This chapter summarizes the information stored in the default NIS+ tables supplied in the Solaris operating environment, as is also documented in the cooresponding manpages.
NIS+ might not be supported in a future release. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. (See System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).) For more information, visit http://www.sun.com/directory/nisplus/transition.html.
In an NIS+ environment, most namespace information is stored in NIS+ tables.
Without a name service, most network information would be stored in /etc files and almost all NIS+ tables have corresponding /etc files. With the NIS service, you stored network information in NIS maps that also mostly corresponded with /etc files.
This chapter describes only those that are distributed as part of NIS+. Users and application developers frequently create NIS+ compatible tables for their own purposes. For information about tables created by users and developers, you must consult the documentation that they provide.
All NIS+ tables are stored in the domain's org_dir NIS+ directory object except the admin and groups tables that are stored in the groups_dir directory object.
Do not link table entries. Tables can be linked to other tables, but do not link an entry in one table to an entry in another table.
In the Solaris environment the name service switch file (nsswitch.conf) allows you to specify one or more sources for different types of namespace information. In addition to NIS+ tables, sources can be NIS maps, DNS zone files, or /etc tables. The order in which you specify them in the switch file determines how the information from different sources is combined. (See Chapter 1, The Name Service Switch for more information on the switch file.)
If you are creating input files for any of these tables, most tables share two formatting requirements:
You must use one line per entry
You must separate columns with one or more spaces or Tabs.
If a particular table has different or additional format requirements, they are described under the heading, “Input File Format.”
The auto_home table is an indirect automounter map that enables an NIS+ client to mount the home directory of any user in the domain. It does this by specifying a mount point for each user's home directory, the location of each home directory, and mount options, if any. Because it is an indirect map, the first part of the mount point is specified in the auto_master table, which is, by default, /home. The second part of the mount point (that is, the subdirectory under /home) is specified by the entries in the auto_home map, and is different for each user.
The auto_home table has two columns:
Table 23–1 auto_home Table
Column |
Content |
Description |
---|---|---|
Key |
Mount point |
The login name of every user in the domain |
Value
|
Options & location |
The mount options for every user, if any, and the location of the user's home directory |
For example:
costas barcelona:/export/partition2/costas |
The home directory of the user costas, which is located on the server barcelona, in the directory /export/partition2/costas, would be mounted under a client's /home/costas directory. No mount options were provided in the entry.
The auto_master table lists all the automounter maps in a domain. For direct maps, the auto_master table provides a map name. For indirect maps, it provides both a map name and the top directory of its mount point. The auto_master table has two columns:
Table 23–2 auto_master Table
Column |
Content |
Description |
---|---|---|
Key |
Mount point |
The top directory into which the map will be mounted. If the map is a direct map, this is a dummy directory, represented with /—. |
Value |
Map name |
The name of the automounter map |
For example, assume these entries in the auto_master table:
/home auto_home /-auto_man /programs auto_programs |
The first entry names the auto_home map. It specifies the top directory of the mount point for all entries in the auto_home map: /home. (The auto_home map is an indirect map.) The second entry names the auto_man map. Because that map is a direct map, the entry provides only the map name. The auto_man map will itself provide the topmost directory, as well as the full path name, of the mount points for each of its entries. The third entry names the auto_programs map and, since it provides the top directory of the mount point, the auto_programs map is an indirect map.
All automounter maps are stored as NIS+ tables. By default, the Solaris environment provides the auto_master map, which is mandatory, and the auto_home map, which is a great convenience.
You can create more automounter maps for a domain, but be sure to store them as NIS+ tables and list them in the auto_master table. When creating additional automount maps to supplement auto_master (which is created for you), the column names must be key and value. For more information about the automounter consult your automounter or NFS file system documentation.
The bootparams table stores configuration information about every diskless machine in a domain. A diskless machine is a machine that is connected to a network, but has no hard disk. Since it has no internal storage capacity, a diskless machine stores its files and programs in the file system of a server on the network. It also stores its configuration information—or boot parameters—on a server.
Because of this arrangement, every diskless machine has an initialization program that knows where this information is stored. If the network has no name service, the program looks for this information in the server's /etc/bootparams file. If the network uses the NIS+ name service, the program looks for it in the bootparams table, instead.
The bootparams table can store any configuration information about diskless machines. It has two columns: one for the configuration key, another for its value. By default, it is set up to store the location of each machine's root, swap, and dump partitions.
The default bootparams table has only two columns that provide the following items of information:
Table 23–3 bootparams Table
Column |
Content |
Description |
---|---|---|
Key |
Hostname |
The diskless machine's official host name, as specified in the hosts table |
Value |
Configuration |
Root partition: the location (server name and path) of the machine's root partition |
|
|
Swap partition: the location (server name and path) of the machine's swap partition |
|
|
Dump partition: the location (server name and path) of the machine's dump partition |
|
|
Install partition. |
|
|
Domain. |
The columns are separated with a TAB character. Backslashes (\) are used to break a line within an entry. The entries for root, swap, and dump partitions have the following format:
client-name root=server:path \ swap=server:path \ dump=server:path \ install=server:path \ domain=domainname |
Here is an example:
buckarooroot=bigriver:/export/root1/buckaroo \ swap=bigriver:/export/swap1/buckaroo \ dump=bigriver:/export/dump/buckaroo \ install=bigriver:/export/install/buckaroo \ domain=sales.doc.com |
Additional parameters are available for x86-based machines. See the bootparams man page for additional information.
The client_info table is an optional internal NIS+ table used to store server preferences for the domain in which it resides. This table is created and maintained with the nisprefadm command.
Only use nisprefadm to work with this table. Do not use any other NIS+ commands on this table.
The cred table stores credential information about NIS+ principals. Each domain has one cred table, which stores the credential information of client machines that belong to that domain and client users who are allowed to log into them. (In other words, the principals of that domain.) The cred tables are located in their domains' org_dir subdirectory.
Do not link a cred table. Each org_dir directory should have its own cred table. Do not use a link to some other org_dir cred table.
The cred table has five columns:
Table 23–4 cred Table
NIS+ Principal Name |
Authentication Type |
Authentication Name |
Public Data
|
Private Data
|
---|---|---|---|---|
Principal name of a principal user |
LOCAL |
UID |
GID list |
|
Principal name of a principal user or machine |
DES |
Secure RPC netname |
Public key |
Encrypted private key |
The second column, authentication type, determines the types of values found in the other four columns.
LOCAL. If the authentication type is LOCAL, the other columns contain a principal user's name, UID, and GID; the last column is empty.
DES. If the authentication type is DES, the other columns contain a principal's name, Secure RPC netname, public key, and encrypted private key. These keys are used in conjunction with other information to encrypt and decrypt a DES credential.
See Chapter 12, Administering NIS+ Credentials for additional information on credentials and the cred table.
The ethers table stores information about the 48-bit Ethernet addresses of machines on the Internet. It has three columns:
Table 23–5 ethers Table
Column |
Content |
Description |
---|---|---|
Addr |
Ethernet-address |
The 48-bit Ethernet address of the machine |
Name |
Official-host-name |
The name of the machine, as specified in the hosts table |
Comment |
Comment |
An optional comment about the entry |
An Ethernet address has the form:
n:n:n:n:n:n hostname
where n is a hexadecimal number between 0 and FF, representing one byte. The address bytes are always in network order (most significant byte first).
The group table stores information about UNIX user groups. The group table has four columns:
Table 23–6 group Table
Column |
Description |
---|---|
Name |
The group's name |
Passwd |
The group's password |
GID |
The group's numerical ID |
Members |
The names of the group members, separated by commas |
Earlier Solaris releases used a +/- syntax in local /etc/group files to incorporate or overwrite entries in the NIS group maps. Since the Solaris environment uses the name service switch file to specify a machine's sources of information, this is no longer necessary. All you have to do in Solaris Release 2x systems is edit a client's /etc/nsswitch.conf file to specify files, followed by nisplus as the sources for the group information. This effectively adds the contents of the group table to the contents of the client's /etc/group file.
The hosts table associates the names of all the machines in a domain with their IP addresses. The machines are usually also NIS+ clients, but they don't have to be. Other tables, such as bootparams, group, and netgroup, rely on the network names stored in this table. They use them to assign other attributes, such as home directories and group memberships, to individual machines. The hosts table has four columns:
Table 23–7 hosts Table
Column |
Description |
---|---|
Addr |
The machine's IP address (network number plus machine ID number) |
Cname |
The machine's official name |
Name |
A name used in place of the host name to identify the machine |
Comment |
An optional comment about the entry |
The mail_aliases table lists the domain's mail aliases recognized by sendmail. It has four columns:
Table 23–8 mail_aliases Table
Column |
Description |
---|---|
Alias |
The name of the alias |
Expansion |
A list containing the members that receive mail sent to this alias; members can be users, machines, or other aliases |
Comment |
An optional comment about the entry |
Options |
(See man page for options) |
Each entry has the following format:
alias-name:member[,member]... |
To extend an entry over several lines, use a backslash.
The netgroup table defines network wide groups used to check permissions for remote mounts, logins, and shells. The members of net groups used for remote mounts are machines; for remote logins and shells, they are users.
Users working on a client machine being served by an NIS+ server running in compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.
The netgroup table has six columns:
Table 23–9 netgroup Table
Column |
Content |
Description |
---|---|---|
Name |
groupname |
The name of the network group |
Group |
groupname |
Another group that is part of this group |
Host |
hostname |
The name of a host |
User |
username |
A user's login name |
Domain |
domainname |
A domain name |
Comment |
Comment |
An optional comment about the entry |
The input file consists of a group name and any number of members:
groupname member-list... |
The member list can contain the names of other net groups or an ordered member list with three fields or both:
member-list::=groupname | (hostname, username, domainname) |
The first field of the member list specifies the name of a machine that belongs to the group. The second field specifies the name of a user that belongs to the group. The third field specifies the domain in which the member specification is valid.
A missing field indicates a wildcard. For example, the netgroup specification shown below includes all machines and users in all domains:
everybody ( , , ) |
A dash in a field is the opposite of a wildcard; it indicates that no machines or users belong to the group. Here are two examples:
(host1, -,doc.com.) (-,joe,doc.com.) |
The first specification includes one machine, host1, in the doc.com. domain, but excludes all users. The second specification includes one user in the doc.com. domain, but excludes all machines.
The netmasks table contains the network masks used to implement standard Internet subnetting. The table has three columns:
Table 23–10 netmasks Table
Column |
Description |
---|---|
Addr |
The IP number of the network |
Mask |
The network mask to use on the network |
Comment |
An optional comment about the entry |
For network numbers, you can use the conventional IP dot notation used by machine addresses, but leave zeros in place of the machine addresses. For example, this entry
128.32.0.0 255.255.255.0 |
means that class B network 128.32.0.0 should have 24 bits in its subnet field, and 8 bits in its host field.
The networks table lists the networks of the Internet. This table is normally created from the official network table maintained at the Network Information Control Center (NIC), though you might need to add your local networks to it. It has four columns:
Table 23–11 networks Table
Column |
Description |
---|---|
Cname |
The official name of the network, supplied by the Internet |
Addr |
The official IP number of the network |
Name |
An unofficial name for the network |
Comment |
An optional comment about the entry |
The passwd table contains information about the accounts of users in a domain. These users generally are, but do not have to be, NIS+ principals. Remember though, that if they are NIS+ principals, their credentials are not stored here, but in the domain's cred table. The passwd table usually grants read permission to the world (or to nobody).
The passwd table should not have an entry for the user root (user ID 0). Root's password information should be stored and maintained in the machine's /etc files.
The information in the passwd table is added when users' accounts are created.
The passwd table contains the following columns:
Table 23–12 passwd Table
Column |
Description |
---|---|
Name |
The user's login name, which is assigned when the user's account is created; the name can contain no uppercase characters and can have a maximum of eight characters |
Passwd |
The user's encrypted password |
UID |
The user's numerical ID, assigned when the user's account is created |
GID |
The numerical ID of the user's default group |
GCOS |
The user's real name plus information that the user wishes to include in the From: field of a mail-message heading; an “&” in this column simply uses the user's login name |
Home |
The path name of the user's home directory. |
Shell |
The user's initial shell program; the default is the Bourne shell: /usr/bin/sh. |
Shadow |
(See Table 23–13.) |
The passwd table shadow column stores restricted information about user accounts. It includes the following information:
Table 23–13 passwd Table Shadow Column
Item |
Description |
---|---|
Lastchg |
The number of days between January 1, 1970, and the date the password was last modified |
Min |
The minimum number of days recommended between password changes |
Max |
The maximum number of days that the password is valid |
Warn |
The number of days' warning a user receives before being notified that his or her password has expired |
Inactive |
The number of days of inactivity allowed for the user |
Expire |
An absolute date past which the user's account is no longer valid |
Flag |
Reserved for future use: currently set to 0. |
Earlier Solaris releases used a +/- syntax in local /etc/passwd files to incorporate or overwrite entries in the NIS password maps. Since the Solaris Release 2x environment uses the name service switch file to specify a machine's sources of information, this is no longer necessary. All you have to do in Solaris Release 2x systems is edit a client's /etc/nsswitch.conf file to specify files, followed by nisplus as the sources for the passwd information. This effectively adds the contents of the passwd table to the contents of the /etc/passwd file.
However, if you still want to use the +/- method, edit the client's nsswitch.conf file to add compat as the passwd source if you are using NIS. If you are using NIS+, add passwd_compat: nisplus.
The protocols table lists the protocols used by the Internet. It has four columns:
Table 23–14 protocols Table
Column |
Description |
---|---|
Cname |
The protocol name |
Name |
An unofficial alias used to identify the protocol |
Number |
The number of the protocol |
Comments |
Comments about the protocol |
The rpc table lists the names of RPC programs. It has four columns:
Table 23–15 rpc Table
Column |
Description |
---|---|
Cname |
The name of the program |
Name |
Other names that can be used to invoke the program |
Number |
The program number |
Comments |
Comments about the RPC program |
Here is an example of an input file for the rpc table:
# # rpc file # rpcbind 00000 portmap sunrpc portmapper rusersd 100002 rusers nfs 100003 nfsprog mountd 100005 mount showmount walld 100008 rwall shutdown sprayd 100012 spray llockmgr 100020 nlockmgr 100021 status 100024 bootparam 100026 keyserv 100029 keyserver nisd 100300 rpc.nisd # |
The services table stores information about the Internet services available on the Internet. It has five columns:
Table 23–16 services Table
Column |
Description |
---|---|
Cname |
The official Internet name of the service |
Name |
The list of alternate names by which the service can be requested |
Proto |
The protocol through which the service is provided (for instance, 512/tcp) |
Port |
The port number |
Comment |
Comments about the service |
The timezone table lists the default timezone of every machine in the domain. The default time zone is used during installation but can be overridden by the installer. The table has three columns:
Table 23–17 timezone Table
Field |
Description |
---|---|
Name |
The name of the domain |
Tzone |
The name of the time zone (for example, US/Pacific) |
Comment |
Comments about the time zone |
For information the other default tables:
audit_user
auth_attr
exec_attr
prof_attr
user_attr