Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Naming and Directory Services (NIS+) |
Part I About Naming and Directory Services
Part II NIS+ Setup and Configuration
4. Configuring NIS+ With Scripts
5. Setting Up the NIS+ Root Domain
8. Configuring an NIS+ Non-Root Domain
10. NIS+ Tables and Information
12. Administering NIS+ Credentials
14. Administering Enhanced NIS+ Security Credentials
15. Administering NIS+ Access Rights
16. Administering NIS+ Passwords
Solaris Groups and NIS+ Groups
Related NIS+ Administration Commands for Groups
Listing the Object Properties of an NIS+ Group
Adding Members to an NIS+ Group
Listing the Members of an NIS+ Group
Removing Members From an NIS+ Group
Testing for Membership in an NIS+ Group
18. Administering NIS+ Directories
20. NIS+ Server Use Customization
23. Information in NIS+ Tables
Common NIS+ Namespace Error Messages
NIS+ groups can have three types of members: explicit, implicit, and recursive; and three types of nonmembers, also explicit, implicit, and recursive. These member types are used when adding or removing members of a group as described in nisgrpadm Command.
Explicit. An individual principal. Identified by principal name. The name does not have to be fully qualified if entered from its default domain.
Implicit. All the NIS+ principals who belong to an NIS+ domain. They are identified by their domain name, preceded by the * symbol and a dot. The operation you select applies to all the members in the group.
Recursive. All the NIS+ principals that are members of another NIS+ group. They are identified by their NIS+ group name, preceded by the @ symbol. The operation you select applies to all the members in the group.
NIS+ groups also accept nonmembers in all three categories: explicit, implicit, and recursive. Nonmembers are principals specifically excluded from a group that they otherwise would be part of.
Nonmembers are identified by a minus sign in front of their name:
Explicit-nonmember. Identified by a minus sign in front of the principal name.
Implicit-nonmember. Identified by a minus sign, * symbol, and dot in front of the domain name.
Recursive nonmember. Identified by a minus sign and @ symbol in front of the group name.
The order in which inclusions and exclusions are entered does not matter. Exclusions always take precedence over inclusions. Thus, if a principal is a member of an included implicit domain and also a member of an excluded recursive group, then that principal is not included.
Thus, when using the nisgrpadm command, you can specify group members and nonmembers as shown in Table 17-2.
Table 17-2 Specifying NIS+ Group Members and Nonmembers
|