System Administration Guide: Naming and Directory Services (FNS and NIS+)

Updating the Namespace

Once the namespace has been set up, you can add, delete, and modify elements using the following commands:

fnbind to bind new references to a composite name (see Binding a Reference to a Composite Name).
fnunbind to remove bindings (see Removing Bindings).
fncreate to create new organization, user, host, site, and service contexts (see Creating New Contexts).
fncreate_fs to create new file system contexts (see Creating File Contexts).
fncreate_printer to create new printer contexts (see Creating Printer Contexts).
fndestroy to destroy contexts (see Destroying Contexts).
fnattr to display, create, modify, and remove attributes (see Working With Attributes).
fncopy to copy FNS contexts and attributes from one naming service to another (see Copying and Converting FNS Contexts).

FNS Administration Privileges

FNS System administration varies according to the underlying naming service:

NIS+. Under NIS+, FNS system administration tasks can only be performed by those with authorization to do so. The usual method of granting system administration privileges is to create an NIS+ group and assign that group the necessary privileges for that domain. Any member of the group can then perform system administration functions.
NIS. Under NIS, FNS administration tasks must be performed by root on the NIS master server.
Files. Under a files-based naming system, FNS administration tasks must be performed by someone with root access to the /var/fn directory.

The ability of users to make changes to their own user sub-contexts varies according to the underlying naming service:

NIS+. Under NIS+, a user's context (and associated sub-contexts) are owned by them. When logged in as an NIS+ principle, users who have the appropriate credentials and privileges can make changes to their own context using the fncreate, fnbind, fnunbind, and similar commands.
NIS. Under NIS, users cannot make any changes to any FNS data. Only those with root access on the NIS master server can change FNS data.
Files. Under a files-based naming system, users own their own contexts. Standard UNIX access controls apply to FNS files.

Binding a Reference to a Composite Name

The fnbind command is used to bind an existing reference (name) to a new composite name.

fnbind -r [-s][-v][-L] name [-O|-U] newname reftype addrtype [-c|-x] address

Table 25–4 fnbind Command Options


Option	Description
`name`	The existing composite name
`newname`	The composite name of the new binding
`addrtype`	Address type to use. Applications-specific such as `onc_cal_str`.
`address`	Address contents to use. For example, `tsvi@altair`.
`reftype`	Reference type to use. Applications-specific such as `one_calendar`.
`-s`	Bind to `newname` even if it is already bound. This replaces the previous binding of `newname`. Without `-s`, fnbind fails if `newname` is already bound.
`-v`	Display the reference that will be bound to `newname.`
`-L`	Create an XFN link using `oldname` and bind it to `newname`.
`-r`	Bind `newname` to the reference constructed by the command line arguments.
`-c`	Store `address` contents in the form as entered, do not use XDR-encoding.
`-x`	Convert `address` to a hexadecimal string without converting it to XDR-encoding.
`-O`	The identifier format is FN_ID_ISO_OID_STRING, an ASN.1 dot-separated integer list string.
`-U`	The identifier format is FN_ID_DCE_UUID, a DCE UUID in string form.

For example:

To add a calendar binding for the user jamal:

# fnbind -r user/jamal/service/calendar onc_calendar onc_cal_str
 jamal@cygnus

To replace the existing binding of org//service/Sparc-4 with that of org//service/printer:

# fnbind -s org//service/printer org//service/Sparc-4

To copy the reference site/bldg-5/service/printer to user/ando/service/printer:

# fnbind site/bldg-5/service/printer user/ando/service/printer

To bind the reference site/bldg-5/service/printer to user/ando/service/printer using a symbolic link:

# fnbind -L site/bldg-5/service/printer user/ando/service/printer

To bind the name thisens/service/calendar to the address staff@altair, when staff@altair is a reference of the type onc_cal and an address of the type onc_cal_str:

# fnbind -r thisens/service/calendar onc_calendar onc_cal_str staff@altair

To bind newname to the reference constructed by its command line address

# fnbind -r [-sv] newname [-O|-U] reftype {[-O|-U] addrtype [-c|-x] address}

Removing Bindings

The fnunbind name command is used to remove bindings.

For example: to remove the binding for user/jsmith/service/calendar:

# fnunbind user/jsmith/service/calendar

Creating New Contexts

The fncreate command is used to create contexts.

fncreate -t context [-f file] [-o] [-r reference] [-s] [-v] [-D] name

Table 25–5 fncreate Command Options


Option	Description
`-t context`	Create context of type `context`. `Context` types can be: `org`, `hostname`, `host`, `username`, `user`, `service`, `fs`, `site`, `nsid`, and `generic`.
`-f file`	Use an input file to list users and hosts for whom to create contexts.
`-r reference`	Type of reference. The `-r` `reference` option can only be used with `-t generic.`
`name`	A composite name.
`-o`	Create only the context identified by `name`.
`-s`	Overwrite (supersede) any existing binding. If `-s` is not used, `fncreate` will fail if name is already bound.
`-D`	Display information about each context and corresponding tables, directories, and files as it is created.
`-v`	Verbose. Display information about each context as it is displayed.

For example:

To create a context and subcontexts for the root organization:

# fncreate -t org org//

To create a context, and subcontexts, for the host deneb:

# fncreate -t host host/deneb

To create a context, service and file subcontexts, and then add a calendar binding for the user sisulu:

# fncreate -t user user/sisulu
# fnbind -r user/sisulu onc_calendar onc_cal_str sisulu@deneb

To create a site context for the sales organization:

# fncreate -t site org/sales/site/

The site context supports a hierarchal namespace, with dot-separated right-to-left names, which allows sites to be partitioned by their geographical coverage relationships. For example, to create a site context alameda and a site subcontext bldg-6.alameda for it:

# fncreate -t site org/sales/site/alameda
# fncreate -t site org/sales/site/bldg-6.alameda

Creating File Contexts

The fncreate_fs command creates file contexts for organizations and sites with the description of the binding entered from the command line.
fncreate_fs [-r] [-v] name [options] [mount]
The fncreate_fs command creates file contexts for organizations and sites with the description of the bindings supplied by an input file.
fncreate_fs [-r] [-v] -f file name

Table 25–6 fncreate_fs Command Options


Option	Description
`name`	The name of the file context.
`options`	Mount options.
`mount`	Mount location.
`-f file`	Input file.
`-v`	Verbose. Displays information about the contexts being created.
`-r`	Replace the bindings in the context `name` with those specified in the input.

For example:

To create a file system context named data for the sales organization bound to the /export/data path of an NFS server named server4.

# fncreate_fs org/sales/fs/data server4:/export/data

To create a hierarchy of file system contexts for the sales organization named buyers and buyers/orders mounted on two different servers:

# fncreate_fs org/sales/fs/buyers server2:/export/buyers
# fncreate_fs org/sales/fs/buyers/orders server3:/export/orders

To create a file system context named leads for the sales organization bound to a server and path specified by an input file named input_a:

# fncreate_fs -f input_a org/sales/fs/leads

(See the fncreate_fs man page for information on input file format.)

Creating Printer Contexts

The fncreate_printer command creates printer contexts for organizations, users, hosts and site contexts. The printer context is created under the service context of the respective composite name.

fncreate_printer [-vs] name printer [prntaddr]

fncreate_printer [-vs] [-f [file]] name

Table 25–7 fncreate_printer Command Options


Option	Description
`name`	The name of the org, host, user, or site of the printer.
`printer`	The name of the printer.
`prntaddr`	The printer address in the form `<addresstype>=<address>`.
`-f file`	Use the named `file` as input for a list of printers to be created. The input file is in the format of the `/etc/printers.conf` file. If neither a printer `name` nor a `-f` `file` is specified, `fncreate_printer` uses the `/etc/printer.conf` file on the machine where `fncreate_printer` is run as a default input file.
`-s`	Replace an existing address with the same address-type.
`-v`	Verbose. Displays the binding in more detail.

For example:

To create printers for the sales organization based on the printers listed in the /etc/printers.conf file of the machine on which fncreate_printer is run:

# fncreate_printer -s org/sales/

Assume that the machine altair is the server for a printer named Sparc-5. To create a printer named invoices for the user nguyen that is actually the Sparc-5 printer:

# fncreate_printer user/nguyen invoices bsdaddr=altair,Sparc-5

It is also possible to organize printers hierarchically. For example, the fncreate_printer command can create printer contexts for the printers, color, color/inkjet and color/Sparc with the resulting contexts:

org/doc.com/service/printer/color
org/doc.com/service/printer/color/inkjet
org/doc.com/service/printer/color/Sparc

To create the above contexts, you would run:

# fncreate_printer org/doc.com color bsdaddr=colorful,color
# fncreate_printer org/doc.com color/inkjet bsdaddr=colorjet,inkjet
# fncreate_printer org/doc.com color/Sparc bsdaddr=colorprt,Sparc

Destroying Contexts

The fndestroy command is used to destroy empty contexts.

For example, to destroy the service context of the user patel:

# fndestroy user/patel/service

Working With Attributes

The fnattr command can be used to add, delete or modify attributes associated with a name. You can make modifications one at a time, or batch several within the same command.

fnattr [-l] name to list attributes for name.
fnattr name -a-s -U -O attrib values to add an attribute
fnattr name -m -O -U attrib oldvalue newvalue to modify an attribute
fnattr name -d -O | -U [values attrib] to destroy an attribute

Table 25–8 fnattr Command Options


Option	Description
`name`	The composite name.
`attrib`	The identifier of an attribute.
`values`	One or more attribute values.
`oldvalue`	An attribute value to be replaced by a new value.
`newvalue`	The attribute value that replaces an old value.
`-a`	Add an attribute.
`-d`	Destroy an attribute.
`-l`	List attributes.
`-m`	Modify an attribute.
`-s`	Replace all old attribute values with the new values for the attribute specified.
`-O`	The identifier format is FN_ID_ISO_OID_STRING, an ASN.1 dot-separated integer list string.
`-U`	The identifier format is FN_ID_DCE_UUID, a DCE UUID in string form.

For example:

To show all of the attributes associated with the user name rosa:

# fnattr user/rosa

To display the size attribute associated with the user uri:

# fnattr user/uri/ size

For a user named devlin, to add an attribute named shoesize with a value of small, delete the hatsize attribute, and change the dresssize attribute value from 12 to 8:

# fnattr user/devlin -a shoesize small -d hatsize -m dresssize 12 8