- change access rights on a NIS+ object
nischmod [-AfLP] mode name...
nischmod changes the access rights (mode) of the NIS+ objects or entries specified by name to mode. Entries are specified using indexed names (see nismatch(1)). Only principals with modify access to an object may change its mode.
mode has the following form:
rights [, rights ] . . .
rights has the form:
[ who ] op permission [ op permission ] . . .
who is a combination of:
All, or owg.
If who is omitted, the default is a.
op is one of:
To grant the permission.
To revoke the permission.
To set the permissions explicitly.
permission is any combination of:
Unlike the system chmod(1) command, this command does not accept an octal notation.
The following options are supported:
Modify all entries in all tables in the concatenation path that match the search criteria specified in name. This option implies the -P switch.
Force the operation and fail silently if it does not succeed.
Follow links and change the permission of the linked object or entries rather than the permission of the link itself.
Follow the concatenation path within a named table. This option is only applicable when either name is an indexed name or the -L switch is also specified and the named object is a link pointing to an entry.
Example 1 Using the nischmod Command
This example gives everyone read access to an object. (that is, access for owner, group, and all).
example% nischmod a+r object
This example denies create and modify privileges to group and unauthenticated clients (nobody).
example% nischmod gn-cm object
In this example, a complex set of permissions are set for an object.
example% nischmod o=rmcd,g=rm,w=rc,n=r object
This example sets the permissions of an entry in the password table so that the group owner can modify them.
example% nischmod g+m '[uid=55],passwd.org_dir'
The next example changes the permissions of a linked object.
example% nischmod -L w+mr linkname
If this variable is set, and the NIS+ name is not fully qualified, each directory specified will be searched until the object is found (see nisdefaults(1)).
The following exit values are returned:
See attributes(5) for descriptions of the following attributes:
NIS+ might not be supported in future releases of the Solaris operating system. Tools to aid the migration from NIS+ to LDAP are available in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html.