| Skip Navigation Links | |
| Exit Print View | |
|
System Administration Guide: Naming and Directory Services (NIS+) |
| Skip Navigation Links | |
| Exit Print View | |
|
|
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
Introduction to NIS+ Authorization and Access Rights
NIS+ Authorization Classes - Review
Concatenation of NIS+ Access Rights
How NIS+ Access Rights Are Assigned and Changed
Specifying Different Default Rights in NIS+
Changing Access Rights to an Existing NIS+ Object
NIS+ Table, Column, and Entry Security
NIS+ Table, Column, Entry Example
NIS+ Rights at Different Levels
Where NIS+ Access Rights Are Stored
Viewing an NIS+ Object's Access Rights
How an NIS+ Server Grants Access Rights to Tables
Specifying NIS+ Access Rights in Commands
NIS+ Class, Operator, and Rights Syntax
NIS+ Syntax for Owner and Group
NIS+ Syntax for Objects and Table Entries
Displaying NIS+ Defaults With nisdefaults
Setting NIS+ Default Security Values
Displaying the Value of the NIS+ NIS_DEFAULTS Variable
Resetting the Value of NIS_DEFAULTS
Specifying Non-Default Security Values at Creation Time in NIS+
Changing NIS+ Object and Entry Access Rights
Using nischmod to Add NIS+ Rights
Using nischmod to Remove NIS+ Rights
Specifying Column Access Rights in NIS+
Setting Column Rights When Creating an NIS+ Table
Changing Ownership of NIS+ Objects and Entries
Changing an NIS+ Object Owner With nischown
Changing an NIS+ Table Entry Owner With nischown
Changing an NIS+ Object or Entry's Group
Changing an NIS+ Object's Group With nischgrp
Changing an NIS+ Table Entry's Group With nischgrp
16. Administering NIS+ Passwords
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
The nistbladm command performs a variety of operations on NIS+ tables. Most of these tasks are described in Using the nistbladm Command With NIS+ Tables.
However, two of its options, -c and -u, enable you to perform some security-related tasks:
The -c option. The -c option allows you to specify initial column access rights when creating a table with the nistbladm command.
The -u option. The -u option allows you to change column access rights with the nistbladm command.
When a table is created, its columns are assigned the same rights as the table object. These table level, rights are derived from the NIS_DEFAULTS environment variable, or are specified as part of the command that creates the table. You can also use the nistbladm -c option to specify initial column access rights when creating a table with nistbladm. To use this option you must have create rights to the directory in which you will be creating the table. To set column rights when creating a table use:
nistbladm -c type `columname=[flags] [,access]... tablename'
Where:
type is a character string identifying the kind of table. A table's type can be anything you want it to be.
columnname is the name of the column.
flags is the type of column. Valid flags are:
S for searchable
I for case insensitive
C for encrypted
B for binary data
X for XDR encoded data
access is the access rights for this column that you specify using the syntax described in Specifying NIS+ Access Rights in Commands.
... indicates that you can specify multiple columns each of the own type and with their own set of rights.
tablename is the fully qualified name of the table you are creating.
To assign a column its own set of rights at table creation time, append access rights to each column's equal sign after the column type and a comma. Separate the columns with a space:
column=type,rights column=type,rights column=type,rights
The example below creates a table named depts in the doc.com directory, of type div, with three columns (Name, Site, and Manager), and adds modify rights for the group to the second and third columns:
rootmaster% nistbladm -c div Name=S Site=S,g+m Manager=S,g+m depts.doc.com.
For more information about the nistbladm and the -c option, see Chapter 19, Administering NIS+ Tables.
The nistbladm -u option allows you to add additional column access rights to an existing table column with the nistbladm command. To use this option you must have modify rights to the table column. To add additional column rights use:
nistbladm -u [column=access,...],tablename
Where:
column is the name of the column.
access is the access rights for this column that you specify using the syntax described in Specifying NIS+ Access Rights in Commands.
... indicates that you can specify rights for multiple columns.
tablename is the fully qualified name of the table you are creating.
Use one column=access pair for each column whose rights you want to update. To update multiple columns, separate them with commas and enclose the entire set with square brackets:
[column=access, column=access, column=access]
The full syntax of this option is described in Chapter 2, NIS+: An Introduction.
The example below adds read and modify rights to the group for the name and addr columns in the hosts.org_dir.doc.com. table.
client% nistbladm -u `[name=g+rm,addr=g+rm],hosts.org_dir..doc.com.'
To remove access rights to a column in an NIS+ table, you use the -u option as described above in Adding Rights to an Existing NIS+ Table Column except that you subtract rights with a minus sign (rather than adding them with a plus sign).
The example below removes group's read and modify rights to the hostname column in the hosts.org_dir.doc.com. table.
client% nistbladm -u 'name=g-rm,hosts.org_dir.doc.com.'
|