1 .\" 2 .\" CDDL HEADER START 3 .\" 4 .\" The contents of this file are subject to the terms of the 5 .\" Common Development and Distribution License (the "License"). 6 .\" You may not use this file except in compliance with the License. 7 .\" 8 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 .\" or http://www.opensolaris.org/os/licensing. 10 .\" See the License for the specific language governing permissions 11 .\" and limitations under the License. 12 .\" 13 .\" When distributing Covered Code, include this CDDL HEADER in each 14 .\" file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 .\" If applicable, add the following below this CDDL HEADER, with the 16 .\" fields enclosed by brackets "[]" replaced with your own identifying 17 .\" information: Portions Copyright [yyyy] [name of copyright owner] 18 .\" 19 .\" CDDL HEADER END 20 .\" 21 .\" 22 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved 23 .\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. 24 .\" 25 .Dd November 10, 2014 26 .Dt SHARE_NFS 1M 27 .Os 28 .Sh NAME 29 .Nm share_nfs 30 .Nd make local NFS file systems available for mounting by remote systems 31 .Sh SYNOPSIS 32 .Nm share 33 .Op Fl d Ar description 34 .Op Fl F Sy nfs 35 .Op Fl o Ar specific_options 36 .Ar pathname 37 .Sh DESCRIPTION 38 The 39 .Nm share 40 utility makes local file systems available for mounting by remote systems. It 41 starts the 42 .Xr nfsd 1M 43 and 44 .Xr mountd 1M 45 daemons if they are not already running. 46 .Pp 47 If no argument is specified, then 48 .Nm share 49 displays all file systems currently shared, including NFS file systems and file 50 systems shared through other distributed file system packages. 51 .Sh OPTIONS 52 The following options are supported: 53 .Bl -tag -width "indented" 54 .It Fl d Ar description 55 Provide a comment that describes the file system to be shared. 56 .It Fl F Sy nfs 57 Share NFS file system type. 58 .It Fl o Ar specific_options 59 Specify 60 .Ar specific_options 61 in a comma-separated list of keywords and attribute-value-assertions for 62 interpretation by the file-system-type-specific command. If 63 .Ar specific_options 64 is not specified, then by default sharing is read-write to all clients. 65 .Ar specific_options 66 can be any combination of the following: 67 .Bl -tag -width "indented" 68 .It Sy aclok 69 Allows the NFS server to do access control for NFS Version 2 clients (running 70 SunOS 2.4 or earlier). When 71 .Sy aclok 72 is set on the server, maximal access is given to all clients. For example, with 73 .Sy aclok 74 set, if anyone has read permissions, then everyone does. If 75 .Sy aclok 76 is not set, minimal access is given to all clients. 77 .It Sy anon Ns = Ns Ar uid 78 Set 79 .Ar uid 80 to be the effective user ID of unknown users. By default, unknown users are 81 given the effective user ID UID_NOBODY. If uid is set to -1, access is denied. 82 .It Ar charset Ns = Ns Ar access_list 83 Where 84 .Ar charset 85 is one of: euc-cn, euc-jp, euc-jpms, euc-kr, euc-tw, iso8859-1, iso8859-2, 86 iso8859-5, iso8859-6, iso8859-7, iso8859-8, iso8859-9, iso8859-13, iso8859-15, 87 koi8-r. 88 .Pp 89 Clients that match the 90 .Ar access_list 91 for one of these properties will be assumed to be using that character set and 92 file and path names will be converted to UTF-8 for the server. 93 .It Sy gidmap Ns = Ns Ar mapping Ns Oo ~ Ns Ar mapping Oc Ns ... 94 Where 95 .Ar mapping 96 is: 97 .Oo Ar clnt Oc : Ns Oo Ar srv Oc : Ns Ar access_list 98 .Pp 99 Allows remapping the group ID (gid) in the incoming request to some other gid. 100 This effectively changes the identity of the user in the request to that of 101 some other local user. 102 .Pp 103 For clients where the gid in the incoming request is 104 .Ar clnt 105 and the client matches the 106 .Ar access_list Ns 107 , change the group ID to 108 .Ar srv Ns . If 109 .Ar clnt 110 is asterisk (*), all groups are mapped by this rule. If 111 .Ar clnt 112 is omitted, all unknown groups are mapped by this rule. If 113 .Ar srv 114 is set to -1, access is denied. If 115 .Ar srv 116 is omitted, the gid is mapped to UID_NOBODY. 117 .Pp 118 The particular 119 .Ar mapping Ns s 120 are separated in the 121 .Sy gidmap Ns = 122 option by tilde (~) and are evaluated in the specified order until a match is 123 found. Both 124 .Sy root Ns = 125 and 126 .Sy root_mapping Ns = 127 options (if specified) are evaluated before the 128 .Sy gidmap Ns = 129 option. The 130 .Sy gidmap Ns = 131 option is skipped in the case where the client matches the 132 .Sy root Ns = 133 option. 134 .Pp 135 The 136 .Sy gidmap Ns = 137 option is evaluated before the 138 .Sy anon Ns = 139 option. 140 .Pp 141 This option is supported only for AUTH_SYS. 142 .It Sy index Ns = Ns Ar file 143 Load 144 .Ar file 145 rather than a listing of the directory containing this file when the 146 directory is referenced by an NFS URL. 147 .It Sy log Ns Oo = Ns Ar tag Oc 148 Enables NFS server logging for the specified file system. The optional 149 .Ar tag 150 determines the location of the related log files. The 151 .Ar tag 152 is defined in 153 .Pa /etc/nfs/nfslog.conf . 154 If no 155 .Ar tag 156 is specified, the default values associated with the global tag in 157 .Pa /etc/nfs/nfslog.conf 158 are used. Support of NFS server logging is only available for NFS Version 2 and 159 Version 3 requests. 160 .It Sy none Ns = Ns Ar access_list 161 Access is not allowed to any client that matches the access list. The exception 162 is when the access list is an asterisk (*), in which case 163 .Sy ro 164 or 165 .Sy rw 166 can override 167 .Sy none . 168 .It Sy nosub 169 Prevents clients from mounting subdirectories of shared directories. For 170 example, if 171 .Pa /export 172 is shared with the 173 .Sy nosub 174 option on server 175 .Qq fooey 176 then a NFS client cannot do: 177 .Bd -literal -offset indent 178 mount -F nfs fooey:/export/home/mnt 179 .Ed 180 .Pp 181 NFS Version 4 does not use the MOUNT protocol. The 182 .Sy nosub 183 option only applies to NFS Version 2 and Version 3 requests. 184 .It Sy nosuid 185 By default, clients are allowed to create files on the shared file system with 186 the setuid or setgid mode enabled. Specifying 187 .Sy nosuid 188 causes the server file system to silently ignore any attempt to enable the 189 setuid or setgid mode bits. 190 .It Sy public 191 Moves the location of the public file handle from root 192 .Pa ( / ) 193 to the exported directory for WebNFS-enabled browsers and clients. This option 194 does not enable WebNFS service; WebNFS is always on. Only one file system per 195 server may use this option. Any other option, including the 196 .Sy ro Ns = Ns Ar list 197 and 198 .Sy rw Ns = Ns Ar list 199 options can be included with the 200 .Sy public 201 option. 202 .It Sy ro 203 Sharing is read-only to all clients. 204 .It Sy ro Ns = Ns Ar access_list 205 Sharing is read-only to the clients listed in 206 .Ar access_list ; 207 overrides the 208 .Sy rw 209 suboption for the clients specified. See 210 .Sx access_list 211 below. 212 .It Sy root Ns = Ns Ar access_list 213 Only root users from the hosts specified in 214 .Ar access_list 215 have root access. See 216 .Sx access_list 217 below. By default, no host has root access, so root users are mapped to an 218 anonymous user ID (see the 219 .Sy anon Ns = Ns Ar uid 220 option described above). Netgroups can be used if the file system shared is 221 using UNIX authentication (AUTH_SYS). 222 .It Sy root_mapping Ns = Ns Ar uid 223 For a client that is allowed root access, map the root UID to the specified 224 user id. 225 .It Sy rw 226 Sharing is read-write to all clients. 227 .It Sy rw Ns = Ns Ar access_list 228 Sharing is read-write to the clients listed in 229 .Ar access_list ; 230 overrides the 231 .Sy ro 232 suboption for the clients specified. See 233 .Sx access_list 234 below. 235 .It Sy sec Ns = Ns Ar mode Ns Oo : Ns Ar mode Oc Ns ... 236 Sharing uses one or more of the specified security modes. The 237 .Ar mode 238 in the 239 .Sy sec Ns = Ns Ar mode 240 option must be a mode name supported on the client. If the 241 .Sy sec Ns = 242 option is not specified, the default security mode used is AUTH_SYS. Multiple 243 .Sy sec Ns = 244 options can be specified on the command line, although each mode can appear 245 only once. The security modes are defined in 246 .Xr nfssec 5 . 247 .Pp 248 Each 249 .Sy sec Ns = 250 option specifies modes that apply to any subsequent 251 .Sy window Ns = , 252 .Sy rw , 253 .Sy ro , 254 .Sy rw Ns = , 255 .Sy ro Ns = , 256 and 257 .Sy root Ns = 258 options that are provided before another 259 .Sy sec Ns = 260 option. 261 Each additional 262 .Sy sec Ns = 263 resets the security mode context, so that more 264 .Sy window Ns = , 265 .Sy rw , 266 .Sy ro , 267 .Sy rw Ns = , 268 .Sy ro Ns = , 269 and 270 .Sy root Ns = 271 options can be supplied for additional modes. 272 .It Sy sec Ns = Ns Sy none 273 If the option 274 .Sy sec Ns = Ns Sy none 275 is specified when the client uses AUTH_NONE, or if the client uses a security 276 mode that is not one that the file system is shared with, then the credential 277 of each NFS request is treated as unauthenticated. See the 278 .Sy anon Ns = Ns Ar uid 279 option for a description of how unauthenticated requests are handled. 280 .It Sy secure 281 This option has been deprecated in favor of the 282 .Sy sec Ns = Ns Sy dh 283 option. 284 .It Sy uidmap Ns = Ns Ar mapping Ns Oo ~ Ns Ar mapping Oc Ns ... 285 Where 286 .Ar mapping 287 is: 288 .Oo Ar clnt Oc : Ns Oo Ar srv Oc : Ns Ar access_list 289 .Pp 290 Allows remapping the user ID (uid) in the incoming request to some other uid. 291 This effectively changes the identity of the user in the request to that of 292 some other local user. 293 .Pp 294 For clients where the uid in the incoming request is 295 .Ar clnt 296 and the client matches the 297 .Ar access_list Ns 298 , change the user ID to 299 .Ar srv Ns . If 300 .Ar clnt 301 is asterisk (*), all users are mapped by this rule. If 302 .Ar clnt 303 is omitted, all unknown users are mapped by this rule. If 304 .Ar srv 305 is set to -1, access is denied. If 306 .Ar srv 307 is omitted, the uid is mapped to UID_NOBODY. 308 .Pp 309 The particular 310 .Ar mapping Ns s 311 are separated in the 312 .Sy uidmap Ns = 313 option by tilde (~) and are evaluated in the specified order until a match is 314 found. Both 315 .Sy root Ns = 316 and 317 .Sy root_mapping Ns = 318 options (if specified) are evaluated before the 319 .Sy uidmap Ns = 320 option. The 321 .Sy uidmap Ns = 322 option is skipped in the case where the client matches the 323 .Sy root Ns = 324 option. 325 .Pp 326 The 327 .Sy uidmap Ns = 328 option is evaluated before the 329 .Sy anon Ns = 330 option. 331 .Pp 332 This option is supported only for AUTH_SYS. 333 .It Sy window Ns = Ns Ar value 334 When sharing with 335 .Sy sec Ns = Ns Sy dh , 336 set the maximum life time (in seconds) of the RPC request's credential (in the 337 authentication header) that the NFS server allows. If a credential arrives with 338 a life time larger than what is allowed, the NFS server rejects the request. The 339 default value is 30000 seconds (8.3 hours). 340 .El 341 .El 342 .Ss access_list 343 The 344 .Ar access_list 345 argument is a colon-separated list whose components may be any number of the 346 following: 347 .Bl -tag -width "indented" 348 .It Sy hostname 349 The name of a host. With a server configured for DNS or LDAP naming in the 350 nsswitch 351 .Sy hosts 352 entry, any hostname must be represented as a fully qualified DNS or LDAP name. 353 .It Sy netgroup 354 A netgroup contains a number of hostnames. With a server configured for DNS or 355 LDAP naming in the nsswitch 356 .Sy hosts 357 entry, any hostname in a netgroup must be represented as a fully qualified DNS 358 or LDAP name. 359 .It Sy domain name suffix 360 To use domain membership the server must use DNS or LDAP to resolve hostnames to 361 IP addresses; that is, the 362 .Sy hosts 363 entry in the 364 .Pa /etc/nsswitch.conf 365 must specify 366 .Sy dns 367 or 368 .Sy ldap 369 ahead of 370 .Sy nis 371 or 372 .Sy nisplus , 373 since only DNS and LDAP return the full domain name of the host. Other name 374 services like NIS or NIS+ cannot be used to resolve hostnames on the server 375 because when mapping an IP address to a hostname they do not return domain 376 information. For example, 377 .Bd -literal -offset indent 378 NIS or NIS+ 172.16.45.9 --> "myhost" 379 .Ed 380 .Pp 381 and 382 .Bd -literal -offset indent 383 DNS or LDAP 172.16.45.9 --> "myhost.mydomain.mycompany.com" 384 .Ed 385 .Pp 386 The domain name suffix is distinguished from hostnames and netgroups by a 387 prefixed dot. For example, 388 .Bd -literal -offset indent 389 rw=.mydomain.mycompany.com 390 .Ed 391 .Pp 392 A single dot can be used to match a hostname with no suffix. For example, 393 .Bd -literal -offset indent 394 rw=. 395 .Ed 396 .Pp 397 matches 398 .Qq mydomain 399 but not 400 .Qq mydomain.mycompany.com . 401 This feature can be used to match hosts resolved through NIS and NIS+ rather 402 than DNS and LDAP. 403 .It Sy network 404 The network or subnet component is preceded by an at-sign (@). It can be either 405 a name or a dotted address. If a name, it is converted to a dotted address by 406 .Xr getnetbyname 3SOCKET . 407 For example, 408 .Bd -literal -offset indent 409 =@mynet 410 .Ed 411 .Pp 412 would be equivalent to: 413 .Bd -literal -offset indent 414 =@172.16 or =@172.16.0.0 415 .Ed 416 .Pp 417 The network prefix assumes an octet-aligned netmask determined from the zeroth 418 octet in the low-order part of the address up to and including the high-order 419 octet, if you want to specify a single IP address (see below). In the case 420 where network prefixes are not byte-aligned, the syntax allows a mask length to 421 be specified explicitly following a slash (/) delimiter. For example, 422 .Bd -literal -offset indent 423 =@theothernet/17 or =@172.16.132/22 424 .Ed 425 .Pp 426 where the mask is the number of leftmost contiguous significant bits in the 427 corresponding IP address. 428 .Pp 429 When specifying individual IP addresses, use the same @ notation described 430 above, without a netmask specification. For example: 431 .Bd -literal -offset indent 432 =@172.16.132.14 433 .Ed 434 .Pp 435 Multiple, individual IP addresses would be specified, for example, as: 436 .Bd -literal -offset indent 437 root=@172.16.132.20:@172.16.134.20 438 .Ed 439 .El 440 .Pp 441 A prefixed minus sign (-) denies access to that component of 442 .Ar access_list . 443 The list is searched sequentially until a match is found that either grants or 444 denies access, or until the end of the list is reached. For example, if host 445 .Qq terra 446 is in the 447 .Qq engineering 448 netgroup, then 449 .Bd -literal -offset indent 450 rw=-terra:engineering 451 .Ed 452 .Pp 453 denies access to 454 .Qq terra 455 but 456 .Bd -literal -offset indent 457 rw=engineering:-terra 458 .Ed 459 .Pp 460 grants access to 461 .Qq terra . 462 .Sh OPERANDS 463 The following operands are supported: 464 .Bl -tag -width "pathname" 465 .It Sy pathname 466 The pathname of the file system to be shared. 467 .El 468 .Sh FILES 469 .Bl -tag -width "/etc/nfs/nfslog.conf" 470 .It Pa /etc/dfs/fstypes 471 list of system types, NFS by default 472 .It Pa /etc/dfs/sharetab 473 system record of shared file systems 474 .It Pa /etc/nfs/nfslogtab 475 system record of logged file systems 476 .It Pa /etc/nfs/nfslog.conf 477 logging configuration file 478 .El 479 .Sh EXIT STATUS 480 .Ex -std 481 .Sh EXAMPLES 482 .Ss Example 1 Sharing A File System With Logging Enabled 483 The following example shows the 484 .Pa /export 485 file system shared with logging enabled: 486 .Bd -literal -offset indent 487 share -o log /export 488 .Ed 489 .Pp 490 The default global logging parameters are used since no tag identifier is 491 specified. The location of the log file, as well as the necessary logging work 492 files, is specified by the global entry in 493 .Pa /etc/nfs/nfslog.conf . 494 The 495 .Xr nfslogd 1M 496 daemon runs only if at least one file system entry in 497 .Pa /etc/dfs/dfstab 498 is shared with logging enabled upon starting or rebooting the system. Simply 499 sharing a file system with logging enabled from the command line does not start 500 the 501 .Xr nfslogd 1M . 502 .Ss Example 2 Remap A User Coming From The Particular NFS Client 503 The following example remaps the user with uid 504 .Sy 100 505 at client 506 .Sy 10.0.0.1 507 to user 508 .Sy joe Ns : 509 .Bd -literal -offset indent 510 share -o uidmap=100:joe:@10.0.0.1 /export 511 .Ed 512 .Sh SEE ALSO 513 .Xr mount 1M , 514 .Xr mountd 1M , 515 .Xr nfsd 1M , 516 .Xr nfslogd 1M , 517 .Xr share 1M , 518 .Xr unshare 1M , 519 .Xr getnetbyname 3SOCKET , 520 .Xr netgroup 4 , 521 .Xr nfslog.conf 4 , 522 .Xr attributes 5 , 523 .Xr nfssec 5 524 .Sh NOTES 525 If the 526 .Sy sec Ns = 527 option is presented at least once, all uses of the 528 .Sy window Ns = , 529 .Sy rw , 530 .Sy ro , 531 .Sy rw Ns = , 532 .Sy ro Ns = , 533 and 534 .Sy root Ns = 535 options must come after the first 536 .Sy sec Ns = 537 option. If the 538 .Sy sec Ns = 539 option is not presented, then 540 .Sy sec Ns = Ns Sy sys 541 is implied. 542 .Pp 543 If one or more explicit 544 .Sy sec Ns = 545 options are presented, 546 .Sy sys 547 must appear in one of the options mode lists for accessing using the AUTH_SYS 548 security mode to be allowed. For example: 549 .Bd -literal -offset indent 550 share -F nfs /var 551 share -F nfs -o sec=sys /var 552 .Ed 553 .Pp 554 grants read-write access to any host using AUTH_SYS, but 555 .Bd -literal -offset indent 556 share -F nfs -o sec=dh /var 557 .Ed 558 .Pp 559 grants no access to clients that use AUTH_SYS. 560 .Pp 561 Unlike previous implementations of 562 .Nm , 563 access checking for the 564 .Sy window Ns = , 565 .Sy rw , 566 .Sy ro , 567 .Sy rw Ns = , 568 and 569 .Sy ro Ns = 570 options is done per NFS request, instead of per mount request. 571 .Pp 572 Combining multiple security modes can be a security hole in situations where 573 the 574 .Sy ro Ns = 575 and 576 .Sy rw Ns = 577 options are used to control access to weaker security modes. In this example, 578 .Bd -literal -offset indent 579 share -F nfs -o sec=dh,rw,sec=sys,rw=hosta /var 580 .Ed 581 .Pp 582 an intruder can forge the IP address for 583 .Qq hosta 584 (albeit on each NFS request) to side-step the stronger controls of AUTH_DES. 585 Something like: 586 .Bd -literal -offset indent 587 share -F nfs -o sec=dh,rw,sec=sys,ro /var 588 .Ed 589 .Pp 590 is safer, because any client (intruder or legitimate) that avoids AUTH_DES only 591 gets read-only access. In general, multiple security modes per share command 592 should only be used in situations where the clients using more secure modes get 593 stronger access than clients using less secure modes. 594 .Pp 595 If 596 .Sy rw Ns = 597 and 598 .Sy ro Ns = 599 options are specified in the same 600 .Sy sec Ns = 601 clause, and a client is in both lists, the order of the two options determines 602 the access the client gets. If client 603 .Qq hosta 604 is in two netgroups, 605 .Qq group1 606 and 607 .Qq group2 , 608 in this example, the client would get read-only access: 609 .Bd -literal -offset indent 610 share -F nfs -o ro=group1,rw=group2 /var 611 .Ed 612 .Pp 613 In this example 614 .Qq hosta 615 would get read-write access: 616 .Bd -literal -offset indent 617 share -F nfs -o rw=group2,ro=group1 /var 618 .Ed 619 .Pp 620 If within a 621 .Sy sec Ns = 622 clause, both the 623 .Sy ro 624 and 625 .Sy rw Ns = 626 options are specified, for compatibility, the order of the options rule is not 627 enforced. All hosts would get read-only access, with the exception to those in 628 the read-write list. Likewise, if the 629 .Sy ro Ns = 630 and 631 .Sy rw 632 options are specified, all hosts get read-write access with the exceptions of 633 those in the read-only list. 634 .Pp 635 The 636 .Sy ro Ns = 637 and 638 .Sy rw Ns = 639 options are guaranteed to work over UDP and TCP but may not work over other 640 transport providers. 641 .Pp 642 The 643 .Sy root Ns = 644 option with AUTH_SYS is guaranteed to work over UDP and TCP but may not work 645 over other transport providers. 646 .Pp 647 The 648 .Sy root Ns = 649 option with AUTH_DES is guaranteed to work over any transport provider. 650 .Pp 651 There are no interactions between the 652 .Sy root Ns = 653 option and the 654 .Sy rw , 655 .Sy ro , 656 .Sy rw Ns = , 657 and 658 .Sy ro Ns = 659 options. Putting a host in the root list does not override the semantics of the 660 other options. The access the host gets is the same as when the 661 .Sy root Ns = 662 option is absent. For example, the following share command denies access to 663 .Qq hostb : 664 .Bd -literal -offset indent 665 share -F nfs -o ro=hosta,root=hostb /var 666 .Ed 667 .Pp 668 The following gives read-only permissions to 669 .Qq hostb : 670 .Bd -literal -offset indent 671 share -F nfs -o ro=hostb,root=hostb /var 672 .Ed 673 .Pp 674 The following gives read-write permissions to 675 .Qq hostb : 676 .Bd -literal -offset indent 677 share -F nfs -o ro=hosta,rw=hostb,root=hostb /var 678 .Ed 679 .Pp 680 If the file system being shared is a symbolic link to a valid pathname, the 681 canonical path (the path which the symbolic link follows) is shared. For 682 example, if 683 .Pa /export/foo 684 is a symbolic link to 685 .Pa /export/bar , 686 the following share command results in 687 .Pa /export/bar 688 as the shared pathname (and not 689 .Pa /export/foo ) : 690 .Bd -literal -offset indent 691 share -F nfs /export/foo 692 .Ed 693 .Pp 694 An NFS mount of 695 .Lk server:/export/foo 696 results in 697 .Lk server:/export/bar 698 really being mounted. 699 .Pp 700 This line in the 701 .Pa /etc/dfs/dfstab 702 file shares the 703 .Pa /disk 704 file system read-only at boot time: 705 .Bd -literal -offset indent 706 share -F nfs -o ro /disk 707 .Ed 708 .Pp 709 The same command entered from the command line does not share the 710 .Pa /disk 711 file system unless there is at least one file system entry in the 712 .Pa /etc/dfs/dfstab 713 file. The 714 .Xr mountd 1M 715 and 716 .Xr nfsd 1M 717 daemons only run if there is a file system entry in 718 .Pa /etc/dfs/dfstab 719 when starting or rebooting the system. 720 .Pp 721 The 722 .Xr mountd 1M 723 process allows the processing of a path name the contains a symbolic link. 724 This allows the processing of paths that are not themselves explicitly shared 725 with 726 .Nm . 727 For example, 728 .Pa /export/foo 729 might be a symbolic link that refers to 730 .Pa /export/bar 731 which has been specifically shared. When the client mounts 732 .Pa /export/foo 733 the mountd processing follows the symbolic link and responds with the 734 .Pa /export/bar . 735 The NFS Version 4 protocol does not use the mountd processing and the client's 736 use of 737 .Pa /export/foo 738 does not work as it does with NFS Version 2 and Version 3 and the client 739 receives an error when attempting to mount 740 .Pa /export/foo .