Skip to ContentSun and Oracle Channel Sun How to Buy Log In

Name Services Administration Guide

包含在

Solaris 2.4 System Administrator AnswerBook

尋找其他文件

Information in NIS+ Tables

B

This appendix summarizes the information stored in the following NIS+ tables:

*Auto_Home Table*	*page 292*
*Auto_Master Table*	*page 293*
*Bootparams Table*	*page 294*
*Ethers Table*	*page 295*
*Group Table*	*page 296*
*Hosts Table*	*page 297*
*Mail Aliases Table*	*page 297*
*Netgroup Table*	*page 298*
*Netmasks Table*	*page 299*
*Networks Table*	*page 300*
*Passwd Table*	*page 300*
*Protocols Table*	*page 302*
*RPC Table*	*page 302*
*Services Table*	*page 303*
*Timezone Table*	*page 304*

The Cred table, because it contains only information related to NIS+ security, is described in Chapter 7, "Administering NIS+ Security."

As explained in Chapter 1, without the name service, this information would be stored in /etc files. In fact, most NIS+ tables have corresponding /etc files. With the NIS service, you could combine the information in the NIS maps with the information in their corresponding /etc maps by using the +/-syntax. However, the Name Service Switch provides a better method.

The Name Service Switch allows you to specify one or more sources for different types of information. In addition to NIS+ tables, that source can be NIS maps, DNS maps, or /etc tables. The order in which you specify them determines how the information from different sources is combined.

If you are creating input files for any of these tables, most tables share two formatting requirements: you must use one line per entry, and you must separate columns with one or more spaces or TABs. If a particular table has different or additional format requirements, they are described under a heading called "Input File Format."

Auto_Home Table

The auto_home table is an indirect automounter map that enables an NIS+ client to mount the home directory of any user in the domain. It does this by specifying a mount point for each user's home directory, the location of each home directory, and mount options, if any. Because it is an indirect map, the first part of the mount point is specified in the auto_master table, and happens to be, by default, /home. The second part of the mount point (i.e., the sub directory under /home) is specified by the entries in the auto_home map, and is different for each user.

The auto_home table has two columns:

Table 13-1

Column	Description
Mount Point	The login name of every user in the domain.
Options & Location	The mount options for every user, if any, and the location of the user's home directory.

For example:

costas     barcelona:/export/partition2/costas

The home directory of the user costas, which is located on the server barcelona, in the directory /export/partition2/costas, would be mounted under a client's /home/costas directory. No mount options were provided in the entry.

Auto_Master Table

The auto_master table lists all the automounter maps in a domain. For direct maps, the auto_master table simply provides a map name. For indirect maps, it provides both a map name and the top directory of its mount point. The auto_master table has two columns:

Table 13-2

Column	Description
Mount Point	The top directory into which the map will be mounted. If the map is a direct map, this is a dummy directory, represented with `/--`.
Map Name	The name of the automounter map.

For example, assume these entries in the auto_master table:

/home     auto_home
/-        auto_man
/programs  auto_programs

The first entry names the auto_home map. It specifies the top directory of the mount point for all entries in the auto_home map: /home. (The auto_home map is an indirect map.) The second entry names the Auto_Man map. Because that map is a direct map, the entry provides only the map name. The Auto_Man map will itself provide the topmost directory, as well as the full pathname, of the mount points for each of its entries. The third entry names the Auto_Programs map and since it provides the top directory of the mount point, the Auto_Programs map is an indirect map.

All automounter maps are stored as NIS+ tables. By default, Solaris 2.X provides the auto_master map, which is mandatory, and the auto_home map, which is a great convenience. You can create more automounter maps for a domain, but be sure to store them as NIS+ tables and list them in the auto_master table. For more information about the automounter, consult books about the Automounter or books that describe the NFS filesystem.

Bootparams Table

The bootparams table stores configuration information about every diskless workstation in a domain. A diskless workstation is a workstation that is connected to a network, but has no hard disk. Since it has no internal storage capacity, a diskless workstation stores its files and programs in the filesystem of a server on the network. It also stores its configuration information -- or boot parameters -- on a server.

Because of this arrangement, every diskless workstation has an initialization program that knows where this information is stored. If the network has no name service, the program looks for this information in the server's /etc/bootparams file. If the network uses the NIS+ name service, the program looks for it in the bootparams table, instead.

The bootparams table can store any configuration information about diskless workstations. It has two columns: one for the configuration key, another for its value. By default, it is set up to store the location of each workstation's root, swap, and dump partitions.

The default bootparams table has only two columns but uses them to provide the following four items of information:

Table 13-3

Column

Description

Hostname

The diskless workstation's official hostname, as specified in the hosts table

Configuration

Root Partition: the location (server name and path) of the workstation's root partition

Swap Partition: the location (server name and path) of the workstation's swap partition

Dump Partition: the location (server name and path) of the workstation's dump partition

Input File Format The columns are separated with a TAB character. Backslashes (\) are used to break a line within an entry. The entries for root, swap, and dump partitions have the following format:

Text Box(378x72)

Here is an example:

buckaroo         root=bigriver:/export/root1/buckaroo\
                 swap=bigriver:/export/swap1/buckaroo\
                 dump=bigriver:/export/dump/buckaroo

Ethers Table

The ethers table stores information about the 48-bit Ethernet addresses of workstations on the Internet. It has two columns:

Table 13-4

Column	Description
Ethernet-address	The 48-bit Ethernet address of the workstation.
Official-host-name	The name of the workstation, as specified in the hosts table.

An Ethernet address has the form:

n:n:n:n:n:n hostname

where n is a hexadecimal number between 0 and FF, representing one byte. The address bytes are always in network order.

Group Table

The group table stores information about workstation user groups. Solaris 2.X supports three kinds of groups: netgroups, NIS+ groups, and UNIX groups.

A netgroup is a group of workstations and users that have permission to perform remote operations on other workstations in the group. An NIS+ group is a set of NIS+ users that can be assigned access rights to an NIS+ object. They are described in Chapter 7, "Administering NIS+ Security." A UNIX group is simply a collection of users who are given additional UNIX access permissions.

UNIX groups allow a set of users on the network to access a set of files on several workstations or servers without making those files available to everyone. For example, the engineering and marketing staff working on a particular project could form a workstation user group.

The group table has four columns:

Table 13-5

Field	Description
Name	The group's name
Password	The group's password.
GID	The group's numerical ID.
members	The names of the group members, separated by commas.

Previous releases of SunOS used a +/- syntax in local /etc/group files to incorporate or overwrite entries in the NIS group maps. Since Solaris 2.X uses the Name Service Switch to specify a workstation's sources of information, this is no longer necessary. All you have to do in Solaris 2.X systems is edit a

client's /etc/nsswitch.conf file to specify "files," followed by "nisplus" as the sources for the group information. This effectively adds the contents of the group table to the contents of the client's /etc/group file.

Hosts Table

The hosts table associates the names of all the workstations in a domain with their IP addresses. The workstations are usually also NIS+ clients, but they don't have to be. Other tables, such as bootparams, group, and netgroup, rely on the network names stored in this table. They use them to assign other attributes, such as home directories and group memberships, to individual workstations. The hosts table has four columns:

Table 13-6

Column	Description
IP Address	The workstation's IP address (network number plus workstation ID number)
Hostname	The workstation's official name
Nickname	An optional name used in place of the hostname to identify the workstation
Comment	An optional comment about the record

Mail Aliases Table

The mail aliases table lists the domain's mail aliases recognized by sendmail. It has two columns:

Table 13-7

Column	Description
Alias Name	The name of the alias
Members	A list containing the members that receive mail sent to this alias. Members can be users, workstations, or other aliases.

Input File Format Each entry has the following format:

alias-name:member[,member]...

To extend an entry over several lines, use a backslash.

Netgroup Table

The netgroup table defines network-wide groups used to check permissions for remote mounts, logins, and shells. The members of netgroups used for remote mounts are workstations; for remote logins and shells, they are users.

Note - Users working on a client machine being served by a NIS+ server running in compatibility mode cannot run ypcat on the netgroup table. Doing so will give you results as if the table were empty even if it has entries.

The netgroup table has two columns:

Table 13-8

Column	Description
Group Name	The name of the network group.
List of Members	A list of the members in the group.

Input File Format The input file consists of a group name and any number of members:

groupname member-specification...

A member specification can be the name of another netgroup or an ordered list with three fields:

member-spec ::= group-name |

( hostname, username, domainname )

The first field specifies the name of a workstation. The second field specifies the name of a user. The third field specifies the domain in which the member specification is valid.

A missing field indicates a wildcard. For example, this netgroup includes all workstations and users in all domains:

everybody (,,)

A dash in a field is the opposite of a wildcard; it indicates that no workstations or users belong to the group. Here are two examples:

(host1, -,Wiz.Com.)
(-,joe,Wiz.Com.)

The first specification includes one workstation, host1, in the Wiz.Com. domain, but excludes all users. The second specification includes one user in the Wiz.Com. domain, but excludes all workstations.

Netmasks Table

The netmasks table contains the network masks used to implement standard Internet subnetting. The table has two columns:

Table 13-9

Column	Description
Network Number	The IP number of the network.
Subnet Mask	The network mask to use on the network.

For network numbers, you can use the conventional IP dot notation used by workstation addresses, but leave zeroes in place of the workstation addresses. For example, this entry

128.32.0.0         255.255.255.0

means that class B network 128.32.0.0 should have 16 bits in its network field, eight bits in its subnet field, and eight bits in its host field.

Networks Table

The networks table lists the networks of the Internet. This table is normally created from the official network table maintained at the Network Information Control Center (NIC), though you may need to add your local networks to it. It has three columns:

Table 13-10

Column	Description
Network Name	The official name of the network, supplied by the Internet
Network Number	The official IP number of the network
Aliases	An unofficial name for the network

Passwd Table

The passwd table contains information about the accounts of users in a domain. These users generally are, but do not have to be, NIS+ principals. Remember though, that if they are NIS+ principals, their credentials are not stored here, but in the domain's Cred table. The passwd table usually grants Read permission to the World (or to Nobody).

The information in the passwd table is added when users' accounts are created. The passwd table contains the following columns:

Table 13-11

Column	Description
User Name	The user's login name, which is assigned when the user's account is created. The name can contain no uppercase characters and can have a maximum of eight characters.
Password	The user's encrypted password.
UID	The user's numerical ID, assigned when the user's account is created.
Group ID	The numerical ID of the user's group.

Table 13-11

Column	Description
GCOS	The user's real name plus information that the user wishes to include in the "From:" field of a mail-message heading. An & in this column simply uses the user's login name.
Home Directory	The pathname of the user's home directory; that is, the directory the user is placed in after logging in.
Login Shell	The user's initial shell program. The default is the C-shell: `/usr/bin/csh`.

The passwd table has an additional column: the Shadow column. It stores restricted information about user accounts. It includes the following information:

Table 13-12

Item	Description
Lastchg	The number of days between January 1, 1970, and the date the password was last modified.
Min	The minimum number of days recommended between password changes.
Max	The maximum number of days that the password is valid.
Warn	The number of days' warning a user receives before being notified that his or her password has expired.
Inactive	The number of days of inactivity allowed for the user.
Expire	An absolute date past which the user's account is no longer valid.
Flag	Reserved for future use. Currently set to 0.

Previous releases of SunOS used a +/- syntax in local /etc/passwd files to incorporate or overwrite entries in the NIS password maps. Since Solaris 2.X uses the Name Service Switch to specify a workstation's sources of information, this is no longer necessary. All you have to do in Solaris 2.X systems is edit a client's /etc/nsswitch.conf file to specify "files," followed by "nisplus" as the sources for the passwd information. This effectively adds the contents of the passwd table to the contents of the /etc/passwd file.

However, if you still want to use the +/- method, edit the client's nsswitch.conf file to specify "compat" for the passwd source.

Protocols Table

The protocols table lists the protocols used by the Internet. It has four columns:

Table 13-13

Column	Description
Protocol Number	The name of the protocol
Protocol Name	The protocol number
Aliases	An unofficial alias used to identify the protocol
Comments	Comments about the protocol

Here is an example of an input file for the protocols table:

#
# Internet (IP) Protocols
#
ip     0       IP      # internet protocol, pseudo protocol number
icmp   1       ICMP    # internet control message protocol
ggp    3       GGP     # gateway-gateway protocol
tcp    6       TCP     # transmission control protocol
pup    12      PUP     # PARC universal packet
udp    17      UDP     # user datagram protocol
#

RPC Table

The RPC table lists the names of RPC programs. It has four columns:

Table 13-14

Column	Description
RPC program name	The name of the program

Table 13-14

Column	Description
RPC program number	The program number
Aliases	Other names that can be used to invoke the program
Comments	Comments about the RPC program

Here is an example of an input file for the RPC table:

#
# rpc file
#
rpcbind      100000      portmap     sunrpc      portmapper
rusersd      100002      rusers
nfs          100003      nfsprog
mountd       100005      mount       showmount
walld        100008      rwall       shutdown
sprayd       100012      spray
llockmgr     100020
nlockmgr     100021
status       100024
bootparam    100026
keyserv      100029      keyserver
#

Services Table

The services table stores information about the Internet services available on the Internet. It has four columns:

Table 13-15

Column	Description
Service Name	The official Internet name of the service.
Port/Protocol	The port number and protocol through which the service is provided (for instance, 512/tcp)
Aliases	The list of alternate names by which the service can be requested.
Comments	Comments about the service.

Timezone Table

The timezone table, lists the default timezone of every workstation in the domain. The default timezone is used during installation, but can be overridden by the installer. The table has three columns:

Table 13-16

Field	Description
Timezone name	The name of the timezone (e.g., US/Pacific)
Workstation or Domain Name	The name of the workstation or, if using only one line in the entire table, the name of the domain
Comments	Comments about the timezone

包含在