Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
Introduction to NIS+ Authorization and Access Rights
NIS+ Authorization Classes - Review
Concatenation of NIS+ Access Rights
How NIS+ Access Rights Are Assigned and Changed
Specifying Different Default Rights in NIS+
Changing Access Rights to an Existing NIS+ Object
NIS+ Table, Column, and Entry Security
NIS+ Table, Column, Entry Example
NIS+ Rights at Different Levels
Where NIS+ Access Rights Are Stored
Viewing an NIS+ Object's Access Rights
How an NIS+ Server Grants Access Rights to Tables
Specifying NIS+ Access Rights in Commands
NIS+ Class, Operator, and Rights Syntax
Displaying NIS+ Defaults With nisdefaults
Setting NIS+ Default Security Values
Displaying the Value of the NIS+ NIS_DEFAULTS Variable
Resetting the Value of NIS_DEFAULTS
Specifying Non-Default Security Values at Creation Time in NIS+
Changing NIS+ Object and Entry Access Rights
Using nischmod to Add NIS+ Rights
Using nischmod to Remove NIS+ Rights
Specifying Column Access Rights in NIS+
Setting Column Rights When Creating an NIS+ Table
Adding Rights to an Existing NIS+ Table Column
Removing Rights to an NIS+ Table Column
Changing Ownership of NIS+ Objects and Entries
Changing an NIS+ Object Owner With nischown
Changing an NIS+ Table Entry Owner With nischown
Changing an NIS+ Object or Entry's Group
Changing an NIS+ Object's Group With nischgrp
Changing an NIS+ Table Entry's Group With nischgrp
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
This section assume an NIS+ environment running at security level 2 (the default level).
This section describes how to specify access rights, as well as owner, group owner, and object, when using any of the commands described in this chapter.
This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.
Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.
Class. Class refers to the type of NIS+ principal (authorization class) to which the rights will apply.
|
Operator. The operator indicates the kind of operation that will be performed with the rights.
|
Rights. The rights are the access rights themselves. The accepted values for each are listed below.
|
You can combine operations on a single command line by separating each operation from the next with a comma (,).
Table 15-7 NIS+ Class, Operator, and Rights Syntax – Examples
|
Owner. To specify an owner, use an NIS+ principal name.
Group. To specify an NIS+ group, use an NIS+ group name with the domain name appended.
Remember that principal names are fully qualified (principalname.domainname).
For owner
principalname
For group
groupname.domainname
Objects and table entries use different syntaxes.
Objects use simple object names.
Table entries use indexed names.
For objects
objectname
For table entries
columnname=value],tablename
Note - In this case, the brackets are part of the syntax.
Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search, as in the following.
Table 15-8 NIS+ Object and Table Entry – Examples
|
Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, see Using the nistbladm Command With NIS+ Tables for more information.