How to Limit Read Access to the Passwd Column
-
Log in to the domain's master server.
The examples in this task use the root master server, rootmaster.
-
Check the current table and column permissions.
Use the niscat -o command.
rootmaster# niscat -o passwd.org_dir
This task assumes the existing permissions are:
Access Rights : ----rmcdrmcdr--- Columns : [0] Name : name Access Rights : r-----------r--- [1] Name : passwd Access Rights : -----m---------- [2] Name : uid Access Rights : r-----------r--- [3] Name : gid Access Rights : r-----------r--- [4] Name : gcos Access Rights : r----m------r--- [5] Name : home Access Rights : r-----------r--- [6] Name : shell Access Rights : r-----------r--- [7] Name : shadow Access Rights : r-----------r---If your permissions are different, you may need to use a different syntax. For instructions, see the rights chapter of Solaris Naming Administration Guide.
-
Change the table permissions.
Use the nischmod command to change the table's object-level permissions to ---- rmcdrmcd ----
rootmaster# nischmod og=rmcd,nw= passwd.org_dir
-
Change the column permissions.
Use the nistbladm command with the -u option to change the permissions of the passwd and shadow columns to:
passwd ---- rm-- ---- ---- shadow ---- r--- ---- ---- rootmaster# nistbladm -u passwd=o+r, shadow=o+r passwd.org_dir
-
Verify the new permissions.
Use the niscat -o command, as you did in Step 2. The permissions should look the same as they do in that step's output.
- © 2010, Oracle Corporation and/or its affiliates