The passwd Command and Permissions
In this discussion of authorization and permissions, it is assumed that everyone referred to has the proper credentials.
By default, in a normal NIS+ environment the owner of the passwd table can change password information at any time and without constraints. In other words, the owner of the passwd table is normally granted full read, modify, create, and destroy authorization (permission) for that table. An owner can also:
-
Assign table ownership to someone else with the nischown command.
-
Grant some or all of read, modify, create, and destroy rights to the table's group, or even to the world or nobody class. (Of course, granting such rights to world or nobody seriously weakens NIS+ security.)
-
Change the permissions granted to any class with the nisdefaults, nischmod, or nistbladm commands.
Note -
Regardless of what permissions they have, everyone in the world, and nobody classes are forced to comply with password-aging constraints. In other words, they cannot change a password for themselves or anyone else unless that password has aged past its minimum. Nor can members of the group, world, and nobody classes avoid having to change their own passwords when the age limit has been reached. However, age constraints do not apply to the owner of the passwd table.
To use the passwd command in an NIS+ environment, you must have the required authorization (access rights) for the operation:
Table 11-1 Access Rights for passwd Command|
This Operation |
Requires These Rights |
To This Object |
|---|---|---|
|
Displaying information |
read |
passwd table entry |
|
Changing Information |
modify |
passwd table entry |
|
Adding New Information |
modify |
passwd table |
- © 2010, Oracle Corporation and/or its affiliates