Trusted Solaris Administrator's Procedures

Managing Name Services (Tasks)

To Enable Domain Administration from a Client

The root role does this during initial configuration of the system, as described in "Configuring a NIS or NIS+ Client" in Trusted Solaris Installation and Configuration

  1. Assume the System Administrator role and go to an ADMIN_LOW workspace.

  2. Follow the procedures in "Connecting to the Name Server".

  3. NIS+ ONLY: For root to administer NIS+ from a NIS+ client, go to the NIS+ client and add the NIS+ client to the admin group by double-clicking the Add to NIS+ Administrative Group action and filling in the fields.

    For example, the following two invocations of the Add to NIS+ Administrative Group action enable root to administer the NIS+ domain from the good and good1 computers in the security.example.com domain.


    Group Name: admin
    Principal Name: good.security.example.com.
    

    Group Name: admin
    Principal Name: good1.security.example.com.
    

To Save and Restore NIS Maps

Before installing a new Trusted Solaris release, you can save the information in your name service and restore it to the system after installation.

    Use ypcat(1) to dump NIS maps into flat files and then propagate NIS maps from the files.

    See "Administering NIS" in Solaris Naming Administration Guide for how to propagate NIS maps from files.

To Save and Restore NIS+ Tables

Before installing a new Trusted Solaris release, you can save the information in your name service and restore it to the system after installation.

  1. Create a script or use another means to dump the NIS+ tables into text files.


    Note -

    It is a good idea to dump the NIS+ tables into text files routinely, at least every time you make a change to NIS+.


    1. To create a script, assume the security administrator role and use the Admin Editor action to create the script file at ADMIN_LOW.

      The following example shows a script called nisscript that the administrator role can create to do the dumps and to create a list of group members for later re-creation of the groups table.


      #!/bin/sh
      # nisscript
      # nisplus tables into text files
      #
       
      mkdir -p /var/nis-backup
      chmod 700 /var/nis-backup
      cp /etc/.rootkey /var/nis-backup/dot-rootkey
       
      # standard Solaris and Trusted Solaris tables
      # NOTE: Add any tables created at your site 
       
      cd /var/nis/data
      for i in audit_user auth_attr aliases bootparams ethers \
      exec_attr group hosts netgroup netmasks networks passwd \
      prof_attr protocols rpc services timezone tnrhdb tnrhtp \
      user_attr shadow
      do echo $i
      /usr/lib/nis/nisaddent -d $i >/var/nis-backup/$i
      done
       
      # Use the following if you have any key value tables
       
      for i in sendmailvars tntime
      do echo $i
      /usr/lib/nis/nisaddent -d -t $i.org_dir key-value >/var/nis-backup/$i
      done
       
      # get a list of each group and list each member in each group
       
      mkdir -p /var/nis-backup/groups.list
      chmod 700 /var/nis-backup/groups.list
      for i in `nisls groups_dir | grep -v `:'`
      do nisgrpadm -l $i >> /var/nis-backup/groups.list/group.members
      done
    2. Assume the root role and run the nisscript created in the previous step at ADMIN_LOW.

  2. For each group, execute the nisgrpadm -l command to list each of its members and save the output for use in Step 7.


    $ nisgrpadm -l group_name
    
  3. Copy the directory containing the text dump files to a partition that you plan not to overwrite during installation or use tar to copy the files to tape or floppy.

  4. After installation, if you did not save the text dump files in a saved partition, as root at ADMIN_LOW, create a staging directory for the text file dumps of NIS+ tables and restore the files from tape or floppy.

    The screen example illustrates what to do when restoring the text NIS+ files to a /setup/files directory from a tape.


    # cd /setup/files
    # tar xv
    bootparams
    ethers
    .
    .
    .
  5. At the appropriate point in "Configuring the NIS+ Domain" in Trusted Solaris Installation and Configuration, re-create the NIS+ environment.


    # nisserver -r -d domain-name.
    

    Make sure to include the final period (.) in the domain's name.

  6. In the Security Administrator role, at ADMIN_LOW, after running the nisserver command, run the nispopulate command in a profile shell with the -F and -p options followed by the name of the directory where the text dump files reside.


    $ nispopulate -F -p /setup/files
    
  7. Re-create the NIS+ groups and add members manually from the list of group members saved from the nisscript as described in Step 2.

    There is no easy way to recreate the NIS+ groups automatically.

To Use NIS and NIS+ Administrative Actions

  1. In an administrative role, open the System_Admin folder in the Application Manager.

  2. To view the contents of tables or maps, use the actions View Table Contents or View NIS Map. Supply the table or map name when prompted.

  3. To view the attributes of NIS+ tables, use the action View Table Attributes. Supply the table name when prompted.

  4. To add a name service client, use the Create NIS+ Client or Create NIS Client actions.

  5. To manage NIS+ administrative groups, use one of the following actions:

    • List Administrative Group

    • Add to NIS+ Administrative Group

    • Create NIS+ Administrative Group

    • Delete from NIS+ Administrative Group

    • Delete NIS+ Administrative Group