Re: MINUID in NIS Makefile
On Thursday 20 February 2003 16:17, Dan Nelson wrote: In the last episode (Feb 20), Antoine Jacoutot said: Is there a way to use the MINUID and MINGID options in a NIS Makefile or is it Linux only ? You'll have to tell us what those options mean before we can tell you whether there is an equivalent. Of course, I'm sorry... The MINUID and MINGID allow to create passwd.by* only with account which UID are equal or higher than MINUID and group.by* only with groups which GID are equal or higher than MINGID. Extract from a Debian NIS Makefile: # We do not put password entries with lower UIDs (the root and system # entries) in the NIS password database, for security. MINUID is the # lowest uid that will be included in the password maps. # MINGID is the lowest gid that will be included in the group maps. You don't need to copy /var/yp/master.passwd to edit it; just make the change and run make. So I would change the original /etc/master.passwd ?? Is that OK, it looks like it's not. Antoine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
On Thu, Feb 20, 2003 at 04:30:21PM +0100, Antoine Jacoutot wrote: On Thursday 20 February 2003 16:17, Dan Nelson wrote: In the last episode (Feb 20), Antoine Jacoutot said: Is there a way to use the MINUID and MINGID options in a NIS Makefile or is it Linux only ? You'll have to tell us what those options mean before we can tell you whether there is an equivalent. Of course, I'm sorry... The MINUID and MINGID allow to create passwd.by* only with account which UID are equal or higher than MINUID and group.by* only with groups which GID are equal or higher than MINGID. Extract from a Debian NIS Makefile: # We do not put password entries with lower UIDs (the root and system # entries) in the NIS password database, for security. MINUID is the # lowest uid that will be included in the password maps. # MINGID is the lowest gid that will be included in the group maps. You don't need to copy /var/yp/master.passwd to edit it; just make the change and run make. So I would change the original /etc/master.passwd ?? Is that OK, it looks like it's not. You would add one line to the end of your /etc/master.passwd to tell it to pick up the entries from /var/yp/master.passwd as well (assuming you want your NIS users to be able to log on to the NIS server). Any users defined in /etc/master.passwd will be 'local' users, those in /var/yp/master.passwd will be exported to NIS clients. You can do a similar things with the groups database as well. pw(8) will let you set max/min UID and GID ranges and will happily manipulate both the local and NIS passwd files. You want to read the pw(8), passwd(5) and group(5) manpages (especially the bits on NIS/YP interaction) and section 19.8 of the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nis.html Cheers, Scott To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
Antoine Jacoutot wrote:
On Thursday 20 February 2003 16:17, Dan Nelson wrote:
[ ... ]
The MINUID and MINGID allow to create passwd.by* only with account which UID
are equal or higher than MINUID and group.by* only with groups which GID are
equal or higher than MINGID.
20-sec% MINUID=50
21-sec% awk -F: {if (\$3 $MINUID) print } /etc/passwd
bind:*:53:53:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67:X-10 daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6:Post Office Owner:/nonexistent:/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin
chuck:*:1000:1000:Charles Swiger:/home/chuck:/bin/zsh
squid:*:3128:3128:Squid Cache:/home/squid:/sbin/nologin
...or `ypcat`, or however you get a flatfile version of /etc/passwd.
You don't need to copy
/var/yp/master.passwd to edit it; just make the change and run make.
So I would change the original /etc/master.passwd ?? Is that OK, it looks
like it's not.
Use 'vipw' to edit /etc/passwd safely.
However, the point of NIS is to provide a network-based source of users
which are in addition to the users in the local /etc/passwd database.
On your YP/NIS master server, cd to /var/yp and do a make. That will
propogate updated versions of the passwd.foo NIS maps to the NIS clients.
-Chuck
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
On Thursday 20 February 2003 16:45, Scott Mitchell wrote: You would add one line to the end of your /etc/master.passwd to tell it to pick up the entries from /var/yp/master.passwd as well (assuming you want your NIS users to be able to log on to the NIS server). Any users defined in /etc/master.passwd will be 'local' users, those in /var/yp/master.passwd will be exported to NIS clients. You can do a similar things with the groups database as well. ??? I know that. But still, you first need to copy /etc/master.passwd to /var/yp, then edit /var/yp/master.passwd before exporting to clients. I think it is easier to say hey, just pick up UID higher then 1000 in /etc/master.passwd then create passwd.by* pw(8) will let you set max/min UID and GID ranges and will happily manipulate both the local and NIS passwd files. Allright, I'll have a look at it. You want to read the pw(8), passwd(5) and group(5) manpages (especially the bits on NIS/YP interaction) and section 19.8 of the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/nis.html I already have... otherwise I wouldn't ask on the list ;-) Thanks for the help... Antoine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
On Thu, Feb 20, 2003 at 05:16:15PM +0100, Antoine Jacoutot wrote: ??? I know that. But still, you first need to copy /etc/master.passwd to /var/yp, then edit /var/yp/master.passwd before exporting to clients. I think it is easier to say hey, just pick up UID higher then 1000 in /etc/master.passwd then create passwd.by* Well, I think that comes down to what you're used to. Personally I quite like having my local and NIS users in separate files, but that's just me :) In any case, you only need to copy master.passwd once, if at all, when you first set your NIS server up. Then you can use pw (or vipw, if you must) to edit either master.passwd file. pw is nice because it knows about NIS and will run /var/yp/Makefile for you after making changes. I already have... otherwise I wouldn't ask on the list ;-) Thanks for the help... No problem. Cheers, Scott To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
On Thursday 20 February 2003 18:29, Scott Mitchell wrote: In any case, you only need to copy master.passwd once, if at all, when you first set your NIS server up. Then you can use pw (or vipw, if you must) to edit either master.passwd file. pw is nice because it knows about NIS and will run /var/yp/Makefile for you after making changes. You lean pw will update /etc/master.passwd, /var/yp/master.passwd and remake the NIS database ? If this is so, then this is fantastic ! Thanks a lot. Antoine To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
In the last episode (Feb 20), Antoine Jacoutot said: Is there a way to use the MINUID and MINGID options in a NIS Makefile or is it Linux only ? Indeed, with large networks when new users arrive or leave, it is a pain to have to copy then edit the master.passwd file each time a change occurs. You'll have to tell us what those options mean before we can tell you whether there is an equivalent. You don't need to copy /var/yp/master.passwd to edit it; just make the change and run make. If you want the ability to script changes, use the pw command with the flags -V /var/yp -y, tells it to manipulate the NIS passwd files instead of the ones in /etc and to run make automatically. -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: MINUID in NIS Makefile
In the last episode (Feb 20), Antoine Jacoutot said: On Thursday 20 February 2003 16:17, Dan Nelson wrote: In the last episode (Feb 20), Antoine Jacoutot said: Is there a way to use the MINUID and MINGID options in a NIS Makefile or is it Linux only ? You'll have to tell us what those options mean before we can tell you whether there is an equivalent. Of course, I'm sorry... The MINUID and MINGID allow to create passwd.by* only with account which UID are equal or higher than MINUID and group.by* only with groups which GID are equal or higher than MINGID. Extract from a Debian NIS Makefile: # We do not put password entries with lower UIDs (the root and system # entries) in the NIS password database, for security. MINUID is the # lowest uid that will be included in the password maps. # MINGID is the lowest gid that will be included in the group maps. Ok, so this is for the case where all your users are in /etc/passwd, and /var/yp/passwd is basically just autogenerated from it? What I do is a bit different. I put NIS users in /yar/yp/master.passwd, and NIS groups in /var/yp/group. /etc/ on the NIS server (and any NIS slaves) is configured just like an NIS client, with only local users/groups, and a + record at the bottom. This lets me decide which user records get exported to all machines, and has the added benefit that the NIS server is configured the same as any other machine, which means any machine can easily be set up as the master if necessary. If you want to stick with your original setup, just compare the passwd.by* rules on your Debian box and the FreeBSD one. I looked at Debian's Makefile, and both pipe the passwd file through awk. You should be able to copy the $$3 = $(MINUID) test to the FreeBSD Makefile and get the same behaviour as on Debian. -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
