netgroups
Deb Lilly
deb at tc.fluke.COM
Sat Dec 15 12:12:35 AEST 1990
In article <17600 at hydra.gatech.EDU>, flur at duke.gatech.edu (Peter W. Flur)
writes:
> ... we would
> like to be able to restrict which group of machines any one person has
> access to. Rather than use the YP domains to do this, as we are now,
> we would like to use netgroups.
At Fluke we use netgroups to limit logins on certain machines.
Our YP domain is 'tc'.
Example 1 (netgroup in /etc/passwd to exclude logins from a machine):
Our netgroup 'uucpLogins' contains uucp accounts:
uucpLogins (,uuaea,tc) (,uualle,tc) ...
In all our /etc/passwd files except on the uucphost, we exclude the
uucp accounts with:
- at uucpLogins::0:0:::
Example 2 (netgroup in /etc/passwd to allow logins on a machine):
Our netgroup 'CDXusers' contains accounts for people allowed access to
a set of machines running a specialized application:
CDXusers (,john,tc) (,amyh,tc) (,bryanf,tc) (,darren,tc) ...
In the /etc/passwd files on the restricted machines, we do not use
the full Yellow Pages passwd (no +::0:0::: entry), but do allow access
to the CDXusers with:
+ at CDXusers::0:0:::
Example 3 (netgroup in /etc/hosts.equiv):
Our netgroup 'trustedhosts' includes all computers which use the same
logins, uids, groups, and gids as the rest of the network:
trustedhosts (daphne,,tc) (eros,,tc) (hera,,tc) ...
The /etc/hosts.equiv file on all systems contains:
+ at trustedhosts
There was a bug in SunOS 4.0.1 (bug ID 1022453) that required netgroup
names to be all lower case to work properly in /etc/hosts.equiv. I
don't know whether it's been fixed in 4.0.3 or 4.1.
Deb Lilly
Domain: deb at tc.fluke.COM
UUCP: uunet!fluke!deb
John Fluke Mfg. Co., M/S 223B, PO Box 9090, Everett WA 98206-9090 USA
+1 206 356-5052
--
Deb Lilly
Domain: deb at tc.fluke.COM
UUCP: uunet!fluke!deb
John Fluke Mfg. Co., M/S 223B, PO Box 9090, Everett WA 98206-9090 USA
+1 206 356-5052
More information about the Comp.unix.admin
mailing list