EMC Celerra Command Reference Manual page 354

The server Commands
For krb5, krb5i, and krb5p security, the access mode can be one,
or a combination of the following: ro, rw=, ro=, root=, access=.
ro
Exports the <pathname> for all NFS clients as read-only.
ro=<client>[:<client>]...
Exports the <pathname> for the specified NFS client(s) as
read-only.
ro=<-client>[:<-client>]...
Excludes the specified NFS client(s) from ro privileges. Clients
must be preceded with - (dash) to specify exclusion.
rw=<client>[:<client>]...
Exports the <pathname> as read-mostly for the specified NFS
client(s). Read-mostly means exported read-only to most
machines, but read-write to those specified. The default is
read-write to all.
rw=<-client>[:<-client>]...
Excludes the specified NFS client(s) from rw privileges. See the
description of read-mostly above. Clients must be preceded with
- (dash) to specify exclusion.
root=<client>[:<client>]...
Provides root privileges for the specified NFS client(s). By
default, no host is granted root privilege.
root=<-client>[:<-client>]...
Excludes the specified NFS client(s) from root privileges. Clients
must be preceded with - (dash) to specify exclusion.
anon=<uid>
If a request comes from an unknown user, the UID should be
used as the effective user ID. Root users (UID =0) are considered
"unknown" by the NFS server unless they are included in the
root option. The default value for anon=<uid> is the user
"nobody." If the user "nobody" does not exist, then the value
65534 is used.
CAUTION
!
Using anon=0 is not recommended for security concerns.
access=<client>[:<client>]...
Provides mount access for the specified NFS client(s).
354
Celerra Network Server Command Reference Manual