The Question is:
I'm working at a customer site that is running into some permission
problems. The OpenVMS 7.2 server is an NFS client to a Network Appliance
NFS server using TCP/IP services 5.1.
Using the proxy map, the user data gets transferred correctly and everything
user-related works as expected (ownership, rights to change/delete, etc.)
However, since this customer uses attributes to control permissions for
groups of people, that doesn't
seem to map to the NFS server. In other words, the attribute permissions
that they would expect to be in effect on a given file are not. It always
uses the mapped permissions (UNIX style). The OpenVMS server also cannot
assign attribute permissions to
a file or directory on the NFS server.
The other limitation that I'd like to resolve is that we can't seem to find
a way to control the top-level directories permissions for creating files,
etc. It appears to be wide open.
Since they use attributes for everything, I would assume it's related.
Any help would be greatly appreciated.
The Answer is :
The OpenVMS TCP/IP NFS server is itself restricted to (remote) operations
and security that is permissible within the NFS model.
OpenVMS security identifiers are not mapped to/from remote connections.
The approach that would initially appear best would involve creating and
appropriately configuring default protection and default access control
list entries, applied on the ACLs of the target directories.
Please contact the Compaq Customer Support Center for assistance.