Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)
NFSPermMap PermMap-value
(J06.09 and later J-series RVUs or H06.20 and later H-series RVUs only) Specifies how the
permissions for an OSS object protected by optional access control list (ACL) entries are mapped
to the permissions (rwxrwxrwx) used by Network File System Version 2 (NFS V2) clients on
open, read, write, and directory search operations. Write permissions are always enforced
on the NonStop server using the actual standard OSS permissions or OSS ACL permissions (if
present) on the object. The attribute values for NFSPERMMAP are:
DescriptionValue
The other and owning group fields of the permissions bits returned to NFS V2 clients are
modified such that only access that would be granted to everyone in the ACL, excluding
the owner, is granted in the permissions bits. That is:
RESTRICTIVE
• The ACL entries for the class mask, the owning group, and all optional users are
examined. The group permissions returned to NFS V2 clients for this object are the
most restrictive of the permissions bits of these ACL entries.
• The ACL entries for the class mask, the owning group, other, all optional groups,
and all optional users are examined. The other permissions returned to NFS V2 clients
for this object are the most restrictive of the permissions bits of these ACL entries.
Setting NFSPERMAP to this value can cause some users on NFS V2 clients to be denied
access to objects to which they should legitimately be granted access according to the
OSS ACL on the NonStop server.
The other and owning group fields of the permissions bits returned to NFS V2 clients are
modified such that access that would be granted to anyone in the ACL, excluding the
owner, is granted in the permissions bits. That is:
PERMISSIVE
• The ACL entries for the class mask, the owning group, and all optional users are
examined. The group permissions returned to NFS V2 clients for this object are the
most permissive of the permissions bits, as allowed by the class mask, of these ACL
entries.
• The ACL entries for the class mask, the owning group, other, all optional groups,
and all optional users are examined. The other permissions returned to NFS V2 clients
for this object are the most permissive of the permissions bits for the other ACL entry
and, as allowed by the class mask, the ACL entries of the owning group, optional
groups, and optional users.
Setting NFSPERMMAP to this value guarantees that users who have read permission in
the OSS ACL for an object on the NonStop system will be able to read the object on
NFS V2 clients. However, it also allows users on NFS V2 clients who do not have read
permission in the OSS ACL for an object on the NonStop server to be able to read data
from the object when the data is cached on NFS V2 clients.
The other and user fields of the permissions bits returned to NFS V2 clients are unmodified.
The group field of the permissions bits returned to NFS V2 clients are the permissions of
UNMODIFIED
the class entry of the ACL. This set of permissions bits matches the permissions that are
displayed on the NonStop server by a command such as the ls command.
Disables the mapping of OSS ACLs to NFS file permissions. When NFSPERMMAP is
disabled, NFS requests to objects protected by OSS ACLs that contain optional ACL
DISABLED
entries are denied. This behavior matches the behavior for systems running J06.08 and
earlier J-series RVUs, H06.19 and earlier H-series RVUs, and G-series RVUs. This is the
default value.
For more information about OSS NFS file-system security, see the Overview of NFS for Open
System Services and the Open System Services NFS Management and Operations Guide.
CreateBy user-name1
is the user name of the user or process that created the initial configuration of the fileset.
CreateTime time1
is the timestamp for the time when the initial configuration of the fileset was created, in the
form dd mmm yyyy hh:mm:ss.mil.
OSS Monitor SCF Command Reference Information 299