Manualshelf

Open System Services NFS Overview

ManualsBrandsHP ManualsServerHP NonStop G-Series
11121314151617181920
NOTE: It is not possible, from an NFS client, to set either the SUID or SGID attributes through
OSS NFS. These attributes can be set only by using an OSS process.
The following security considerations are important because the NFS protocol does not include
open operations on files:
The owner of a file can always access the file, regardless of the permission settings.
NFS execute access implicitly grants NFS read access.
OSS File Security
OSS file security is similar to UNIX file security and is based on the POSIX 1.a standard.
Version 3 catalog OSS filesets on J-series RVUs, on H06.08 and later H-series RVUs, and G06.29
and later G-series RVUs support access control lists (ACLs), in addition to basic file security, for
directories, regular files, FIFO special files, and bound AF_UNIX sockets. OSS ACLs allow a
process whose effective user ID matches the file owner, super ID, or a member of the Safeguard
SECURITY-OSS-ADMINISTRATOR security group to permit or deny access to a list of specific users
and groups. For a detailed description of OSS ACLs, including examples, see the acl(5) reference
page either online or in the Miscellaneous Topics section of the Open System Services System Calls
Reference Manual.
OSS Fileset SEEPPROTECTED Attribute
The SEEPPROTECTED attribute applies to object-type filesets, for J06.15 and later J-series RVUs
and H06.26 and later H-series RVUs. The SEEPPROTECTED attribute specifies that files in this fileset
are SEEP-protected. Consulting with SEEP happens only if the value is set to ON. The default value
is OFF.
The SEEPPROTECTED attribute is stored by OSS fileset in the OSS monitor database. When a
fileset is started or changes value, the attribute is passed to the OSS name server.
To list or alter the SEEPPROTECTED attribute, use the following OSS SCF commands:
ADD FILESET
Set the SEEPPROTECTED field of the fileset configuration record for the specified fileset.
Audit the ADD FILESET command if the SEEPPROTECTED attribute value is set to ON.
ALTER FILESET
Set or reset the SEEPPROTECTED field of the fileset configuration record for the specified fileset.
Audit the ALTER FILESET command if the SEEPPROTECTED attribute value changes.
INFO FILESET
Display the SEEPPROTECTED attribute value for the specified fileset.
STATUS FILESET
Display the SEEPPROTECTED attribute value returned by the OSS name server for the specified
fileset.
Mapping Security Between OSS and NFS
The following steps define, in order, the technique used by OSS NFS to determine the actual
NonStop user ID from the supplied NFS client user ID:
1. The NFS client user ID is looked up in the list of OSS NFS users. The SCF ADD USER command
defines these users. If the NFS client user ID is found, Step 4 is evaluated.
2. If the NFS client user ID is not found and the SERVER attribute NULL-ALIAS-OK is FALSE, the
request is rejected with an access violation (NFSERR_ACCESS).
OSS File Security 17