A.29 POSIX Permission Mask Command

nss /PosixPermissionMask=mask

Specify the octal mask to control which bits in the POSIX permissions (drwxrwxrwx) are allowed to be set. The octal digits correspond to directory, user, group, and other fields. By default, NSS sets the POSIX permissions to 0777.

IMPORTANT:NSS uses the OES trustee model to authenticate and give access to users, not the Linux ACLs and POSIX permissions.

The command applies to all NSS volumes on the Linux server. In a cluster environment, make sure that the setting is the same on all nodes. This command should normally be added in the /etc/opt/novell/nss/nssstart.cfg file so that it persists across reboots.

Example

For example, SSH requires that the permissions in the Other field be disabled. If you use NSS volumes for home directories and you want users to have SSH access to them, you must modify the POSIX permissions to 0770. The following command in the /etc/opt/novell/nss/nssstart.cfg file turns off all of the bits corresponding to the Other field:

/PosixPermissionMask=0770

The setting applies to all NSS volumes on the server. You must also Linux-enable users and enable SSH with Linux User Management

If the volume is shared in a cluster, make sure to add the command to the nssstart.cfg file on all nodes and to Linux-enable SSH on all nodes.