NFS servers use a UNIX, or POSIX, file-permission system. This
system gives each user a user identification number (UID), a group identification
number (GID), and possibly several additional supplementary GIDs. Each file
is assigned ownership by UID and by GID. Permissions for the file are set
based on whether the user who wants access is the owner (has the same UID
as the file), is in the file's group (has a GID that matches the GID of the
file), or is some other user. For each of these three categories (owner, group,
and other) read, write, and execute permissions can be assigned.
To access files that use NFS, your session on OS/390
or CMS must acquire UID and GID numbers that correspond to some user on the
NFS server network. You acquire these numbers by contacting a login
server on the NFS network to ask permission to access files according
to a username that is known to that server. In many cases, contact with the
NFS login server can be automatic the first time that you access an NFS file.
In other cases, you must issue the NFSLOGIN command to effect the login.
The function of the login server is to check your identification
and grant you access to the network. Once you are logged on, the login server
functions as an NFS server and provides access to the files that are located
on the machine on which it resides. At this point you may also use the network
to access files that are controlled by other NFS servers on other machines.
If you have a RACF-compatible security system running
on your mainframe and your site administration has given you access to your
NFS login server username, then the security system suffices and no password
is required. Note that the login server username is not necessarily the same
as your OS/390 or CMS userid. If you do not have a security system, then you
will need to type your password during the login process.
In summary, the login process can involve three pieces
of information:
The requirement for a password depends on whether
a
mainframe security system can provide authentication for login server usernames.
If the NFS client software can determine the other two pieces of information,
either by default or by environment variables, then automatic login is possible.
Otherwise, the NFSLOGIN command must be used.
For example, if your NFS network is composed of UNIX
machines, your UNIX username is
comkzz
,
and your login server is a UNIX machine called
byrd.unx
, then the CSL
NFS client software must contact
byrd.unx
and provide
comkzz
as the user name. If your OS/390 username is also COMKZZ (the
same except that it is uppercase), the mainframe security administrator has
authorized you to use the
comkzz
username for NFS, and if
byrd.unx
has been configured
as the default login server at your site, then the NFS client library will
log you in automatically the first time you try to use NFS.
If, on the other hand, your site does not have RACF,
a password is required. In this case, you need to issue the NFSLOGIN command
to type your password. See NFSLOGIN for details.
After the login processing has succeeded, your session
receives a UID and one or more GIDs. These control your subsequent accesses
to NFS files.
Copyright © 2001
by SAS Institute Inc., Cary, NC, USA. All rights reserved.