Am 16.12.2021 um 20:39 schrieb a4g atl <a4ginatl2@xxxxxxxxx>:
Do you need this if the IBMi is going to be a client in the process or does
it not make a difference?
You've been asking about the client view, I provided you with the client view. :-) Thus, "all except *SVR".
Maybe you want to learn about NFS on OS/400 in general before trying to use it?
See here for a generic (and somewhat terse) description: https://en.wikipedia.org/wiki/Network_File_System#Typical_implementation
NFS is one of the protocols relying on RPC.
Thus, you need some RPC implementation even on the NFS Client, because certain negotiation is taking place between those RPC instances, at least on which TCP/UDP Ports NFS is running on the server. SunRPC separates protocol presentation from the transport layer by removing the need for "well-known ports". Servers can allocate any port and register with the Portmap RPC Service, running on the well-known Port 111, tcp and udp.
Apparently, the concept wasn't adopted widely, and so we're still distributing some kind of /etc/services file or table so systems around the world know which protocol to expect on which port.
The other services are workers for doing I/O, locking and probably user ID matching. File system code historically has been part of the kernel in UNIX ever since. Thus part of the NFS client is implemented in the kernel.
Earlier NFS protocol versions have no concept about authentication, only authorization. Most often, this is still how it's used today. I've never seen any Kerberos based authentication (being optional with NFSv4) in the wild. Most likely it's just to cumbersome. ;-)
Once a remote machine is mounted locally, authorization is inherited by the unix rights of the files on on the server machine being enforced by the client. But user-group mapping is usually local to the client. Thus, if the user profile for darryl has the UID 700 on the NFS server, but on the client machine, patrik has the UID 700, patrik is allowed to access those files, and darryl not, because the UIDs don't match. A program can optionally run on both sides and map IDs by user and group *names* instead of numbers.
Root is a special case. By default, the server rewrites all UID/GID 0 (aka root) files to 6553x (the guest user and "nogroup"), to prevent anyone from tampering with system files being exported. This behavior can be switched off with the no_root_squash parameter on the export definition on the server.
All of that is not specific to IBM i and my recommendation is to learn about NFS. Especially if you don't have much UNIX background knowledge, some concepts might seem very alien.
As an Amazon Associate we earn from qualifying purchases.