Solaris Naming Administration Guide

Specifying Column Access Rights

The nistbladm command performs a variety of operations on NIS+ tables. Most of these tasks are described in "The nistbladm Command". However, two of its options, -c and -u, enable you to perform some security-related tasks:

Setting Column Rights When Creating a Table

When a table is created, its columns are assigned the same rights as the table object. These table level, rights are derived from the NIS_DEFAULTS environment variable, or are specified as part of the command that creates the table. You can also use the nistbladm -c option to specify initial column access rights when creating a table with nistbladm. To use this option you must have create rights to the directory in which you will be creating the table. To set column rights when creating a table use:

nistbladm -c type `columname=[flags] [,access]... tablename'


To assign a column its own set of rights at table creation time, append access rights to each column's equal sign after the column type and a comma. Separate the columns with a space:

column=type, rights column=type, rights column=type, rights

The example below creates a table named depts in the directory, of type div, with three columns (Name, Site, and Manager), and adds modify rights for the group to the second and third columns:

rootmaster% nistbladm -c div Name=S Site=S,g+m Manager=S,g+m

For more information about the nistbladm and the-c option, see Chapter 14, Administering NIS+ Tables.

Adding Rights to an Existing Table Column

The nistbladm -u option allows you to add additional column access rights to an existing table column with the nistbladm command. To use this option you must have modify rights to the table column. To add additional column rights use:

nistbladm -u [column=access,...],tablename


Use one column=access pair for each column whose rights you want to update. To update multiple columns, separate them with commas and enclose the entire set with square brackets:

[column=access, column=access, column=access]

The full syntax of this option is described in "The nistbladm Command".

The example below adds read and modify rights to the group for the name and addr columns in the table.

client% nistbladm -u `[name=g+rm,addr=g+rm],'

Removing Rights to a Table Column

To remove access rights to a column in an NIS+ table, you use the -u option as described above in "Adding Rights to an Existing Table Column" except that you subtract rights with a minus sign (rather than adding them with a plus sign).

The example below removes group's read and modify rights to the hostname column in the table.

client% nistbladm -u 'name=g-rm,'