To ensure that the NFS clients are not inadvertently granted access rights which undermine the BS2000 security strategies, the following restrictions for the sharing of bs2fs files apply in comparison with the sharing of ufs files:

• Sharing bs2fs files using the share command is permissible only under the BS2000 user ID TSOS.

• The administration must define all client computers which are to be granted access to the shared bs2fs file system explicitly with one of the options rw=... (for read/write access) or ro=... (for read access). Only these clients will be granted access. If a client name is contained in both lists, it will only be granted read access. If it is contained in neither, it is granted no access to the shared bs2fs file system.

• Client processes which run under the UID which matches the POSIX UID of the owner (BS2000 user ID) of the bs2fs files are granted access to the shared bs2fs files with the rights of their owner.

  For client processes which run under a different UID, the bs2anon option of the share command can be used to define a BS2000 user ID under which these processes can access the shared bs2fs file system. If this option is not specified, these processes are not granted access to the bs2fs file system.

  NFS clients can thus either perform access under the BS2000 user ID of the owner of the shared bs2fs files or – if specified in the share command – under the BS2000 user ID assigned for "anonymous" accesses.

  The administrator of the NFS server (BS2000) must verify the trustworthiness of the admitted clients – as is also the case with other NFS shares. In this case the client administrator (root) must be trusted, because this administrator assigns a user his/her UID. Client users with a UID which corresponds to the POSIX UID of the owner of the bs2fs files must also be trusted in the context of the access rights granted to them.