When you create an NIS+ object, NIS+ assigns that object a default set of access rights for the
owner and group classes. By default, the owner is the NIS+ principal who creates the object. The default
group is the group named in the NIS_GROUP
environment variable.
(See "Default Access Rights" for details.)
NIS+ provides two different ways to change the default rights that are automatically assigned to an NIS+ object when it is created.
The NIS_DEFAULTS
environment variable. NIS_DEFAULTS
stores a set of security-related default values, one of which
is access rights. These default access rights are the ones automatically assigned to an object when it
is created. (See "Displaying NIS+ Defaults--The nisdefaults Command" for details.)
If the value of the NIS_DEFAULTS
environment variable
is changed, objects created after the change are assigned the new values. However, previously created
objects are not affected.
The -D option, which is available with several NIS+ commands.
When you use the -D option as part of the command to create an NIS+ object, it overrides
the default rights specified by the NIS_DEFAULTS
environment
variable and allows you to explicitly specify an initial set of rights for that object. (See "Specifying Nondefault Security Values at Creation Time"
for details.)
When an NIS+ object is created, it comes into existence with a default set of access rights (from
either the NIS_DEFAULTS
environment variable or as specified
with the -D option). These default rights can be changed with the