×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
As it turns out, it is WAD. But ultimately, I was overestimating what it was doing.
The NFS client sends UID and GID of the user to the NFS server. What I *thought* it would do, is look up what IBMi user profile on the NFS Server system had the corresponding UID and use that user profile to allow/deny access to the files. All it actually does is looks at the UID and GID on the files/directories to determine access. If there is no matching IBMi user profile with a matching UID or GID, then the 'anonymous user' user profile is used to allow/deny access to the files.
Apparently this fact is little known within IBM as it took a L2 guy to webex into our system for a while to determine what was going on.
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mitchell, Dana
Sent: Wednesday, November 21, 2018 10:34 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: NFS security
On the mount definitely 'soft'
I've tried both version 3 and 4 and the behavior seems to be same either way. I have a PMR open to get IBM's help
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Roy
Sent: Tuesday, November 20, 2018 3:19 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: NFS security
what options are you using on the export and the mount command?
From: "Mitchell, Dana" <dmitche@xxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 20/11/2018 20:43
Subject: RE: NFS security
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
In our testing I have USER1 on the client machine with UID(106) and
USER2 on the server machine with UID(106). When USER1 accesses the nfs
mount and gets an auth failure, according to the audjrne it is not USER2 getting the failure (because USER2 does have authority to the directory) but is showing the userid that we have specified in the export as the
anonyumous user. I see no other settings or knobs that need adjusted
in order to get it to use the UID found on the NFS server machine.
Dana
Attention: This electronic document and associated attachments (if any) may contain confidential information of the sender (SHAZAM Network) and is intended solely for use by the addressee(s). Review by unintended individuals is prohibited. If you are not the intended recipient: (i) do not read, transmit, copy, disclose, store, or utilize this communication in any manner; (ii) please reply to the sender immediately, state that you received it in error and permanently delete this message and any attachment(s) from your computer and destroy the material in its entirety if in hard copy format. If you are the intended recipient, please use discretion in any email reply to ensure that you do not send confidential information as we cannot secure it through this medium. By responding to us through internet e-mail, you agree to hold SHAZAM, Inc. and all affiliated companies harmless for any unintentional dissemination of information contained in your message. Thank you.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
