NFS servers use a UNIX, or POSIX, file-permission system. This
system gives each user a UID, a GID, and possibly several additional supplementary
GIDs. Each file is assigned ownership by user identification number (UID)
and by group identification number (GID). Permissions for the file are set
based on whether the user desiring access is the owner (has the same UID as
the file), is in the file's group (has a GID that matches the GID of the file),
or is some other user. For each of these three categories (owner, group, and
other) read, write, and execute permissions can be assigned.
To access files using NFS, your session on MVS or CMS
must acquire UID and GID numbers that correspond to some user on the NFS server
network. You acquire these numbers by contacting a login server
on the NFS network to ask permission to access files according to a username
that is known to that server. In many cases, contact with the NFS login server
can be automatic the first time you access an NFS file. In other cases, you
must issue the NFSLOGIN command to effect the login.
The function of the login server is to check your identification
and grant you access to the network. Once logged on, the login server functions
as an NFS server and provides access to the files located on the machine on
which it resides. At this point you may also use the network to access files
controlled by other NFS servers on other machines.
If you have a RACF compatible security system running
on your mainframe and your site administration has given you access to your
NFS login server username, then the security system can vouch for you and
no password is required. Note that the login server username is not necessarily
the same as your MVS or CMS userid. If you do not have a security system,
then you will need to enter your password during the login process.
In summary, the login process can involve three pieces
of information:
The requirement for a password depends on whether a
mainframe security system can provide authentication for login server usernames.
If the NFS client software can determine the other two pieces of information,
either by default or by environment variables, then automatic login is possible.
Otherwise, the NFSLOGIN command must be used.
For example, if your NFS network is composed of UNIX
machines, your UNIX username is
comkzz
, and your login server is a UNIX machine called
byrd.unx
, then the CSL NFS client software must contact
byrd.unx
and provide
comkzz
as the user name. If your MVS username is also COMKZZ (the same except for
upper case), the mainframe security administrator has authorized you to use
the
comkzz
username for NFS, and
byrd.unx
has been configured as the default login server at your site, then
the NFS client library will log you in automatically the first time you try
to use NFS.
If, on the other hand, your site does not have RACF,
a password is required. In this case, you need to issue the NFSLOGIN command
to enter your password. See NFSLOGIN for details.
After the login processing has succeeded, your session
receives a UID and one or more GIDs. These control your subsequent accesses
to NFS files.
Copyright © 2001
by SAS Institute Inc., Cary, NC, USA. All rights reserved.