z/OS Network File System Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Protecting the file system on z/OS with the Security site attribute

z/OS Network File System Guide and Reference
SC23-6883-00

You can use the security site attribute, with the NFS V2, V3, and V4 protocols, to select the level of protection for different types of data access. A different protection level can be specified for MVS data sets, HFS files, and data that is accessed using the public file handle. The attribute used to protect data access is the security attribute. The format of the keyword is security(mvs[,hfs,public]). The following are the security options: exports, none, saf, and safexp. See Site attributes syntax for syntax rules.) The z/OS NFS server can be configured to handle security in the following ways:
  • None
  • Exports list checking
  • System Authorization Facility (SAF) checking
  • Customized installation security exit
  • System Authorization Facility (SAF) checking with checklist processing (to bypass SAF for files and directories under selected mount points)
  • A combination of these approaches
Note: The UNIX permission checking against the z/OS UNIX hierarchical file system might appear to be inconsistent if the definitions of UID, GID, and SGID are not consistent throughout the domain of the network.
Parent topic: Protecting your programs and files

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014