JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

About NIS+ Access Rights

Introduction to NIS+ Authorization and Access Rights

NIS+ Authorization Classes - Review

NIS+ Access Rights - Review

Concatenation of NIS+ Access Rights

How NIS+ Access Rights Are Assigned and Changed

Specifying Different Default Rights in NIS+

Changing Access Rights to an Existing NIS+ Object

NIS+ Table, Column, and Entry Security

NIS+ Table, Column, Entry Example

NIS+ Rights at Different Levels

Where NIS+ Access Rights Are Stored

Viewing an NIS+ Object's Access Rights

Default NIS+ Access Rights

How an NIS+ Server Grants Access Rights to Tables

Specifying NIS+ Access Rights in Commands

NIS+ Syntax for Access Rights

NIS+ Class, Operator, and Rights Syntax

NIS+ Syntax for Owner and Group

NIS+ Syntax for Objects and Table Entries

Displaying NIS+ Defaults With nisdefaults

Setting NIS+ Default Security Values

Displaying the Value of the NIS+ NIS_DEFAULTS Variable

Changing NIS+ Defaults

Resetting the Value of NIS_DEFAULTS

Specifying Non-Default Security Values at Creation Time in NIS+

Changing NIS+ Object and Entry Access Rights

Using nischmod to Add NIS+ Rights

Using nischmod to Remove NIS+ Rights

Specifying Column Access Rights in NIS+

Setting Column Rights When Creating an NIS+ Table

Adding Rights to an Existing NIS+ Table Column

Removing Rights to an NIS+ Table Column

Changing Ownership of NIS+ Objects and Entries

Changing an NIS+ Object Owner With nischown

Changing an NIS+ Table Entry Owner With nischown

Changing an NIS+ Object or Entry's Group

Changing an NIS+ Object's Group With nischgrp

Changing an NIS+ Table Entry's Group With nischgrp

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Specifying Column Access Rights in NIS+

The nistbladm command performs a variety of operations on NIS+ tables. Most of these tasks are described in Using the nistbladm Command With NIS+ Tables.

However, two of its options, -c and -u, enable you to perform some security-related tasks:

Setting Column Rights When Creating an NIS+ Table

When a table is created, its columns are assigned the same rights as the table object. These table level, rights are derived from the NIS_DEFAULTS environment variable, or are specified as part of the command that creates the table. You can also use the nistbladm -c option to specify initial column access rights when creating a table with nistbladm. To use this option you must have create rights to the directory in which you will be creating the table. To set column rights when creating a table use:

nistbladm -c type `columname=[flags] [,access]... tablename'


To assign a column its own set of rights at table creation time, append access rights to each column's equal sign after the column type and a comma. Separate the columns with a space:

column=type,rights column=type,rights column=type,rights

The example below creates a table named depts in the directory, of type div, with three columns (Name, Site, and Manager), and adds modify rights for the group to the second and third columns:

rootmaster% nistbladm -c div Name=S Site=S,g+m Manager=S,g+m

For more information about the nistbladm and the -c option, see Chapter 19, Administering NIS+ Tables.

Adding Rights to an Existing NIS+ Table Column

The nistbladm -u option allows you to add additional column access rights to an existing table column with the nistbladm command. To use this option you must have modify rights to the table column. To add additional column rights use:

nistbladm -u [column=access,...],tablename


Use one column=access pair for each column whose rights you want to update. To update multiple columns, separate them with commas and enclose the entire set with square brackets:

[column=access, column=access, column=access]

The full syntax of this option is described in Chapter 2, NIS+: An Introduction.

The example below adds read and modify rights to the group for the name and addr columns in the table.

client% nistbladm -u `[name=g+rm,addr=g+rm],'

Removing Rights to an NIS+ Table Column

To remove access rights to a column in an NIS+ table, you use the -u option as described above in Adding Rights to an Existing NIS+ Table Column except that you subtract rights with a minus sign (rather than adding them with a plus sign).

The example below removes group's read and modify rights to the hostname column in the table.

client% nistbladm -u 'name=g-rm,'