System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Changing GID for two users in NIS

SOLVED
Go to solution
Vishu
Trusted Contributor

Changing GID for two users in NIS

Hi Masters,

I have HPUX-11.00. i have 2 users in NIS master server, which have been assigned GID of 500, but i want to change GID to 501 and populate the changes on the NIS slave server. These NIS users does not exist in my local /etc/passwd. here is the user difference between local and NIS users.

root # cat /etc/passwd | wc -l
79
root # ypcat passwd | wc -l
5352
root #

Can you please provide the steps to do it. Its a very critical NIS master server. Please suggest on it.

Thanks
26 REPLIES
Steven E. Protter
Exalted Contributor

Re: Changing GID for two users in NIS

Shalom,

Change these numbers on the NIS master.

Make sure these users do not exist at all on the NIS slaves except as NIS users. Make sure they do not exist as local users on any system.

ypmake

That should update things.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Ganesan R
Honored Contributor

Re: Changing GID for two users in NIS

Hi Ranju,

You have to make the changes on NIS master server source files first and apply the changes to the NIS database.

Edit the /etc/passwd file on NIS master and change the GID or use this command to change it.
#usermod -g 501

Once you modified, run /var/yp/ypmake command. It will update the NIS maps and sync with slave servers.

You can also run yppush on master server or ypxfr on slave servers to synchronize the NIS maps between master and slave servers.
Best wishes,

Ganesh.
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS

Thanks SEP and Ganesan,

but as i pasted above, those users are NIS users only and do not exist in /etc/passwd. then how would i made changes to them on NIS master server.

usermod command will only edit the users in /etc/passwd. but if they dont exist there, then how would i do that. Also, one query, if i run this command

# ypmake passwd

It will update or modify my NIS password database, but i have only 79 users in /etc/passwd and 5352 users in NIS password databse. Would not ypmake overwrite my existing NIS password database(5352) with new one(79 only). Please clear my doubt on it.

if you have commands, can you please paste those here.
Steven E. Protter
Exalted Contributor

Re: Changing GID for two users in NIS

Shalom,

If those users do not exist on the NIS master then they are local users on the system you are testing.

They need to be migrated to the NIS database.

useradd them to the NIS Master

ypmake

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
V. Nyga
Honored Contributor

Re: Changing GID for two users in NIS

Hi,

>These NIS users does not exist in my
>local /etc/passwd. here is the user
>difference between local and NIS users.

So this is local:
>root # cat /etc/passwd | wc -l
>79
and this is NIS:
>root # ypcat passwd | wc -l
>5352
?

That's the sense of NIS - users are ONLY in the NIS server passwd and the clients get the login information from there.
So you don't overwrite anything at the clients, but you have to make the changes at the NIS server.

You also have to change /etc/group !
There GID 501 has to be created, too.

Volkmar
*** Say 'Thanks' with Kudos ***
V. Nyga
Honored Contributor

Re: Changing GID for two users in NIS

Hi again,

also - if you run ypmake command at the client nothing will happen.
If you do it at the NIS client, I don't know, but I believe as long as it run as a client nothing will happen too.
Nevertheless you ONLY make user changes at the NIS server.

You can check which one it is with the command 'ypwhich'.

HTH
Volkmar
*** Say 'Thanks' with Kudos ***
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS

SEP,
They are there in NIS master database. please find the below output. It will give you some picture.

root # ypcat passwd | grep -i spainter
spainter:UlCd2pvwwcC/k,A/BU:11556:500:Seimens walter:/home/spainter:/bin/ksh

root # cat /etc/passwd | grep -i spainter
root #

Please tell how can i change the GID from 500 to 501. i think usermod will only work on /etc/passwd but not on passwd.byname.
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS


@Volkmar

1. Its the NIS master server. and plz tell if i run ypmake on NIS master server, then does it overwrite my existing NIS password database.

2. GID 501 is already exists in /etc/group.
Ganesan R
Honored Contributor
Solution

Re: Changing GID for two users in NIS

Hi Ranju,

Do this. check the content of the file /var/yp/Makefile on NIS master and look at the below entries.

DIR = /etc
..
..
..
PWFILE = $(DIR)/passwd.yp

Makefile is the source file used to create the NIS Maps. Just edit the /etc/passwd.yp file and modify the GID. Once you modify, run the ypmake command which will update the NIS maps and synchronize the slave servers.
Best wishes,

Ganesh.
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS

Hi Ganesan,

Here are the contents of /var/yp/Makefile


DIR =/etc
DOM = `domainname`
NOPUSH = ""
ALIASES = /etc/mail/aliases
YPDIR=/usr/sbin
YPDBDIR=/var/yp
YPPUSH=$(YPDIR)/yppush
MAKEDBM=$(YPDIR)/makedbm
REVNETGROUP=$(YPDIR)/revnetgroup
STDETHERS=$(YPDIR)/stdethers
STDHOSTS=$(YPDIR)/stdhosts
MKNETID=$(YPDIR)/mknetid
MKALIAS=$(YPDIR)/mkalias
PWFILE=$(DIR)/passwd

Ganesan R
Honored Contributor

Re: Changing GID for two users in NIS

Hi,

It means /etc/passwd file was used to create the NIS maps initially and removed ALL NIS user entries from the local password which most admin will do. This is to avoid the NIS users to login locally on NIS Master.

Best wishes,

Ganesh.
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS

Thanks Ganesan,

but now the thing is how would i do this i.e. change my GID from 500 to 501. anyone has any idea?
Steven Schweda
Honored Contributor

Re: Changing GID for two users in NIS

> but now the thing is how would i do this
> i.e. change my GID from 500 to 501.

Edit /etc/group (or whatever /var/yp/Makefile
saya that it used for "group")?

> Jul 29, 2009 14:24:40 GMT
> [...]
> You also have to change /etc/group !

I don't understand what's not clear to you.
What, exactly, do you wish to change? How do
you see what it is now? As usual, showing
actual commands with their actual output can
be more helpful than vague descriptions and
interpretations.
Ganesan R
Honored Contributor

Re: Changing GID for two users in NIS

Hi Ranju,

You should be having the backup of master passwd file used to generate the NIS maps earlier somewhere on the NIS master server. If the group is already exist you have to modify only the passwd file and change the PWFILE entry in Makefile to point the source passwd file and run ypmake.

Though I haven't tried, you can also try via SAM to change the attributes for NIS users.
Best wishes,

Ganesh.
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS

Ganesan, Thanks for your findings...but i have checked that i no longer have that file in the server. the NIS database was created around 2-3 years ago. i was not managing this server that time. Well, dont know also that SAM will work in it, bcoz have not tried it before.

@Steven,
Please read my earlier post, i want to change the GID for two users only i.e. to edit the password file, not the /etc/group file. Please go through the posts and suggest if anything u have in it.
Steven Schweda
Honored Contributor

Re: Changing GID for two users in NIS

> [...] i want to change the GID for two
> users only i.e. to edit the password file
> [...]

So why not "edit the password file", and make
the changes you want? Or use usermod to make
the changes, if you prefer.

> i think usermod will only work on
> /etc/passwd but not on passwd.byname.

Well, yes, but /etc/passwd on the NIS master
server is where NIS gets the data for
passwd.byname. You change etc/passwd on the
NIS master server, then ypmake (or
equivalent) rebuilds the NIS passwd data base
from that file. (And it should do a yppush
to propagate the new data to the consumers,
too, as I recall.)
Steven Schweda
Honored Contributor

Re: Changing GID for two users in NIS

> [...] /etc/passwd on the NIS master
> server is where NIS gets the data for
> passwd.byname.

That is, /etc/passwd on the NIS master server
is where NIS gets the data for passwd.byname
_unless_ someone has changed /var/yp/Makefile
so that it gets the passwd data from some
other file.
Vishu
Trusted Contributor

Re: Changing GID for two users in NIS

@ Steven Schweda ,

I agree to it that NIS passwd.byname get its data from /etc/passwd while doing ypmake, but i have already post that my /etc/passwd does not have those users in it. Those users are deleted from /etc/passwd after doing ypmake and only exists as NIS users, not as local users. Ganesan has also told this thing in the post just prior to your previous post.

So, if i try to run usermod, it came up with "user does not exist". Please suggest now.
Steven Schweda
Honored Contributor

Re: Changing GID for two users in NIS

> [...] Those users are deleted from
> /etc/passwd after doing ypmake and only
> exists as NIS users, not as local users.
> [...]

In that case, I'd probably try to add them
back into the NIS master server's passwd
source file (normally /etc/passwd).

Do you _want_ to have users in the NIS data
but not in the NIS master server's
/etc/passwd file? If so, then it would seem
to me that /var/yp/Makefile should be
using some file other than the NIS master
server's /etc/passwd file as its passwd data
source.

> [...] here is the user difference between
> local and NIS users.
>
> root # cat /etc/passwd | wc -l
> 79
> root # ypcat passwd | wc -l
> 5352

Was that done on the NIS master server?

I'm still confused, but there may be some
hope.
Ganesan R
Honored Contributor

Re: Changing GID for two users in NIS

Hi Ranju,

You should be having the source passwd file somewhere on the server. You can find it.

#find / -name -type f passwd* -print

Have you tried via SAM? I hope that you can do through SAM as well. Goto SAM->users and groups -> NIS users -> select the user -> actions -> modify the group membership.

Unfortunately I am not sitting infront of NIS server now, to test it for you.
Best wishes,

Ganesh.
Steven Schweda
Honored Contributor

Re: Changing GID for two users in NIS

> #find / -name -type f passwd* -print

Uh, perhaps something more like this?:

find / -name 'passwd*' -type f -print

But that assumes some things which may not be
true.

If the source file is really lost, then
"ypcat passwd" might be a good way to start
its reconstruction.
V. Nyga
Honored Contributor

Re: Changing GID for two users in NIS

Hi again,

one more try - a NIS server doesn't *copy* the users to the clients - at least not at my systems!
A client passwd has a '+' at the end, so the ws knows, that there are more users at the NIS server.

In your case: If the user doesn't exist at the NIS server, then he is not a global user, but a local user.
Then you have to change the usergroup at every client where the user exists - btw. that's the sense of NIS to do it only at one place.
When the group already exists, then you can edit the passwd file with 'vipw /etc/passwd'.
Change the group id of the user from 500 to 501 - that's all. The group id is after the third ':'. About vipw check the man pages too.

Can you tell us the output of 'ypwich' at workstation 1 and ws 2?

V.
*** Say 'Thanks' with Kudos ***
Ganesan R
Honored Contributor

Re: Changing GID for two users in NIS

Hi Ranju,

I just checked. You can modify the group membership for NIS users via SAM as well.

Goto SAM -> Accounts for user and groups -> NIS users -> select the user -> Actions -> modify -> Primary group -> change here

Once you modify, you can run yppush on master or ypxfr on slave servers to propagate the changes to slave servers.

Best wishes,

Ganesh.
Steven Schweda
Honored Contributor

Re: Changing GID for two users in NIS

> [...] You can modify the group membership
> for NIS users via SAM as well.

And what, exactly, does "sam" do? If the
answer is "modify /etc/passwd" on the NIS
master server, then will it "work" as desired
in this case?

Are you talking about running "sam" on the
NIS master server, or will this "work" from
anywhere?