JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Naming and Directory Services (NIS+)
search filter icon
search icon

Document Information


Part I About Naming and Directory Services

1.  Name Service Switch

Part II NIS+ Setup and Configuration

2.  NIS+: An Introduction

3.  NIS+ Setup Scripts

4.  Configuring NIS+ With Scripts

5.  Setting Up the NIS+ Root Domain

6.  Configuring NIS+ Clients

7.  Configuring NIS+ Servers

8.  Configuring an NIS+ Non-Root Domain

9.  Setting Up NIS+ Tables

Configuring NIS+ Tables

Append, Replace, and Merge Options to NIS+ Table Population

Populating NIS+ Tables From Files

Security Considerations When Populating NIS+ Tables From Files

How to Populate NIS+ Tables From Files

Populating NIS+ Tables From NIS Maps

Security Considerations When Populating Tables From NIS Maps

How to Populate Tables From Maps

Transferring Information From NIS+ to NIS

How to Transfer Information From NIS+ to NIS

Limiting Access to the Passwd Column to NIS+ Owners and Administrators

How to Limit Read Access to the Passwd Column

NIS+ Table Population Summaries

Part III NIS+ Administration

10.  NIS+ Tables and Information

11.  NIS+ Security Overview

12.  Administering NIS+ Credentials

13.  Administering NIS+ Keys

14.  Administering Enhanced NIS+ Security Credentials

15.  Administering NIS+ Access Rights

16.  Administering NIS+ Passwords

17.  Administering NIS+ Groups

18.  Administering NIS+ Directories

19.  Administering NIS+ Tables

20.  NIS+ Server Use Customization

21.  NIS+ Backup and Restore

22.  Removing NIS+

23.  Information in NIS+ Tables

24.  NIS+ Troubleshooting

A.  NIS+ Error Messages

About NIS+ Error Messages

Common NIS+ Namespace Error Messages

B.  Updates to NIS+ During the Solaris 10 Release

Solaris 10 and NIS+



Limiting Access to the Passwd Column to NIS+ Owners and Administrators

This task describes how to limit read access to the password-related columns of the passwd table to the entry owner and the table administrators, without affecting the read access of other authenticated principals (including applications) to the remaining columns of the passwd table.

This task establishes the following rights:

                         Nobody  Owner   Group  World
Table Level Rights:      ----    rmcd    rmcd   ----
Passwd Column Rights:    ----    rm--    rmcd   ----
Shadow Column Rights:    ----    rm--    rmcd   ----

How to Limit Read Access to the Passwd Column

Use NIS+ commands to modify passwd.org_dir to restrict access to the passwd column for owners and administrators.

Before You Begin

The NIS+ principal performing this task must have modify rights to the passwd table.

  1. Log in to the domain's master server.

    The examples in this task use the root master server, rootmaster.

  2. Check the current table and column permissions.

    Use the niscat -o command.

    rootmaster# niscat -o passwd.org_dir

    This task assumes the existing permissions are:

    Access Rights    : ----rmcdrmcdr---
    Columns          :       
                         [0]  Name              : name
                               Access Rights : r-----------r---
                         [1]  Name              : passwd
                               Access Rights : -----m----------
                         [2]  Name              : uid
                               Access Rights : r-----------r---
                         [3]  Name              : gid
                               Access Rights : r-----------r---
                         [4]  Name              : gcos
                               Access Rights : r----m------r---
                         [5]  Name              : home
                               Access Rights : r-----------r---
                         [6]  Name              : shell
                               Access Rights : r-----------r---
                         [7]  Name              : shadow
                               Access Rights : r-----------r---

    If your permissions are different, you may need to use a different syntax. For instructions, see Chapter 15, Administering NIS+ Access Rights.

  3. Change the table permissions.

    Use the nischmod command to change the table's object-level permissions to ---- rmcdrmcd ----

    rootmaster# nischmod og=rmcd,nw= passwd.org_dir
  4. Change the column permissions.

    Use the nistbladm command with the -u option to change the permissions of the passwd and shadow columns to:

    passwd ---- rm-- ---- ----
    shadow ---- r--- ---- ----
    rootmaster# nistbladm -u passwd=o+r, shadow=o+r passwd.org_dir
  5. Verify the new permissions.

    Use the niscat -o command, as you did in Step 2. The permissions should look the same as they do in that step's output.