The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

nisopaccess (1)
  • >> nisopaccess (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    nisopaccess - NIS+ operation access control administration command
     
    

    SYNOPSIS

    nisopaccess [-v] directory operation rights
    

    nisopaccess [-v] [-r] directory operation
    

    nisopaccess [-v] [-l] directory [operation]
    

     

    DESCRIPTION

    Most NIS+ operations have implied access control through the permissions on the objects that they manipulate. For example, in order to read an entry in a table, you must have read permission on that entry. However, some NIS+ operations by default perform no access checking at all and are allowed to all:

    Operation

    Example of commands that use the operation

    NIS_CHECKPOINT

    nisping -C

    NIS_CPTIME

    nisping, rpc.nisd

    NIS_MKDIR

    nismkdir

    NIS_PING

    nisping, rpc.nisd

    NIS_RMDIR

    nisrmdir

    NIS_SERVSTATE

    nisbackup, nisrestore

    NIS_STATUS

    nisstat, rpc.nispasswdd

    The nisopaccess command can be used to enforce access control on these operations on a per NIS+ directory basis.

    The directory argument should be the fully qualified name, including the trailing dot, of the NIS+ directory to which nisopaccess will be applied. As a short-hand method, if the directory name does not end in a trailing dot, for example "org_dir", then the domain name is appended. The domain name is also appended to partial paths such as "org_dir.xyz".

    You can use upper or lower case for the operation argument. However, you cannot mix cases. The "NIS_" prefix may be omitted. For example, NIS_PING can be specified as NIS_PING, nis_ping, PING, or ping.

    The rights argument is specified in the format defined by the nischmod(1) command. Since only the read ("r") rights are used to determine who has the right to perform the operation, the modify and delete rights may be used to control who can change access to the operation.

    The access checking performed for each operation is as follows. When an operation requires access be checked on all directories served by its rpc.nisd(1M), access is denied if even one of the directories prohibits the operation.

    NIS_CHECKPOINT

    Check specified directory, or all directories if there is no directory argument, as is the case when NIS_CHECKPOINT is issued by the "nisping -Ca" command. Return NIS_PERMISSION when access is denied.

    NIS_CPTIME

    Check specified directory. It returns 0 when access is denied.

    NIS_MKDIR

    Check parent of specified directory. Returns NIS_PERMISSION when access is denied.

    If the parent directory is not available locally, that is, it is not served by this rpc.nisd(1M), NIS_MKDIR access is allowed, though the operation will be executed only if this rpc.nisd is a known replica of the directory.

    You should note that the NIS_MKDIR operation does not create a NIS+ directory; it adds a directory to the serving list for this rpc.nisd, if appropriate.

    NIS_PING

    Check specified directory. No return value.

    NIS_RMDIR

    Check specified directory. NIS_PERMISSION is returned when access denied.

    The NIS_RMDIR operation does not remove a NIS+ directory; it deletes the directory from the serving list for this rpc.nisd, if appropriate.

    NIS_SERVSTATE

    Check access on all directories served by this rpc.nisd. If access is denied for a tag, "<permission denied>" is returned instead of the tag value.

    NIS_STATUS

    Same as for NIS_SERVSTATE.

    Notice that older clients may not supply authentication information for some of the operations listed above. These clients are treated as "nobody" when access checking is performed.

    The access control is implemented by creating a NIS+ table called "proto_op_access" in each NIS+ directory to which access control should be applied. The table can be manipulated using normal NIS+ commands. However, nisopaccess is the only supported interface for NIS+ operation access control.  

    OPTIONS

    The following options are supported:

    -l

    List the access control for a single operation, or for all operations that have access control enabled.

    -r

    Remove access control for a certain operation on the specified directory.

    -v

    Verbose mode.

     

    EXAMPLES

    Example 1 Enabling Access Control for the NIS_PING Operation

    To enable access control for the NIS_PING operation on "org_dir.`domainname`." such that only the owner of the directory can perform a NIS_PING, or change the NIS_PING rights:

    example% nisopaccess org_dir NIS_PING o=rmcd,g=,w=,n=
    

    Example 2 Listing the Access to NIS_PING

    To list the access to the NIS_PING operation for org_dir:

    example% nisopaccess -l org_dir NIS_PING
    
    NIS_PING    ----rmcd--------    owner.dom.ain.  group.dom.ain.
    

    Example 3 Removing Access Control for NIS_PING

    To remove access control for NIS_PING on org_dir:

    example% nisopaccess -r org_dir NIS_PING
    

     

    EXIT STATUS

    The following exit values are returned:

    0

    Successful operation.

    other

    Operation failed. The status is usually the return status from a NIS+ command such as nistbladm.

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWnisu

     

    SEE ALSO

    NIS+(1), nischmod(1), nistbladm(1), rpc.nisd(1M), attributes(5)  

    NOTES

    NIS+ might not be supported in future releases of the Solaris operating system. Tools to aid the migration from NIS+ to LDAP are available in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    EXAMPLES
    EXIT STATUS
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру