 |
» |
|
|
|
This section explains how to administer and maintain your
NIS+ domain or namespace after you have set it up. It explains how
to perform the following tasks: List
the Properties of NIS+ Objects | |
To list the object properties of any
NIS+ directory, table, table entry, group, or link, issue the following
command from an NIS+ client host:
For example, to list the object properties of the passwd table entry for user jane in the default domain, you would issue this command: niscat -o ’[name=jane],passwd.org_dir’ |
The niscat -o command gives you information about the object, including
its owner, group owner, and permissions. If the NIS+ object is a table,
the niscat -o command gives the number of columns in the table, the
names of the columns, and the permissions for each column. For more information, type man 1 niscat at the HP-UX prompt. Change
the Default Properties for New NIS+ Objects | |
Whenever you create a new NIS+ object (a directory, table,
table entry, group, or link), it inherits a set of default properties
(owner, group owner, permissions, time to live, and so on). You
can override the default object properties by setting the NIS_DEFAULTS environment variable. You can use SAM (System Administration Manager) to change
all the default object properties except time to live. To run SAM
type sam at the HP-UX prompt. For more information, type man 1M sam. Issue the nisdefaults command to find out the current default values: If you are using the Korn or Bourne shell, issue
the following command: NIS_DEFAULTS=access=perms:owner=owner:group=group:ttl=time
export NIS_DEFAULTS |
If you are using the C shell, issue the following command: setenv NIS_DEFAULTS access=perms:owner=owner:group=group:ttl=time |
You do not have to specify all four values. For example, you
could change just the default owner and group owner, as in the following example: setenv NIS_DEFAULTS owner=garlic.Eng.Wiz.Com.:group=admin.Eng.Wiz.Com. |
You can also set the default group owner by setting the NIS_GROUP environment variable, but if the NIS_DEFAULTS variable specifies a default group owner, it overrides
the NIS_GROUP variable. The time to live (ttl) applies only to NIS+ directories and groups.
It tells NIS+ clients when to purge the information in their caches
and get new information from a server. (To change the ttl value for an existing NIS+ object, use the nischttl[1] command.) For more information, see the following man pages: nisdefaults(1), nischttl(1), sam(1M), and nis(1). Change
the Permissions for NIS+ Objects | |
To change the permissions of an NIS+
directory, table, table entry, group, or link, issue the nischmod command from an NIS+ client host. The following example changes the permissions for the group table in the Wiz.Com. domain. It gives user nobody no permissions, owner and group owner full permissions,
and world read permission only. nischmod n=,og=rmcd,w=r group.org_dir.Wiz.Com. |
The following example gives user nobody read permission for the groups_dir directory in the default domain and takes away
modify, create, and destroy permission from the group owner: nischmod n+r,g-mcd groups_dir |
To change permissions for a table column, use the nistbladm -u command. The following example changes the permissions on the passwd column of the passwd table in the default domain. It gives nobody, group, and world no permissions and takes away
create and destroy permissions from the owner. nistbladm -u passwd=ngw=,o-cd passwd.org_dir |
In order to change the permissions for an NIS+ object, you
need modify permission for that object. You can use SAM (System Administration Manager) to change
the permissions for groups, tables, table entries, and table columns.
To run SAM type sam at the HP-UX prompt. For more information, type man 1M sam. The actual permissions for an entry or column are the entry
or column permissions plus the permissions
for the table. For example, if the passwd table has permissions ----rmcdrmcd----, and the passwd column of the passwd table has permissions r---------------, the actual permissions for the passwd column are r---rmcdrmcd----. | | | |  | NOTE: The cred table must allow read permission to user nobody in order for NIS+ to start up. | | | | |
For more information, see the following man pages: nischmod(1), nistbladm(1), sam(1M), and nis(1). Change
the Ownership of NIS+ Objects | |
To change the owner of an NIS+ directory,
table, table entry, group, or link, issue the nischown command from an NIS+ client host. The following example changes the owner of the passwd table entry for user sid to sid.Sales.Wiz.Com.: nischown sid.Sales.Wiz.Com. ’[name=sid],passwd.org_dir’ |
The following example makes sid.Sales.Wiz.Com. the owner of his own cred table entries: nischown sid ’[cname=sid.Sales.Wiz.Com.],cred.org_dir’ |
In this example, the owner (sid) not a fully qualified NIS+ principal name. NIS+
will append the default domain to sid when it processes the command. The cred table contains two entries for sid.Sales.Wiz.Com.: a Local credential and a DES credential. The command
in this example will change the ownership of both entries, because
both entries have the same value in the cname column. To change the group owner of an NIS+ directory,
table, table entry, group, or link, issues the nischgrp command. The following example changes the group owner of the Sales.Wiz.Com. directory to admin.Sales.Wiz.Com.: nischgrp admin.Sales.Wiz.Com. Sales.Wiz.Com. |
The following example changes the group owner of all the entries
in the hosts table to the admin group in the default domain: nischgrp admin ’[]hosts.org_dir’ |
To change the ownership of an NIS+ object, you need modify
permission for the object. You can use SAM (System Administration Manager) to change
the ownership for groups, tables, and table entries. To run SAM
type sam at the HP-UX prompt. For more information, type man 1M sam. You cannot change the owner or group owner of a table column,
because it is always the same as the owner and group owner of the
table. For more information, see the following man pages: nischown(1), nischgrp(1), sam(1M), and nis(1). Change
the Search Order of Domains | |
When a client requests information from an NIS+ table without specifying
a domain, by default, the table in the client’s default
domain is searched first. If the information is not found, and the
default domain is not the root domain, the table in the default
domain’s parent domain is searched. The search continues
up the hierarchy until the information is found or the root domain
has been searched. You can override this default search path by setting the NIS_PATH environment variable. If you are using the Korn or Bourne
shell, issue the following commands: NIS_PATH=domain:domain:...
export NIS_PATH |
If you are using the C shell, issue the following
command: setenv NIS_PATH domain:domain:... |
You can use the $ character as a wildcard, as in the following
example: NISPATH=’org_dir.$:$:Eng.Wiz.Com.’ Single quotes are required to prevent the shell from interpreting
the $ character. When the $ character replaces part of
a domain path name, as in org_dir.$, it represents the default domain. So, if the
default domain is Sales.Wiz.Com., the domain path org_dir.$ is interpreted as org_dir.Sales.Wiz.Com. When the $ character is used to represent an entire domain
path name, like the second $ character in the example above, it
represents the default search path (default domain, then parent
domain, and on up to the root domain). If your default domain is Sales.Wiz.Com., and the root domain is Wiz.Com., the NIS_PATH value shown in the above creates the following
search path: For more information, type man 1 nis at the HP-UX prompt. List
the Contents of an NIS+ Table | |
Issue the following command from an
NIS+ client host:
For example, to list the contents of the passwd table in the domain Wiz.Com., you would issue the following command: niscat passwd.org_dir.Wiz.Com. |
If the table is in the default domain, you do not have to
include the domain name, but you do have to include org_dir. If you do not have read permission for the table, no entries
will be displayed. If you have read permission only for certain
entries, only those entries will be displayed. If you have read
permission only for certain columns, any columns for which you do
not have read permission will be displayed as *NP*. You can use SAM (System Administration Manager) to view or
modify the contents of NIS+ tables. To run SAM type sam at the HP-UX prompt. For more information, type man 1M sam. For more information, see the following man pages: niscat(1) and sam(1M). Search
an NIS+ Table | |
Issue one of the following commands
from any NIS+ client host: nisgrep ’column_name=regular_expression’ tablename |
nismatch column_name=text_string tablename |
For example, the following command returns all the entries
from users in the passwd table whose home directories are under /users: nisgrep ’home=/users/*’ passwd.org_dir |
If you do not specify a column name, the first column of the
table is searched. The following command returns the Local and DES
credentials for NIS+ principal liz.Eng.Wiz.Com. from the cred table: nismatch liz.Eng.Wiz.Com. cred.org_dir |
The nismatch command can search only columns that were defined
as searchable when the table was created. The nisgrep command can search any column in a table. To get the name of a column, or to determine whether a column
is searchable, issue the following command: niscat -o tablename.org_dir |
The nisgrep command can search on regular expressions, but
the nismatch command can search only for exact matches of text
strings. The nisgrep command is slower than the nismatch command. You must have read permission on the table or the entries
you are searching for, or NIS+ will not display the entries. You can use SAM (System Administration Manager) to search
NIS+ tables. To run SAM type sam at the HP-UX prompt. For more information, see the following man pages: nismatch(1) and sam(1M). Add
an Entry to an NIS+ Table | |
To add an entry to an NIS+ table, follow one of these procedures,
or use SAM (System Administration Manager). To run SAM, type sam at the HP-UX prompt. To
Add an Entry with nistbladmIssue the following command from any NIS+ client host: nistbladm -a column_name=value column_name=value ... tablename |
The following example adds an entry to the hosts table: nistbladm -a cname=romney name=romney.Eng.Wiz.Com \
addr=15.14.13.12 comment=”acb, pillar R4” hosts.org_dir |
Issue the following command to make sure the entry
was added successfully: nismatch column_name=value tablename |
The following example searches the hosts table for the entry for host romney: nismatch cname=romney hosts.org_dir |
If the entry exists, and if you have read access to it, the nismatch command will return the entry.
In the nistbladm -a command, you must specify the value for every column.
To leave a column blank, specify no value after the equal sign (=).
The following example adds an entry to the group table without specifying a password: nistbladm -a name=staff passwd= gid=10 members=root group.org_dir |
To get the names of the columns in a table, issue the following
command: niscat -o tablename.org_dir |
You must have create permission for the table in order to
add an entry to it. For more information, see the following man pages: nistbladm(1), niscat(1), and sam(1M). To
Add an Entry with nisaddentIssue the following command to dump the NIS+ table to a temporary file: nisaddent -d table_type > filename |
Do not include “org_dir” in the table type.
The following example dumps the group.org_dir table to tempfile: nisaddent -d group > tempfile |
To find out the table type for a table, issue the niscat -o tablename command. Type man 1 niscat for more information. Use a text editor to add an entry to the temporary
file. Issue the following command to merge the contents
of the temporary file into the NIS+ table: nisaddent -m -f filename table_type |
For example, the following command merges the contents of tempfile into the group.org_dir table: nisaddent -m -f tempfile group |
For more information, type man 1M nisaddent at the HP-UX prompt. Remove
an Entry from an NIS+ Table | |
To remove an entry from an NIS+ table, follow this procedure,
or use SAM (System Administration Manager). To run SAM, type sam at the HP-UX prompt. Issue the following command from any
NIS+ client host: nistbladm -r column_name=value column_name=value ... tablename |
The following example removes an entry from the hosts table: nistbladm -r cname=romney addr=15.14.13.12 hosts.org_dir |
In the nistbladm -r command, specify as many column values as you need
to identify a single entry. If the criteria you specify identify
more than one entry, NIS+ displays an error. If you want to remove
all entries matching a set of criteria, use the -R option instead of the -r option. The following example removes both the
Local and DES credentials for principal liz.Eng.Wiz.Com. from the cred table: nistbladm -R cname=liz.Eng.Wiz.Com. cred.org_dir |
To get the names of the columns in a table, issue the following
command: niscat -o tablename.org_dir |
You must have destroy permission for the table or for the
entries you want to remove. For more information, see the following man pages: nistbladm(1), niscat(1), and sam(1M). Modify
an Entry in an NIS+ Table | |
You can use either of two methods to modify a table entry: You can use nistbladm(1) to modify the entry directly. You can use nisaddent(1M) to dump the table to a file, and you can modify
the file. Then, you can use nisaddent to update the NIS+ table from the file.
You can use SAM (System Administration Manager) to modify
entries in NIS+ tables. To run SAM, type sam at the HP-UX prompt. You must have modify permission for the table or for the entries
you want to modify. For more information, see the following man pages: nistbladm(1), nisaddent(1M), niscat(1), and sam(1M). To
Modify an Entry with nistbladmIssue the following command from any
NIS+ client host: nistbladm -m column_name=new_value column_name=new_value ... \
’[column_name=old_value,column_name=old_value ...],tablename’ |
The following example changes a user’s shell in the passwd table: nistbladm -m shell=ksh ’[name=maddy,uid=6789],passwd.org_dir’ |
The values you specify inside the square brackets must identify
a single entry. To get the names of the columns in a table, issue the following
command: niscat -o tablename.org_dir |
For more information, see the following man pages: nistbladm(1M) and niscat(1). To
Modify an Entry with nisaddentIssue the following command to dump the NIS+ table to a temporary file: nisaddent -d table_type > filename |
Do not include “org_dir” in the table type.
The following example dumps the group.org_dir table to tempfile: nisaddent -d group > tempfile |
To find out the table type for a table, issue the niscat -o tablename command. Type man 1 niscat for more information. Use a text editor to make your changes to the temporary
file. Issue the following command to merge the contents
of the temporary file into the NIS+ table: nisaddent -m -f filename table_type |
For example, the following command merges the contents of tempfile into the group.org_dir table: nisaddent -m -f tempfile group |
For more information, type man 1M nisaddent at the HP-UX prompt. Add
a Host to an NIS+ Domain | |
Issue the following command, from any NIS+ client host, to
add the new host to the NIS+ hosts table: nistbladm -a cname=hostname name=hostname addr=IPaddress \
comment=comment hosts.org_dir.domainname |
You must have create permission for the hosts table to use this command. You must create one hosts table entry in which the cname and name columns are both set to the official host name.
If you wish to configure aliases for the host name, create entries
in which the cname column contains the official host name and the name column contains the alias. If the domain is the default domain, you do not have to specify
the domain name, as in the following example: nistbladm -a cname=romney.Eng.Wiz.Com name=romney.Eng.Wiz.Com \
addr=15.14.13.12 comment= hosts.org_dir |
Issue the following command to add a DES credential
for the new host to the cred table: nisaddcred -p unix.hostname@domainname -P hostname.domainname \
des domainname |
If you do not specify the domain name as the last argument,
the credential is created in the default domain, as in the following example: nisaddcred -p unix.romney@Eng.Wiz.Com -P romney.Wiz.Com. des |
The argument following the -p option is the host’s secure RPC netname
and does not end with a period. The argument
following the -P option is the host’s NIS+ principal name
and must end with a period. When NIS+ prompts you for a password, enter the root password
of the new host. You must have create permission for the cred table to use this command. If you want to allow the root user on this host
to administer the NIS+ domain, add the host to the domain’s admin group. Issue this command: nisgrpadm -a hostname.domainname admin_groupname.domainname |
The admin group for most domains is called “admin,” as
in the following example: nisgrpadm -a romney.Eng.Wiz.Com. admin.Eng.Wiz.Com. |
You must have modify permission for the admin group in order to add members to it. Set up the host as a client of the NIS+ domain to
which you just added the host’s data and credentials. See “Set
Up NIS+ Client Hosts”.
You can use SAM (System Administration Manager) to add hosts
to the hosts table, cred table, and admin group in an NIS+ domain, but you cannot use SAM
to set up NIS+ clients. To run SAM, type sam at the HP-UX prompt. For more information, see the following man pages: nistbladm(1), nisaddcred(1M), nisgrpadm(1), sam(1M), and nis(1). Add
a User to an NIS+ Domain | |
To add users to an NIS+ domain, follow this procedure, or
use SAM (System Administration Manager). To run SAM, type sam at the HP-UX prompt. Issue the following command, from any NIS+ client host, to
add the new user to the NIS+ passwd table: nistbladm -a name=loginname passwd= uid=userID gid=groupID \
gcos=user_info home=home_dir shell=shell shadow= \
passwd.org_dir.domainname |
You must have create permission for the passwd table to use this command. If the domain is the default domain, you do not have to specify
the domain name, as in the following example: nistbladm -a name=sara passwd= uid=7899 gid=20 \
gcos=”Sara Sena,,x77555,” home=/home/sara shell=/bin/ksh \
shadow= passwd.org_dir |
Issue the following commands to add Local and DES
credentials for the new user to the cred table: nisaddcred -p UID -P loginname.domainname local domainname
nisaddcred -p unix.UID@domainname -P loginname.domainname des \
domainname |
If you do not specify the domain name as the last argument,
the credentials are created in the default domain, as in the following example: nisaddcred -p 7899 -P sara.Eng.Wiz.Com. local
nisaddcred -p unix.7899@Eng.Wiz.Com -P sara.Eng.Wiz.Com.des |
The user ID must not belong to any other user in the passwd table. The argument following the -P option is the user’s NIS+ principal name
and must end with a period. When the nisaddcred command prompts you for a password, enter a temporary
password for the user. You must have create permission for the cred table to use this command. Issue the following command to change the user’s
password: passwd -r nisplus loginname |
When the nispasswd command prompts you for a password, type the same
password you typed when you created the user’s DES credential
in step 2. You can ignore the message that tells you what to do if the
user’s login password is different from the user’s
secure RPC password. If you followed the steps in this section,
the user’s two passwords are the same. Issue the following command to make the user the
owner of the user’s passwd table entry: nischown username.domainname ’[name=username],passwd.org_dir.domainname’ |
The following example changes the ownership of a passwd table entry in the default domain: nischown sara.Eng.Wiz.Com. ’[name=sara],passwd.org_dir’ |
Add the user to the primary group you specified
when you added the user to the passwd table. Issue the following command to dump the current NIS+ group table to a file: nisaddent -d group > filename |
Use a text editor to add the new user to the appropriate
group in filename. Issue the following command to merge the contents
of the temporary file into the NIS+ group table: nisaddent -m -f filename group |
You must have modify permission for the group table to add a user to a group. Create the user’s home directory, and make
the user the owner of it, as in the following example: mkdir /export/home/sara
chown sara /export/home/sara |
If you are using AutoFS to mount users’ home
directories, add the new user’s home directory to the auto_home table. For information on the AutoFS, see “Configuring
and Administering AutoFS”. For instructions
on adding an entry to an NIS+ table, see “Add
an Entry to an NIS+ Table”. Tell the new user to log in with the password you
specified in steps 2 and 3 and change passwords with the nispasswd command.
For more information, see the following man pages: nistbladm(1), nisaddcred(1M), passwd(1), nisaddent(1), sam(1M), and nis(1). Create
New Credentials for an Existing NIS+ Principal | |
Sometimes a user or host needs new credentials, because the
old ones have become corrupted or cannot be used. Follow these steps: Log in as root to the NIS+ master server
for the domain. Issue the following command to create new credentials
for the NIS+ principal and overwrite any existing credentials: /usr/lib/nis/nisclient -co principalname |
where principalname is username.domainname for a non-root user or hostname.domainname for a root user (host). Supply the password when you are prompted for it. Wait two minutes for the NIS+ replicas to be updated. If the principal is a root user (host), log into
the host as root, and issue the following command to reinitialize
it: /usr/lib/nis/nisclient -i -h master_servername -d domainname |
Test the login by having the user or root user log
in. If the login does not work, try killing and restarting rpc.nisd on the master server: ps -ef | grep rpc.nisd
kill PID
rpc.nisd |
If you are running in NIS compatibility mode, be sure to restart rpc.nisd with the -Y option:
For more information, see the following man pages: nisclient(1M) and rpc.nisd(1M). Create
New Credentials for the Root Master Server | |
Sometimes the credentials for the root master server become
corrupted and unusable, and it is necessary to create new ones.
Follow this procedure to recreate the credentials for the root master
server host. Log in as root to every NIS+ server
in the namespace, and issue the following commands to kill the nis_cachemgr process and restart rpc.nisd at security level 0: ps -ef | grep nis_cachemgr
kill PID
ps -ef | grep rpc.nisd
kill PID
rpc.nisd -S 0 |
Log into the root master server, and issue the following
command to create new credentials for the root master server host: nisaddcred -p unix.hostname@domain -P hostname.domain des |
where hostname is the name of the root master server. Note that
the secure RPC netname (following -p) does not end in a dot, while
the NIS+ principal name (following -P) does end in a dot. Enter the root password when prompted for it. If the nisaddcred command hangs, perform step 3, below, then try step
2 again. On the root master server, issue the following commands
to kill the keyserv daemon and remove the /etc/.rootkey file: ps -ef | grep keyserv
kill PID
rm /etc/.rootkey |
On the root master server, issue the following commands.
Note that the domainname must end in a dot. nisupdkeys org_dir.domainname.
nisupdkeys groups_dir.domainname.
nisupdkeys domainname. |
On the root master server, issue the following commands: nisping org_dir
nisping groups_dir
nisping domainname |
On the root master server, issue the following command: Supply the root password when prompted for it. Log in as root to every server in the namespace,
and issue the following commands. Note that the domainname must end in a dot. nisupdkeys org_dir.domainname.
nisupdkeys groups_dir.domainname.
nisupdkeys domainname. |
Log in as root to every server in the namespace,
including the root master server, and issue the following commands
to restart the nis_cachemgr process and restart rpc.nisd at security level 2: nis_cachemgr -i
ps -ef | grep rpc.nisd
kill PID
rpc.nisd |
For more information, see the following man pages: nis_cachemgr(1M), rpc.nisd(1M), nisaddcred(1M), keyserv(1M), nisupdkeys(1M), nisping(1M), and keylogin(1). Change
a Password | |
To change the password of a non-root
user, issue the following command from any NIS+ client host: passwd -r nisplus username -D domainname |
The username is not necessary if you are logged in as a non-root
user and are changing your own password. The -D domainname is necessary only if you are changing the password
of a user in another domain. The nispasswd command changes the password in the NIS+ passwd and cred tables. It does not change
the password in the /etc/passwd file. To change the password in the /etc/passwd file, use the passwd(1) command. If your NIS+ servers are running in NIS compatibility mode,
users on NIS clients must use the yppasswd command to change their passwords in the NIS+ passwd table. To change a non-root user’s password, you must have
modify permission for the passwd and cred tables or for the user’s entries in the passwd and cred tables. To change the password of a root user, follow these
steps: Log in as root to the host whose password you want to change. Issue the passwd command to change the root password in the /etc/passwd file: Issue the following command to encrypt the root
user’s secret key with the new password:
| | | |  | CAUTION: You can change the root password on the root master
server, but do not change the public or private key on the root
master server. The root master server’s keys are embedded
in every directory object on every client, replica server, and subdomain
server. | | | | |
For more information, see the following man pages: nispasswd(1), yppasswd(1), passwd(1), chkey(1), and nis(1). Create
an NIS+ Table | |
When you set up an NIS+ domain, the nisserver script creates a default set of tables. You can
also create your own custom tables. Issue the following command from any NIS+ client host: nistbladm -c table_type column=flags column=flags ... tablename |
The following example creates a three-column table called hostinfo.Wiz.Com. The S flag indicates that the first two columns are
searchable. nistbladm -c hostinfo host=S user=S \
location= hostinfo.org_dir.Wiz.Com. |
In most cases, the table type can be the same as the table
name (without org_dir and the domain name). In most of the standard tables,
the table type is the same as the table name. Two-column tables
in which only the first column is searchable have type key-value.
All AutoFS maps have type key-value. If your table has type key-value (two columns with
only the first column searchable), you can use the nisaddent command to populate it from a file or an NIS map.
The following example populates the auto_direct map from the /etc/auto.direct file: nisaddent -f /etc/auto.direct -t auto_direct.org_dir key-value |
If your table is not of type key-value, you must add entries
to it one at a time. You can use SAM, or you can use the nistbladm command. See “Add
an Entry to an NIS+ Table”.
At least one column in a table must be
searchable. To create a table, you must have create permission for the org_dir directory (or the directory where you want to
put the new table). For more information, see the following man pages: nistbladm(1), nisaddent(1M), and sam(1M). Remove
an NIS+ Table | |
Issue the following command from any NIS+ client host, to
remove all the entries in the table: nistbladm -R ’[],tablename’ |
The following example removes all the entries from the mail_aliases table in the Wiz.Com. domain: nistbladm -R ’[],mail_aliases.org_dir.Wiz.Com.’ |
Issue the following command from any NIS+ client
host to remove the table: The following example removes the mail_aliases table from the Wiz.Com. domain: nistbladm -d mail_aliases.org_dir.Wiz.Com. |
If the table is in the default domain, you do not have to
specify the fully qualified domain with the table name, but you
still have to include “org_dir” in the table name. A table must be empty before you can remove it. To remove a table, you must have destroy permission for the
NIS+ directory where the table resides. For more information, type man 1 nistbladm at the HP-UX prompt. Create
or Remove Paths Among Tables | |
A concatenation path or table
path is a property of a table. If a table does not contain
information requested by an NIS+ principal, but it has a concatenation
path, NIS+ searches the other tables in the concatenation path until
it finds the requested information or comes to the end of the path.
NIS+ does not follow paths recursively; that is, if one of the tables in
the concatenation path has its own concatenation path, NIS+ will
not follow it. Do not use table paths if your server is running in NIS compatibility mode.
NIS clients cannot follow table paths. To find out whether a table has a
concatenation path, issue this command: The Search Path line in the output is the table’s concatenation
path. To create or modify a concatenation path for a table,
issue this command: nistbladm -u -p othertable:othertable... tablename |
The following example creates a path from passwd.Sales.Wiz.Com. to passwd.Eng.Wiz.Com. It causes NIS+ to search the passwd table of the Eng.Wiz.Com. domain if it fails to find requested information in
the passwd table of the Sales.Wiz.Com. domain. nistbladm -u -p passwd.Eng.Wiz.Com. passwd.Sales.Wiz.Com. |
To remove a concatenation path from a table, issue
this command: nistbladm -u -p ”” tablename |
The following example removes the concatenation path from
the passwd table in the Sales.Wiz.Com. domain: nistbladm -u -p ”” passwd.Sales.Wiz.Com. |
You can also create NIS+ links to other tables, but links
are slower than paths and are not recommended. Type man 1 nisln for more information. You need modify permission for a table to change its concatenation
path. For more information, type man 1 nistbladm at the HP-UX prompt. Create
or Remove an NIS+ Group | |
To create an NIS+ group, type the
following command on any NIS+ client host: The following example creates an NIS+ group called engineers in the Sales.Wiz.Com. domain: nisgrpadm -c engineers.Sales.Wiz.Com. |
To remove an NIS+ group, type the following command
on any NIS+ client host: The following example removes the NIS+ group called engineers from the Sales.Wiz.Com. domain: nisgrpadm -d engineers.Sales.Wiz.Com. |
NIS+ groups are not the same as the HP-UX
groups stored in the group.org_dir table or the /etc/group file. NIS+ groups are used to determine group
ownership of NIS+ objects. NIS+ objects allow certain access permissions
to their group owners. NIS+ groups are stored in the groups_dir subdirectory of the domain directory. To create an NIS+ group, you must have create permission for
the groups_dir directory. To remove a group, you must have destroy permission
for group or for the groups_dir directory. You can use SAM (System Administration Manager) to create
or remove NIS+ groups. To run SAM, type sam at the HP-UX prompt. For more information, see the following man pages: nisgrpadm(1) and sam(1M). Add
or Remove Members of an NIS+ Group | |
To add members to an NIS+ group, type
the following command on any NIS+ client host: nisgrpadm -a groupname group_member [group_member...] |
The following example adds the host principal thyme.Wiz.Com. and the NIS+ group tempadmin.Wiz.Com. to the group admin.Wiz.Com.: nisgrpadm -a admin.Wiz.Com. thyme.Wiz.Com. @tempadmin.Wiz.Com. |
To remove members from an NIS+ group, type the following command
on any NIS+ client host: nisgrpadm -r groupname group_member [group_member...] |
The following example removes the user principal amy.Wiz.Com. and all principals in the Eng.Wiz.Com. domain from the group admin.Wiz.Com.: nisgrpadm -r admin.Wiz.Com. amy.Wiz.Com. *.Eng.Wiz.Com. |
To list the current members of an NIS+ group, type
the following command on any NIS+ client host:
An NIS+ group member may take any of the following forms: - principal
Any host or user principal (for example, amy.Wiz.Com.) - @group
Another NIS+ group (for example, @tempadmin.Wiz.Com.) - *.domain
All principals in an NIS+ domain (for example, *.Eng.Wiz.Com.)
You can exclude any of these types of members from a group
by putting a minus sign (-) before the member (for example, -@tempadmin.Wiz.Com.). A user must have a Local credential in the cred table of the group’s domain before you
can add the user to the group. NIS+ groups are not the same as the HP-UX
groups stored in the group.org_dir table or the /etc/group file. NIS+ groups are used to determine group
ownership of NIS+ objects. NIS+ objects allow certain access permissions
to their group owners. NIS+ groups are stored in the groups_dir subdirectory of the domain directory. To add or remove members of an NIS+ group, you must have modify permission
for the group. You can use SAM (System Administration Manager) to add or
remove members of NIS+ groups. To run SAM, type sam at the HP-UX prompt. For more information, see the man pages nisgrpadm(1) and sam(1M). Remove
a Replica Server from an NIS+ Domain | |
Log into the replica you want to remove,
and issue the following commands to kill rpc.nisd and nis_cachemgr: ps -ef | grep rpc.nisd
kill PID
ps -ef | grep nis_cachemgr
kill PID |
Issue the following command to remove the /var/nis directory: Reinitialize the host as an NIS+ client. See “Set
Up NIS+ Client Hosts”. From any NIS+ client host, issue the following commands: nisrmdir -s -f replica_hostname org_dir.domainname
nisrmdir -s -f replica_hostname groups_dir.domainname
nisrmdir -s -f replica_hostname domainname |
The following commands removes replica server thyme from domain Eng.Wiz.Com.: nisrmdir -s -f thyme org_dir.Eng.Wiz.Com.
nisrmdir -s -f thyme groups_dir.Eng.Wiz.Com.
nisrmdir -s -f thyme Eng.Wiz.Com. |
The -f option forces the replica to be removed, even
if the replica cannot be reached.
To remove a replica server from a domain, you must have modify permission
for the domain the replica serves. For more information, see the following man pages: nisrmdir(1) and nis(1). Remove
an NIS+ Domain | |
Issue the following commands to remove
an NIS+ domain: nisrmdir org_dir.domainname
nisrmdir groups_dir.domainname
nisrmdir domainname |
You must remove the org_dir and groups_dir directories before you remove the domain directory.
You will not be able to remove the org_dir and groups_dir subdirectories if you remove the domain directory
first.
The nisrmdir command dissociates all servers from the domain
and removes the domain directory. You must have destroy permission for the parent domain in
order to remove a subdomain. For more information, see the following man pages: nisrmdir(1) and nis(1). Back
Up NIS+ Tables | |
It is recommended that you back up your NIS+ tables at least
once a day. Create a directory for your flat files,
and make it the current directory: mkdir /nis+files
cd /nis+files |
Set the PATH variable to include /usr/lib/nis. If you are running the C shell, type the following
command: setenv PATH $PATH:/usr/lib/nis |
If you are running the Bourne or Korn shell, type the following commands: PATH=$PATH:/usr/lib/nis
export PATH |
Issue the following commands to dump your NIS+ tables
to files: nisaddent -d aliases > aliases
nisaddent -d bootparams > bootparams
nisaddent -d ethers > ethers
nisaddent -d group > group
nisaddent -d hosts > hosts
nisaddent -d netgroup > netgroup
nisaddent -d netid > netid
nisaddent -d netmasks > netmasks
nisaddent -d networks > networks
nisaddent -d passwd > passwd
nisaddent -d protocols > protocols
nisaddent -d publickey > publickey
nisaddent -d rpc > rpc
nisaddent -d services > services
nisaddent -d trusted > trusted
nisaddent -d timezone > timezone
niscat auto_home.org_dir > auto_home
niscat auto_master.org_dir > auto_master
niscat auto_direct.org_dir > auto_direct |
Make sure your NIS+ tables are fully checkpointed.
Issue the following command to check the size of your transaction
log: If your transaction log contains only three entries, then
your tables are fully checkpointed. If your transaction logs contain
more than three entries, issue the following command to checkpoint
them: Use your favorite backup utility (tar[1], dump[1M], etc.) to back up the following: The flat files you created by dumping the NIS+ tables
|
Printable version
