nistest provides a way for shell scripts and other programs to test for the existence, type, and access rights of objects and entries. Entries are named using indexed names. See nismatch(1). With the -c option, directory names can be compared to test where they lie in relation to each other in the namespace.
The following options are supported:
This option is used to verify that the current process has the desired or required access rights on the named object or entries. The access rights are specified in the same way as the nischmod(1) command.
All data. This option specifies that the data within the table and all of the data in tables in the initial table's concatenation path be returned. This option is only valid when using indexed names or following links.
Follow links. If the object named by object or the tablename component of indexedname names a LINK type object, the link is followed when this switch is present.
Master server only. This option specifies that the lookup should be sent to the master server of the named data. This guarantees that the most up to date information is seen at the possible expense that the master server may be busy.
Follow concatenation path. This option specifies that the lookup should follow the concatenation path of a table if the initial search is unsuccessful. This option is only valid when using indexed names or following links.
Return true if the object is a directory object.
Return true if the object is a group object.
Return true if the object is a link object.
Return true if the object is a private object.
Return true if the object is a table object.
Test whether or not two directory names have a certain relationship to each other, for example, higher than (ht) or lower than (lt). The complete list of values for op can be displayed by using the -c option with no arguments.
When testing for access rights, nistest returns success (0) if the specified rights are granted to the current user. Thus, testing for access rights:
example% nistest -a w=mr skippy.domain
Tests that all authenticated NIS+ clients have read and modify access to the object named skippy.domain.
Testing for access on a particular entry in a table can be accomplished using the indexed name syntax. The following example tests to see if an entry in the password table can be modified:
example% nistest -a o=m '[uid=99],passwd.org_dir'
To test if a directory lies higher in the namespace than another directory, use the -c option with an op of ht (higher than) as in the following example (which would return true):
example% nistest -c dom.com. ht lower.dom.com.
If this variable is set, and the NIS+ name is not fully qualified, each directory specified will be searched until the object is found. See nisdefaults(1).
The following exit values are returned:
Failure due to object not present, not of specified type, and/or no such access.
Failure due to illegal usage.
See attributes(5) for descriptions of the following attributes:
NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.