[ Team LiB ] Previous Section Next Section

Administering NIS+ Databases

NIS+ provides a central store of information for network resources such as hosts, users, and mailboxes. NIS+ replaces NIS (Network Information Service) and provides the following enhancements.


NOTE. LDAP is now scheduled to replace NIS+.

  • An organizational framework that is simpler to administer in large companies.

  • Improved security.

  • Improved distribution time to propagate changes through the network.

In addition, the Solaris Operating Environment provides a nameservice switch file, /etc/nsswitch.conf, that lets you use several different network information services at once. The /etc/nsswitch.conf file also lets you specify which service provides which type of information. In previous SunOS releases, selection of the nameservice was hard-coded into the services, which made it difficult to switch to a new nameservice. The /etc/nsswitch.conf file defines the order in which local files and network databases are searched for information. Describing how to set up NIS+ is beyond the scope of this book.

Using NIS+ Tables

NIS+ tables correspond to NIS maps. The Solaris Operating Environment provides 16 types of tables (shown in Figure 19) that store the network information used by NIS+.

Figure 19. The 16 NIS+ Tables


Each table stores a different type of information about users, workstations, or resources on the network. For instance, the Hosts table stores the host name and network address of every workstation in the domain; the Bootparams table stores the location of the root, swap, and dump directories of the diskless clients in the domain.

Each domain can have its own set of these NIS+ tables, which store all the NIS+ information for that particular domain. Table 79 lists the 16 NIS+ tables and the information they store.

Table 79. NIS+ Tables


Information in the Table


Network address and host name of every workstation in the domain.


Location of the root, swap, and dump partition of every diskless client in the domain.


Password information about every NIS+ principal (Nobody, Owner, Group, or World) in the domain, plus a pointer to the shadow file.


Credentials for principals who have permission to access the information or objects in the domain.


Password, group ID, and members of every group in the domain.


The netgroups to which workstations and users in the domain may belong.


Information about the sendmail and e-mail aliases of individual users in the domain.


The time zone of every workstation in the domain.


The networks in the domain and their canonical names.


The networks in the domain and their associated netmasks.


The Ethernet address of every workstation in the domain.


The names of IP services used in the domain and their port numbers.


The list of IP protocols used in the domain.


The RPC program numbers for RPC services available in the domain.


The location of all users' home directories in the domain.


Automounter map information.

You can access information in NIS+ tables either by entry row or by column, as shown in Figure 20.

Figure 20. Entry Row and Columns in a Table


For example, if you want to find the network address of a workstation named drusilla in the Hosts database, you can ask a search program to look through the hostname column until it finds drusilla, as shown in Figure 21. The program then searches the drusilla entry row to find its network address, as shown in Figure 22.

Figure 21. Searching the Hostname Column


Figure 22. Finding a Network Address


You can use NIS+ commands to perform these types of searches for you. Table 80 lists the NIS+ administrative commands.

Table 80. NIS+ Administrative Commands




Display, add, modify, and delete information in an NIS+ table.


Search for information in an NIS+ table.


Search for information in an NIS+ table.


Display the entire contents of an NIS+ table.

See the manual pages for information about how to use these commands.

NIS+ Security

NIS+ uses a security authorization model that is similar to the UNIX file system model. It specifies that each item in the namespace as well as each record, each column, and each row has associated with it a set of access rights that are granted to four broad classes of principals.

  • The owner of the item.

  • A group owner of the item.

  • All other principals.

  • nobody—the class of users not defined in the NIS+ domain or those users accessing NIS+ resources from NIS clients.

The specific access rights are different from the traditional read, write, and execute rights of file systems because of the nature of information services. Refer to your system manual for more information about NIS+ security.

    [ Team LiB ] Previous Section Next Section