Manualshelf

Open System Services NFS Management and Operations Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
NOTE: NFS client/server interactions work most efficiently for read-only OSS filesets when the
OSS filesets are mounted read-only on the NFS client systems instead of setting the readonly attribute
in either the OSS NFS server configuration or OSS fileset configuration. NFS client attempts to
write to a read-only OSS fileset are reported immediately to the NFS client application.
If an OSS fileset has objects protected by OSS ACLs, if you mount that fileset from NFS client
systems as read-write, you must use mount options that disable write buffering (for example -o
forcedirectio on Solaris servers and -o noac on Linux servers). Disabling write buffering on
the NFS client system causes NFS write requests from the NFS client systems to contain the actual
effective user id of the writing client process, which enables the NonStop system to properly enforce
the OSS ACL permissions. For example, the mapped NFS permissions can indicate to an NFS
client system that a user has write permission to a file when in fact that specific user is denied in
the OSS ACL on the NonStop system. In this case, an NFS write request that is denied by an OSS
ACL on the NonStop system is likely to be reported to the NFS client application as an EIO or
EPERM error.
Because of the behavior of some NFS V2 clients, if you do not disable write buffering, the server
might not receive the correct user ID information from the NFS client, which can result in write
requests being denied or data being written to a file by a client that should have been denied
write access.
For detailed information about OSS ACLs, see the acl(5) reference page either online or in the
Open System Services System Calls Reference Manual.
OSS Fileset RESTRICTEDACCESS Attribute
The RESTRICTEDACCESS attribute applies to Version 3 catalog OSS filesets on systems running
J06.11 and later J-series RVUs and H06.22 and later H-series RVUs. The RESTRICTEDACCESS
attribute can affect the ability of NFS clients to access files in an OSS fileset on a NonStop server.
For more information, see “NFS Clients, Restricted-Access Filesets, and File Privileges” (page 61).
OSS Fileset SEEPPROTECTED Attribute
The SEEPPROTECTED attribute applies to object-type filesets, for J06.15 and later J-series RVUs
and H06.26 and later H-series RVUs. The SEEPPROTECTED attribute specifies that files in this fileset
are SEEP-protected. Consulting with SEEP happens only if the value is set to ON. The default value
is OFF.
The SEEPPROTECTED attribute is stored by OSS fileset in the OSS monitor database. When a
fileset is started or changes value, the attribute is passed to the OSS name server.
To list or alter the SEEPPROTECTED attribute, use the following OSS SCF commands:
ADD FILESET
Set the SEEPPROTECTED field of the fileset configuration record for the specified fileset.
Audit the ADD FILESET command if the SEEPPROTECTED attribute value is set to ON.
ALTER FILESET
Set or reset the SEEPPROTECTED field of the fileset configuration record for the specified fileset.
Audit the ALTER FILESET command if the SEEPPROTECTED attribute value changes.
INFO FILESET
Display the SEEPPROTECTED attribute value for the specified fileset.
STATUS FILESET
Display the SEEPPROTECTED attribute value returned by the OSS name server for the specified
fileset.
64 OSS NFS Security