Automount with Solaris Trusted Extensions

If a system is configured with Solaris Trusted Extensions, additional processing is performed to facilitate multilevel home directory access. A list of zones whose labels are dominated by the current zone is generated and default auto_home automount maps are generated if they do not currently exist. These automount maps are named auto_home_zonename, where zonename is the name of each zone's lower-level zone. An autofs mount of each such auto_home map is then performed, regardless of whether it is explicitly or implicitly listed in the master map. Instead of autofs mounting the standard auto_home map, the zone uses an auto_home file appended with its own zone name. Each zone's auto_home map is uniquely named so that it can be maintained and shared by all zones using a common name server.

By default, the home directories of lower-level zones are mounted read-only under /zone/zonename/export/home when each zone is booted. The default auto_home_zonename automount map specifies that path as the source directory for an lofs remount onto /zone/zonename/home/username. For example, the file auto_home_public, as generated from a higher level zone would contain:

+auto_home_public
*	-fstype=lofs	:/zone/public/export/home/&

When a home directory is referenced and the name does not match any other keys in the auto_home_public map, it will match this loopback mount specification. If this loopback match occurs and the name corresponds to a valid user whose home directory does not exist in the public zone, the directory is automatically created on behalf of the user.

Map Entry Format

A simple map entry (mapping) takes the form:

key [-mount-options] location...

where key is the full pathname of the directory to mount when used in a direct map, or the simple name of a subdirectory in an indirect map. mount-options is a comma-separated list of mount options, and location specifies a file system from which the directory may be mounted. In the case of a simple NFS mount, the options that can be used are specified in mount_nfs(8), and location takes the form:

host is the name of the host from which to mount the file system, and pathname is the absolute pathname of the directory to mount.

Options to other file systems are documented in the other mount_* reference manual pages.

Replicated File Systems

Multiple location fields can be specified for replicated NFS file systems, in which case automount and the kernel will each try to use that information to increase availability. If the read-only flag is set in the map entry, automountd mounts a list of locations that the kernel may use, sorted by several criteria. Only locations available at mount time will be mounted, and thus be available to the kernel. When a server does not respond, the kernel will switch to an alternate server. The sort ordering of automount is used to determine how the next server is chosen. If the read-only flag is not set, automount will mount the best single location, chosen by the same sort ordering, and new servers will only be chosen when an unmount has been possible, and a remount is done. Servers on the same local subnet are given the strongest preference, and servers on the local net are given the second strongest preference. Among servers equally far away, response times will determine the order if no weighting factors (see below) are used.

If the list includes server locations using both the NFS Version 2 Protocol and the NFS Version 3 Protocol, automount will choose only a subset of the server locations on the list, so that all entries will be the same protocol. It will choose servers with the NFS Version 3 Protocol so long as an NFS Version 2 Protocol server on a local subnet will not be ignored. See the FIXME for additional details.

If each location in the list shares the same pathname then a single location may be used with a comma-separated list of hostnames:

hostname,hostname...:pathname

Requests for a server may be weighted, with the weighting factor appended to the server name as an integer in parentheses. Servers without a weighting are assumed to have a value of zero (most likely to be selected). Progressively higher values decrease the chance of being selected. In the example,

man -ro	alpha,bravo,charlie(1),delta(4):/usr/man

hosts alpha and bravo have the highest priority; host delta has the lowest.

Server proximity takes priority in the selection process. In the example above, if the server delta is on the same network segment as the client, but the others are on different network segments, then delta will be selected; the weighting value is ignored. The weighting has effect only when selecting between servers with the same network proximity. The automounter always selects the localhost over other servers on the same network segment, regardless of weighting.

In cases where each server has a different export point, the weighting can still be applied. For example:

man	-ro	alpha:/usr/man bravo,charlie(1):/usr/share/man \
		delta(3):/export/man

A mapping can be continued across input lines by escaping the NEWLINE with a backslash ("\"). Comments begin with a number sign ("#") and end at the subsequent NEWLINE.

Map Key Substitution

The ampersand ("&") character is expanded to the value of the key field for the entry in which it occurs. In this case:

jane	sparcserver:/home/&

the & expands to jane.

Wildcard Key

The asterisk ("*") character, when supplied as the key field, is recognized as the catch-all entry. Such an entry will match any key not previously matched. For instance, if the following entry appeared in the indirect map for /config:

*	&:/export/config/&

this would allow automatic mounts in /config of any remote file system whose location could be specified as:

hostname:/export/config/hostname

Note that the wildcard key does not work in conjunction with the -browse option.

Variable Substitution

Client specific variables can be used within an automount map. For instance, if $HOST appeared within a map, automount would expand it to its current value for the client's host name. Supported variables are:

If a reference needs to be protected from affixed characters, you can surround the variable name with curly braces ("{}").

Multiple Mounts

A multiple mount entry takes the form:

key [-mount-options] [[mountpoint]
[-mount-options] location...]...

The initial mountpoint is optional for the first mount and mandatory for all subsequent mounts. The optional mountpoint is taken as a pathname relative to the directory named by key. If mountpoint is omitted in the first occurrence, a mountpoint of / (root) is implied.

Given an entry in the indirect map for /src:

beta	-ro \
	/		svr1,svr2:/export/src/beta  \
	/1.0		svr1,svr2:/export/src/beta/1.0 \
	/1.0/man	svr1,svr2:/export/src/beta/1.0/man

All offsets must exist on the server under beta. automount will automatically mount /src/beta, /src/beta/1.0, and /src/beta/1.0/man, as needed, from either svr1 or svr2, whichever host is nearest and responds first.

Other File System Types

The automounter assumes NFS mounts as a default file system type. Other file system types can be described using the fstype mount option. Other mount options specific to this file system type can be combined with the fstype option. The location field must contain information specific to the file system type. If the location field begins with a slash, a colon character must be prepended, for instance, to mount a CD file system:

cdrom	-fstype=hsfs,ro	:/dev/sr0

or to perform an autofs mount:

src	-fstype=autofs	auto_src

Use this procedure only if you are not using Volume Manager.

See the NOTES section for information on option inheritance.

Indirect Maps

An indirect map allows you to specify mappings for the subdirectories you wish to mount under the directory indicated on the command line. In an indirect map, each key consists of a simple name that refers to one or more file systems that are to be mounted as needed.

Direct Maps

Entries in a direct map are associated directly with autofs mount points. Each key is the full pathname of an autofs mount point. The direct map as a whole is not associated with any single directory.

Direct maps are distinguished from indirect maps by the - key. For example:

# Master map for automounter
#
+auto_master
/net	-hosts		-nosuid,nobrowse
/home	auto_home	-nobrowse
/-	auto_direct

Included Maps

The contents of another map can be included within a map with an entry of the form

+mapname

If mapname begins with a slash, it is assumed to be the pathname of a local file. Otherwise, the location of the map is determined by the policy of the name service switch according to the entry for the automounter in /etc/nsswitch.conf, such as

automount: files nis

If the name service is files, then the name is assumed to be that of a local file in /etc. If the key being searched for is not found in the included map, the search continues with the next entry.

Special Maps

There are two special maps available: -hosts and -null. The -hosts map is used with the /net directory and assumes that the map key is the hostname of an NFS server. The automountd daemon dynamically constructs a map entry from the server's list of exported file systems. References to a directory under /net/hermes will refer to the corresponding directory relative to hermes root.

The -null map cancels a previous map for the directory indicated. This is most useful in the /etc/auto_master for cancelling entries that would otherwise be inherited from the +auto_master include entry. To be effective, the -null entries must be inserted before the included map entry.

Executable Maps

Local maps that have the execute bit set in their file permissions will be executed by the automounter and provided with a key to be looked up as an argument. The executable map is expected to return the content of an automounter map entry on its stdout or no output if the entry cannot be determined. A direct map cannot be made executable.

Configuration and the auto_master Map

When initiated without arguments, automount consults the master map for a list of autofs mount points and their maps. It mounts any autofs mounts that are not already mounted, and unmounts autofs mounts that have been removed from the master map or direct map.

The master map is assumed to be called auto_master and its location is determined by the name service switch policy. Normally the master map is located initially as a local file /etc/auto_master.

Browsing

The automountd daemon supports browsability of indirect maps. This allows all of the potential mount points to be visible, whether or not they are mounted. The -nobrowse option can be added to any indirect autofs map to disable browsing. For example:

/net	-hosts		-nosuid,nobrowse
/home	auto_home

In this case, any hostnames would only be visible in /net after they are mounted, but all potential mount points would be visible under /home. The -browse option enables browsability of autofs file systems. This is the default for all indirect maps.

The -browse option does not work in conjunction with the wildcard key.

Restricting Mount Maps

Options specified for a map are used as the default options for all the entries in that map. They are ignored when map entries specify their own mount options.

In some cases, however, it is desirable to force nosuid, nodevices, nosetuid, or noexec for a complete mount map and its submounts. This can be done by specifying the additional mount option, -restrict.

/home	auto_home	-restrict,nosuid,hard

The -restrict option forces the inheritance of all the restrictive options nosuid, nodevices, nosetuid, and noexec as well as the restrict option itself. In this particular example, the nosuid and restrict option are inherited but the hard option is not. The restrict option also prevents the execution of "executable maps" and is enforced for auto mounts established by programs with fewer than all privileges available in their zone.