Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)
acl(5) OSS System Calls Reference Manual
DISABLED Disables the mapping of OSS ACLs to NFS file permissions. When
NFSPERMMAP is disabled, NFS requests to objects protected by OSS ACLs
that contain optional ACL entries are denied. This behavior matches the
behavior for systems running J06.08 and earlier J-series RVUs, H06.19 and ear-
lier H-series RVUs, and G-series RVUs. This is the default value.
To demonstrate the effect of the value of NFSPERMMAP attribute on the permissions returned to
NFS V2 clients, consider this file:
> setacl -m g:GRP1:--x myfile1
> getacl myfile1
# file: myfile1
# owner: SUPER.SUPER
# group: SUPER
user::rw-
user:TEST.USER01:--x
user:SUPER.USER01:-w-
group::r--
group:TEST1:-w-
group:GRP1:--x
class:rwx
other:rw-
The ACL for the file myfile1 has two optional user entries and two optional group entries. The
permissions returned to the OSS NFS V2 clients are as follows:
• If the NFSPERMMAP attribute is set to RESTRICTIVE, the permissions returned are:
rw-------.
• If the NFSPERMMAP attribute is set to PERMISSIVE, the permissions returned are:
rw-rwxrwx.
• If the NFSPERMMAP attribute is set to UMODIFIED, the permissions returned are:
rw-rwxrw-.
• If the NFSPERMMAP attribute is set to DISABLED, all OSS NFS V2 clients are denied
access to this file.
In the example, a user in the group TEST1 is allowed write access to myfile1 if that user
accesses the file using the OSS filesystem. But, if NFSPERMMAP is RESTRICTIVE, and that
user tries to access myfile1 using the NFS V2 client, that user is denied access to the file.
In contrast, if NFSPERMMAP is PERMISSIVE the permissions returned for myfile1 indicate
that user TEST.USER01 has permission to write to the file. However, because the ACL for the
file does not grant write permission to TEST.USER01, attempts to open the file might succeed
but attempts to write to the file fail with the [EACCESS] error because all write permissions are
enforced on the NonStop server using the actual standard OSS permissions or OSS ACL permis-
sions (if present) on the file.
For more information about OSS NFS file system security, see the Overview of NFS for Open
System Services and the Open System Services NFS Management and Operations Guide.
When using NFS with OSS filesets with objects protected by optional ACL entries, consider the
following:
• NFS client/server interactions work most efficiently for read-only OSS filesets when the
OSS filesets are mounted read-only on the NFS client systems instead of setting the
readonly attribute in either the OSS NFS server configuration or OSS fileset
12−12 Hewlett-Packard Company 527186-023