Manualshelf

Open System Services NFS Management and Operations Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Programs and Processes
All executable OSS NFS programs should be owned by the super ID (255,255), and all OSS NFS
processes should be started from the super ID.
Configuration Files and Subvolumes
The configuration subvolume and those configuration files with names of the form ZZNFSnnn
should be owned by the super ID.
The ZNFSUSR file must be owned by the super ID, secured “N-U-, and have its PROGID attribute
set.
Exports
You are required to define an EXPORT object for each fileset that is to be made available to OSS
NFS clients. You do this using the SCF ADD EXPORT command. This command does not require
you to specify any access restrictions, but if you do not specify any, the corresponding fileset
becomes available to the entire network. To be careful, grant access only to the appropriate hosts
and netgroups.
OSS Fileset NFSPERMMAP Attribute
The NFSPERMMAP attribute applies to OSS filesets on systems running J06.09 and later J-series
RVUs and H06.20 and later H-series RVUs.
OSS ACLs are not supported by the OSS Network File System (NFS) for G-series RVUs, H06.19
and earlier H-series RVUs, or J06.08 and earlier J-series RVUs. All attempts by NFS clients to access
OSS objects protected by OSS ACLs that contain optional ACL entries are denied.
On systems running J06.09 and later J-series RVUs and H06.20 and later H-series RVUs, access
by the OSS Network File System (NFS) to OSS objects protected by OSS ACLs that contain optional
ACL entries can be allowed, depending upon the NFSPERMMAP attribute value for the fileset that
contains the object. The NFSPERMMAP attribute value selects the algorithm used to map the OSS
ACL permissions for the object to the standard permissions (rwxrwxrwx) expected for the object
by NFS V2 clients:
Setting the NFSPERMMAP attribute of an OSS fileset to DISABLED causes NFS requests to
objects protected by OSS ACLs that contain optional ACL entries to be denied. This behavior
matches the behavior for systems running J06.08 and earlier J-series RVUs, H06.19 and earlier
H-series RVUs, and G-series RVUs. This is the default value.
Setting the NFSPERMMAP attribute of an OSS fileset to RESTRICTIVE can cause some users
to be denied access to objects to which they should legitimately be granted access according
to the OSS ACL.
Setting the NFSPERMMAP attribute of an OSS fileset to PERMISSIVE guarantees that users
who have read permission in the OSS ACL for an object on the NonStop system will be able
to read the object on NFS V2 clients. However, it also allows users on NFS V2 clients who
do not have read permission in the OSS ACL for an object on the NonStop server to be able
to read data from the object when the data is cached on NFS V2 clients. Write permissions
are always enforced on the NonStop server using the actual standard OSS permissions or
OSS ACL permissions (if present) on the object (see Note).
Setting the NFSPERMMAP attribute of an OSS fileset to UNMODIFIED causes the user and
others fields of the permissions bits to be returned to NFS V2 clients unmodified. The group
field of the permissions bits returned to NFS V2 clients are the permissions of the class entry
of the ACL.
Security Considerations When Configuring OSS NFS 63