Specifying Access Rights in Commands
This section assume an NIS+ environment running at security level 2 (the default level).
This section describes how to specify access rights, as well as owner, group owner, and object, when using any of the commands described in this chapter.
Syntax for Access Rights
This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.
Class, Operator, and Rights Syntax
Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.
-
Class. Class refers to the type of NIS+ principal (authorization class) to which the rights will apply.
|
Class |
Description |
|---|---|
|
n |
Nobody: all unauthenticated requests |
|
o |
The owner of the object or table entry |
|
g |
The group owner of the object or table entry |
|
w |
World: all authenticated principals |
|
a |
All: shorthand for owner, group, and world (this is the default) |
-
Operator. The operator indicates the kind of operation that will be performed with the rights.
|
Operator |
Description |
|---|---|
|
+ |
Adds the access rights specified by right |
|
- |
Revokes the access rights specified by right |
|
= |
Explicitly changes the access rights specified by right; in other words, revokes all existing rights and replaces them with the new access rights. |
-
Rights. The rights are the access rights themselves. The accepted values for each are listed below.
|
Right |
Description |
|---|---|
|
r |
Reads the object definition or table entry |
|
m |
Modifies the object definition or table entry |
|
c |
Creates a table entry or column |
|
d |
Destroys a table entry or column |
You can combine operations on a single command line by separating each operation from the next with a comma (,).
Table 9-10 Class, Operator, and Rights Syntax--Examples|
Operations |
Syntax |
|---|---|
|
Add read access rights to the owner class |
o+r |
|
Change owner. group, and world classes' access rights to modify only from whatever they were before |
a=m |
|
Add read and modify rights to the world and nobody classes |
wn+m |
|
Remove all four rights from the group, world, and nobody classes |
gwn-rmcd |
|
Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes |
o+cd,wn+rm |
Syntax for Owner and Group
-
Owner. To specify an owner, use an NIS+ principal name.
-
Group. To specify an NIS+ group, use an NIS+ group name with the domain name appended.
Remember that principal names are fully qualified (principalname.domainname).
For owner
principalname |
For group
groupname.domainname |
Syntax for Objects and Table Entries
Objects and table entries use different syntaxes.
-
Objects use simple object names.
-
Table entries use indexed names.
For objects
objectname |
For table entries
columnname=value],tablename |
Note -
In this case, the brackets are part of the syntax.
Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search.
For example:
Table 9-11 Object and Table Entry--Examples|
Type |
Example |
|---|---|
|
Object |
hosts.org_dir.sales.doc.com. |
|
Table entry |
`[uid=33555],passwd.org_dir.Eng.doc.com.' |
|
Two-value table entry |
`[name=sales,gid=2],group.org_dir.doc.com.' |
Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, see "The nistbladm Command " for more information.
- © 2010, Oracle Corporation and/or its affiliates