Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS

391

392

393

394

395

396

397

398

399

400

NFS Client

21.1 Key Concepts

21.1.4 How the Client Maps User Identities

Both OpenVMS and UNIX based systems use identiﬁcation codes as a general

method of resource protection and access control. Just as OpenVMS employs user

names and UICs for identiﬁcation, UNIX identiﬁes users with a user name and

a user identiﬁer (UID) and group identiﬁer (GID) pair. Both UIDs and GIDs are

used to identify a user on a system.

The proxy database contains entries for each user wanting to access ﬁles on a

server host. Each entry contains the user’s local OpenVMS account name, the

UID/GID pair that identiﬁes the user’s account on the server system, and the

name of the server host. This ﬁle is loaded into dynamic memory when the NFS

client starts. Whenever you modify the UID/GID to UIC mapping, you must

restart the NFS client software by dismounting and remounting all the client

devices. (Proxy mapping always occurs even when operating in OpenVMS to

OpenVMS mode.)

The only permission required by the UNIX ﬁle system for deleting a ﬁle is write

access to the last directory in the path speciﬁcation.

You can print a ﬁle that is located on a DNFSn: device. However, the print

symbiont, which runs as user SYSTEM, opens the ﬁle only if it is world readable

or if there is an entry in the proxy database that allows read access to user

SYSTEM.

21.1.4.1 Default User

You can associate a client device with a default user by designating the user with

the /UID and /GID qualiﬁers to the MOUNT command. If you do not specify a

user with the /UID and /GID qualiﬁers, NFS uses the default user –2/–2. If the

local user or the NFS client has no proxy for the host serving a DNFS device, all

operations performed by that user on that device are seen as coming from the

default user (–2/–2).

To provide universal access to world-readable ﬁles, you can use the default UID

instead of creating a proxy entry for every NFS client user.

Compaq strongly recommends that, for any other purposes, you provide a

proxy with a unique UID for every client user. Otherwise, client users may

see unpredictable and confusing results when they try to create ﬁles.

21.1.5 How the Client Maps UNIX Permissions to OpenVMS Protections

Both OpenVMS and UNIX based systems use a protection mask that deﬁnes

categories assigned to a ﬁle and the type of access granted to each category.

The NFS server ﬁle protection categories, like those on UNIX systems, include:

user, group

and

other

, each having read (

), write (

), or execute (

) access.

The OpenVMS categories are SYSTEM, OWNER, GROUP, and WORLD. Each

category can have up to four types of access: read (R), write, (W), execute (E), and

delete (D). The NFS client handles ﬁle protection mapping from server to client.

OpenVMS delete access does not directly translate to a UNIX protection category.

A UNIX user can delete a ﬁle as long as he or she has write access to the parent

directory. The user can see whether or not he or she has permissions to delete a

ﬁle by looking at the protections on the parent directory. This design corresponds

to OpenVMS where the absence of write access to the parent directory prevents

users from deleting ﬁles, even when protections on the ﬁle itself appear to allow

delete access. For this reason, the NFS client always displays the protection

mask of remote UNIX ﬁles as permitting delete access for all categories of users.

21–4 NFS Client