Solved

NIS+ and Secure NFS

Posted on 1997-04-07
2
415 Views
Last Modified: 2013-12-16
This problem with NIS+ and Secure was formely posted under comp.unix.solaris
I have a central NFS-server with all the user disks mounted. The other machines are mounting these disks through DES authenticated NFS. It works fine regarding to the users own files, but when i comes to group permissions something is wrong. Someone told me that it is the group information in passwd.org_dir and not the one in group.org_dir there's in use ?? (it sounds strange to me, only the primary group information should be in the password file).
Somehow i believe it's a problem with some other credentials.

Setup:
I have a share on m1:
 - /export/projects   secure,rw=cs   ""
I mount it:
m2:/export/projects  - /projects nfs - yes  intr,bg,secure,soft
(m2 are in netgroup "cs" and have valid credentials)

The volume is mounted ok on m2, and it works fine regarding to the permissions for the user and everyone. Only group permissions fail.

Regards, Tom
0
Comment
Question by:thelmer
2 Comments
 

Author Comment

by:thelmer
ID: 1811996
Adjusted points to 100
0
 
LVL 1

Accepted Solution

by:
keie earned 100 total points
ID: 1811997
The group information used by the Secure RPC (NFS) server is
in the cred.org_dir table. This table contains two types of
entries. The DES entry
user.company.com.:DES:unix.100@company.com:<hex>;<hex>
is used to authenticate the user "user" in the NIS+ domain "company.com". NIS+ and DNS domain names are identical on most systems.
The LOCAL entry
user.company.com.:LOCAL:100:10,252:
tells Secure RPC (NFS) that "user.company.com." has uid 100 and
is member of the groups 10 and 252. Usually the first group number is the group number from the password table. The later
numbers are often the groups from the groups database that "user" is a member of.
Yes indeed, NIS+ has two copies of the same information.
We used the utility "nisaddent" to convert our ASCII information
to the NIS+ tables. Nisaddent uses the information from the groups database to adapt cred.org_dir.
In your case I would suggest to use "nisaddent -d group" to dump the group table to ASCII form, and then use
"nisaddent -m -f groups-table group" to re-insert the groups table into NIS+.

The utilities in AdminSuite (Solaris 2.5) can be used to maintain
the NIS+ table. We avoid them, because they backfired a few times
when we first used them. We have our own set of scripts to add users to the NIS+ database.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now