Planning Access Rights to NIS+ Tables
NIS+ objects other than NIS+ tables are primarily structural. NIS+ tables, however, are a different kind of object: they are informational. Access to NIS+ tables is required by all NIS+ principals and applications running on behalf of those principals. Therefore, their access requirements are a somewhat different.
Table 3-2 lists the default access rights assigned to NIS+ tables. If any columns provide rights in addition to those of the table, they are also listed. You can change these rights at the table and entry level with the nischmod command, and at the column level with the nistbladm -u command. "Protecting the Encrypted Passwd Field" provides just one example of how to change table rights to accommodate different needs.
Table 3-2 Default Access Rights for NIS+ Tables and Columns|
Table/Column |
Nobody |
Owner |
Group |
World |
|
|---|---|---|---|---|---|
|
hosts table |
r--- |
rmcd |
rmcd |
r--- |
|
|
bootparams table |
r--- |
rmcd |
rmcd |
r--- |
|
|
passwd table |
---- |
rmcd |
rmcd |
r--- |
|
|
|
name column |
r--- |
---- |
---- |
---- |
|
|
passwd column |
---- |
-m-- |
---- |
---- |
|
|
uid column |
r--- |
---- |
---- |
---- |
|
|
gid column |
r--- |
---- |
---- |
---- |
|
|
gcos column |
r--- |
-m-- |
---- |
---- |
|
|
home column |
r--- |
---- |
---- |
---- |
|
|
shell column |
r--- |
---- |
---- |
---- |
|
|
shadow column |
---- |
---- |
---- |
---- |
|
group table |
---- |
rmcd |
rmcd |
r--- |
|
|
|
name column |
r--- |
---- |
---- |
---- |
|
|
passwd column |
---- |
-m-- |
---- |
---- |
|
|
gid column |
r--- |
---- |
---- |
---- |
|
|
members column |
r--- |
-m-- |
---- |
---- |
|
cred table |
r--- |
rmcd |
rmcd |
r--- |
|
|
|
cname column |
---- |
---- |
---- |
---- |
|
|
auth_type column |
---- |
---- |
---- |
---- |
|
|
auth_name column |
---- |
---- |
---- |
---- |
|
|
public_data column |
---- |
-m-- |
---- |
---- |
|
|
private_data column |
---- |
-m-- |
---- |
---- |
|
networks table |
r--- |
rmcd |
rmcd |
r--- |
|
|
netmasks table |
r--- |
rmcd |
rmcd |
r--- |
|
|
ethers table |
r--- |
rmcd |
rmcd |
r--- |
|
|
services table |
r--- |
rmcd |
rmcd |
r--- |
|
|
protocols table |
r--- |
rmcd |
rmcd |
r--- |
|
|
rpc table |
r--- |
rmcd |
rmcd |
r--- |
|
|
auto_home table |
r--- |
rmcd |
rmcd |
r--- |
|
|
auto_master table |
|
rmcd |
rmcd |
r--- |
|
Note -
NIS-compatible domains give the nobody class read rights to the passwd table at the table level.
- © 2010, Oracle Corporation and/or its affiliates