JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

About NIS+ Access Rights

Introduction to NIS+ Authorization and Access Rights

NIS+ Authorization Classes - Review

NIS+ Access Rights - Review

Concatenation of NIS+ Access Rights

How NIS+ Access Rights Are Assigned and Changed

Specifying Different Default Rights in NIS+

Changing Access Rights to an Existing NIS+ Object

NIS+ Table, Column, and Entry Security

NIS+ Table, Column, Entry Example

NIS+ Rights at Different Levels

Where NIS+ Access Rights Are Stored

Viewing an NIS+ Object's Access Rights

Default NIS+ Access Rights

How an NIS+ Server Grants Access Rights to Tables

Specifying NIS+ Access Rights in Commands

NIS+ Syntax for Access Rights

NIS+ Class, Operator, and Rights Syntax

NIS+ Syntax for Owner and Group

NIS+ Syntax for Objects and Table Entries

Displaying NIS+ Defaults With nisdefaults

Setting NIS+ Default Security Values

Displaying the Value of the NIS+ NIS_DEFAULTS Variable

Changing NIS+ Defaults

Resetting the Value of NIS_DEFAULTS

Specifying Non-Default Security Values at Creation Time in NIS+

Changing NIS+ Object and Entry Access Rights

Using nischmod to Add NIS+ Rights

Using nischmod to Remove NIS+ Rights

Specifying Column Access Rights in NIS+

Setting Column Rights When Creating an NIS+ Table

Adding Rights to an Existing NIS+ Table Column

Removing Rights to an NIS+ Table Column

Changing Ownership of NIS+ Objects and Entries

Changing an NIS+ Object Owner With nischown

Changing an NIS+ Table Entry Owner With nischown

Changing an NIS+ Object or Entry's Group

Changing an NIS+ Object's Group With nischgrp

Changing an NIS+ Table Entry's Group With nischgrp

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Specifying NIS+ Access Rights in Commands

This section assume an NIS+ environment running at security level 2 (the default level).

This section describes how to specify access rights, as well as owner, group owner, and object, when using any of the commands described in this chapter.

NIS+ Syntax for Access Rights

This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.

NIS+ Class, Operator, and Rights Syntax

Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.

You can combine operations on a single command line by separating each operation from the next with a comma (,).

Table 15-7 NIS+ Class, Operator, and Rights Syntax – Examples

Add read access rights to the owner class
Change owner. group, and world classes' access rights to modify only from whatever they were before
Add read and modify rights to the world and nobody classes
Remove all four rights from the group, world, and nobody classes
Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes
NIS+ Syntax for Owner and Group

Remember that principal names are fully qualified (principalname.domainname).

For owner


For group

NIS+ Syntax for Objects and Table Entries

Objects and table entries use different syntaxes.

For objects


For table entries


Note - In this case, the brackets are part of the syntax.

Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search, as in the following.

Table 15-8 NIS+ Object and Table Entry – Examples

Table entry
Two-value table entry

Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, see Using the nistbladm Command With NIS+ Tables for more information.