System Administration Guide: Naming and Directory Services (NIS+)

passwd Command and NIS+ Permissions

In this discussion of authorization and permissions, it is assumed that everyone referred to has the proper credentials.

By default, in a normal NIS+ environment the owner of the passwd table can change password information at any time and without constraints. In other words, the owner of the passwd table is normally granted full read, modify, create, and destroy authorization (permission) for that table.

An owner can also:

Note –

Regardless of what permissions they have, everyone in the world, and nobody classes are forced to comply with password-aging constraints. In other words, they cannot change a password for themselves or anyone else unless that password has aged past its minimum. Nor can members of the group, world, and nobody classes avoid having to change their own passwords when the age limit has been reached. However, age constraints do not apply to the owner of the passwd table.

To use the passwd command in an NIS+ environment, you must have the required authorization (access rights) for the operation.

Table 16–1 NIS+ Access Rights for passwd Command

This Operation 

Requires These Rights 

To This Object 

Displaying information 


passwd table entry 

Changing Information 


passwd table entry 

Adding New Information 


passwd table