z/OS Network File System Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Authorization of file operations

z/OS Network File System Guide and Reference
SC23-6883-00

After the file system is mounted, the user performs the normal file operations on the NFS-mounted remote file system. z/OS NFS server adds the z/OS SAF checking in addition to the UNIX file permissions check.
Note: MVS z/OS conventional data sets do not support UNIX permission bits in the file attribute structure. By disabling the SAF security, there is no authorization checking for file operation to MVS z/OS conventional data set. The UNIX permission bits checking is still performed for z/OS UNIX file operations when the SAF security is disabled.

Table 1 shows server processing of a file request.

Table 1. z/OS server processing of a file request
Security Option MVSLOGIN z/OS UNIX File MVS Data Set
none Not required Check file permission bits No checking
saf Required*** SAF check*** SAF check***
exports Not required Check file permission bits No checking
safexp Required*** SAF check*** SAF check***
Note:
  1. z/OS UNIX segment must be defined for z/OS file operation. (***This does not apply when checklist requirements are satisfied.)
  2. If the file system is mounted with an RPCSEC_GSS authentication flavor, no MVSLOGIN is required.
Parent topic: Protecting the file system on z/OS with the Security site attribute

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014