Manualshelf

NFS Services Administrator's Guide (762805-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
21222324252627282930
In this example, all clients are allowed read-only access to the /tmp directory. The /tmp
directory needs to be configured to allow read access to users on the clients. For example,
specify -r--r--r-- permissions for the /tmp directory.
Sharing a directory with varying access permissions
share -F nfs -o ro=Jan:Feb,rw=Mar /usr/kc
In this example, the /usr/kc directory is shared with clients Jan, Feb, and Mar. The rw
option specifies that users on client Mar have read-write access to the /usr/kc directory.
The ro option specifies that users on Jan and Feb have read-only access.
In addition to the share options, the HP-UX permissions for the /usr/kc directory must be
set to allow access to all users or group that includes the users on Jan, Feb, and Mar.
Sharing a directory with root access for clients
share -F nfs -o root=Red:Blue:Green /var/mail
In this example, the /var/mail directory is shared. Root access is allowed for clients Red,
Blue, and Green. Superusers on all other clients are considered as unknown by the NFS
server, and are given the access privileges of an anonymous user. Non-superusers on all
clients are allowed read-write access to the /var/mail directory if the HP-UX permissions
on the /var/mail directory allow them read-write access.
Sharing a directory with root access for superuser and read-write access for other users
share -F nfs -o rw=Red,root=Red /var/mail/Red
In this example, the /var/mail/Red directory is shared. Only the superuser on client Red
is granted root access to the directory. All other users on client Red have read-write access if
they are provided read-write access by the regular HP-UX permissions. Users on other clients
have read-only access if they are allowed read access through the HP-UX permissions.
Sharing directories with anonymous users based on access rights given to the superuser
share -F nfs -o rw=Green,root=Green,anon=65535 /vol1/grp1/Green
In this example, superusers on host Green use uid 0 and are treated as root. The root users
on other hosts (Red and Blue) are considered anonymous and their uids and gids are
re-mapped to 65535. The superusers on host Green are allowed read-write access. All other
clients get read-only access.
Sharing directories with anonymous users based on access rights given to them
share -F nfs -o anon=200 /export/newsletter
In this example, the /export/newsletter directory is shared with all clients. Anonymous
users are given the effective user ID of 200. Other users retain their own user IDs (even if they
do not exist in the NFS server’s passwd database).
Anonymous users are users who have not been authenticated, or requests that use the
AUTH_NONE security mode, or root users on hosts not included in the root=list. By default,
anonymous users are given the effective user ID, UID_NOBODY. If the user ID is set to -1, access
is denied.
The ls command displays that a file created by a superuser is owned by user ID 200. If an
anonymous user with a non-zero user ID, for example, 840, is allowed to create a file in this
directory, the ls command displays that it is owned by user ID 840.
Secure sharing of directories
The share command enables you to specify a security mode for NFS. Use the sec option to
specify the different security modes. Table 4 describes the security modes of the share command.
Configuring and administering an NFS server 25