Solved

NIS+ and Secure NFS

Posted on 1997-04-07
2
411 Views
Last Modified: 2013-12-16
This problem with NIS+ and Secure was formely posted under comp.unix.solaris
I have a central NFS-server with all the user disks mounted. The other machines are mounting these disks through DES authenticated NFS. It works fine regarding to the users own files, but when i comes to group permissions something is wrong. Someone told me that it is the group information in passwd.org_dir and not the one in group.org_dir there's in use ?? (it sounds strange to me, only the primary group information should be in the password file).
Somehow i believe it's a problem with some other credentials.

Setup:
I have a share on m1:
 - /export/projects   secure,rw=cs   ""
I mount it:
m2:/export/projects  - /projects nfs - yes  intr,bg,secure,soft
(m2 are in netgroup "cs" and have valid credentials)

The volume is mounted ok on m2, and it works fine regarding to the permissions for the user and everyone. Only group permissions fail.

Regards, Tom
0
Comment
Question by:thelmer
2 Comments
 

Author Comment

by:thelmer
Comment Utility
Adjusted points to 100
0
 
LVL 1

Accepted Solution

by:
keie earned 100 total points
Comment Utility
The group information used by the Secure RPC (NFS) server is
in the cred.org_dir table. This table contains two types of
entries. The DES entry
user.company.com.:DES:unix.100@company.com:<hex>;<hex>
is used to authenticate the user "user" in the NIS+ domain "company.com". NIS+ and DNS domain names are identical on most systems.
The LOCAL entry
user.company.com.:LOCAL:100:10,252:
tells Secure RPC (NFS) that "user.company.com." has uid 100 and
is member of the groups 10 and 252. Usually the first group number is the group number from the password table. The later
numbers are often the groups from the groups database that "user" is a member of.
Yes indeed, NIS+ has two copies of the same information.
We used the utility "nisaddent" to convert our ASCII information
to the NIS+ tables. Nisaddent uses the information from the groups database to adapt cred.org_dir.
In your case I would suggest to use "nisaddent -d group" to dump the group table to ASCII form, and then use
"nisaddent -m -f groups-table group" to re-insert the groups table into NIS+.

The utilities in AdminSuite (Solaris 2.5) can be used to maintain
the NIS+ table. We avoid them, because they backfired a few times
when we first used them. We have our own set of scripts to add users to the NIS+ database.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
wget saving web page help 4 66
removing nim resources 5 37
AIX  NFS  question 1 98
UNiX Script filesystem space usage 19 59
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now