exports.5: Clarify that exported dirs should be local mount points

If not, then in general the entire filesystem containing the exported
directory is accessiable. This may be surprising, so try to make it
more clear.

Reviewed by: rmacklem, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D44614

exports.5: Update an example to use service(8)

MFC after: 1 week

exports.5: Add RFC number for NFS over TLS

This is a content change.

MFC after: 1 week

mountd: Update exports.5 for commit 7c5146da1286

Commit 7c5146da1286 modified mountd so that it uses
strunvis(3) to decode directory names in exports lines.
This allows special characters, such as blanks, to be
encoded in the directory names.

This patch updates the exports.5 man page for this change.

This is a content change.

Reviewed by: karels, pauamma_gundo.com (manpages)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42163

usr.sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

exports.5: Clean up EXAMPLES and STANDARDS

There was a missing sentence in the description of the second mount
entry in the example. Fix that and some other bits in the EXAMPLES
section.

Also, make the STANDARDS section a bit more readable.

MFC after: 1 week
Sponsored by: Klara Inc.

mountd: deprecate exports to a network without mask

The exports file format allows export to a network using an explicit
mask or prefix length (CIDR). It also allows a network with just
a dotted address, in which case the historical mask was used.
Deprecate this usage, and warn when it is used. Document that this
is deprecated.

MFC after: 1 month
Reviewed by: rmacklem, bcr, #manpages
Differential Revision: https://reviews.freebsd.org/D32713

Update man page for new TLS export options.

NFS over TLS uses three new export options, added by r364979.
This patch updates the exports.5 man page for these new options.
Once assigned by IETF, "NNNN" will be replaced with the RFC number.

This is a content change.

Reviewed by: gbe
Differential Revision: https://review.freebsd.org/D26241

Fix a few mandoc issues

- no blank before trailing delimiter
- whitespace at end of input line
- sections out of conventional order
- normalizing date format
- AUTHORS section without An macro

Bump .Dd for today's edit.

Thank you Enji Cooper

Clarify NFSv4 /etc/exports semantics, with working example.
The existing wording has been confusing users for years.

Update the exports.5 man page to reflect the change in default uid/gid
made by r318262.

This is a content change.

Renumber copyright clause 4

Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96

Allow /etc/exports to contain usernames/groups with spaces in them.

If you are getting your users/groups from a directory service such
as LDAP or AD it's possible for those usernames or groupnames to
contain spaces.

Submitted by: Sean E. Fagan
Reviewed by: rmacklem
MFC after: 1 week
Sponsored by: iXsystems

Try to clarify how file systems are exported for NFSv4.

Suggested by: rcarter@pinyon.org
MFC after: 1 week

Attempt to clarify that for ZFS, all file systems under
the NFSv4 root must be exported. This is because ZFS
checks exports itself.
This is a content change.

MFC after: 2 weeks

Minor mdoc fixes.

Remove trailing whitespace per mdoc lint warning

Disussed with: gavin
No objection from: doc
Approved by: joel
MFC after: 3 days

Try and fix the exports.5 man page so that it clarifies how
NFSv4 exports are handled. Improved by informal review comments from
mckusick, kudak at mit.edu and bde.
This is a content change.

MFC after: 2 weeks

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

o Fix typo: sepcify -> specify.

PR: docs/148499
Submitted by: Warren Block
MFC after: 1 week

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

Description of steps required to setup NFSv4 server is in nfsv4(4);
add reference to exports(5), since that's the obvious starting point
for searching for this.

Modify mountd to handle the experimental nfs server as well as the
regular one. It now takes a "-4" command line argument to force it
to use the experimental server. Otherwise it will use the regular
server unless the experimental server is the only one linked into
the kernel. A third kind of line has been added to /etc/exports,
which is specific to NFSv4 and defines where the NFSv4 tree root is
and can be used to limit access to NFSv4 state handling operations
that do not use any file handle.

Approved by: kib (mentor)

Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by: Isilon Systems
MFC after: 1 month

- Import the HEAD csup code which is the basis for the cvsmode work.

- more mark-up fixes

Submitted by: ru

- add some missing words
- we don't have ne(4), replace it with re(4)
- fix markup
- bump date

Submitted by: ru
MFC after: 3 days

- markup fixes
- advise to use rc script to SIGHUP mountd
- add information about possiblity of using /prefix network notation [1]

PR: docs/124373
Reviewed by: jhb
Obtained from: NetBSD [1]
MFC after: 3 days

Use ".Pa" for path names.

MFC after: 3 days

Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)

Correct typo in the last revision.

Note that only one webnfs share is allowed per NFS server.

PR: docs/45371
Submitted by: Mattias Pantzare <pantzer@ludd.luth.se>,
Matthew D. Fuller <fullermd@over-yonder.net>
MFC after: 2 days

Be consistent in the EXAMPLES formatting.

english(4) police.

Uniformly refer to a file system as "file system".

Approved by: re

Kerberised NFS has never (as far as I can tell) worked outside
BSD 4.4. Nuke mention of Kerberos from the documentation here.

MFC after: 1 week

Try to give a more descriptive error message for the pilot error of
attempting to export the non-root of a filesystem with -alldirs. This
pilot error seems to be very common, and the "could not remount" error
message doesn't give much hints about the real reason. See the old PR
below for an example.

While i was at it, make it possible to entirely omit the often
annoying error message in that case by specifying the "quiet" exports
flag. This allows to specify something like

/cdrom -alldirs,ro,quiet <where to export to>

which will silently fail if nothing is mounted under /cdrom, but do
the rigth thing as soon as you mount something.

While doing this, i've put the embedded example in the exports(5) man
page into a subsection of its own as it ought to be.

Thanks for Paul Southworth for reminding me about this problem.

PR: bin/4448
MFC after: 1 month

mdoc(7) police: join split punctuation to macro calls.

mdoc(7) police: cosmetics.

Document continuation line support.

PR: 8479
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>

mdoc(7) police: split punctuation characters + misc fixes.

Prepare for mdoc(7)NG.

Prepare for mdoc(7)NG.

mdoc(7) police: use the new features of the Nm macro.

Explain why adding ``options NFSKERB'' breaks the kernel build.

PR: 10642
Reported by: Stefan Eggers <seggers@semyam.dinoco.de>
Submitted by: johan

Explicitly state that mountd can be made to re-read the exports file,
even though this may seem obvious to some folks.

Requested by: obrien

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

$Id$ -> $FreeBSD$

Xref mountd in text.

Submitted by: Philippe Charnier

Correct improper use of .Sm. Document -d flag. Correct use of .Nm. Remove
unused #includes. Add usage(). Use warnx(). Correct spelling. Abort when
malloc() fails.

Merge WebNFS support from NetBSD.

Obtained from: NetBSD

Add cvs Id.

Merge from Lite2 (use new getvfsbyname() and mount(2) interface, cleanup)

Correct some man page cross references and file location references.

Changes to support version 3 of the NFS protocol.
The version 2 support has been tested (client+server) against FreeBSD-2.0,
IRIX 5.3 and FreeBSD-current (using a loopback mount). The version 2 support
is stable AFAIK.
The version 3 support has been tested with a loopback mount and minimally
against an IRIX 5.3 server. It needs more testing and may have problems.
I have patched amd to support the new variable length filehandles although
it will still only use version 2 of the protocol.

Before booting a kernel with these changes, nfs clients will need to at least
build and install /usr/sbin/mount_nfs. Servers will need to build and
install /usr/sbin/mountd.

NFS diskless support is untested.

Obtained from: Rick Macklem <rick@snowhite.cis.uoguelph.ca>

BSD 4.4 Lite sbin Sources

Note: XNSrouted and routed NOT imported here, they shall be imported with
usr.sbin.