Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.
Class. Class refers to the type of NIS+ principal (authorization class) to which the rights will apply.
Class |
Description |
---|---|
n |
Nobody: all unauthenticated requests |
o |
The owner of the object or table entry |
g |
The group owner of the object or table entry |
w |
World: all authenticated principals |
a |
All: shorthand for owner, group, and world (this is the default) |
Operator. The operator indicates the kind of operation that will be performed with the rights.
Operator |
Description |
---|---|
+ |
Adds the access rights specified by right |
- |
Revokes the access rights specified by right |
= |
Explicitly changes the access rights specified by right; in other words, revokes all existing rights and replaces them with the new access rights. |
Rights. The rights are the access rights themselves. The accepted values for each are listed below.
Right |
Description |
---|---|
r |
Reads the object definition or table entry |
m |
Modifies the object definition or table entry |
c |
Creates a table entry or column |
d |
Destroys a table entry or column |
You can combine operations on a single command line by separating each operation from the next with a comma (,).
Table 10-10 Class, Operator, and Rights Syntax--Examples
Operations |
Syntax |
---|---|
Add read access rights to the owner class |
o+r |
Change owner. group, and world classes' access rights to modify only from whatever they were before |
a=m |
Add read and modify rights to the world and nobody classes |
wn+m |
Remove all four rights from the group, world, and nobody classes |
gwn-rmcd |
Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes |
o+cd,wn+rm |