System Administration Guide: Naming and Directory Services (NIS+)

Specifying NIS+ Access Rights in Commands

This section assume an NIS+ environment running at security level 2 (the default level).

This section describes how to specify access rights, as well as owner, group owner, and object, when using any of the commands described in this chapter.

NIS+ Syntax for Access Rights

This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.

NIS+ Class, Operator, and Rights Syntax

Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.

You can combine operations on a single command line by separating each operation from the next with a comma (,).

Table 15–7 NIS+ Class, Operator, and Rights Syntax – Examples



Add read access rights to the owner class


Change owner. group, and world classes' access rights to modify only from whatever they were before 


Add read and modify rights to the world and nobody classes 


Remove all four rights from the group, world, and nobody classes 


Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes 


NIS+ Syntax for Owner and Group

Remember that principal names are fully qualified (principalname.domainname).

For owner


For group


NIS+ Syntax for Objects and Table Entries

Objects and table entries use different syntaxes.

For objects


For table entries


Note –

In this case, the brackets are part of the syntax.

Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search, as in the following.

Table 15–8 NIS+ Object and Table Entry – Examples




Table entry 


Two-value table entry 


Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, see Using the nistbladm Command With NIS+ Tables for more information.