImode\fR[\fB:\fR\fImode\fR].\|.\|.\fR -.ad -.sp .6 -.RS 4n -Sharing uses one or more of the specified security modes. The \fImode\fR in the -\fBsec=\fR\fImode\fR option must be a node name supported on the client. If the -\fBsec=\fR option is not specified, the default security mode used is -\fBAUTH_SYS.\fR Multiple \fBsec=\fR options can be specified on the command -line, although each mode can appear only once. The security modes are defined -in \fBnfssec\fR(5). -.sp -Each \fBsec=\fR option specifies modes that apply to any subsequent \fBwindow=, -rw, ro, rw=, ro=\fR and \fBroot=\fR options that are provided before another -\fBsec=\fRoption. Each additional \fBsec=\fR resets the security mode context, -so that more \fBwindow=,\fR \fBrw,\fR \fBro,\fR \fBrw=,\fR \fBro=\fR and -\fBroot=\fR options can be supplied for additional modes. -.RE - -.sp -.ne 2 -.na -\fB\fBsec=\fR\fInone\fR\fR -.ad -.sp .6 -.RS 4n -If the option \fBsec=\fR\fInone\fR is specified when the client uses -\fBAUTH_NONE,\fR or if the client uses a security mode that is not one that the -file system is shared with, then the credential of each \fBNFS\fR request is -treated as unauthenticated. See the \fBanon=\fR\fIuid\fR option for a -description of how unauthenticated requests are handled. -.RE - -.sp -.ne 2 -.na -\fB\fBsecure\fR\fR -.ad -.sp .6 -.RS 4n -This option has been deprecated in favor of the \fBsec=\fR\fIdh\fR option. -.RE - -.sp -.ne 2 -.na -\fB\fBuidmap=\fR\fImapping\fR[\fB~\fR\fImapping\fR]...\fR -.ad -.sp .6 -.RS 4n -Where \fImapping\fR is: -.sp -[\fIclnt\fR]\fB:\fR[\fIsrv\fR]\fB:\fR\fIaccess_list\fR -.sp +.It Sy rw Ns = Ns Ar access_list +Sharing is read-write to the clients listed in +.Ar access_list ; +overrides the +.Sy ro +suboption for the clients specified. See +.Sx access_list +below. +.It Sy sec Ns = Ns Ar mode Ns Oo : Ns Ar mode Oc Ns ... +Sharing uses one or more of the specified security modes. The +.Ar mode +in the +.Sy sec Ns = Ns Ar mode +option must be a mode name supported on the client. If the +.Sy sec Ns = +option is not specified, the default security mode used is AUTH_SYS. Multiple +.Sy sec Ns = +options can be specified on the command line, although each mode can appear +only once. The security modes are defined in +.Xr nfssec 5 . +.Pp +Each +.Sy sec Ns = +option specifies modes that apply to any subsequent +.Sy window Ns = , +.Sy rw , +.Sy ro , +.Sy rw Ns = , +.Sy ro Ns = , +and +.Sy root Ns = +options that are provided before another +.Sy sec Ns = +option. +Each additional +.Sy sec Ns = +resets the security mode context, so that more +.Sy window Ns = , +.Sy rw , +.Sy ro , +.Sy rw Ns = , +.Sy ro Ns = , +and +.Sy root Ns = +options can be supplied for additional modes. +.It Sy sec Ns = Ns Sy none +If the option +.Sy sec Ns = Ns Sy none +is specified when the client uses AUTH_NONE, or if the client uses a security +mode that is not one that the file system is shared with, then the credential +of each NFS request is treated as unauthenticated. See the +.Sy anon Ns = Ns Ar uid +option for a description of how unauthenticated requests are handled. +.It Sy secure +This option has been deprecated in favor of the +.Sy sec Ns = Ns Sy dh +option. +.It Sy uidmap Ns = Ns Ar mapping Ns Oo ~ Ns Ar mapping Oc Ns ... +Where +.Ar mapping +is: +.Oo Ar clnt Oc : Ns Oo Ar srv Oc : Ns Ar access_list +.Pp Allows remapping the user ID (uid) in the incoming request to some other uid. This effectively changes the identity of the user in the request to that of some other local user. -.sp -For clients where the uid in the incoming request is \fIclnt\fR and the client -matches the \fIaccess_list\fR, change the user ID to \fIsrv\fR. If \fIclnt\fR -is asterisk (*), all users are mapped by this rule. If \fIclnt\fR is omitted, -all unknown users are mapped by this rule. If \fIsrv\fR is set to \(mi1, -access is denied. If \fIsrv\fR is omitted, the uid is mapped to -\fBUID_NOBODY\fR. -.sp -The particular \fImapping\fRs are separated in the \fBuidmap=\fR option -by tilde (~) and are evaluated in the specified order until a match is -found. Both \fBroot=\fR and \fBroot_mapping=\fR options (if specified) are -evaluated before the \fBuidmap=\fR option. The \fBuidmap=\fR option is -skipped in the case where the client matches the \fBroot=\fR option. -.sp -The \fBuidmap=\fR option is evaluated before the \fBanon=\fR option. -.sp -This option is supported only for \fBAUTH_SYS\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBwindow=\fR\fIvalue\fR\fR -.ad -.sp .6 -.RS 4n -When sharing with \fBsec=\fR\fIdh\fR, set the maximum life time (in seconds) of -the \fBRPC\fR request's credential (in the authentication header) that the -\fBNFS\fR server allows. If a credential arrives with a life time larger than -what is allowed, the \fBNFS\fR server rejects the request. The default value is -30000 seconds (8.3 hours). -.RE - -.RE - -.SS "\fIaccess_list\fR" -.sp -.LP -The \fIaccess_list\fR argument is a colon-separated list whose components may -be any number of the following: -.sp -.ne 2 -.na -\fBhostname\fR -.ad -.sp .6 -.RS 4n -The name of a host. With a server configured for \fBDNS\fR or \fBLDAP\fR naming -in the \fBnsswitch\fR "hosts" entry, any hostname must be represented as a -fully qualified \fBDNS\fR or \fBLDAP\fR name. -.RE - -.sp -.ne 2 -.na -\fBnetgroup\fR -.ad -.sp .6 -.RS 4n -A netgroup contains a number of hostnames. With a server configured for -\fBDNS\fR or \fBLDAP\fR naming in the \fBnsswitch\fR "hosts" entry, any -hostname in a netgroup must be represented as a fully qualified \fBDNS\fR or -\fBLDAP\fR name. -.RE - -.sp -.ne 2 -.na -\fBdomain name suffix\fR -.ad -.sp .6 -.RS 4n -To use domain membership the server must use \fBDNS\fR or \fBLDAP\fR to resolve -hostnames to \fBIP\fR addresses; that is, the "hosts" entry in the -\fB/etc/nsswitch.conf\fR must specify "dns" or "ldap" ahead of "nis" or -"nisplus", since only \fBDNS\fR and \fBLDAP\fR return the full domain name of -the host. Other name services like \fBNIS\fR or \fBNIS+\fR cannot be used to -resolve hostnames on the server because when mapping an \fBIP\fR address to a -hostname they do not return domain information. For example, -.sp -.in +2 -.nf +.Pp +For clients where the uid in the incoming request is +.Ar clnt +and the client matches the +.Ar access_list Ns +, change the user ID to +.Ar srv Ns . If +.Ar clnt +is asterisk (*), all users are mapped by this rule. If +.Ar clnt +is omitted, all unknown users are mapped by this rule. If +.Ar srv +is set to -1, access is denied. If +.Ar srv +is omitted, the uid is mapped to UID_NOBODY. +.Pp +The particular +.Ar mapping Ns s +are separated in the +.Sy uidmap Ns = +option by tilde (~) and are evaluated in the specified order until a match is +found. Both +.Sy root Ns = +and +.Sy root_mapping Ns = +options (if specified) are evaluated before the +.Sy uidmap Ns = +option. The +.Sy uidmap Ns = +option is skipped in the case where the client matches the +.Sy root Ns = +option. +.Pp +The +.Sy uidmap Ns = +option is evaluated before the +.Sy anon Ns = +option. +.Pp +This option is supported only for AUTH_SYS. +.It Sy window Ns = Ns Ar value +When sharing with +.Sy sec Ns = Ns Sy dh , +set the maximum life time (in seconds) of the RPC request's credential (in the +authentication header) that the NFS server allows. If a credential arrives with +a life time larger than what is allowed, the NFS server rejects the request. The +default value is 30000 seconds (8.3 hours). +.El +.El +.Ss access_list +The +.Ar access_list +argument is a colon-separated list whose components may be any number of the +following: +.Bl -tag -width "indented" +.It Sy hostname +The name of a host. With a server configured for DNS or LDAP naming in the +nsswitch +.Sy hosts +entry, any hostname must be represented as a fully qualified DNS or LDAP name. +.It Sy netgroup +A netgroup contains a number of hostnames. With a server configured for DNS or +LDAP naming in the nsswitch +.Sy hosts +entry, any hostname in a netgroup must be represented as a fully qualified DNS +or LDAP name. +.It Sy domain name suffix +To use domain membership the server must use DNS or LDAP to resolve hostnames to +IP addresses; that is, the +.Sy hosts +entry in the +.Pa /etc/nsswitch.conf +must specify +.Sy dns +or +.Sy ldap +ahead of +.Sy nis +or +.Sy nisplus , +since only DNS and LDAP return the full domain name of the host. Other name +services like NIS or NIS+ cannot be used to resolve hostnames on the server +because when mapping an IP address to a hostname they do not return domain +information. For example, +.Bd -literal -offset indent NIS or NIS+ 172.16.45.9 --> "myhost" -.fi -.in -2 -.sp - +.Ed +.Pp and -.sp -.in +2 -.nf -DNS or LDAP 172.16.45.9 --> - "myhost.mydomain.mycompany.com" -.fi -.in -2 -.sp - +.Bd -literal -offset indent +DNS or LDAP 172.16.45.9 --> "myhost.mydomain.mycompany.com" +.Ed +.Pp The domain name suffix is distinguished from hostnames and netgroups by a prefixed dot. For example, -.sp -\fBrw=.mydomain.mycompany.com\fR -.sp +.Bd -literal -offset indent +rw=.mydomain.mycompany.com +.Ed +.Pp A single dot can be used to match a hostname with no suffix. For example, -.sp -\fBrw=.\fR -.sp -matches "mydomain" but not "mydomain.mycompany.com". This feature can be used -to match hosts resolved through \fBNIS\fR and \fBNIS+\fR rather than \fBDNS\fR -and \fBLDAP\fR. -.RE - -.sp -.ne 2 -.na -\fBnetwork\fR -.ad -.sp .6 -.RS 4n -The network or subnet component is preceded by an at-sign (\fB@\fR). It can be -either a name or a dotted address. If a name, it is converted to a dotted -address by \fBgetnetbyname\fR(3SOCKET). For example, -.sp -\fB=@mynet\fR -.sp +.Bd -literal -offset indent +rw=. +.Ed +.Pp +matches +.Qq mydomain +but not +.Qq mydomain.mycompany.com . +This feature can be used to match hosts resolved through NIS and NIS+ rather +than DNS and LDAP. +.It Sy network +The network or subnet component is preceded by an at-sign (@). It can be either +a name or a dotted address. If a name, it is converted to a dotted address by +.Xr getnetbyname 3SOCKET . +For example, +.Bd -literal -offset indent +=@mynet +.Ed +.Pp would be equivalent to: -.sp -\fB=@172.16\fR or \fB=@172.16.0.0\fR -.sp +.Bd -literal -offset indent +=@172.16 or =@172.16.0.0 +.Ed +.Pp The network prefix assumes an octet-aligned netmask determined from the zeroth octet in the low-order part of the address up to and including the high-order octet, if you want to specify a single IP address (see below). In the case where network prefixes are not byte-aligned, the syntax allows a mask length to -be specified explicitly following a slash (\fB/\fR) delimiter. For example, -.sp -\fB=@theothernet/17\fR or \fB=@172.16.132/22\fR -.sp -\&...where the mask is the number of leftmost contiguous significant bits in -the corresponding IP address. -.sp -When specifying individual IP addresses, use the same \fB@\fR notation -described above, without a netmask specification. For example: -.sp -.in +2 -.nf +be specified explicitly following a slash (/) delimiter. For example, +.Bd -literal -offset indent +=@theothernet/17 or =@172.16.132/22 +.Ed +.Pp +where the mask is the number of leftmost contiguous significant bits in the +corresponding IP address. +.Pp +When specifying individual IP addresses, use the same @ notation described +above, without a netmask specification. For example: +.Bd -literal -offset indent =@172.16.132.14 -.fi -.in -2 -.sp - +.Ed +.Pp Multiple, individual IP addresses would be specified, for example, as: -.sp -.in +2 -.nf +.Bd -literal -offset indent root=@172.16.132.20:@172.16.134.20 -.fi -.in -2 -.sp - -.RE - -.sp -.LP -A prefixed minus sign (\fB\(mi\fR) denies access to that component of -\fIaccess_list\fR. The list is searched sequentially until a match is found -that either grants or denies access, or until the end of the list is reached. -For example, if host "terra" is in the "engineering" netgroup, then -.sp -.in +2 -.nf +.Ed +.El +.Pp +A prefixed minus sign (-) denies access to that component of +.Ar access_list . +The list is searched sequentially until a match is found that either grants or +denies access, or until the end of the list is reached. For example, if host +.Qq terra +is in the +.Qq engineering +netgroup, then +.Bd -literal -offset indent rw=-terra:engineering -.fi -.in -2 -.sp - -.sp -.LP -denies access to \fBterra\fR but -.sp -.in +2 -.nf +.Ed +.Pp +denies access to +.Qq terra +but +.Bd -literal -offset indent rw=engineering:-terra -.fi -.in -2 -.sp - -.sp -.LP -grants access to \fBterra\fR. -.SH OPERANDS -.sp -.LP +.Ed +.Pp +grants access to +.Qq terra . +.Sh OPERANDS The following operands are supported: -.sp -.ne 2 -.na -\fB\fIpathname\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "pathname" +.It Sy pathname The pathname of the file system to be shared. -.RE - -.SH EXAMPLES -.LP -\fBExample 1 \fRSharing A File System With Logging Enabled -.sp -.LP -The following example shows the \fB/export\fR file system shared with logging -enabled: - -.sp -.in +2 -.nf -example% \fBshare -o log /export\fR -.fi -.in -2 -.sp - -.sp -.LP -The default global logging parameters are used since no tag identifier is -specified. The location of the log file, as well as the necessary logging work -files, is specified by the global entry in \fB/etc/nfs/nfslog.conf\fR. The -\fBnfslogd\fR(1M) daemon runs only if at least one file system entry in -\fB/etc/dfs/dfstab\fR is shared with logging enabled upon starting or rebooting -the system. Simply sharing a file system with logging enabled from the command -line does not start the \fBnfslogd\fR(1M). - -.LP -\fBExample 2 \fRRemap A User Coming From The Particular NFS Client -.sp -.LP -The following example remaps the user with uid \fB100\fR at client -\fB10.0.0.1\fR to user \fBjoe\fR: - -.sp -.in +2 -.nf -example% \fBshare -o uidmap=100:joe:@10.0.0.1 /export\fR -.fi -.in -2 -.sp - -.SH EXIT STATUS -.sp -.LP -The following exit values are returned: -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.sp .6 -.RS 4n -Successful completion. -.RE - -.sp -.ne 2 -.na -\fB\fB>0\fR\fR -.ad -.sp .6 -.RS 4n -An error occurred. -.RE - -.SH FILES -.sp -.ne 2 -.na -\fB\fB/etc/dfs/fstypes\fR\fR -.ad -.sp .6 -.RS 4n -list of system types, \fBNFS\fR by default -.RE - -.sp -.ne 2 -.na -\fB\fB/etc/dfs/sharetab\fR\fR -.ad -.sp .6 -.RS 4n +.El +.Sh FILES +.Bl -tag -width "/etc/nfs/nfslog.conf" +.It Pa /etc/dfs/fstypes +list of system types, NFS by default +.It Pa /etc/dfs/sharetab system record of shared file systems -.RE - -.sp -.ne 2 -.na -\fB\fB/etc/nfs/nfslogtab\fR\fR -.ad -.sp .6 -.RS 4n +.It Pa /etc/nfs/nfslogtab system record of logged file systems -.RE - -.sp -.ne 2 -.na -\fB\fB/etc/nfs/nfslog.conf\fR\fR -.ad -.sp .6 -.RS 4n +.It Pa /etc/nfs/nfslog.conf logging configuration file -.RE - -.SH SEE ALSO -.sp -.LP -\fBmount\fR(1M), \fBmountd\fR(1M), \fBnfsd\fR(1M), \fBnfslogd\fR(1M), -\fBshare\fR(1M), \fBunshare\fR(1M), \fBgetnetbyname\fR(3SOCKET), -\fBnfslog.conf\fR(4), \fBnetgroup\fR(4), \fBattributes\fR(5), \fBnfssec\fR(5) -.SH NOTES -.sp -.LP -If the \fBsec=\fR option is presented at least once, all uses of the -\fBwindow=,\fR \fBrw,\fR \fBro,\fR \fBrw=,\fR \fBro=\fR and \fBroot=\fR options -must come \fBafter\fR the first \fBsec=\fR option. If the \fBsec=\fR option is -not presented, then \fBsec=\fR\fIsys\fR is implied. -.sp -.LP -If one or more explicit \fBsec=\fR options are presented, \fIsys\fR must appear -in one of the options mode lists for accessing using the \fBAUTH_SYS\fR +.El +.Sh EXIT STATUS +.Ex -std +.Sh EXAMPLES +.Ss Example 1 Sharing A File System With Logging Enabled +The following example shows the +.Pa /export +file system shared with logging enabled: +.Bd -literal -offset indent +share -o log /export +.Ed +.Pp +The default global logging parameters are used since no tag identifier is +specified. The location of the log file, as well as the necessary logging work +files, is specified by the global entry in +.Pa /etc/nfs/nfslog.conf . +The +.Xr nfslogd 1M +daemon runs only if at least one file system entry in +.Pa /etc/dfs/dfstab +is shared with logging enabled upon starting or rebooting the system. Simply +sharing a file system with logging enabled from the command line does not start +the +.Xr nfslogd 1M . +.Ss Example 2 Remap A User Coming From The Particular NFS Client +The following example remaps the user with uid +.Sy 100 +at client +.Sy 10.0.0.1 +to user +.Sy joe Ns : +.Bd -literal -offset indent +share -o uidmap=100:joe:@10.0.0.1 /export +.Ed +.Sh SEE ALSO +.Xr mount 1M , +.Xr mountd 1M , +.Xr nfsd 1M , +.Xr nfslogd 1M , +.Xr share 1M , +.Xr unshare 1M , +.Xr getnetbyname 3SOCKET , +.Xr nfslog.conf 4 , +.Xr netgroup 4 , +.Xr attributes 5 , +.Xr nfssec 5 +.Sh NOTES +If the +.Sy sec Ns = +option is presented at least once, all uses of the +.Sy window Ns = , +.Sy rw , +.Sy ro , +.Sy rw Ns = , +.Sy ro Ns = , +and +.Sy root Ns = +options must come after the first +.Sy sec Ns = +option. If the +.Sy sec Ns = +option is not presented, then +.Sy sec Ns = Ns Sy sys +is implied. +.Pp +If one or more explicit +.Sy sec Ns = +options are presented, +.Sy sys +must appear in one of the options mode lists for accessing using the AUTH_SYS security mode to be allowed. For example: -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs /var\fR -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBsec=sys /var\fR -.fi -.in -2 -.sp - -.sp -.LP -grants read-write access to any host using \fBAUTH_SYS,\fR but -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBsec=dh /var\fR -.fi -.in -2 -.sp - -.sp -.LP -grants no access to clients that use \fBAUTH_SYS.\fR -.sp -.LP -Unlike previous implementations of \fBshare_nfs\fR, access checking for the -\fBwindow=, rw, ro, rw=,\fR and \fBro=\fR options is done per \fBNFS\fR -request, instead of per mount request. -.sp -.LP +.Bd -literal -offset indent +share -F nfs /var +share -F nfs -o sec=sys /var +.Ed +.Pp +grants read-write access to any host using AUTH_SYS, but +.Bd -literal -offset indent +share -F nfs -o sec=dh /var +.Ed +.Pp +grants no access to clients that use AUTH_SYS. +.Pp +Unlike previous implementations of +.Nm , +access checking for the +.Sy window Ns = , +.Sy rw , +.Sy ro , +.Sy rw Ns = , +and +.Sy ro Ns = +options is done per NFS request, instead of per mount request. +.Pp Combining multiple security modes can be a security hole in situations where -the \fBro=\fR and \fBrw=\fR options are used to control access to weaker -security modes. In this example, -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBsec=dh,rw,sec=sys,rw=hosta /var\fR -.fi -.in -2 -.sp - -.sp -.LP -an intruder can forge the IP address for \fBhosta\fR (albeit on each \fBNFS\fR -request) to side-step the stronger controls of \fBAUTH_DES.\fR Something like: -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBsec=dh,rw,sec=sys,ro /var\fR -.fi -.in -2 -.sp - -.sp -.LP -is safer, because any client (intruder or legitimate) that avoids -\fBAUTH_DES\fR only gets read-only access. In general, multiple security modes -per \fBshare\fR command should only be used in situations where the clients -using more secure modes get stronger access than clients using less secure -modes. -.sp -.LP -If \fBrw=,\fR and \fBro=\fR options are specified in the same \fBsec=\fR +the +.Sy ro Ns = +and +.Sy rw Ns = +options are used to control access to weaker security modes. In this example, +.Bd -literal -offset indent +share -F nfs -o sec=dh,rw,sec=sys,rw=hosta /var +.Ed +.Pp +an intruder can forge the IP address for +.Qq hosta +(albeit on each NFS request) to side-step the stronger controls of AUTH_DES. +Something like: +.Bd -literal -offset indent +share -F nfs -o sec=dh,rw,sec=sys,ro /var +.Ed +.Pp +is safer, because any client (intruder or legitimate) that avoids AUTH_DES only +gets read-only access. In general, multiple security modes per share command +should only be used in situations where the clients using more secure modes get +stronger access than clients using less secure modes. +.Pp +If +.Sy rw Ns = +and +.Sy ro Ns = +options are specified in the same +.Sy sec Ns = clause, and a client is in both lists, the order of the two options determines -the access the client gets. If client \fBhosta\fR is in two netgroups - -\fBgroup1\fR and \fBgroup2\fR - in this example, the client would get read-only -access: -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBro=group1,rw=group2 /var\fR -.fi -.in -2 -.sp - -.sp -.LP -In this example \fBhosta\fR would get read-write access: -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBrw=group2,ro=group1 /var\fR -.fi -.in -2 -.sp - -.sp -.LP -If within a \fBsec=\fR clause, both the \fBro\fR and \fBrw=\fR options are -specified, for compatibility, the order of the options rule is not enforced. -All hosts would get read-only access, with the exception to those in the -read-write list. Likewise, if the \fBro=\fR and \fBrw\fR options are specified, -all hosts get read-write access with the exceptions of those in the read-only -list. -.sp -.LP -The \fBro=\fR and \fBrw=\fR options are guaranteed to work over \fBUDP\fR and -\fBTCP\fR but may not work over other transport providers. -.sp -.LP -The \fBroot=\fR option with \fBAUTH_SYS\fR is guaranteed to work over \fBUDP\fR -and \fBTCP\fR but may not work over other transport providers. -.sp -.LP -The \fBroot=\fR option with \fBAUTH_DES\fR is guaranteed to work over any -transport provider. -.sp -.LP -There are no interactions between the \fBroot=\fR option and the \fBrw, ro, -rw=,\fR and \fBro=\fR options. Putting a host in the \fBroot\fR list does not -override the semantics of the other options. The access the host gets is the -same as when the \fBroot=\fR options is absent. For example, the following -\fBshare\fR command denies access to \fBhostb:\fR -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBro=hosta,root=hostb /var\fR -.fi -.in -2 -.sp - -.sp -.LP -The following gives read-only permissions to \fBhostb:\fR -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBro=hostb,root=hostb /var\fR -.fi -.in -2 -.sp - -.sp -.LP -The following gives read-write permissions to \fBhostb:\fR -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBro=hosta,rw=hostb,root=hostb /var\fR -.fi -.in -2 -.sp - -.sp -.LP +the access the client gets. If client +.Qq hosta +is in two netgroups, +.Qq group1 +and +.Qq group2 , +in this example, the client would get read-only access: +.Bd -literal -offset indent +share -F nfs -o ro=group1,rw=group2 /var +.Ed +.Pp +In this example +.Qq hosta +would get read-write access: +.Bd -literal -offset indent +share -F nfs -o rw=group2,ro=group1 /var +.Ed +.Pp +If within a +.Sy sec Ns = +clause, both the +.Sy ro +and +.Sy rw Ns = +options are specified, for compatibility, the order of the options rule is not +enforced. All hosts would get read-only access, with the exception to those in +the read-write list. Likewise, if the +.Sy ro Ns = +and +.Sy rw +options are specified, all hosts get read-write access with the exceptions of +those in the read-only list. +.Pp +The +.Sy ro Ns = +and +.Sy rw Ns = +options are guaranteed to work over UDP and TCP but may not work over other +transport providers. +.Pp +The +.Sy root Ns = +option with AUTH_SYS is guaranteed to work over UDP and TCP but may not work +over other transport providers. +.Pp +The +.Sy root Ns = +option with AUTH_DES is guaranteed to work over any transport provider. +.Pp +There are no interactions between the +.Sy root Ns = +option and the +.Sy rw , +.Sy ro , +.Sy rw Ns = , +and +.Sy ro Ns = +options. Putting a host in the root list does not override the semantics of the +other options. The access the host gets is the same as when the +.Sy root Ns = +option is absent. For example, the following share command denies access to +.Qq hostb : +.Bd -literal -offset indent +share -F nfs -o ro=hosta,root=hostb /var +.Ed +.Pp +The following gives read-only permissions to +.Qq hostb : +.Bd -literal -offset indent +share -F nfs -o ro=hostb,root=hostb /var +.Ed +.Pp +The following gives read-write permissions to +.Qq hostb : +.Bd -literal -offset indent +share -F nfs -o ro=hosta,rw=hostb,root=hostb /var +.Ed +.Pp If the file system being shared is a symbolic link to a valid pathname, the -canonical path (the path which the symbolic link follows) are shared. For -example, if \fB/export/foo\fR is a symbolic link to \fB/export/bar\fR -(\fB/export/foo -> /export/bar\fR), the following \fBshare\fR command results -in \fB/export/bar\fR as the shared pathname (and not \fB/export/foo\fR). -.sp -.in +2 -.nf -\fBexample# share\fR \fB-F\fR \fBnfs /export/foo\fR -.fi -.in -2 -.sp - -.sp -.LP -An \fBNFS\fR mount of \fBserver:/export/foo\fR results in -\fBserver:/export/bar\fR really being mounted. -.sp -.LP -This line in the \fB/etc/dfs/dfstab\fR file shares the \fB/disk\fR file system -read-only at boot time: -.sp -.in +2 -.nf -\fBshare\fR \fB-F\fR \fBnfs\fR \fB-o\fR \fBro /disk\fR -.fi -.in -2 -.sp - -.sp -.LP -The same command entered from the command line does not share the \fB/disk\fR +canonical path (the path which the symbolic link follows) is shared. For +example, if +.Pa /export/foo +is a symbolic link to +.Pa /export/bar , +the following share command results in +.Pa /export/bar +as the shared pathname (and not +.Pa /export/foo ) : +.Bd -literal -offset indent +share -F nfs /export/foo +.Ed +.Pp +An NFS mount of +.Lk server:/export/foo +results in +.Lk server:/export/bar +really being mounted. +.Pp +This line in the +.Pa /etc/dfs/dfstab +file shares the +.Pa /disk +file system read-only at boot time: +.Bd -literal -offset indent +share -F nfs -o ro /disk +.Ed +.Pp +The same command entered from the command line does not share the +.Pa /disk file system unless there is at least one file system entry in the -\fB/etc/dfs/dfstab\fR file. The \fBmountd\fR(1M) and \fBnfsd\fR(1M) daemons -only run if there is a file system entry in \fB/etc/dfs/dfstab\fR when starting -or rebooting the system. -.sp -.LP -The \fBmountd\fR(1M) process allows the processing of a path name the contains -a symbolic link. This allows the processing of paths that are not themselves -explicitly shared with \fBshare_nfs\fR. For example, \fB/export/foo\fR might be -a symbolic link that refers to \fB/export/bar\fR which has been specifically -shared. When the client mounts \fB/export/foo\fR the \fBmountd\fR processing -follows the symbolic link and responds with the \fB/export/bar\fR. The NFS -Version 4 protocol does not use the \fBmountd\fR processing and the client's -use of \fB/export/foo\fR does not work as it does with NFS Version 2 and -Version 3 and the client receives an error when attempting to mount -\fB/export/foo\fR. +.Pa /etc/dfs/dfstab +file. The +.Xr mountd 1M +and +.Xr nfsd 1M +daemons only run if there is a file system entry in +.Pa /etc/dfs/dfstab +when starting or rebooting the system. +.Pp +The +.Xr mountd 1M +process allows the processing of a path name the contains a symbolic link. +This allows the processing of paths that are not themselves explicitly shared +with +.Nm . +For example, +.Pa /export/foo +might be a symbolic link that refers to +.Pa /export/bar +which has been specifically shared. When the client mounts +.Pa /export/foo +the mountd processing follows the symbolic link and responds with the +.Pa /export/bar . +The NFS Version 4 protocol does not use the mountd processing and the client's +use of +.Pa /export/foo +does not work as it does with NFS Version 2 and Version 3 and the client +receives an error when attempting to mount +.Pa /export/foo . diff --git a/usr/src/man/man1m/zfs.1m b/usr/src/man/man1m/zfs.1m index 6795e8ecf2..4e486bfb2b 100644 --- a/usr/src/man/man1m/zfs.1m +++ b/usr/src/man/man1m/zfs.1m @@ -24,11 +24,11 @@ .\" Copyright 2011 Joshua M. Clulow <josh@sysmgr.org> .\" Copyright (c) 2014 by Delphix. All rights reserved. .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved. -.\" Copyright 2013 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright (c) 2014, Joyent, Inc. All rights reserved. .\" Copyright (c) 2014 by Adam Stevko. All rights reserved. +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" -.TH ZFS 1M "March 6, 2014" +.TH ZFS 1M "November 11, 2014" .SH NAME zfs \- configures ZFS file systems .SH SYNOPSIS @@ -4073,10 +4073,9 @@ permissions on \fBtank/cindys\fR are also displayed. .nf # \fBzfs allow cindys create,destroy,mount,snapshot tank/cindys\fR # \fBzfs allow tank/cindys\fR -------------------------------------------------------------- -Local+Descendent permissions on (tank/cindys) - user cindys create,destroy,mount,snapshot -------------------------------------------------------------- +---- Permissions on tank/cindys -------------------------------------- +Local+Descendent permissions: + user cindys create,destroy,mount,snapshot .fi .in -2 .sp @@ -4109,12 +4108,11 @@ The permissions on \fBtank/users\fR are also displayed. # \fBzfs allow staff create,mount tank/users\fR # \fBzfs allow -c destroy tank/users\fR # \fBzfs allow tank/users\fR -------------------------------------------------------------- -Create time permissions on (tank/users) - create,destroy -Local+Descendent permissions on (tank/users) - group staff create,mount -------------------------------------------------------------- +---- Permissions on tank/users --------------------------------------- +Permission sets: + destroy +Local+Descendent permissions: + group staff create,mount .fi .in -2 .sp @@ -4133,14 +4131,11 @@ displayed. # \fBzfs allow -s @pset create,destroy,snapshot,mount tank/users\fR # \fBzfs allow staff @pset tank/users\fR # \fBzfs allow tank/users\fR -------------------------------------------------------------- -Permission sets on (tank/users) +---- Permissions on tank/users --------------------------------------- +Permission sets: @pset create,destroy,mount,snapshot -Create time permissions on (tank/users) - create,destroy -Local+Descendent permissions on (tank/users) - group staff @pset,create,mount -------------------------------------------------------------- +Local+Descendent permissions: + group staff @pset .fi .in -2 .sp @@ -4158,14 +4153,13 @@ also displayed. .nf # \fBzfs allow cindys quota,reservation users/home\fR # \fBzfs allow users/home\fR -------------------------------------------------------------- -Local+Descendent permissions on (users/home) +---- Permissions on users/home --------------------------------------- +Local+Descendent permissions: user cindys quota,reservation -------------------------------------------------------------- cindys% \fBzfs set quota=10G users/home/marks\fR cindys% \fBzfs get quota users/home/marks\fR -NAME PROPERTY VALUE SOURCE -users/home/marks quota 10G local +NAME PROPERTY VALUE SOURCE +users/home/marks quota 10G local .fi .in -2 .sp @@ -4183,14 +4177,11 @@ The following example shows how to remove the snapshot permission from the .nf # \fBzfs unallow staff snapshot tank/users\fR # \fBzfs allow tank/users\fR -------------------------------------------------------------- -Permission sets on (tank/users) +---- Permissions on tank/users --------------------------------------- +Permission sets: @pset create,destroy,mount,snapshot -Create time permissions on (tank/users) - create,destroy -Local+Descendent permissions on (tank/users) - group staff @pset,create,mount -------------------------------------------------------------- +Local+Descendent permissions: + group staff @pset .fi .in -2 .sp diff --git a/usr/src/man/man2/sigprocmask.2 b/usr/src/man/man2/sigprocmask.2 index 97fab1dfc2..c6d25af2bf 100644 --- a/usr/src/man/man2/sigprocmask.2 +++ b/usr/src/man/man2/sigprocmask.2 @@ -1,9 +1,10 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright 1989 AT&T. Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH SIGPROCMASK 2 "Mar 23, 2005" +.TH SIGPROCMASK 2 "Nov 24, 2014" .SH NAME sigprocmask \- change or examine caller's signal mask .SH SYNOPSIS @@ -16,20 +17,20 @@ sigprocmask \- change or examine caller's signal mask .fi .SH DESCRIPTION -.sp .LP The \fBsigprocmask()\fR function is used to examine and/or change the caller's -signal mask. If the value is \fBSIG_BLOCK\fR, the set pointed to by the -\fIset\fR argument is added to the current signal mask. If the value is -\fBSIG_UNBLOCK\fR, the set pointed by the \fIset\fR argument is removed from -the current signal mask. If the value is \fBSIG_SETMASK\fR, the current signal -mask is replaced by the set pointed to by the \fIset\fR argument. If the -\fIoset\fR argument is not \fINULL\fR, the previous mask is stored in the -space pointed to by \fIoset\fR. If the value of the \fIset\fR argument is -\fINULL\fR, the value \fIhow\fR is not significant and the caller's signal -mask is unchanged; thus, the call can be used to inquire about currently -blocked signals. If the \fIset\fR or \fIoset\fR argument points to an invalid -address, the behavior is undefined and \fBerrno\fR may be set to \fBEFAULT\fR. +signal mask. If the value of the \fIhow\fR argument is \fBSIG_BLOCK\fR, the set +pointed to by the \fIset\fR argument is added to the current signal mask. If +the value of the \fIhow\fR argument is \fBSIG_UNBLOCK\fR, the set pointed by +the \fIset\fR argument is removed from the current signal mask. If the value of +the \fIhow\fR argument is \fBSIG_SETMASK\fR, the current signal mask is +replaced by the set pointed to by the \fIset\fR argument. If the \fIoset\fR +argument is not \fINULL\fR, the previous mask is stored in the space pointed to +by \fIoset\fR. If the value of the \fIset\fR argument is \fINULL\fR, the value +\fIhow\fR is not significant and the caller's signal mask is unchanged; thus, +the call can be used to inquire about currently blocked signals. If the +\fIset\fR or \fIoset\fR argument points to an invalid address, the behavior is +undefined and \fBerrno\fR may be set to \fBEFAULT\fR. .sp .LP If there are any pending unblocked signals after the call to @@ -46,12 +47,10 @@ silently enforced by the standard C library. .LP If \fBsigprocmask()\fR fails, the caller's signal mask is not changed. .SH RETURN VALUES -.sp .LP Upon successful completion, \fB0\fR is returned. Otherwise, \fB\(mi1\fR is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBsigprocmask()\fR function will fail if: .sp @@ -76,7 +75,6 @@ The \fIset\fR or \fIoset\fR argument points to an illegal address. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -94,13 +92,11 @@ MT-Level Async-Signal-Safe .TE .SH SEE ALSO -.sp .LP \fBsigaction\fR(2), \fBpthread_cancel\fR(3C), \fBpthread_sigmask\fR(3C), \fBsignal\fR(3C), \fBsignal.h\fR(3HEAD), \fBsigsetops\fR(3C), \fBattributes\fR(5), \fBcancellation\fR(5) .SH NOTES -.sp .LP The call to \fBsigprocmask()\fR affects only the calling thread's signal mask. It is identical to a call to \fBpthread_sigmask\fR(3C). diff --git a/usr/src/man/man3/Makefile b/usr/src/man/man3/Makefile index f1beeb02fd..ced1036d41 100644 --- a/usr/src/man/man3/Makefile +++ b/usr/src/man/man3/Makefile @@ -11,7 +11,7 @@ # # Copyright 2011, Richard Lowe -# Copyright 2013 Nexenta Systems, Inc. All rights reserved. +# Copyright 2014 Nexenta Systems, Inc. All rights reserved. # include $(SRC)/Makefile.master @@ -22,11 +22,17 @@ MANFILES= Intro.3 \ hosts_access.3 MANLINKS= intro.3 \ - libwrap.3 + hosts_ctl.3 \ + libwrap.3 \ + request_init.3 \ + request_set.3 intro.3 := LINKSRC = Intro.3 +hosts_ctl.3 := LINKSRC = hosts_access.3 libwrap.3 := LINKSRC = hosts_access.3 +request_init.3 := LINKSRC = hosts_access.3 +request_set.3 := LINKSRC = hosts_access.3 .KEEP_STATE: diff --git a/usr/src/man/man3c/err.3c b/usr/src/man/man3c/err.3c index 05bf1df544..a82cca4a1b 100644 --- a/usr/src/man/man3c/err.3c +++ b/usr/src/man/man3c/err.3c @@ -1,11 +1,12 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright (c) 1996-2001 Wolfram Schneider. Berlin. .\" Copyright (c) 1993-1995 Berkeley Software Design, Inc. .\" Portions Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ERR 3C "Aug 20, 2007" +.TH ERR 3C "Nov 24, 2014" .SH NAME err, verr, errx, verrx, warn, vwarn, warnx, vwarnx \- formatted error messages .SH SYNOPSIS @@ -52,7 +53,6 @@ err, verr, errx, verrx, warn, vwarn, warnx, vwarnx \- formatted error messages .fi .SH DESCRIPTION -.sp .LP The \fBerr()\fR and \fBwarn()\fR family of functions display a formatted error message on the standard error output. In all cases, the last component of the @@ -68,7 +68,7 @@ newline character. The \fBerrx()\fR, \fBverrx()\fR, \fBwarnx()\fR, and .LP The \fBerr()\fR, \fBverr()\fR, \fBerrx()\fR, and \fBverrx()\fR functions do not return, but instead cause the program to terminate with the status value given -by the argument status. +by the argument \fIeval\fR. .SH EXAMPLES .LP \fBExample 1 \fRDisplay the current \fBerrno\fR information string and @@ -108,7 +108,6 @@ if ((fd = open(block_device, O_RDONLY, 0)) == -1) .in -2 .SH WARNINGS -.sp .LP It is important never to pass a string with user-supplied data as a format without using `%s'. An attacker can put format specifiers in the string to @@ -127,7 +126,6 @@ err(1, "%s", string); .in -2 .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -149,7 +147,6 @@ MT-Level Safe with Exceptions These functions are safe to use in multithreaded applications as long as \fBsetlocale\fR(3C) is not being called to change the locale. .SH SEE ALSO -.sp .LP \fBexit\fR(3C), \fBgetexecname\fR(3C), \fBsetlocale\fR(3C), \fBstrerror\fR(3C), \fBattributes\fR(5) diff --git a/usr/src/man/man3c/fgetattr.3c b/usr/src/man/man3c/fgetattr.3c index efae0e0ace..7b473bada4 100644 --- a/usr/src/man/man3c/fgetattr.3c +++ b/usr/src/man/man3c/fgetattr.3c @@ -1,9 +1,10 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright (c) 2008, Sun Microsystems Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH FGETATTR 3C "Aug 4, 2008" +.TH FGETATTR 3C "Nov 24, 2014" .SH NAME fgetattr, fsetattr, getattrat, setattrat \- get and set system attributes .SH SYNOPSIS @@ -35,7 +36,6 @@ fgetattr, fsetattr, getattrat, setattrat \- get and set system attributes .fi .SH DESCRIPTION -.sp .LP The \fBfgetattr()\fR function obtains an nvlist of system attribute information about an open file object specified by the file descriptor \fIfildes\fR, @@ -105,15 +105,15 @@ T} \fBA_GROUPSID\fR T{ nvlist composed of \fBuint32_value\fR and \fBstring\fR T} + \fBA_OFFLINE\fR \fBboolean_value\fR + \fBA_SPARSE\fR \fBboolean_value\fR .TE .SH RETURN VALUES -.sp .LP Upon successful completion, 0 is returned. Otherwise, -1 is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBfgetattr()\fR, \fBgetattrat()\fR, \fBfsetattr()\fR, and \fBsetattrat()\fR, functions will fail if: @@ -287,7 +287,6 @@ if (setattrat(fildes, XATTR_VIEW_READWRITE, "file", request)) { .in -2 .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -305,7 +304,6 @@ MT-Level Safe .TE .SH SEE ALSO -.sp .LP \fBcreat\fR(2), \fBdup\fR(2), \fBfcntl\fR(2), \fBfstat\fR(2), \fBfstatat\fR(2), \fBopen\fR(2), \fBpipe\fR(2), \fBlibnvpair\fR(3LIB), \fBattributes\fR(5), diff --git a/usr/src/man/man3c/fopen.3c b/usr/src/man/man3c/fopen.3c index 0dfdcb4cc0..906ee3532e 100644 --- a/usr/src/man/man3c/fopen.3c +++ b/usr/src/man/man3c/fopen.3c @@ -1,4 +1,5 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright 1989 AT&T. .\" Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved. .\" Portions Copyright (c) 1992, X/Open Company Limited. All Rights Reserved. @@ -11,7 +12,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH FOPEN 3C "Nov 06, 2013" +.TH FOPEN 3C "Nov 24, 2014" .SH NAME fopen \- open a stream .SH SYNOPSIS @@ -23,7 +24,6 @@ fopen \- open a stream .fi .SH DESCRIPTION -.sp .LP The \fBfopen()\fR function opens the file whose pathname is the string pointed to by \fIfilename\fR, and associates a stream with it. @@ -131,13 +131,13 @@ to refer to an interactive device. The error and end-of-file indicators for the stream are cleared. .sp .LP -If \fImode\fR begins with \fIw\fR or \fBa\fR and the file did not previously +If \fImode\fR begins with \fBw\fR or \fBa\fR and the file did not previously exist, upon successful completion, \fBfopen()\fR function will mark for update the \fBst_atime\fR, \fBst_ctime\fR and \fBst_mtime\fR fields of the file and the \fBst_ctime\fR and \fBst_mtime\fR fields of the parent directory. .sp .LP -If \fImode\fR begins with \fIw\fR and the file did previously exist, upon +If \fImode\fR begins with \fBw\fR and the file did previously exist, upon successful completion, \fBfopen()\fR will mark for update the \fBst_ctime\fR and \fBst_mtime\fR fields of the file. The \fBfopen()\fR function will allocate a file descriptor as \fBopen\fR(2) does. @@ -165,7 +165,6 @@ The largest value that can be represented correctly in an object of type \fBoff_t\fR will be established as the offset maximum in the open file description. .SH RETURN VALUES -.sp .LP Upon successful completion, \fBfopen()\fR returns a pointer to the object controlling the stream. Otherwise, a null pointer is returned and \fBerrno\fR @@ -175,7 +174,6 @@ is set to indicate the error. The \fBfopen()\fR function may fail and not set \fBerrno\fR if there are no free \fBstdio\fR streams. .SH ERRORS -.sp .LP The \fBfopen()\fR function will fail if: .sp @@ -358,7 +356,6 @@ The file is a pure procedure (shared text) file that is being executed and .RE .SH USAGE -.sp .LP A process is allowed to have at least {\fBFOPEN_MAX\fR} \fBstdio\fR streams open at a time. For 32-bit applications, however, the underlying ABIs formerly @@ -383,7 +380,6 @@ access \fBFILE\fR structure contents. The \fBfopen()\fR function has a transitional interface for 64-bit file offsets. See \fBlf64\fR(5). .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -405,7 +401,6 @@ MT-Level MT-Safe The \fBF\fR character in the \fImode\fR argument is Evolving. In all other respects this function is Standard. .SH SEE ALSO -.sp .LP \fBenable_extended_FILE_stdio\fR(3C), \fBfclose\fR(3C), \fBfdopen\fR(3C), \fBfflush\fR(3C), \fBfreopen\fR(3C), \fBfsetpos\fR(3C), \fBrewind\fR(3C), diff --git a/usr/src/man/man3nsl/rpc.3nsl b/usr/src/man/man3nsl/rpc.3nsl index 5bbcf7b7f4..b6b75deb37 100644 --- a/usr/src/man/man3nsl/rpc.3nsl +++ b/usr/src/man/man3nsl/rpc.3nsl @@ -1,10 +1,11 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright (c) 2000, Sun Microsystems, Inc. All Rights Reserved .\" Copyright 1989 AT&T .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RPC 3NSL "Jun 5, 2001" +.TH RPC 3NSL "Nov 24, 2014" .SH NAME rpc \- library routines for remote procedure calls .SH SYNOPSIS @@ -16,7 +17,6 @@ rpc \- library routines for remote procedure calls .fi .SH DESCRIPTION -.sp .LP These routines allow C language programs to make procedure calls on other machines across a network. First, the client sends a request to the server. On @@ -29,7 +29,6 @@ take a \fBnetconfig\fR structure also require that \fB<netconfig.h>\fR be included. Applications using \fBRPC\fR and \fBXDR\fR routines should be linked with the \fBlibnsl\fR library. .SS "Multithread Considerations" -.sp .LP In the case of multithreaded applications, the \fB-mt\fR option must be specified on the command line at compilation time to enable a thread-specific @@ -51,8 +50,7 @@ contains a single data area for decoding arguments and encoding results. See between threads that call functions that do this. Routines that are affected by this restriction are marked as unsafe for MT applications. See \fBrpc_svc_calls\fR(3NSL). -.SS "Nettyp" -.sp +.SS "Nettype" .LP Some of the high-level \fBRPC\fR interface routines take a \fInettype\fR string as one of the parameters (for example, \fBclnt_create()\fR, \fBsvc_create()\fR, @@ -149,7 +147,6 @@ If \fInettype\fR is \fINULL\fR, it defaults to \fBnetpath\fR. The transports are tried in left to right order in the \fBNETPATH\fR variable or in top to down order in the \fB/etc/netconfig\fR file. .SS "Derived Types" -.sp .LP In a 64-bit environment, the derived types are defined as follows: .sp @@ -184,11 +181,9 @@ l l l . .TE .SS "Data Structures" -.sp .LP Some of the data structures used by the \fBRPC\fR package are shown below. .SS "The \fBAUTH\fR Structure" -.sp .in +2 .nf union des_block { @@ -228,7 +223,6 @@ struct opaque_auth { .in -2 .SS "The \fBCLIENT\fR Structure" -.sp .in +2 .nf /* @@ -255,7 +249,6 @@ struct opaque_auth { .in -2 .SS "The \fBSVCXPRT\fR Structure" -.sp .in +2 .nf enum xprt_stat { @@ -299,7 +292,6 @@ typedef struct { .in -2 .SS "The \fBsvc_reg\fR Structure" -.sp .in +2 .nf struct svc_req { @@ -315,7 +307,6 @@ struct svc_req { .in -2 .SS "The \fBXDR\fR Structure" -.sp .in +2 .nf /* @@ -379,7 +370,6 @@ XDR; .in -2 .SS "Index to Routines" -.sp .LP The following table lists \fBRPC\fR routines and the manual reference pages on which they are described: @@ -638,25 +628,25 @@ which they are described: .sp .ne 2 .na -\fB\fBclnt_udpcreate\fR\fR +\fB\fBclnt_vc_create\fR\fR .ad .RS 27n -\fBrpc_soc\fR(3NSL) +\fBrpc_clnt_create\fR(3NSL) .RE .sp .ne 2 .na -\fB\fBclnt_vc_create\fR\fR +\fB\fBclntraw_create\fR\fR .ad .RS 27n -\fBrpc_clnt_create\fR(3NSL) +\fBrpc_soc\fR(3NSL) .RE .sp .ne 2 .na -\fB\fBclntraw_create\fR\fR +\fB\fBclnttcp_create\fR\fR .ad .RS 27n \fBrpc_soc\fR(3NSL) @@ -665,7 +655,7 @@ which they are described: .sp .ne 2 .na -\fB\fBclnttcp_create\fR\fR +\fB\fBclntudp_bufcreate\fR\fR .ad .RS 27n \fBrpc_soc\fR(3NSL) @@ -674,7 +664,7 @@ which they are described: .sp .ne 2 .na -\fB\fBclntudp_bufcreate\fR\fR +\fB\fBclntudp_create\fR\fR .ad .RS 27n \fBrpc_soc\fR(3NSL) @@ -848,7 +838,7 @@ which they are described: \fB\fBrpc_reg\fR\fR .ad .RS 27n -\fBrpc_svc_calls\fR(3NSL) +\fBrpc_svc_reg\fR(3NSL) .RE .sp @@ -911,7 +901,7 @@ which they are described: \fB\fBsvc_freeargs\fR\fR .ad .RS 27n -\fBrpc_svc_reg\fR(3NSL) +\fBrpc_svc_calls\fR(3NSL) .RE .sp @@ -920,7 +910,7 @@ which they are described: \fB\fBsvc_getargs\fR\fR .ad .RS 27n -\fBrpc_svc_reg\fR(3NSL) +\fBrpc_svc_calls\fR(3NSL) .RE .sp @@ -974,7 +964,7 @@ which they are described: \fB\fBsvc_reg\fR\fR .ad .RS 27n -\fBrpc_svc_calls\fR(3NSL) +\fBrpc_svc_reg\fR(3NSL) .RE .sp @@ -992,7 +982,7 @@ which they are described: \fB\fBsvc_run\fR\fR .ad .RS 27n -\fBrpc_svc_reg\fR(3NSL) +\fBrpc_svc_calls\fR(3NSL) .RE .sp @@ -1001,7 +991,7 @@ which they are described: \fB\fBsvc_sendreply\fR\fR .ad .RS 27n -\fBrpc_svc_reg\fR(3NSL) +\fBrpc_svc_calls\fR(3NSL) .RE .sp @@ -1028,7 +1018,7 @@ which they are described: \fB\fBsvc_unreg\fR\fR .ad .RS 27n -\fBrpc_svc_calls\fR(3NSL) +\fBrpc_svc_reg\fR(3NSL) .RE .sp @@ -1244,7 +1234,7 @@ which they are described: \fB\fBxprt_register\fR\fR .ad .RS 27n -\fBrpc_svc_calls\fR(3NSL) +\fBrpc_svc_reg\fR(3NSL) .RE .sp @@ -1253,15 +1243,13 @@ which they are described: \fB\fBxprt_unregister\fR\fR .ad .RS 27n -\fBrpc_svc_calls\fR(3NSL) +\fBrpc_svc_reg\fR(3NSL) .RE .SH FILES -.sp .LP \fB/etc/netconfig\fR .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -1277,7 +1265,6 @@ MT-Level MT-Safe with exceptions .TE .SH SEE ALSO -.sp .LP \fBgetnetconfig\fR(3NSL), \fBgetnetpath\fR(3NSL), \fBrpc_clnt_auth\fR(3NSL), \fBrpc_clnt_calls\fR(3NSL), \fBrpc_clnt_create\fR(3NSL), diff --git a/usr/src/man/man3nsl/rpc_svc_calls.3nsl b/usr/src/man/man3nsl/rpc_svc_calls.3nsl index 8d9b0d0812..5ca2a7d18c 100644 --- a/usr/src/man/man3nsl/rpc_svc_calls.3nsl +++ b/usr/src/man/man3nsl/rpc_svc_calls.3nsl @@ -1,10 +1,11 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright 1989 AT&T .\" Copyright (C) 2004 Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RPC_SVC_CALLS 3NSL "Oct 28, 2013" +.TH RPC_SVC_CALLS 3NSL "Nov 24, 2014" .SH NAME rpc_svc_calls, svc_dg_enablecache, svc_done, svc_exit, svc_fdset, svc_freeargs, svc_getargs, svc_getreq_common, svc_getreq_poll, svc_getreqset, @@ -79,13 +80,17 @@ svc_getcallerucred, svc_fd_negotiate_ucred \- library routines for RPC servers .LP .nf \fBbool_t\fR \fBsvc_sendreply\fR(\fBconst SVCXPRT *\fR\fIxprt\fR, \fBconst xdrproc_t\fR \fIoutproc\fR, - \fBcaddr_t\fR \fIout\fRint svc_max_pollfd; + \fBcaddr_t\fR \fIout\fR); +.fi + +.LP +.nf +int svc_max_pollfd; fd_set svc_fdset; pollfd_t *svc_pollfd; .fi .SH DESCRIPTION -.sp .LP These routines are part of the \fBRPC\fR library which allows C language programs to make procedure calls on other machines across the network. @@ -130,8 +135,8 @@ other than the User MT mode. The \fBsvc_exit()\fR function when called by any of the RPC server procedures or otherwise, destroys all services registered by the server and causes \fBsvc_run()\fR to return. If RPC server activity is to be resumed, services -must be reregistered with the RPC library either through one of the -\fBrpc_svc_create\fR(3NSL) functions, or using \fBxprt_register\fR(3NSL). The +must be reregistered with the RPC library through one of the +\fBrpc_svc_reg\fR(3NSL) functions. The \fBsvc_exit()\fR function has global scope and ends all RPC server activity. .sp .LP @@ -175,13 +180,14 @@ descriptors associated with the value of \fIrdfds\fR have been serviced. This function macro is Unsafe in multithreaded applications. .sp .LP -The \fBsvc_getrpccaller()\fR function is the approved way of getting the +The \fBsvc_getrpccaller()\fR function macro is the approved way of getting the network address of the caller of a procedure associated with the \fBRPC\fR -service transport handle \fIxprt\fR. This function macro is Safe in -multithreaded applications. +service transport handle \fIxprt\fR. The returned pointer to struct netbuf +shouldn't be deallocated by the svc_getrpccaller() caller. This function macro +is Safe in multithreaded applications. .sp .LP -The \fBsvc_run()\fR function never returns. In single-threaded mode, the +In single-threaded mode, the \fBsvc_run()\fR function waits for \fBRPC\fR requests to arrive. When an RPC request arrives, the \fBsvc_run()\fR function calls the appropriate service procedure. This procedure is usually waiting for the \fBpoll\fR(2) library call to return. @@ -199,8 +205,8 @@ descriptor bit mask. This is only of interest if service implementors do not call \fBsvc_run()\fR, but rather do their own asynchronous event processing. This variable is read-only may change after calls to \fBsvc_getreqset()\fR or after any creation routine. Do not pass its address to \fBselect\fR(3C). -Instead, pass the address of a copy. multithreaded applications executing in -either the Automatic MT mode or the user MT mode should never read this +Instead, pass the address of a copy. Multithreaded applications executing in +either the Automatic MT mode or the User MT mode should never read this variable. They should use auxiliary threads to do asynchronous event processing. The \fBsvc_fdset\fR variable is limited to 1024 file descriptors and is considered obsolete. Use of \fBsvc_pollfd\fR is recommended instead. @@ -213,8 +219,8 @@ but rather do their own asynchronous event processing. This variable is read-only, and it may change after calls to \fBsvc_getreg_poll()\fR or any creation routines. Do no pass its address to \fBpoll\fR(2). Instead, pass the address of a copy. By default, \fBsvc_pollfd\fR is limited to 1024 entries. Use -\fBrpc_control\fR(3NSL) to remove this limitation. multithreaded applications -executing in either the Automatic MT mode or the user MT mode should never be +\fBrpc_control\fR(3NSL) to remove this limitation. Multithreaded applications +executing in either the Automatic MT mode or the User MT mode should never be read this variable. They should use auxiliary threads to do asynchronous event processing. .sp @@ -250,7 +256,6 @@ memory location is non-null, the function reuses the existing \fBucred_t\fR. When \fIucred\fR is no longer needed, a credential allocated by \fBsvc_getcallerucred()\fR should be freed with \fBucred_free\fR(3C). .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of attribute types and values. .sp @@ -275,9 +280,8 @@ the Automatic or the User MT mode. The \fBsvc_getreq_common()\fR, \fBsvc_getreqset()\fR, and \fBsvc_getreq_poll()\fR functions are Unsafe in multithreaded applications and should be called only from the main thread. .SH SEE ALSO -.sp .LP \fBrpcgen\fR(1), \fBpoll\fR(2), \fBgetpeerucred\fR(3C), \fBrpc\fR(3NSL), \fBrpc_control\fR(3NSL), \fBrpc_svc_create\fR(3NSL), \fBrpc_svc_err\fR(3NSL), \fBrpc_svc_reg\fR(3NSL), \fBselect\fR(3C), \fBucred_free\fR(3C), -\fBxprt_register\fR(3NSL), \fBattributes\fR(5) +\fBattributes\fR(5) diff --git a/usr/src/man/man3nsl/rpc_svc_create.3nsl b/usr/src/man/man3nsl/rpc_svc_create.3nsl index e4af0db7eb..4344a399a5 100644 --- a/usr/src/man/man3nsl/rpc_svc_create.3nsl +++ b/usr/src/man/man3nsl/rpc_svc_create.3nsl @@ -1,10 +1,11 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright 1989 AT&T .\" Copyright (C) 2005, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RPC_SVC_CREATE 3NSL "Dec 27, 2013" +.TH RPC_SVC_CREATE 3NSL "Nov 24, 2014" .SH NAME rpc_svc_create, svc_control, svc_create, svc_destroy, svc_dg_create, svc_fd_create, svc_raw_create, svc_tli_create, svc_tp_create, svc_vc_create, @@ -74,14 +75,12 @@ svc_door_create \- server handle creation routines .fi .SH DESCRIPTION -.sp .LP These routines are part of the \fBRPC\fR library which allows C language programs to make procedure calls on servers across the network. These routines deal with the creation of service handles. Once the handle is created, the server can be invoked by calling \fBsvc_run()\fR. .SS "Routines" -.sp .LP See \fBrpc\fR(3NSL) for the definition of the \fBSVCXPRT\fR data structure. .sp @@ -230,7 +229,7 @@ is \fINULL,\fR it defaults to \fBnetpath\fR. \fBsvc_create()\fR registers itself with the \fBrpcbind\fR service (see \fBrpcbind\fR(1M)). \fIdispatch\fR is called when there is a remote procedure call for the given \fIprognum\fR and \fIversnum\fR; this requires calling -\fBsvc_run()\fR (see \fBsvc_run()\fR in \fBrpc_svc_reg\fR(3NSL)). If +\fBsvc_run()\fR (see \fBsvc_run()\fR in \fBrpc_svc_calls\fR(3NSL)). If \fBsvc_create()\fR succeeds, it returns the number of server handles it created, otherwise it returns \fB0\fR and an error message is logged. .RE @@ -364,7 +363,6 @@ change the maximum allowed request size for the doors transport. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -384,7 +382,6 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP \fBrpcbind\fR(1M), \fBrpc\fR(3NSL), \fBrpc_clnt_create\fR(3NSL), \fBrpc_svc_calls\fR(3NSL), \fBrpc_svc_err\fR(3NSL), \fBrpc_svc_reg\fR(3NSL), diff --git a/usr/src/man/man3nsl/rpc_svc_err.3nsl b/usr/src/man/man3nsl/rpc_svc_err.3nsl index 48ead4a90d..4c97f9e899 100644 --- a/usr/src/man/man3nsl/rpc_svc_err.3nsl +++ b/usr/src/man/man3nsl/rpc_svc_err.3nsl @@ -1,15 +1,15 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright 1989 AT&T Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RPC_SVC_ERR 3NSL "Feb 20, 1998" +.TH RPC_SVC_ERR 3NSL "Nov 24, 2014" .SH NAME rpc_svc_err, svcerr_auth, svcerr_decode, svcerr_noproc, svcerr_noprog, svcerr_progvers, svcerr_systemerr, svcerr_weakauth \- library routines for server side remote procedure call errors .SH DESCRIPTION -.sp .LP These routines are part of the \fBRPC\fR library which allows C language programs to make procedure calls on other machines across the network. @@ -18,7 +18,6 @@ programs to make procedure calls on other machines across the network. These routines can be called by the server side dispatch function if there is any error in the transaction with the client. .SS "Routines" -.sp .LP See \fBrpc\fR(3NSL) for the definition of the \fBSVCXPRT\fR data structure. .sp @@ -49,7 +48,7 @@ call due to an authentication error. .sp .6 .RS 4n Called by a service dispatch routine that cannot successfully decode the remote -parameters (see \fBsvc_getargs()\fR in \fBrpc_svc_reg\fR(3NSL)). +parameters (see \fBsvc_getargs()\fR in \fBrpc_svc_calls\fR(3NSL)). .RE .sp @@ -113,7 +112,6 @@ calls \fBsvcerr_auth(xprt, AUTH_TOOWEAK)\fR. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -129,7 +127,6 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP \fBrpc\fR(3NSL), \fBrpc_svc_calls\fR(3NSL), \fBrpc_svc_create\fR(3NSL), \fBrpc_svc_reg\fR(3NSL), \fBattributes\fR(5) diff --git a/usr/src/man/man3nsl/rpc_svc_reg.3nsl b/usr/src/man/man3nsl/rpc_svc_reg.3nsl index eea4218942..d3437a78f0 100644 --- a/usr/src/man/man3nsl/rpc_svc_reg.3nsl +++ b/usr/src/man/man3nsl/rpc_svc_reg.3nsl @@ -1,14 +1,14 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright 1989 AT&T Copyright (c) 1995 Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RPC_SVC_REG 3NSL "Feb 20, 1998" +.TH RPC_SVC_REG 3NSL "Nov 24, 2014" .SH NAME rpc_svc_reg, rpc_reg, svc_reg, svc_unreg, svc_auth_reg, xprt_register, xprt_unregister \- library routines for registering servers .SH DESCRIPTION -.sp .LP These routines are a part of the \fBRPC\fR library which allows the \fBRPC\fR servers to register themselves with \fBrpcbind()\fR (see \fBrpcbind\fR(1M)), @@ -16,7 +16,6 @@ and associate the given program and version number with the dispatch function. When the RPC server receives a RPC request, the library invokes the dispatch routine with the appropriate arguments. .SS "Routines" -.sp .LP See \fBrpc\fR(3NSL) for the definition of the \fBSVCXPRT\fR data structure. .sp @@ -121,8 +120,8 @@ registered for it, and \fB\(mi1\fR otherwise. .RS 4n After \fBRPC\fR service transport handle \fIxprt\fR is created, it is registered with the \fBRPC\fR service package. This routine modifies the global -variable \fBsvc_fdset\fR (see \fBrpc_svc_calls\fR(3NSL)). Service implementors -usually do not need this routine. +variables \fBsvc_fdset\fR and \fBsvc_pollfd\fR (see \fBrpc_svc_calls\fR(3NSL)). +Service implementors usually do not need this routine. .RE .sp @@ -134,12 +133,12 @@ usually do not need this routine. .RS 4n Before an \fBRPC\fR service transport handle \fIxprt\fR is destroyed, it unregisters itself with the \fBRPC\fR service package. This routine modifies -the global variable \fBsvc_fdset\fR (see \fBrpc_svc_calls\fR(3NSL)). Service -implementors usually do not need this routine. +the global variables \fBsvc_fdset\fR and \fBsvc_pollfd\fR (see +\fBrpc_svc_calls\fR(3NSL)). Service implementors usually do not need this +routine. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -155,7 +154,6 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP \fBinetd\fR(1M), \fBrpcbind\fR(1M), \fBrpc\fR(3NSL), \fBrpc_svc_calls\fR(3NSL), \fBrpc_svc_create\fR(3NSL), \fBrpc_svc_err\fR(3NSL), \fBrpcbind\fR(3NSL), diff --git a/usr/src/man/man3nsl/rpcbind.3nsl b/usr/src/man/man3nsl/rpcbind.3nsl index df915fca10..03963556ef 100644 --- a/usr/src/man/man3nsl/rpcbind.3nsl +++ b/usr/src/man/man3nsl/rpcbind.3nsl @@ -1,9 +1,10 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright 1989 AT&T Copyright (c) 1997, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH RPCBIND 3NSL "Dec 27, 2013" +.TH RPCBIND 3NSL "Nov 24, 2014" .SH NAME rpcbind, rpcb_getmaps, rpcb_getaddr, rpcb_gettime, rpcb_rmtcall, rpcb_set, rpcb_unset \- library routines for RPC bind service @@ -53,13 +54,11 @@ rpcb_unset \- library routines for RPC bind service .fi .SH DESCRIPTION -.sp .LP These routines allow client C programs to make procedure calls to the RPC binder service. \fBrpcbind\fR maintains a list of mappings between programs and their universal addresses. See \fBrpcbind\fR(1M). .SS "Routines" -.sp .ne 2 .na \fB\fBrpcb_getmaps()\fR\fR @@ -135,7 +134,7 @@ the triple [\fIprognum\fR, \fIversnum\fR, \fInetconf\fR->\fInc_netid]\fR and \fIsvcaddr\fR on the machine's \fBrpcbind\fR service. The value of \fInc_netid\fR must correspond to a network identifier that is defined by the netconfig database. This routine returns \fBTRUE\fR if it succeeds, \fBFALSE\fR -otherwise. See also \fBsvc_reg()\fR in \fBrpc_svc_calls\fR(3NSL). If there +otherwise. See also \fBsvc_reg()\fR in \fBrpc_svc_reg\fR(3NSL). If there already exists such an entry with \fBrpcbind\fR, \fBrpcb_set()\fR will fail. .RE @@ -153,11 +152,10 @@ the address on the machine's \fBrpcbind\fR service. If \fInetconf\fR is machine's \fBrpcbind\fR service. This routine returns \fBTRUE\fR if it succeeds, \fBFALSE\fR otherwise. Only the owner of the service or the super-user can destroy the mapping. See also \fBsvc_unreg()\fR in -\fBrpc_svc_calls\fR(3NSL). +\fBrpc_svc_reg\fR(3NSL). .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -173,7 +171,6 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP \fBrpcbind\fR(1M), \fBrpcinfo\fR(1M), \fBrpc_clnt_calls\fR(3NSL), \fBrpc_clnt_create\fR(3NSL), \fBrpc_svc_calls\fR(3NSL), \fBattributes\fR(5) diff --git a/usr/src/man/man3sec/acl_trivial.3sec b/usr/src/man/man3sec/acl_trivial.3sec index 82513c4091..76027b79cc 100644 --- a/usr/src/man/man3sec/acl_trivial.3sec +++ b/usr/src/man/man3sec/acl_trivial.3sec @@ -1,9 +1,10 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ACL_TRIVIAL 3SEC "Oct 6, 2005" +.TH ACL_TRIVIAL 3SEC "Nov 24, 2014" .SH NAME acl_trivial \- determine whether a file has a trivial ACL .SH SYNOPSIS @@ -16,23 +17,21 @@ cc [ \fIflag\fR\&.\|.\|. ] \fIfile\fR\&.\|.\|. \fB-lsec\fR [ \fIlibrary\fR\&.\|. .fi .SH DESCRIPTION -.sp .LP The \fBacl_trivial()\fR function is used to determine whether a file has a trivial ACL. Whether an ACL is trivial depends on the type of the ACL. A POSIX -draft ACL is trivial if it has greater than \fBMIN_ACL_ENTRIES\fR. An -NFSv4/ZFS-style ACL is trivial if it either has entries other than -\fBowner@\fR, \fBgroup@\fR, and \fBeveryone@\fR, has inheritance flags set, or -is not ordered in a manner that meets POSIX access control requirements. +draft ACL is trivial if it does not have more than \fBMIN_ACL_ENTRIES\fR +entries. An NFSv4/ZFS-style ACL is trivial if it does not have entries other +than \fBowner@\fR, \fBgroup@\fR, and \fBeveryone@\fR, does not have inheritance +flags set, and is ordered in a manner that meets POSIX access control +requirements. .SH RETURN VALUES -.sp .LP Upon successful completion, \fBacl_trivial()\fR returns 0 if the file's ACL is trivial and 1 if the file's ACL is not trivial. If it could not be determined whether a file's ACL is trivial, -1 is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS -.sp .LP The \fBacl_trivial()\fR function will fail if: .sp @@ -55,7 +54,6 @@ empty string. .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -73,6 +71,5 @@ MT-Level MT-Safe .TE .SH SEE ALSO -.sp .LP \fBacl\fR(5), \fBattributes\fR(5) diff --git a/usr/src/man/man5/acl.5 b/usr/src/man/man5/acl.5 index 89715d82f5..b1a0c97a1d 100644 --- a/usr/src/man/man5/acl.5 +++ b/usr/src/man/man5/acl.5 @@ -1,17 +1,17 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ACL 5 "Sep 10, 2013" +.TH ACL 5 "Nov 24, 2014" .SH NAME acl \- Access Control Lists .SH DESCRIPTION -.sp .LP Access control lists (ACLs) are discretionary access control mechanisms that grant and deny access to files and directories. Two different ACL models are -supported in the Solaris release:POSIX-draft ACLs and NFSv4 ACLs. +supported in the Solaris release: POSIX-draft ACLs and NFSv4 ACLs. .sp .LP The older, POSIX-draft model is supported by the UFS file system. This model is @@ -24,7 +24,6 @@ approved standard from the Internet Engineering Task Force (IETF). The ZFS file system uses the NFSv4 model, and provides richer semantics and finer grained permission capabilities than the POSIX-draft model. .SS "\fBPOSIX\fR-draft \fBACL\fRs" -.sp .LP POSIX-draft ACLs provide an alternative security mechanism to basic UNIX file permissions in the Solaris release. Their purpose is to further restrict access @@ -106,7 +105,6 @@ user:joe:rw- .sp .SS "\fBNFS\fRv4 \fBACL\fRs" -.sp .LP NFSv4 ACL model is based loosely on the Windows NT ACL model. NFSv4 ACLs provide a much richer ACL model than POSIX-draft ACLs. @@ -343,7 +341,7 @@ writes. Currently, this permission is not supported. .sp .LP -The following inheritance flags are supported by NFSv4: +The following inheritance flags are supported by NFSv4 ACLs: .sp .ne 2 .na @@ -369,8 +367,8 @@ Inherit to all newly created directories in a directory. .ad .RS 26n Placed on a directory, but does not apply to the directory itself, only to -newly created created files and directories. This flag requires file_inherit -and or dir_inherit to indicate what to inherit. +newly created files and directories. This flag requires file_inherit +and/or dir_inherit to indicate what to inherit. .RE .sp @@ -380,17 +378,17 @@ and or dir_inherit to indicate what to inherit. .ad .RS 26n Placed on directories and indicates that ACL entries should only be inherited -one level of the tree. This flag requires file_inherit and or dir_inherit to +one level of the tree. This flag requires file_inherit and/or dir_inherit to indicate what to inherit. .RE .sp .ne 2 .na -\fBsuccessful_access (\fBS)\fR)\fR +\fBsuccessful_access (\fBS\fR)\fR .ad .RS 26n -Indicates if an alarm or audit record should be initiated upon successful +Indicates whether an alarm or audit record should be initiated upon successful accesses. Used with audit/alarm ACE types. .RE @@ -400,8 +398,8 @@ accesses. Used with audit/alarm ACE types. \fBfailed_access (\fBF\fR)\fR .ad .RS 26n -Indicates if an alarm or audit record should be initiated when access fails. -Used with audit/alarm ACE types. +Indicates whether an alarm or audit record should be initiated when access +fails. Used with audit/alarm ACE types. .RE .sp @@ -433,8 +431,11 @@ An NFSv4 ACL is expressed using the following syntax: owner@:<perms>[:inheritance flags]:<allow|deny> group@:<perms>[:inheritance flags]:<allow|deny> everyone@:<perms>[:inheritance flags]:<allow|deny> - user:<username>[:inheritance flags]:<allow|deny> - group:<groupname>[:inheritance flags]:<allow|deny> + user:<username>:<perms>[:inheritance flags]:<allow|deny> + usersid:<sid string>:<perms>[:inheritance flags]:<allow|deny> + group:<groupname>:<perms>[:inheritance flags]:<allow|deny> + groupsid:<sid string>:<perms>[:inheritance flags]:<allow|deny> + sid:<sid string>:<perms>[:inheritance flags]:<allow|deny> .fi .in -2 @@ -540,7 +541,6 @@ user:fred:rwR:f------:allow .sp .SS "Shell-level Solaris \fBAPI\fR" -.sp .LP The Solaris command interface supports the manipulation of ACLs. The following Solaris utilities accommodate both ACL models: @@ -657,13 +657,11 @@ information. .RE .SS "Application-level \fBAPI\fR" -.sp .LP The primary interfaces required to access file system ACLs at the programmatic level are the \fBacl_get()\fR and \fBacl_set()\fR functions. These functions support both POSIX draft ACLs and NFSv4 ACLs. .SS "Retrieving a file's \fBACL\fR" -.sp .in +2 .nf int acl_get(const char *path, int flag, acl_t **aclp); @@ -679,7 +677,6 @@ fd. The flag argument specifies whether a trivial ACL should be retrieved. When the flag argument equals \fBACL_NO_TRIVIAL\fR then only ACLs that are not trivial are retrieved. The ACL is returned in the \fBaclp\fR argument. .SS "Freeing \fBACL\fR structure" -.sp .in +2 .nf void acl_free(acl_t *aclp)s; @@ -691,7 +688,6 @@ void acl_free(acl_t *aclp)s; The \fBacl_free()\fR function frees up memory allocated for the argument \fBaclp;\fR. .SS "Setting an \fBACL\fR on a file" -.sp .in +2 .nf int acl_set(const char *path, acl_t *aclp); @@ -708,7 +704,6 @@ descriptor \fBfd\fR. The \fBaclp\fR argument specifies the ACL to set. The target file systems supports NFSv4 ACLs. No translation is performed when trying to set an NFSv4 ACL on a POSIX-draft ACL supported file system. .SS "Determining an \fBACL\fR's trivialness" -.sp .in +2 .nf int acl_trivial(const char *path); @@ -718,14 +713,8 @@ int acl_trivial(const char *path); .sp .LP The \fBacl_trivial()\fR function is used to determine whether a file has a -trivial ACL. The trivialness of a file's ACL depends on the type of ACL it is. -For POSIX-draft ACLs, it implies the ACL has greater than -\fBMIN_ACL_ENTRIES\fR. For NFSv4/ZFS style ACLs, it implies that the ACL has -entries other than \fBowner@\fR, \fBgroup@\fR and \fBeveryone@\fR, inheritance -flags are set, or the ACL is not ordered in a manner that meets POSIX access -control requirements. +trivial ACL. .SS "Removing all \fBACL\fRs from a file" -.sp .in +2 .nf int acl_strip(const char *path, uid_t uid, gid_t gid, mode_t mode); @@ -739,7 +728,6 @@ with a trivial ACL based off of the passed in argument mode. After replacing the ACL the owner and group of the file are set to the values specified in the uid and gid parameters. .SS "Converting \fBACL\fRs to/from external representation" -.sp .in +2 .nf int acl_fromtext(const char *path, acl_t **aclp); @@ -749,7 +737,7 @@ char *acl_totext(acl_t *aclp, int flags); .sp .LP -The \fBacl_text()\fR function converts an internal ACL representation pointed +The \fBacl_totext()\fR function converts an internal ACL representation pointed to by aclp into an external representation. See \fBDESCRIPTION\fR for details about external representation. .sp @@ -758,7 +746,6 @@ The \fBacl_fromtext()\fR functions converts and external representation into an internal representation. See \fBDESCRIPTION\fR for details about external representation. .SH EXAMPLES -.sp .LP The following examples demonstrate how the API can be used to perform basic operations on ACLs. @@ -774,8 +761,10 @@ Use the following to retrieve an ACL and set it on another file: error = acl_get("file", ACL_NO_TRIVIAL, &aclp); if (error == 0 && aclp != NULL) { -error = acl_set("file2", aclp) +.in +8 +error = acl_set("file2", aclp); acl_free(aclp); +.in -8 } \&... .fi @@ -793,8 +782,10 @@ another file: .nf error = acl_get("file3", 0, &aclp); if (error == 0) { -error = acl_set("file4", aclp) +.in +8 +error = acl_set("file4", aclp); acl_free(aclp); +.in -8 } \&... .fi @@ -809,12 +800,17 @@ Use the following to determine if a file has a trivial ACL: .sp .in +2 .nf -istrivial = acl_trivial("file") +char *file = "file5"; +istrivial = acl_trivial(file); if (istrivial == 0) +.in +8 printf("file %s has a trivial ACL\en", file); +.in -8 else +.in +8 printf("file %s has a NON-trivial ACL\en", file); +.in -8 \&... .fi .in -2 @@ -835,10 +831,9 @@ error = acl_strip("file", 10, 100, 0644); .in -2 .SH SEE ALSO -.sp .LP \fBchgrp\fR(1), \fBchmod\fR(1), \fBchown\fR(1), \fBcp\fR(1), \fBcpio\fR(1), \fBfind\fR(1), \fBls\fR(1), \fBmv\fR(1), \fBtar\fR(1), \fBsetfacl\fR(1), -\fBchmod\fR(2), \fBacl\fR(2),\fBstat\fR(2),\fBacl_get\fR(3SEC), +\fBchmod\fR(2), \fBacl\fR(2), \fBstat\fR(2), \fBacl_get\fR(3SEC), \fBaclsort\fR(3SEC), \fBacl_fromtext\fR(3SEC), \fBacl_free\fR(3SEC), \fBacl_strip\fR(3SEC), \fBacl_trivial\fR(3SEC) diff --git a/usr/src/man/man7fs/lofs.7fs b/usr/src/man/man7fs/lofs.7fs index ff9ea870aa..4a5311552b 100644 --- a/usr/src/man/man7fs/lofs.7fs +++ b/usr/src/man/man7fs/lofs.7fs @@ -1,9 +1,10 @@ '\" te +.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LOFS 7FS "Aug 31, 2009" +.TH LOFS 7FS "Nov 24, 2014" .SH NAME lofs \- loopback virtual file system .SH SYNOPSIS @@ -12,11 +13,10 @@ lofs \- loopback virtual file system #include <sys/param.h> #include <sys/mount.h> -\fBint\fR \fBmount\fR (\fBconst char*\fR \fIdir\fR, \fBconst char*\fR \fIvirtual\fR, \fBint\fR \fImflag\fR, \fB\fR\fIlofs\fR, \fB\fR\fINULL\fR, \fB\fR\fI0\fR); +\fBint\fR \fBmount\fR (\fBconst char *\fR\fIdir\fR, \fBconst char *\fR\fIvirtual\fR, \fBint\fR \fImflag\fR, \fB"lofs"\fR, \fBNULL\fR, \fB0\fR); .fi .SH DESCRIPTION -.sp .LP The loopback file system device allows new, virtual file systems to be created, which provide access to existing files using alternate pathnames. Once the @@ -55,7 +55,6 @@ contain yet another file system hierarchy; rather, it appears just as \fB/tmp/newroot\fR did before the loopback mount was performed (for example, as an empty directory). .SS "Examples" -.sp .LP \fBlofs\fR file systems are mounted using: .sp @@ -67,12 +66,10 @@ an empty directory). .sp .SH SEE ALSO -.sp .LP \fBlofiadm\fR(1M), \fBmount\fR(1M), \fBchroot\fR(2), \fBmount\fR(2), \fBsysfs\fR(2), \fBvfstab\fR(4), \fBlofi\fR(7D) .SH NOTES -.sp .LP All access to entries in \fBlofs\fR mounted file systems map to their underlying file system. If a mount point is made available in multiple @@ -82,7 +79,6 @@ specified. See \fBmount\fR(1M). Examples of a mount point being busy within a \fBlofs\fR mount include having a file system mounted on it or it being a processes' current working directory. .SH WARNINGS -.sp .LP Because of the potential for confusing users and applications, you should use loopback mounts with care. A loopback mount entry in \fB/etc/vfstab\fR must be diff --git a/usr/src/pkg/manifests/library-security-tcp-wrapper.mf b/usr/src/pkg/manifests/library-security-tcp-wrapper.mf index dfd0730e77..1d06dac7cd 100644 --- a/usr/src/pkg/manifests/library-security-tcp-wrapper.mf +++ b/usr/src/pkg/manifests/library-security-tcp-wrapper.mf @@ -21,7 +21,7 @@ # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. -# Copyright 2012 Nexenta Systems, Inc. All rights reserved. +# Copyright 2014 Nexenta Systems, Inc. All rights reserved. # set name=pkg.fmri \ @@ -55,6 +55,9 @@ legacy pkg=SUNWtcpd \ name="tcpd - access control facility for internet services" license usr/src/cmd/tcpd/THIRDPARTYLICENSE \ license=usr/src/cmd/tcpd/THIRDPARTYLICENSE +link path=usr/share/man/man3/hosts_ctl.3 target=hosts_access.3 link path=usr/share/man/man3/libwrap.3 target=hosts_access.3 +link path=usr/share/man/man3/request_init.3 target=hosts_access.3 +link path=usr/share/man/man3/request_set.3 target=hosts_access.3 link path=usr/share/man/man4/hosts.allow.4 target=hosts_access.4 link path=usr/share/man/man4/hosts.deny.4 target=hosts_access.4 diff --git a/usr/src/uts/intel/amd64/ml/amd64.il b/usr/src/uts/intel/amd64/ml/amd64.il index 2afcf93bed..fc78c95a95 100644 --- a/usr/src/uts/intel/amd64/ml/amd64.il +++ b/usr/src/uts/intel/amd64/ml/amd64.il @@ -64,15 +64,6 @@ .end / -/ find the low order bit in a word -/ - .inline lowbit,4 - movq $-1, %rax - bsfq %rdi, %rax - incq %rax - .end - -/ / Networking byte order functions (too bad, Intel has the wrong byte order) / diff --git a/usr/src/uts/intel/asm/bitmap.h b/usr/src/uts/intel/asm/bitmap.h index 6148277085..92020e39e3 100644 --- a/usr/src/uts/intel/asm/bitmap.h +++ b/usr/src/uts/intel/asm/bitmap.h @@ -48,29 +48,33 @@ extern "C" { extern __GNU_INLINE int highbit(ulong_t i) { - long value = -1l; + long value; + uint8_t zf; __asm__( - "bsr" __SUF " %1,%0" - : "+r" (value) - : "r" (i) + "bsr" __SUF " %2,%0;" + "setz %1" + : "=r" (value), "=q" (zf) + : "mr" (i) : "cc"); - return ((int)(value + 1)); + return (zf ? 0 : (value + 1)); } extern __GNU_INLINE int lowbit(ulong_t i) { - long value = -1l; + long value; + uint8_t zf; __asm__( - "bsf" __SUF " %1,%0" - : "+r" (value) - : "r" (i) + "bsf" __SUF " %2,%0;" + "setz %1" + : "=r" (value), "=q" (zf) + : "mr" (i) : "cc"); - return ((int)(value + 1)); + return (zf ? 0 : (value + 1)); } extern __GNU_INLINE uint_t diff --git a/usr/src/uts/intel/ia32/ml/i86_subr.s b/usr/src/uts/intel/ia32/ml/i86_subr.s index 9baabcee49..23b20ebbde 100644 --- a/usr/src/uts/intel/ia32/ml/i86_subr.s +++ b/usr/src/uts/intel/ia32/ml/i86_subr.s @@ -2801,7 +2801,8 @@ lowbit(ulong_t i) ENTRY(lowbit) movl $-1, %eax - bsfq %rdi, %rax + bsfq %rdi, %rdi + cmovnz %edi, %eax incl %eax ret SET_SIZE(lowbit) @@ -2809,10 +2810,13 @@ lowbit(ulong_t i) #elif defined(__i386) ENTRY(lowbit) - movl $-1, %eax bsfl 4(%esp), %eax + jz 0f incl %eax ret +0: + xorl %eax, %eax + ret SET_SIZE(lowbit) #endif /* __i386 */ @@ -2825,60 +2829,41 @@ int highbit(ulong_t i) { return (0); } +/*ARGSUSED*/ +int +highbit64(uint64_t i) +{ return (0); } + #else /* __lint */ #if defined(__amd64) ENTRY(highbit) + ALTENTRY(highbit64) movl $-1, %eax - bsrq %rdi, %rax + bsrq %rdi, %rdi + cmovnz %edi, %eax incl %eax ret + SET_SIZE(highbit64) SET_SIZE(highbit) #elif defined(__i386) ENTRY(highbit) - movl $-1, %eax bsrl 4(%esp), %eax + jz 0f incl %eax ret +0: + xorl %eax, %eax + ret SET_SIZE(highbit) -#endif /* __i386 */ -#endif /* __lint */ - -#if defined(__lint) - -/*ARGSUSED*/ -int -highbit64(uint64_t i) -{ return (0); } - -#else /* __lint */ - -#if defined(__amd64) - - ENTRY(highbit64) - movl $-1, %eax - bsrq %rdi, %rax - incl %eax - ret - SET_SIZE(highbit64) - -#elif defined(__i386) - ENTRY(highbit64) bsrl 8(%esp), %eax - jz .lowbit - addl $32, %eax - jmp .done - -.lowbit: - movl $-1, %eax - bsrl 4(%esp), %eax -.done: - incl %eax + jz highbit + addl $33, %eax ret SET_SIZE(highbit64) diff --git a/usr/src/uts/intel/ia32/ml/ia32.il b/usr/src/uts/intel/ia32/ml/ia32.il index 78a2b6c647..8ced7d69a6 100644 --- a/usr/src/uts/intel/ia32/ml/ia32.il +++ b/usr/src/uts/intel/ia32/ml/ia32.il @@ -66,24 +66,6 @@ .end / -/ find the low order bit in a word -/ - .inline lowbit,4 - movl $-1, %eax - bsfl (%esp), %eax - incl %eax - .end - -/ -/ find the high order bit in a word -/ - .inline highbit,4 - movl $-1, %eax - bsrl (%esp), %eax - incl %eax - .end - -/ / Networking byte order functions (too bad, Intel has the wrong byte order) / .inline htonll,4 |