Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

NIS+ and Secure NFS

Posted on 1997-04-07
2
417 Views
Last Modified: 2013-12-16
This problem with NIS+ and Secure was formely posted under comp.unix.solaris
I have a central NFS-server with all the user disks mounted. The other machines are mounting these disks through DES authenticated NFS. It works fine regarding to the users own files, but when i comes to group permissions something is wrong. Someone told me that it is the group information in passwd.org_dir and not the one in group.org_dir there's in use ?? (it sounds strange to me, only the primary group information should be in the password file).
Somehow i believe it's a problem with some other credentials.

Setup:
I have a share on m1:
 - /export/projects   secure,rw=cs   ""
I mount it:
m2:/export/projects  - /projects nfs - yes  intr,bg,secure,soft
(m2 are in netgroup "cs" and have valid credentials)

The volume is mounted ok on m2, and it works fine regarding to the permissions for the user and everyone. Only group permissions fail.

Regards, Tom
0
Comment
Question by:thelmer
2 Comments
 

Author Comment

by:thelmer
ID: 1811996
Adjusted points to 100
0
 
LVL 1

Accepted Solution

by:
keie earned 100 total points
ID: 1811997
The group information used by the Secure RPC (NFS) server is
in the cred.org_dir table. This table contains two types of
entries. The DES entry
user.company.com.:DES:unix.100@company.com:<hex>;<hex>
is used to authenticate the user "user" in the NIS+ domain "company.com". NIS+ and DNS domain names are identical on most systems.
The LOCAL entry
user.company.com.:LOCAL:100:10,252:
tells Secure RPC (NFS) that "user.company.com." has uid 100 and
is member of the groups 10 and 252. Usually the first group number is the group number from the password table. The later
numbers are often the groups from the groups database that "user" is a member of.
Yes indeed, NIS+ has two copies of the same information.
We used the utility "nisaddent" to convert our ASCII information
to the NIS+ tables. Nisaddent uses the information from the groups database to adapt cred.org_dir.
In your case I would suggest to use "nisaddent -d group" to dump the group table to ASCII form, and then use
"nisaddent -m -f groups-table group" to re-insert the groups table into NIS+.

The utilities in AdminSuite (Solaris 2.5) can be used to maintain
the NIS+ table. We avoid them, because they backfired a few times
when we first used them. We have our own set of scripts to add users to the NIS+ database.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question