NFS v4 protocol name mapping

Using NFS v4 protocol (NFSv4) name mapping, a user can map owner and group names on a single DNS domain (INET environment) or on multiple DNS domains (CINET environment) to z/OS USS uid and gid numeric values. nfsv4domain(NFSv4_default_domain) specifies the "pseudo" NFSv4 domain for the NFSv4 name mapping. The "pseudo" NFSv4 domain allows various NFSv4 Clients from various network domains to seamlessly access the server provided that these NFSv4 Clients are also configured with the same "domain,"

Advantages: NFSv2 and NFSv3 protocol has been limited to the use of the UNIX-centric user identification mechanism of numeric user id (uid and gid). However, for NFS to move beyond the limits of large work groups, the NFS v4 protocol changed the user identification to be string based. It provides:

The owner and group names to be administered on a DNS domain basis
Flexibility (support of multiple internal naming schemes).

NFSv4 Name Mapping requires:

The same owner and group names to be defined on both the server and client.
The owner and group names must be defined to RACF with appropriate uid and gid values on z/OS.
nfsv4domain(NFSv4_default_domain) attribute should be appropriately set. When nfsv4domain is omitted, the participating NFSv4 Client's domain must match one of the Server's network domain for the proper NFSv4 name mapping.

Name resolution is not supported through any global name server such as LDAP.

The NFS client and NFS server can have their own local representation of owner and owner_group attributes that is used for local storage or presentation to the end user. Owner and owner_group attributes are transferred between the NFSv4 client and server in the form of "user@dns_domain". To provide a greater degree of compatibility with NFSv2 and NFSv3, which identified users and groups by 32-bit unsigned uids and gids, the owner and group strings that consist of decimal numeric values can be given a special interpretation by clients and servers.

Examples of owner, owner_group attributes syntax:

vndrcvr@storage.tucson.ibm.com
sys@storage.tucson.ibm.com
100 (numeric string "100").

z/OS NFS server has supported NFSv4 since V1R7. z/OS NFS server V1R7, V1R8, V1R9 only support the limited interpretation (i.e. only numeric strings). z/OS NFS server V1R10 added full name@domain strings. The inability of z/OS NFS server prior to V1R10 to interpret the owner and owner_group attributes caused problems with NFSv4 root support (See z/OS NFS APAR OA22311).

z/OS NFS server has supported <root> suffix in Export List since z/OS NFS server V1R8
Root support widely uses the functions (chown, chgrp) demanding full name@domain strings.

The z/OS NFS server performs the following:

Mapping inbound owner/owner_group attributes to local representation
Usage of RPC uid and gid as local representation in case of unsuccessful interpretation.
Mapping local representation to outbound owner/owner_group attributes
Usage of z/OS NFS server uid and gid cache in case of the absence of the local representation in the RACF database.
Mapping owner and group names to a single DNS domain or multiple DNS domains