Solaris Naming Administration Guide

Getting Started

To begin using FNS with your underlying name service, you run the fncreate command.

The fncreate command recognizes the underlying naming service in which FNS contexts are to be created (such as, NIS+, NIS, or files). To specify a specific naming service, you must run the fnselect command as explained in "Designating a Non-Default Naming Service"..

Designating a Non-Default Naming Service

By default:

You can also explicitly specify a non-default target naming service by using the fnselect command. For example the following command selects the target naming service to be NIS.

# fnselect nis

Creating the FNS Namespace

Once the naming service has been selected either using the default policy or explicitly via fnselect, you can execute the following command to create the FNS namespace:

# fncreate -t org org//

This creates all the necessary contexts for users and hosts in the corresponding naming service.

NIS+ Considerations

When your primary enterprise-level naming service is NIS+, take into account the following points.

NIS+ Domains and Subdomains

The command syntax shown above creates the FNS namespace for the root NIS+ domain. To specify a domain other than the root, add the domain name between the double slashes, as in:

# fncreate -t org org/

Note the trailing dot after the fully qualified domain name.

Space and Performance Considerations

The fncreate commands creates NIS+ tables and directories in the ctx_dir directory. The ctx_dir directory object resides at the same level as the NIS+ groups_dir and org_dir directory objects of the domain.

NIS+ Security Requirements

The user who runs fncreate and other FNS commands is expected to have the necessary NIS+ credentials.

The environment variable NIS_GROUP specifies the group owner for the NIS+ objects created by fncreate. In order to facilitate administration of the NIS+ objects, NIS_GROUP should be set to the name of the NIS+ group responsible for FNS administration for that domain prior to executing fncreate and other FNS commands.

Changes to NIS+ related properties, including default access control rights, could be effected using NIS+ administration tools and interfaces after the context has been created. The NIS+ object name that corresponds to an FNS composite name can be obtained using fnlookup and fnlist, described later in this document.

NIS Considerations

The fncreate command must be executed by superuser on the NIS system that will serve as the NIS master server for the FNS maps.

The NIS maps used by FNS are stored in /var/yp/domainname.

Any changes to the FNS information can only be done by the superuser on the FNS NIS master server using FNS commands.

Files Considerations

When using fncreate with the -t org option to create your FNS namespace, the command must be executed by superuser on the machine that owns the file system on which /var is located. The files used by FNS are stored in the /var/fn directory.

Once users' contexts are created, users are allowed to modify their own contexts based on their UNIX credentials.

If exported, the file system /var/fn can be mounted by other systems to access the FNS namespace.