Darren J Moffat wrote:
>
>>
>> I laready maintain the netgroup of users who I consider
>> 'Administrators', It'd be nice to only need to maintain that list in
>> one place, and not have to make entries in user_attr for each of the
>> same users.
>>
>> Is this possible?
>
> Not at this time. I have prototyped in the past an extension to the
> user_attr table that allows putting a netgroup or hostname in the
> currently unused qualifier filed but that hasn't been integrated into
> any release at this time.
>
> This is covered under CR# 4986798
>
> http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4986798
>
Hi Darren, thanks for the pointer.
That RFE looks great, and definitely useful, but I'm not sure it really
covers what I was talking about.
Putting the netgroup in the qualifier field makes sense if you want to
limit which hosts a a user is assigned a profile, etc.
But I was trying to ease maintaining the list of users who are assigned
a profile on all machines.
For example, if I have a netgroup:
Admins \
(-,user1,mydomain) (-,user2,mydomain) ... (-,userN,mydomain)
and I put this in /etc/user_attr (or NIS or LDAP user_attr):
@Admin::::profiles=Primary Administrator;roles=root
I'd like that to give me the equivalent funtionality of this in
user_attr (on all hosts):
user1::::profiles=Primary Administrator;roles=root
user2::::profiles=Primary Administrator;roles=root
.
.
.
userN::::profiles=Primary Administrator;roles=root
Basically I already have to maintain the netgroup, since it's used
elsewhere, and I'd rather not have another list of the same users to
have to keep in sync.
Is that covered by that RFE? or is this something different?
If it's not, I can even envision ways that the two ideas coudl be used
together, to assign the same role to one netgroup of users on one
netgroup of hosts, and a different netgroup of users on a different
netgroup of hosts. But that might be too complicated.
-Kyle
