HPE Community
Operating System - HP-UX
1833749 Members
2655 Online
110063 Solutions
New Discussion

Re: NIS Netgroups

 
Matthew F. Carr
Occasional Advisor

‎09-25-2002 04:46 AM

‎09-25-2002 04:46 AM

NIS Netgroups

Greetings, I'm currently implementing an NIS domain for 80 or so servers. I was wondering if anyone had a good methodology for automating netgroups or some other means of keeping the right people on the right boxes. I wrote a little script and threw it into the /etc/profile which kicks users out if they do not have a home dir. but I'm not sure this is the best means available. Secondly it creates a new problem that i need to go out to the specific server to create a home dir for every new user I add to NIS. Any thoughts/ideas/comments/sanity checks would be much appreciated.
0 Kudos
Reply
4 REPLIES 4
Donald Kok
Respected Contributor

‎09-25-2002 04:54 AM

‎09-25-2002 04:54 AM

Re: NIS Netgroups

In /etc/auto_home you can put a line for every user on which server there homedir is. You can push this nis-map so every machine knows about it. Now users can login to any machine without much administration.
My systems are 100% Murphy Compliant. Guaranteed!!!
0 Kudos
Reply
Matthew F. Carr
Occasional Advisor

‎09-25-2002 05:34 AM

‎09-25-2002 05:34 AM

Re: NIS Netgroups

Hey Donald, does this mean that when the user logs in to say box1, they receive their home dir from box2, sort of like NFS mount but w/out the security hole?
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎09-25-2002 05:54 AM

‎09-25-2002 05:54 AM

Re: NIS Netgroups

NFS is the security hole, whether it's via automount or not.
An automounter map is configurable though, just as NIS is, so you can make as many of your own NIS maps as you want, and use them as you need.
BTW: NIS and NFS are both security problems, but not nearly as bad as netbios...

Good sysadmin practices negate many of the NFS and NIS security problems though. As it sounds like your new in the field I'll recommend you 2 books, both published by O'Reilly and Associates.
1. NFS and NIS Administration
2. Unix System Administration

The first book takes you through NFS and NIS, pros, cons, implementation, customization, etc...
The second may not be as critical, but still has lots of good tips and tricks.

To find more of the netgroup file...
% man netgroup
will give you all you need. I dont think it will do what you want though.

Remember that NIS is an administration tool, mostly for user management. The best way to lock usera to machinea is by not using NIS passwd maps, but local passwd maps. use NIS for host resolution and automounter maps.

Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Donald Kok
Respected Contributor

‎09-25-2002 10:58 PM

‎09-25-2002 10:58 PM

Re: NIS Netgroups

No, NIS takes care about the management, the mounting is done by nfs (automount).

If you want to make your systems secure, you better not use nis and nfs. Maybe nis+ is something for you. Nis+ is secure, but also much more complicated.
My systems are 100% Murphy Compliant. Guaranteed!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.