Hello Darryl,

Am 16.12.2021 um 20:39 schrieb a4g atl <a4ginatl2@xxxxxxxxx>:

@Patrik
Do you need this if the IBMi is going to be a client in the process or does
it not make a difference?

You've been asking about the client view, I provided you with the client view. :-) Thus, "all except *SVR".

Maybe you want to learn about NFS on OS/400 in general before trying to use it?

See here for a generic (and somewhat terse) description: https://en.wikipedia.org/wiki/Network_File_System#Typical_implementation

NFS is one of the protocols relying on RPC.

https://en.wikipedia.org/wiki/Sun_RPC

Thus, you need some RPC implementation even on the NFS Client, because certain negotiation is taking place between those RPC instances, at least on which TCP/UDP Ports NFS is running on the server. SunRPC separates protocol presentation from the transport layer by removing the need for "well-known ports". Servers can allocate any port and register with the Portmap RPC Service, running on the well-known Port 111, tcp and udp.

Apparently, the concept wasn't adopted widely, and so we're still distributing some kind of /etc/services file or table so systems around the world know which protocol to expect on which port.

The other services are workers for doing I/O, locking and probably user ID matching. File system code historically has been part of the kernel in UNIX ever since. Thus part of the NFS client is implemented in the kernel.

Earlier NFS protocol versions have no concept about authentication, only authorization. Most often, this is still how it's used today. I've never seen any Kerberos based authentication (being optional with NFSv4) in the wild. Most likely it's just to cumbersome. ;-)

Once a remote machine is mounted locally, authorization is inherited by the unix rights of the files on on the server machine being enforced by the client. But user-group mapping is usually local to the client. Thus, if the user profile for darryl has the UID 700 on the NFS server, but on the client machine, patrik has the UID 700, patrik is allowed to access those files, and darryl not, because the UIDs don't match. A program can optionally run on both sides and map IDs by user and group *names* instead of numbers.

Root is a special case. By default, the server rewrites all UID/GID 0 (aka root) files to 6553x (the guest user and "nogroup"), to prevent anyone from tampering with system files being exported. This behavior can be switched off with the no_root_squash parameter on the export definition on the server.

All of that is not specific to IBM i and my recommendation is to learn about NFS. Especially if you don't have much UNIX background knowledge, some concepts might seem very alien.

:wq! PoC


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.