NFS Server Access Modes

This appendix provides information about the NFS Server Access Modes.

Whenever a file or directory is created on the NFS side, the Owner, Group, and Others become the trustees on the NetWare side for NetWare-NFS and NFS-NetWare modes. The trustee rights are determined by the rwx permissions that are set on the NFS side at the time of creation. Executing a chmod command would actually result in the trustee rights getting changed for NFS-NetWare Mode. Apart from changing the trustee rights, the file's attributes are also decided by the rwx permissions. If all the three of them (Owner, Group, Others) have only r-r-r-, then the file would be marked as Read-only.

NetWare Mode---Controls access to the exported NFS directory using NetWare access control methods such as NetWare rights and attributes. This mode is to be used only when the control needs to be on the NetWare side and the volume is exported only for NFS sharing.

When using this mode, NFS permissions do not modify the settings of the NetWare rights and attributes.

This mode functions as follows:

Trustees are not assigned and attributes are not mapped. [RWX] is not mapped to [SRWCEMFA].

By default, IRM is set to SRWCEMFA.

The default permissions for files created by UNIX users are based on the effective rights of the mapped NetWare user account.

NetWare ownership of a file is determined by the mappings between NetWare and UNIX global objects. The OwnerID (NetWare files) is mapped to the UNIX owner of the file.

Files created from DOS by unmapped users have a UID=0.

The chmod, chown, and chgrp commands have no effect upon the NetWare rights and attributes of the file and they fail silently.

Executing a chmod command reflects changes on the UNIX side only when the _x (execute permission) is involved.

The functions of this mode are listed in Table 4

Table 4. NetWare Mode Functions

Operations from the NFS Side	DOS Name Space (NetWare Clients)	NFS Name Space (NFS Clients)
Creation	Owner ID is mapped to NetWare user. IRM is set to the default (SRWCEMFA). No trustees are created. No attributes are set based on FMode.	UID is set to Root. (UNIX user is mapped to Admin.) GID is set to whatever the file was created with. File mode is set.
Modification chown chgrp chmod	No change in the owner ID or trustee. No change in the group trustee. No attribute change. No trustee change. No IRM change.	A UID change is not allowed. A GID change is not allowed. An Fmode change is effective only for _x.

Operations from the NFS Side

DOS Name Space (NetWare Clients)

NFS Name Space (NFS Clients)

Creation

Owner ID is mapped to NetWare user.

IRM is set to the default (SRWCEMFA).

No trustees are created.

No attributes are set based on FMode.

UID is set to Root. (UNIX user is mapped to Admin.)

GID is set to whatever the file was created with.

File mode is set.

Modification

chown

chgrp

chmod

No change in the owner ID or trustee.

No change in the group trustee.

No attribute change.

No trustee change.

No IRM change.

A UID change is not allowed.

A GID change is not allowed.

An Fmode change is effective only for _x.

If, for example, a file is created by user sara belonging to group test, with ls -l, the attributes would be as follows:

file rwxr-r--- sara test

The GID is the primary GID of sara, but on the NetWare client side sara is the owner of the file.

The chmod request is successful only for -x-x-x. For example, if vol1 with a file fil1and with only [R-------F] for a group is exported, the NFS rights would be r-x.

file r-xr-r- sara test

Executing the chmod 777 fil command does not change the rights. It still shows as r-x.

file r-xr-xr-x sara test

NetWare-NFS Mode---Creates trustee rights to emulate NFS permissions whenever permissions are created or changed by the NFS client.

In using this mode, NFS permissions override NetWare rights, but NetWare attributes are always enforced and therefore cannot be overridden by NFS permissions. Use this mode if you want NetWare trustee rights to emulate NFS permissions.

This mode functions as follows:

Up to three NetWare trustee assignments corresponding to the mapped User, Group, and Others are automatically assigned to all files created by UNIX users. The trustee rights correspond to the UNIX user's umask.

NetWare ownership of a file is determined by the mappings between NetWare and UNIX global objects. The Owner ID in the DOS name space is the mapped UNIX user on the NFS side.

Executing the chmod, chown, or chgrp command from UNIX modifies the trustee assignments to the file, but has no effect on any NetWare attributes. The chmod command works if the owner of the file executes the command from the UNIX side.

IRM is set to Others' rights (rights of the organization trustee).

Changing the UID/GID/FMode changes the trustees and their rights.

The functions of this mode are listed in Table 5.

Table 5. NetWare-NFS Mode Functions

Operations from the NFS Side	DOS Name Space (NetWare Clients)	NFS Name Space (NFS Clients)
Creation	Owner ID - NetWare user is mapped to the NFS user creating the file. Trustees are created for User/Group/World mappings. Trustee rights are set according to rwx. No attributes are set based on Fmode.	UID/GID is set to whatever the file was created with. Fmode is set as follows: If file1 has the RO attribute set, its permission will be r-r-r-. chmod + w file1 will fail and permission will remain unchanged as r-r-r-. chmod + x file1 will change permission to r-xr-xr-x.
Modification chown chgrp chmod	Owner ID - User trustee changed to new UID. Group trustee is changed. Trustee rights change according to the new rwx. Attributes do not change.	UID is set to the new UID. GID is set to the new GID. Fmode is set as follows: If file1 has the RO attribute set, its permission will be r-r-r-. chmod + w file1 will fail and permission will remain unchanged as r-r-r-. chmod + x file1 will change permission as r-xr-xr-x.
Attributes DI RI RO	DOS user cannot delete file/directory. DOS user cannot rename the file. DOS user cannot write to the file.	NFS user cannot delete file/directory. NFS user cannot rename the file. NFS user cannot write to the file.

Operations from the NFS Side

DOS Name Space (NetWare Clients)

NFS Name Space (NFS Clients)

Creation

Owner ID - NetWare user is mapped to the NFS user creating the file.

Trustees are created for User/Group/World mappings.

Trustee rights are set according to rwx.

No attributes are set based on Fmode.

UID/GID is set to whatever the file was created with.

Fmode is set as follows:
If file1 has the RO attribute set, its permission will be r-r-r-.
chmod + w file1 will fail and permission will remain unchanged as r-r-r-.
chmod + x file1 will change permission to r-xr-xr-x.

Modification

chown

chgrp

chmod

Owner ID - User trustee changed to new UID.

Group trustee is changed.

Trustee rights change according to the new rwx.

Attributes do not change.

UID is set to the new UID.

GID is set to the new GID.

Fmode is set as follows:
If file1 has the RO attribute set, its permission will be r-r-r-.
chmod + w file1 will fail and permission will remain unchanged as r-r-r-.
chmod + x file1 will change permission as r-xr-xr-x.

Attributes

DOS user cannot delete file/directory.

DOS user cannot rename the file.

DOS user cannot write to the file.

NFS user cannot delete file/directory.

NFS user cannot rename the file.

NFS user cannot write to the file.

The User, Group, and Others get mapped to the appropriate NetWare user groups and their rights [rwx] get mapped to [SRWCEMFA], NetWare rights. But the attributes are not affected. For example, if the file were created with r-r-r-, NetWare would not change the attribute to [RO] for that file.

For any file that gets created from the NFS side, or for files that already exist in NetWare when the volume is exported, any change in the permissions would change the trustee rights on the NetWare side.

For example, if a user sara, whose primary group is test, creates a file on the NFS side, the trustees on the NetWare side would be as follows:

.sara.novell	User
.test.novell	Group
.o-novell	Others

The chmod command would work only for a Superuser on the NFS side executing the command on a volume exported with ROOT access. For other users and other non-Root access exports, the command would not succeed.

The chgrp command changes the trustees on the NetWare side. If for a particular UNIX group there is no mapped NetWare group, the NetWare server would be made the trustee.

The chmod command has the effect of modifying the trustee rights appropriately.

NFS-NetWare Mode---Creates trustee rights and NetWare attributes to emulate NFS permissions whenever permissions are created or changed by the NFS client.

When using this mode, NFS permissions override both NetWare rights and attributes. Use this mode if you want both NetWare trustee rights and attributes to emulate NFS permissions.

This mode functions as follows:

NetWare ownership of a file is determined by the mappings between NetWare and UNIX global objects.

Applying the Delete-Inhibit or Rename-Inhibit flag to a file from NetWare does not affect the directory permissions for UNIX users.

Executing chmod, chown, or chgrp from UNIX can modify both the NetWare trustee assignments and attributes of the file. For example, suppose the following command is executed from a NFS client:
chmod 444 file

Not only would the write permission be removed from the NetWare trustee assignments of the file, but the Read-only attribute would also be set.

For example, if the file has been given [RW] permissions on the NetWare side, and on the NFS side the owner of the file executes a chmod command and changes it to r-r-r-, the attributes are changed to [R] on the NetWare side.

The functions of this mode are listed in Table 6.

Table 6. NFS-NetWare Mode Functions

Operations from the NFS Side	DOS Name Space (NetWare Clients)	NFS Name Space (NFS Clients)
Creation	Owner ID - NetWare user is mapped to the NFS user creating the file. Trustees are created for User/Group/World mappings. Trustee rights are set according to rwx. Attribute set is based on Fmode.	UID/GID is set to whatever the file was created with. Fmode is set as follows: If file1 has the RO attribute set, its permission will be r-r-r-. chmod + w file1 will change the permission to rw-rw-rw and remove the RO attribute. chmod + x file1 will change the permission to r-xr-xr-x.
Modification chown chgrp chmod	Owner ID - User trustee is changed to a new UID. Group trustee is changed. Trustee rights change according to the new rwx. The RO attribute is set if the file does not have permission for User, Group, and Other.	UID is set to the new UID. GID is set to the new GID. Fmode is set as follows: If file1 has the RO attribute set, its permission will be r-r-r-. chmod + w file1 will change the permission to rw-rw-rw and remove the RO attribute. chmod + x file1 will change the permission to r-xr-xr-x.
Attributes DI RI RO	DOS user cannot delete file/directory. DOS user cannot rename a file. DOS user cannot write to the file.	NFS user can delete file/directory. NFS user can rename the file. NFS user can write to the files.

Operations from the NFS Side

DOS Name Space (NetWare Clients)

NFS Name Space (NFS Clients)

Creation

Owner ID - NetWare user is mapped to the NFS user creating the file.

Trustees are created for User/Group/World mappings.

Trustee rights are set according to rwx.

Attribute set is based on Fmode.

UID/GID is set to whatever the file was created with.

Fmode is set as follows:
If file1 has the RO attribute set, its permission will be r-r-r-.
chmod + w file1 will change the permission to rw-rw-rw and remove the RO attribute.
chmod + x file1 will change the permission to r-xr-xr-x.

Modification

chown

chgrp

chmod

Owner ID - User trustee is changed to a new UID.

Group trustee is changed.

Trustee rights change according to the new rwx.

The RO attribute is set if the file does not have permission for User, Group, and Other.

UID is set to the new UID.

GID is set to the new GID.

Fmode is set as follows:
If file1 has the RO attribute set, its permission will be r-r-r-.
chmod + w file1 will change the permission to rw-rw-rw and remove the RO attribute.
chmod + x file1 will change the permission to r-xr-xr-x.

Attributes

DOS user cannot delete file/directory.

DOS user cannot rename a file.

DOS user cannot write to the file.

NFS user can delete file/directory.

NFS user can rename the file.

NFS user can write to the files.

NFS Mode---Does not automatically map between file systems.

Use NFS Mode if the directory is accessed primarily by NFS clients.

This mode functions as follows:

Trustees are not assigned and attributes are not mapped.

UNIX permissions are not mapped to NetWare rights.

The default permissions for files created by UNIX users are based on the umask of the user. By default, IRF is set to Null for directories.

All files created from UNIX are owned by the NetWare file server when viewed from NetWare.

Files created from DOS have a UID=0 and a permission mode of 000. OwnerID of the DOS Name Space is NOBODY.

The chmod, chown, and chgrp commands modify the UNIX attributes of a file, but they have no effect on the NetWare rights and attributes of the file.

The functions of this mode are listed in Table 7.

Table 7. NFS Mode Functions

Operations from the NFS Side	DOS Name Space (NetWare Clients)	NFS Name Space (NFS Clients)
Creation	OwnerID is set to Nobody. IRM is set to Null for a subdirectory. No trustee is created for NetWare User/Group/Other. No attributes are set according to Fmode.	UID/GID is set to whatever the file was created with. File mode is set.
Modification chown chgrp chmod	OwnerID is set to Nobody. No change in group trustee. No change in attributes, IRM, or trustee rights.	UID is changed. GID is changed. File mode is set appropriately.
Attributes DI RI RO	DOS user cannot delete file/directory. DOS user cannot rename the file. DOS user cannot write to the file.	NFS user can delete file/directory. NFS user can rename the file. NFS user can write to the file.

Operations from the NFS Side

DOS Name Space (NetWare Clients)

NFS Name Space (NFS Clients)

Creation

OwnerID is set to Nobody.

IRM is set to Null for a subdirectory.

No trustee is created for NetWare User/Group/Other.

No attributes are set according to Fmode.

UID/GID is set to whatever the file was created with.

File mode is set.

Modification

chown

chgrp

chmod

OwnerID is set to Nobody.

No change in group trustee.

No change in attributes, IRM, or trustee rights.

UID is changed.

GID is changed.

File mode is set appropriately.

Attributes

DOS user cannot delete file/directory.

DOS user cannot rename the file.

DOS user cannot write to the file.

NFS user can delete file/directory.

NFS user can rename the file.

NFS user can write to the file.

For files that already exist and that were created by NetWare clients, the owner and the group become Admin and Admin's primary group.

For files that are created from the NFS side, the user group would not get mapped to any trustee on the NetWare side. The owner ID of the DOS name space is set to Nobody, which means that the file is owned by the NetWare server. Some versions of FILER would indicate no owner and older versions would indicate that the NetWare Server owns it.

If the volume is exported with root access for the UNIX machine and the Superuser executes a chown command for an existing NetWare file, the owner ID of the file would change to Nobody. Therefore, an empty directory is exported for NFS Mode.

The file would still be accessible to NetWare users (trustees, etc.). For example, if user sara creates a file from the NFS side, on the NFS side you will see the following:

file rw-rw-rw- sara test

When the command rights File/t is executed on the NetWare client, the message no trustees are assigned is displayed. For any change that occurs, like chmod, NFS name space gets modified.

Independent Mode---An extension of the NFS Mode. Like the NFS Mode, this mode stops access mapping between NetWare and NFS Independent Mode.

In this mode, access control at NetWare and at UNIX are independent of each other.

This mode functions as follows:

Trustees are not assigned.

No mapping of rwx SRWCEMFA is done.

No attribute mapping is done.

IRM is set to the default (SRWCEMFA).

OwnerID of DOS name space is mapped to the UNIX user on the NFS side.

Changing Group and Fmode does not affect the DOS side.

A file or directory created from the DOS side sets mapped UNIX UID and GID.

A file or directory created from DOS has the following default permissions:
-rw-r-r- (file)

drwxr-xr-x (directory)

The functions of this mode are listed in Table 8.

Table 8. Independent Mode Functions

Operations from the NFS Side	DOS Name Space (NetWare Clients)	NFS Name Space (NFS Clients)
Creation	OwnerID - NetWare user is mapped to the NFS user creating the file. IRM is the default SRWCEMFA. No trustees are created for User/Group/Other. No attributes are set according to Fmode.	UID/GID is set to whatever the file was created with. File mode is set as follows: If file1 has the RO attribute set, its permission will be r-r-r- for the first time only. chmod + w file1 will change the permission to rw-rw-rw-. chmod + x file1 will change the permission to r-xr-xr-x.
Modification chown chgrp chmod	OwnerID changes. No change in group trustee. No change in attributes, IRM, or trustee rights.	UID is changed. CID is changed. File mode is set as follows: If file1 has the RO attribute set, its permission will be r-r-r- for the first time only. chmod + w file1 will change the permission to rw-rw-rw-. chmod + x file1 will change the permission to r-xr-xr-x.
Attributes DI RI RO	DOS User cannot delete file/directory. DOS User cannot rename the file. DOS User cannot write to the file.	NFS User can delete file/directory. NFS User can rename the file. NFS User can write to the file.

Operations from the NFS Side

DOS Name Space (NetWare Clients)

NFS Name Space (NFS Clients)

Creation

OwnerID - NetWare user is mapped to the NFS user creating the file.

IRM is the default SRWCEMFA.

No trustees are created for User/Group/Other.

No attributes are set according to Fmode.

UID/GID is set to whatever the file was created with.

File mode is set as follows:
If file1 has the RO attribute set, its permission will be r-r-r- for the first time only.
chmod + w file1 will change the permission to rw-rw-rw-.
chmod + x file1 will change the permission to r-xr-xr-x.

Modification

chown

chgrp

chmod

OwnerID changes.

No change in group trustee.

No change in attributes, IRM, or trustee rights.

UID is changed.

CID is changed.

File mode is set as follows:
If file1 has the RO attribute set, its permission will be r-r-r- for the first time only.
chmod + w file1 will change the permission to rw-rw-rw-.
chmod + x file1 will change the permission to r-xr-xr-x.

Attributes

DOS User cannot delete file/directory.

DOS User cannot rename the file.

DOS User cannot write to the file.

NFS User can delete file/directory.

NFS User can rename the file.

NFS User can write to the file.