Inbound owner/owner_group processing

Inbound owner/owner_group attributes may be present in:

CREATE, NVERIFY, OPEN, SETATTR, VERIFY NFSv4 operations
Access Control List NFSv4 (ACL ) attribute.

Owner/owner_group attributes can be in the form of:

"user@dns_domain" strings
Special strings, like anonymous user/group strings or superuser strings
Numeric string (for example, "100").

There are special strings representation:

Client anonymous user
Client superuser.

owner attribute for anonymous user consists of: String "nobody" with the at sign "@" and the domain

owner_group attribute for anonymous user consists of: String "nobody" with the at sign "@" and the domain

owner attribute for client superuser consists of: String "root" with the at sign "@" and the domain

owner_group attribute for client superuser can be anyone.

The z/OS NFS server uses the implicit interpretation on the base of hardcoded strings "nobody" and "root" (without the reference to RACF database) to designate a client anonymous user and client superuser, except for owner_group attribute for client superuser.

The z/OS NFS server stores anonymous uid and gid:

At z/OS NFS server start up, the RACF database is queried for user with "nobody" name
If that user is found in the RACF database, its RACF uid and gid are used
Otherwise 65534 (not ‘-2’) is used.

z/OS NFS server maps:

Anonymous owner string to RACF uid of "nobody"
Anonymous owner_group string to RACF gid of "nobody"
Superuser owner string to 0
Superuser owner_group string in the standard way (using z/OS NFS server internal cache and RACF database). z/OS NFS server does not use default name for superuser group name.

The subsequent processing of UID=0:

If the z/OS NFS server is in EXPORTS mode and EXPORT list entry includes <root> suffix, UID keeps the value
Otherwise, UID maps to the stored RACF UID of "nobody"