[SunHELP] NIS query

TAMTONAX abdulrashed.tamton at aramco.com
Tue Apr 25 07:50:55 CDT 2006


Hello Amit,

By using a different setup than your standard one, I assume the said server
is not a production one.

Also, it is almost five years since I administered a NIS domain. So, can't
remember all the issues. But this might work:

Just stop all the yp services on the client.
/usr/lib/netsvc/yp/ypstop  (man ypstop/ypstart for more info)

You can test whether it is stopped by using
ps -ef|grep yp
domainame or
ypcat hosts

Modify the /etc/nsswitch.conf ; update/remove nis with files and add all the
hostnames you want to access in the /etc/hosts.

Change the root pw and give to that privileged person to play with your
out-of-NIS system.

Regards,
Rasheed Tamton.



-----Original Message-----
From: sunhelp-bounces at sunhelp.org [mailto:sunhelp-bounces at sunhelp.org] On
Behalf Of Brigance, Leslie V, WWCS
Sent: Tuesday, April 25, 2006 2:55 PM
To: The SunHELP List
Subject: Re: [SunHELP] NIS query

I would agree with Yazid. On 2 counts - I also know a Little about NIS.
Used it a lot in past
years but have not implemented it in at least 5 years.
However, UNLESS you have set the root password on ALL the machines to be the
same (big no-no), but in that case you need to change the root password of
JUST the machine on which this user needs root.
Above all don't pass out the NIS root password.
Alternatively install sudo - that user can blow up his/her own machine but
cannot do anything to any other box on which they do not have sudo
privileges.
I'd need more info before I could really help you much. I am sure that you
know NIS enough to know that when you look at the password file on the
client machine the user probably has no account there. No account - no
password unless you are using a combination of local accounts & passwords
AND nis accounts and passwords (shudder).
but that each client box does have a root, sys, and so forth that are local
only to that box.
Are you using NIS or NIS+. (NIS being kind of a security no-no)

-----Original Message-----
From: sunhelp-bounces at sunhelp.org [mailto:sunhelp-bounces at sunhelp.org]
On Behalf Of Yazid
Sent: Tuesday, April 25, 2006 12:16 AM
To: The SunHELP List
Subject: Re: [SunHELP] NIS query

I know a bit about NIS, but I don't really understand your question, maybe
you can rephrase in simpler sentence.
What's a securenets?
Do you want to remove one of the machine from NIS?
If you want to give a user root access, what's the problem of just giving
the root passwd of that particular machine to him?
How's the machine being in the network relates to the NIS? I think you can
just remove the machine from NIS, and configure everything using local files
and still able to access the network, or you can also combine the  use of of
local files and NIS.

cheers;
--yazid

On 4/25/06, Amit GUPTA <amit-cmg.gupta at st.com> wrote:
> Hello Gurus,
>
> Greetings !!
>
> My question is :
>
>  In my environment, i have 700 sun blade 150/100, all are binded to
NIS.
> One of my user wants to have the root access of the machine but also
> want the machine to be on the network. My all the clients machines are
> binded to the NIS slave servers and in my NIS master server i have
also
> configure the securenets which has the entry of only NIS slave
servers.
> Is there any way out, if i can make sure that client machine will be
on
> the n/w but not binded to any of the NIS servers.
>
>
> thanks in advance for your response.
>
> regards
> amit
> _______________________________________________
> SunHELP maillist  -  SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp
>
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
_______________________________________________
SunHELP maillist  -  SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp



More information about the SunHELP mailing list