Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)
Miscellaneous acl(5)
The value of the NFSPERMMAP attriute specifies how the permissions for an OSS object pro-
tected by optional access control list (ACL) entries are mapped to the standard permissions bits
(rwxrwxrwx) used by NFS V2 clients on open, read, write, and directory search operations. Write
permissions are always enforced on the NonStop server using the actual standard OSS permis-
sions or OSS ACL permissions (if present) on the object. The values for the NFSPERMMAP
attribute are:
RESTRICTIVE
The other and owning group fields of the permissions bits returned to NFS V2
clients are modified such that only access that would be granted to everyone in
the ACL, excluding the owner, is granted in the permissions bits. That is:
• The ACL entries for the class mask, the owning group, and all optional
users are examined. The group permissions returned to NFS V2 clients
for this object are the most restrictive of the permissions bits of these
ACL entries.
• The ACL entries for the class mask, the owning group, other, all
optional groups, and all optional users are examined. The other permis-
sions returned to NFS V2 clients for this object are the most restrictive
of the permissions bits of these ACL entries.
Setting NFSPERMAP to this value can cause some users on NFS V2 clients to
be denied access to objects to which they should legitimately be granted acceses
according to the OSS ACL on the NonStop server.
PERMISSIVE The other and owning group fields of the permissions bits returned to NFS V2
clients are modified such that access that would be granted to anyone in the
ACL, excluding the owner, is granted in the permissions bits. That is:
• The ACL entries for the class mask, the owning group, and all optional
users are examined. The group permissions returned to NFS V2 clients
for this object are the most permissive of the permissions bits, as
allowed by the class mask, of these ACL entries.
• The ACL entries for the class mask, the owning group, other, all
optional groups, and all optional users are examined. The other permis-
sions returned to NFS V2 clients for this object are the most permissive
of the permissions bits for the other ACL entry and, as allowed by the
class mask, the ACL entries of the owning group, optional groups, and
optional users.
Setting NFSPERMMAP to this value guarantees that users who have read per-
mission in the OSS ACL for an object on the NonStop system will be able to
read the object on NFS V2 clients. However, it also allows users on the NFS V2
client who do not have read permission in the OSS ACL for an object on the
NonStop Server to be able to read data from the object when the data is cached
on the NFS V2 client.
UNMODIFIED
The other and user fields of the permissions bits returned to NFS V2 clients are
unmodified. The group field of the permissions bits returned to NFS V2 clients
are the permissions of the class entry of the ACL. This set of permissions bits
matches the permissions that are displayed on the NonStop server by a command
such as the ls command.
527186-023 Hewlett-Packard Company 12−11