[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Group Permisions 101 Needed

From: Rick Stevens <rstevens vitalstream com>
To: redhat-install-list redhat com
Subject: Re: Group Permisions 101 Needed
Date: Tue, 21 Jan 2003 10:45:05 -0800

Waldher, Travis R wrote:

I'm pretty new to Unix, and I have not dealt with NIS usernames and group permissions on a seperate server that is a NIS client. So, I have some very basic questions I hope people here will be willing to answer.

If I am a NIS user called Travis and I log in to a server called dataserver. I have a group folder called mygroup.

How do I restrict other NIS users who are not in that group from getting in? I know the chown, and give it a groupname, we will call it "mygroup" as well for this discussion.

Do I have to have a /etc/group file, assign a GID. Then on the NIS server assign the user to that same GID?

I don't need a oversimplified step by step but general steps and which files I need to modify would be greatly appreciated.


The NIS server uses its own /etc/passwd, /etc/shadow, and /etc/group
files, and yes, when you log in, the NIS server will give you the
group specified in its /etc/passwd file for you.

You should make sure that your are NOT in any client's local /etc/passwd
file.  If so, you'll be authenticated by the local machine (not via NIS)
and given the local machine's idea of your UID/GID.

In NIS, each client's /etc/passwd, /etc/shadow and /etc/group files
should be pretty empty.  The only entries in them should be those
necessary for LOCAL control of the system.  For example, it's not
uncommon to have NIS clients have local entries for root and such
with passwords that are unique to each system.

On login, the local /etc/passwd file is searched looking for the
username given.  If it's not found, it then queries the NIS server.
The special entry in /etc/passwd or /etc/group on a client that starts
"+:" is the marker that says "from here on in, use NIS", although you
can override the NIS server's concept of shell and home directory by
putting the user in the local /etc/passwd and prefixing the username
with a "+".  The UID and GID will STILL come from NIS in that case.

Confusing enough for you?

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         The world is coming to an end ... SAVE YOUR FILES!!!       -
----------------------------------------------------------------------

References:
- Group Permisions 101 Needed
  - From: Waldher, Travis R

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]