Specifying NIS+ Access Rights in Commands
This section assume an NIS+ environment running at security level 2 (the default level).
This section describes how to specify access rights, as well as owner, group owner, and object, when using any of the commands described in this chapter.
NIS+ Syntax for Access Rights
This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.
NIS+ Class, Operator, and Rights Syntax
Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.
-
Class. Class refers to the type of NIS+ principal (authorization class) to which the rights will apply.
Class
Description
n
Nobody: all unauthenticated requests
o
The owner of the object or table entry
g
The group owner of the object or table entry
w
World: all authenticated principals
a
All: shorthand for owner, group, and world (this is the default)
-
Operator. The operator indicates the kind of operation that will be performed with the rights.
Operator
Description
+
Adds the access rights specified by right
-
Revokes the access rights specified by right
=
Explicitly changes the access rights specified by right; in other words, revokes all existing rights and replaces them with the new access rights.
-
Rights. The rights are the access rights themselves. The accepted values for each are listed below.
Right
Description
r
Reads the object definition or table entry
m
Modifies the object definition or table entry
c
Creates a table entry or column
d
Destroys a table entry or column
You can combine operations on a single command line by separating each operation from the next with a comma (,).
Table 15–7 NIS+ Class, Operator, and Rights Syntax – Examples|
Operations |
Syntax |
|---|---|
|
Add read access rights to the owner class |
o+r |
|
Change owner. group, and world classes' access rights to modify only from whatever they were before |
a=m |
|
Add read and modify rights to the world and nobody classes |
wn+m |
|
Remove all four rights from the group, world, and nobody classes |
gwn-rmcd |
|
Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes |
o+cd,wn+rm |
NIS+ Syntax for Owner and Group
-
Owner. To specify an owner, use an NIS+ principal name.
-
Group. To specify an NIS+ group, use an NIS+ group name with the domain name appended.
Remember that principal names are fully qualified (principalname.domainname).
For owner
principalname |
For group
groupname.domainname |
NIS+ Syntax for Objects and Table Entries
Objects and table entries use different syntaxes.
-
Objects use simple object names.
-
Table entries use indexed names.
For objects
objectname |
For table entries
columnname=value],tablename |
Note –
In this case, the brackets are part of the syntax.
Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search, as in the following.
Table 15–8 NIS+ Object and Table Entry – Examples|
Type |
Example |
|---|---|
|
Object |
hosts.org_dir.sales.doc.com. |
|
Table entry |
`[uid=33555],passwd.org_dir.Eng.doc.com.' |
|
Two-value table entry |
`[name=sales,gid=2],group.org_dir.doc.com.' |
Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, see Using the nistbladm Command With NIS+ Tables for more information.
- © 2010, Oracle Corporation and/or its affiliates