The fncreate command recognizes the underlying naming service in which FNS contexts are to be created (such as, NIS+, NIS, or files). To specify a specific naming service, you must run the fnselect command as explained in "Designating a Non-Default Naming Service"..
If fncreate is executed on a machine that is an NIS+ client or server, the FNS namespace will be set up in NIS+. (See Solaris Naming Setup and Configuration Guide if you want or need to designate some other machine as an FNS NIS+ master server.)
If the machine is an NIS client, the namespace will be set up in NIS.
If the machine is neither, the namespace will be set up in the machine's /var/fn directory. When your underlying naming system is files-based, the common practice is to create /var/fn by running fncreate on each machine. It is possible however to create /var/fn on one machine and export it by NFS to be mounted by other clients.
# fnselect nis
# fncreate -t org org//
This creates all the necessary contexts for users and hosts in the corresponding naming service.
When your primary enterprise-level naming service is NIS+, take into account the following points.
The command syntax shown above creates the FNS namespace for the root NIS+ domain. To specify a domain other than the root, add the domain name between the double slashes, as in:
# fncreate -t org org/sales.doc.com./
The fncreate commands creates NIS+ tables and directories in the ctx_dir directory. The ctx_dir directory object resides at the same level as the NIS+ groups_dir and org_dir directory objects of the domain.
With a large domain, the additional space required on the NIS+ server could be substantial and in a large installation performance might be improved by using separate servers for FNS and the standard NIS+ tables. See Solaris Naming Setup and Configuration Guide for information on how to use separate servers for FNS and NIS+.
In a large, or mission-critical domain, FNS service should be replicated. See Solaris Naming Setup and Configuration Guide for information on how to replicate FNS service.
The user who runs fncreate and other FNS commands is expected to have the necessary NIS+ credentials.
The environment variable
NIS_GROUP specifies the group owner for the NIS+ objects created by fncreate. In order to facilitate administration of the NIS+ objects,
NIS_GROUP should be set to the name of the NIS+ group responsible for FNS administration for that domain prior to executing fncreate and other FNS commands.
Changes to NIS+ related properties, including default access control rights, could be effected using NIS+ administration tools and interfaces after the context has been created. The NIS+ object name that corresponds to an FNS composite name can be obtained using fnlookup and fnlist, described later in this document.
The NIS maps used by FNS are stored in /var/yp/domainname.
Any changes to the FNS information can only be done by the superuser on the FNS NIS master server using FNS commands.
When using fncreate with the -t org option to create your FNS namespace, the command must be executed by superuser on the machine that owns the file system on which /var is located. The files used by FNS are stored in the /var/fn directory.
Once users' contexts are created, users are allowed to modify their own contexts based on their UNIX credentials.
If exported, the file system /var/fn can be mounted by other systems to access the FNS namespace.