Apple Workgroup Server 95: AFP and NFS File Locking

We would like to share files from an Apple Workgroup Server (AWS) 95, using AppleTalk Filing Protocol (AFP) for Macintosh clients, and Network File System (NFS) for an OS/2 client. We understand that user security is separately maintained, and it's not an issue for us. However, we are concerned about file locking. Will a file locked under NFS appear locked via AFP, or the other way around?
You understand some of the security issues. Here are two important notes in the "Tuning Server Performance and Addition Internal Hard Driver" documentation for the AWS 95. These notes regard an AWS 95 running both AppleShare Pro and an NFS server, or running AppleShare Pro and operating the server as an NFS client. You should be aware of the following:

Operating as both an AppleShare Pro and an NFS server

When using the Apple Workgroup Server 95 as both an AppleShare server and an NFS server, be sure that the two services DON'T share the SAME files, folders, and volumes (file systems). If they do, you'll incur considerable problems because the two services use different means to assign and manage users, groups, and access privileges. You can use AppleShare to access an NFS shared file system without encountering any conflicts. The potential problem arises when an attempt is made to create or modify files that are shared by AppleShare and NFS that reside on the SAME volume.

In addition, sharing the SAME volume through both services creates a security problem for users of NFS. Because AppleShare Pro runs from the root account, all AppleShare users have root-level privileges on the volumes being shared by NFS and AppleShare Pro. Therefore, the AppleShare Pro users can read and make changes to all files on a volume shared by AppleShare Pro and NFS. Be aware of the vulnerability of the NFS files; to avoid potential problems, DON'T allow the SAME volume to be shared by both AppleShare Pro and NFS.

Running AppleShare Pro and operating the server as an NFS client

AppleShare Pro is designed to share LOCAL volumes; it is not designed to share volumes over the network. Therefore, if you configure the server as an NFS client, DON'T use it to share NFS mounted file systems. If you do, and the NFS server crashes, AppleShare Pro will become unresponsive.

AppleShare Pro is not programmed to respond to the NFS timeout errors. In A/UX, Macintosh virtual memory is an A/UX process that handles multiple client sessions. One of the many client sessions trying to access the unresponsive server can cause AppleShare Pro and all its clients to become unresponsive. The other A/UX processes on the Apple Workgroup Server 95 will be unaffected.

With the above notes in mind, and because the two services use different locking mechanisms, we don't recommend using the AWS 95 as both an AppleShare server and an NFS server sharing the SAME files, folders, and volumes.

Published Date: Feb 19, 2012