Manualshelf

Open System Services NFS Overview

ManualsBrandsHP ManualsServerHP NonStop G-Series
11121314151617181920
user ID and group ID. The mapped user ID is used to enforce security while client systems access
files stored in your OSS NFS server.
NOTE: OSS NFS has no mechanism for associating a specific system with a user ID (or group
ID). If a user on one system has the same user ID as a user on another system, both users are
granted the same access privileges when requesting services from an OSS NFS server. That is, the
USER object corresponding to the user ID applies to both users.
When translating a user ID and group ID passed from a client system to a user ID and group ID
registered with the OSS NFS subsystem, no attempt is made to verify the information supplied by
the client system.
NFS Server File Security
NFS file permissions are similar to UNIX file permissions: they are expressed as an array of user
classes with values specifying the types of access allowed to each user class. Table 1 (page 16)
contains an example.
Table 1 Example of NFS Server File Security
OtherGroupUser
Read + ExecuteRead + ExecuteRead + Write + Execute
Access to files managed by an OSS NFS server is controlled by comparing your user ID and group
ID to the restrictions specified by the file mode. The file mode is a string of characters that specify
which types of access are granted to which classes of users. (Your NFS client documentation
probably describes the file mode in detail.)
Here is a brief summary of the characters used to indicate each type of access:
DescriptionType of AccessCharacter
Allows a file to be read or copiedreadr
Allows a file to be altered or erasedwritew
Allows a file to be executed as a system commandexecutex
Used in place of r, w, or x to deny read, write, or execute permissiondeny access-
The user classes that can be granted these types of permissions are as follows:
User
The owner of the file or directory
Group
Members of the file owner’s group
Other
All NFS users other than the file owner and users in the file owner’s group
The following example illustrates how you specify the file mode. The first three characters specify
the user’s file access, the next three characters specify the group’s file access, and the last three
characters specify the access granted to all other NFS users:
rwxr-xr-x
The owner is permitted read, write, and execute access. Group users and all other users are
permitted read and execute access but not write access.
If the set user ID (SUID) attribute for a program is set, a process executing the program file takes
on the identity of the file owner’s user ID instead of the user ID of the user executing the file.
Similarly, if the set group ID (SGID) attribute is set, a process executing the program file takes on
the identity of the file owner’s group ID.
16 Security Mechanisms