Manualshelf

NFS Services Administrator's Guide (B.11.31.03) August 2008

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
31323334353637383940
In this example, the /var/mail/Red directory is shared. Only the superuser on
client Red is granted root access to the directory. All other users on client Red have
read-write access if they are provided read-write access by the regular HP-UX
permissions. Users on other clients have read-only access if they are allowed read
access through the HP-UX permissions.
Sharing directories with anonymous users based on access rights given to the
superuser
share -F nfs -o rw=Green,root=Green,anon=65535 /vol1/grp1/Green
In this example, superusers on host Green use uid 0 and are treated as root. The
root users on other hosts (Red and Blue) are considered anonymous and their
uids and gids are re-mapped to 65535. The superusers on host Green are allowed
read-write access. All other clients get read-only access.
Sharing directories with anonymous users based on access rights given to them
share -F nfs -o anon=200 /export/newsletter
In this example, the /export/newsletter directory is shared with all clients.
Anonymous users are given the effective user ID of 200. Other users retain their
own user IDs (even if they do not exist in the NFS servers passwd database).
Anonymous users are users who have not been authenticated, or requests that use
the AUTH_NONE security mode, or root users on hosts not included in the root=list.
By default, anonymous users are given the effective user ID, UID_NOBODY. If the
user ID is set to -1, access is denied.
The ls command displays that a file created by a superuser is owned by user ID
200. If an anonymous user with a non-zero user ID, for example, 840, is allowed
to create a file in this directory, the ls command displays that it is owned by user
ID 840.
Secure Sharing of Directories
The share command enables you to specify a security mode for NFS. Use the sec
option to specify the different security modes. Table 2-3 describes the security modes
of the share command.
Table 2-3 Security Modes of the share command
DescriptionSecurity Mode
Uses the default authentication method, AUTH_SYS. The sys mode is a simple
authentication method that uses UID/GID UNIX permissions, and is used by NFS
servers and NFS clients using the version 2, 3, and 4 protocol.
sys
Uses the Diffie-Hellman public-key system and uses the AUTH_DES authentication.
dh
Uses Kerberos V5 protocol to authenticate users before granting access to the shared
filesystems.
krb5
Configuring and Administering an NFS Server 35