Manualshelf

Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS
371372373374375376377378379380
NFS Server
20.1 Key Concepts
Each entry specifies a directory on the local system and one or more remote
hosts allowed to mount that directory. A user on a client host can mount any
directory at or below the export point, as long as OpenVMS allows access to
the directory. Exporting specific directories to specific hosts provides more
control than exporting the root of a file system (or the MFD in an OpenVMS
system) to all hosts.
The proxy database, TCPIP$PROXY.DAT, is a collection of entries used to
register the identities of users on client hosts. To access file systems on your
local server, remote users must have valid accounts on your OpenVMS host.
The proxy entries map each users remote identity to a corresponding identity
associated with each user’s OpenVMS account. When a user on the client
host initiates a file access request, the server checks the proxy database
before granting or denying the user access to the file.
These database files are usually created by TCPIP$CONFIG and can be shared
by all OpenVMS Cluster nodes running TCP/IP Services. To control access to
these database files, set the OpenVMS file protections accordingly. By default,
World access is denied.
Section 20.6 describes how to create these database files on your server.
20.1.4 How the Server Maps User Identities
Both OpenVMS and UNIX based systems use identification codes as a general
method of resource protection and access control. Just as OpenVMS employs user
names and UICs for identification, UNIX identifies users with a user name and
a user identifier (UID) and one or more group identifiers (GIDs). Both UIDs and
UICs identify a user on a system.
The proxy database contains entries for each user who accesses a file system on
your local server. Each entry contains the OpenVMS user name, the UID/GID
pair that identifies the user’s account on the client system, and the name of the
client host. This file is loaded into dynamic memory when the server starts.
When a user on the OpenVMS client host requests access to a file, the client
searches its proxy database for an entry that maps the requester’s identity to
a corresponding UID/GID pair. (Proxy lookup is performed only on OpenVMS
servers; UNIX clients already know the user by its UID/GID pair.) If the client
finds a match, it sends a message to the server that contains the following:
Identity of the requester as a UID/GID pair
Requested NFS operation and any data associated with the operation
The server searches its proxy database for an entry that corresponds to the
requesters UID/GID pair. If the UID maps to an OpenVMS account, the server
grants access to the file system according to the privileges set for that account.
In the following example, the proxy entry maps a client user with
UID=15/GID=15, to the OpenVMS account named ACCOUNT2. Any files owned
by user ACCOUNT2 are deemed to be also owned by user UID=15 and GID=15.
OpenVMS User_name Type User_ID Group_ID Host_name
ACCOUNT2 OND 15 15 *
After the OpenVMS identity is resolved, the NFS server uses this acquired
identity for all data access, as described in Section 20.1.7.
20–4 NFS Server