ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvifsnetwork.htm

53 lines
5.9 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Network file system" />
<meta name="abstract" content="The Network File System (NFS) provides access to and from systems that have NFS implementations." />
<meta name="description" content="The Network File System (NFS) provides access to and from systems that have NFS implementations." />
<meta name="DC.Relation" scheme="URI" content="rzamvplanifssec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="ifsnetwork" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Network file system</title>
</head>
<body id="ifsnetwork"><a name="ifsnetwork"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Network file system</h1>
<div><p>The Network File System (NFS) provides access to and from systems that have NFS implementations.</p>
<p>NFS is an industry-standard method for sharing information among users on networked systems. Most major operating systems (including PC operating systems) provide NFS. For UNIX<sup>®</sup> systems, NFS is the primary method for accessing data. iSeries™ servers can act as both an NFS client and an NFS server.</p>
<div class="p">When you are the security administrator of an iSeries system that acts as an NFS server, you need to understand and manage the security aspects of NFS. Suggestions and considerations:<ul><li>You must explicitly start the NFS server function by using the STRNFSSVR command. Control who has authority to use this command.</li>
<li>You make a directory or an object available to NFS clients by exporting it. Therefore, you have very specific control over which parts of your system you will make available to NFS clients in your network.</li>
<li>When you export, you can specify which clients have access to the objects. You identify a client by system name or IP address. A client can be an individual PC or an entire iSeries server or UNIX system. In NFS terminology, the client (IP address) is called a machine.</li>
<li>When you export, you can specify read-only access or read/write access for each machine that has access to an exported directory or object. In most cases, you will probably want to provide read-only access.</li>
<li>The NFS does not provide password protection. It is designed and intended for data sharing within a trusted community of systems. When a user requests access, the server receives the users uid. Some uid considerations are:<ul><li>The iSeries server attempts to locate a user profile with the same uid. If it finds a matching uid, it uses the credentials of the user profile. Credentials is an NFS term to describe using the authority of a user. This is similar to profile swapping in other iSeries server applications.</li>
<li>When you export a directory or object, you can specify whether you will allow access by a profile with root authority. The NFS server on iSeries servers equates root authority to *ALLOBJ special authority. If you specify that you will not allow root authority, an NFS user with a uid that maps to a user profile with *ALLOBJ special authority will not be able to access the object under that profile. Instead, if anonymous access is allowed, the requester will be mapped to the anonymous profile.</li>
<li>When you export a directory or object, you can specify whether you will allow anonymous requests. An anonymous request is a request with a uid that does not match any uid on your system. If you choose to allow anonymous requests, the system maps the anonymous user to the IBM-supplied QNFSANON user profile. This user profile does not have any special authorities or explicit authority. On the export, you can specify a different user profile for anonymous requests if you want.</li>
</ul>
</li>
<li>When your system participates in an NFS network, or any network with UNIX systems that depend on uids, you probably need to manage your own uids instead of letting the system assign them automatically. You will need to coordinate uids with other systems in your network. <p>You might discover that you need to change uids, even for IBM-supplied user profiles, to have compatibility with other systems in your network. A program is available to make it simpler to change the uid for a user profile. When you change the uid for a user profile, you also need to change the uid for all the objects that the profile owns in either the root directory or the QOpenSrv directory. The QSYCHGID program automatically changes the uid in both the user profile and all the owned objects.</p>
</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanifssec.htm" title="The integrated file system provides you with multiple ways to store and view information on the server.">Plan integrated file system security</a></div>
</div>
</div>
</body>
</html>