HPE Community
Operating System - HP-UX
1829717 Members
1971 Online
109992 Solutions
New Discussion

NIS user access

 
Ramesh.K.R.
Regular Advisor

‎04-16-2008 08:41 PM

‎04-16-2008 08:41 PM

NIS user access

Hi,

I want to restrict some of the NIS users from accessing a few clients.
Is this possible ?? If so, how i can do this ??

NOTE: We are using HP-UX 11.X, TRU64(5.1A & 5.1B) & SOLARIS(2.8 & 2.9) systems as NIS clients.
hai
0 Kudos
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎04-16-2008 09:50 PM

‎04-16-2008 09:50 PM

Re: NIS user access

Shalom,

Quick and dirty though not 100% effective is to program the /etc/profile of the systems to check user group and reject login of users in a specific group. Then add the users you want restricted to this group and their login will be rejected.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Ramesh.K.R.
Regular Advisor

‎04-16-2008 09:59 PM

‎04-16-2008 09:59 PM

Re: NIS user access

SEP,

Thanks for your quick response.
Can you pl explain it, bit more detailed.

Ramesh
hai
0 Kudos
VK2COT
Honored Contributor

‎04-16-2008 10:06 PM

‎04-16-2008 10:06 PM

Re: NIS user access

Hello,

NIS (and NIS+) is an archaic login model.
Used to be popular in mid 90-ies.

If my memory serves me right, you can use
"-" character in /etc/passwd to
override defaults. Some examples for those
special NIS client servers:

-baduser
-@bad-hosts-users
+specuser::::::/usr/bin/ksh
+@specgroup
+::::::

+myuser::::::/bin/ksh
Overrides the NIS shell setting for the user
"myuser". You can override any field except the UID and GID. The user name could be a
user, or a @.

-baduser
Prevents the user "baduser" from logging in.

And so on.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Ramesh.K.R.
Regular Advisor

‎04-16-2008 10:47 PM

‎04-16-2008 10:47 PM

Re: NIS user access

OK, let me try & get back to you people.

Ramesh
hai
0 Kudos
Peter Nikitka
Honored Contributor

‎04-17-2008 12:37 AM

‎04-17-2008 12:37 AM

Re: NIS user access

Hi,

to make use of the +/- and @ features in /etc/passwd ... you must put the name resolution (/etc/nsswitch.conf) in compatibility mode:
passwd: compat
group: compat (if necessary)

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Steven Schweda
Honored Contributor

‎04-17-2008 02:29 AM

‎04-17-2008 02:29 AM

Re: NIS user access

Assuming that your systems are configured to
use local files before NIS, you should be
able to add entries to the local /etc/passwd
file (or whatever is used on a particular
system) for the users whom you don't want to
use that system. Just set a user's shell to
/sbin/false (or wherever "false" is on that
system) in the local file.

If you have many users or many systems, this
could be a good deal of work, but for "some"
users on "a few" systems, it may be practical.
0 Kudos
Ramesh.K.R.
Regular Advisor

‎04-17-2008 03:22 AM

‎04-17-2008 03:22 AM

Re: NIS user access

Hi,

Finally, the prob is solved .... Thanks fro all your comments.
This is exactly what achived my goal:

On NIS server:
1. add your to the "netgroup" file
ex: univ_uxscm (,x,) (,y,) (,Z,) ..
2. Run /var/yp/ypmake after adding the netgroup file to update NIS database

On NIS client:
1. /etc/passwd (last lines)

+@::-2:-2:::
+:*:-2:-2:::

2. /etc/group (last line)
+:

3. /etc/nsswitch.conf

passwd: compat
group: files nis
hosts: files [NOTFOUND=continue TRYAGAIN=continue] dns
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files
netgroup: nis [NOTFOUND=return] files
automount: files [NOTFOUND=continue] nis
aliases: files nis
services: files nis

Hope it helps ....
hai
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.