RE: Group Permisions 101 Needed

["Waldher, Travis R" <Travis R Waldher boeing com>]

> -----Original Message-----
> From: Rick Stevens [mailto:rstevens vitalstream com]
> 
> The NIS server uses its own /etc/passwd, /etc/shadow, and /etc/group
> files, and yes, when you log in, the NIS server will give you the
> group specified in its /etc/passwd file for you.
> 
> You should make sure that your are NOT in any client's local 
> /etc/passwd
> file.  If so, you'll be authenticated by the local machine 
> (not via NIS)
> and given the local machine's idea of your UID/GID.
> 
> In NIS, each client's /etc/passwd, /etc/shadow and /etc/group files
> should be pretty empty.  The only entries in them should be those
> necessary for LOCAL control of the system.  For example, it's not
> uncommon to have NIS clients have local entries for root and such
> with passwords that are unique to each system.
> 
> On login, the local /etc/passwd file is searched looking for the
> username given.  If it's not found, it then queries the NIS server.
> The special entry in /etc/passwd or /etc/group on a client that starts
> "+:" is the marker that says "from here on in, use NIS", although you
> can override the NIS server's concept of shell and home directory by
> putting the user in the local /etc/passwd and prefixing the username
> with a "+".  The UID and GID will STILL come from NIS in that case.
> 
> Confusing enough for you?

oookayyy... let's see how my comprehension is this morning.  (Keep in mind, I am a M$ wheenie. hehe)

in /etc/passwd using this example on the NIS server:

trw3016:x:879:130:Travis R Waldher:/acct/trw3016:/bin/csh

UID = 879, and GID = 130

If I log in to a NIS client, these are the ID settings I receive, my sheel is c and my home path.

If in the NIS client I have the following /etc/passwd:

+:trw3016:x:1001:1002:Travis R Waldher:/home/trw3016:/bin/ksh

UID = 879, and GID = 130, BUT my home directory is /home/trw3016 and my shell is korn.

-->How am I doing so far?

Now.. I create a directory called /group/mygroup on the NIS client.  I would then go to the NIS server in the /etc/group file and create an entry called:

mygroup:*:1234:

To give myself access to that directory I would edit the /etc/passwd (on NIS server) to reflect the following:

trw3016:x:879:130,1234:Travis R Waldher:/acct/trw3016:/bin/csh

(meaning I need to be part of GID 130 and 1234)

-->Is that the correct syntax?

So.. when I CD in to /group/mygroup, security checks the /etc/group file to resolve the GID, then checks the /etc/passwd file to verify I have the proper GID in my account.


Do I have that right?