UID Definitions

  • If you are able to do everything but create a file in a NFS-mounted Byte File System directory,

  • but you see ACCESS DENIED or NOT OWNER when you attempt to create a file,

  • then the UIDs defined for your *IX system are probably different from the UIDs defined for the VM user ID you've used on the MOUNT.

If you are curious, go see what is happening with UID processing under the covers.

How can you correct this problem?

  1. The ideal way to avoid this problem is to have have a flat name space. A person who has a VM user ID and an *IX user ID is assigned the same UID and GID on both systems. When user SAM is logged on to his VM ID using BFS files, he is allowed to do the exact same operations as when he is on *IX using those BFS files after an NFS MOUNT.

  2. If global user ID definitions are impossible, another choice is to create a new, dummy user ID on *IX which has a UID that matches the VM UID used on MOUNT. Use 'su' to switch to that dummy user ID on *IX. Also make sure that the GID assigned on *IX is in the list of GIDs assigned to the VM user ID.

    This might be easier than forcing consistency across all systems. Of course, this will only work if there is no overlap in the UID definitions for the two systems.

  3. A third choice is to MOUNT on *IX using a VM user ID that has super-user authority. This will allow the create request to succeed, and the file will be created using the UID/GID of *IX SAM. However, when VM SAM tries to use this file from VM, he probably won't be able to use the files in all the ways he expects because POSIX won't see him as the owner of the file.

    In this case, once your *IX clients get to the mount point, they have full power to anything under it (since they are super-users as far as the VM NFS server is concerned). Access to the mount point must be carefully controlled from the client side.

  4. Non-*IX clients have the capability to MOUNT using VM SAM as the user ID, but they can tolerate different UID/GID definitions on the NFS server. Non-*IX NFS clients use PCNFSD to ask the server: By what UID am I known there? The NFS client then uses that information, for example, by recognizing what the owning UID of a new file should be.

Return to the main z/VM TCP/IP NFS Server Support page.