Date: Thu, 23 Mar 1995 14:58:12 -0800 (PST) From: Bill Paul <wpaul> To: gibbs@estienne.CS.Berkeley.EDU (Justin T. Gibbs) Cc: CVS-commiters@freefall.cdrom.com, cvs-usrsbin@freefall.cdrom.com Subject: Re: cvs commit: src/usr.sbin/pwd_mkdb pwd_mkdb.c Message-ID: <199503232258.OAA24890@freefall.cdrom.com> In-Reply-To: <199503232233.OAA05397@estienne.cs.berkeley.edu> from "Justin T. Gibbs" at Mar 23, 95 02:33:58 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > >wpaul 95/03/23 14:31:14 > > > > Modified: usr.sbin/pwd_mkdb pwd_mkdb.c > > Log: > > Re-enable +::::::::: wildcards that I had previously disallowed. > > > > Note: if you put +::0:0:::::: in /etc/master.passwd as your only NIS > > entry, it will cause all NIS uids and gids to be remapped to zero. This > > is *intentional*. That's the way it's supposed to work. Enabling NIS with > > no remapping at all is done with +:::::::::, not +::0:0::::::. Similarly, > > +:::::::::/bin/csh will remap the shells of all NIS users to /bin/csh. > > Or, you could do +wpaul:::::::::/bin/csh to remap NIS user wpaul's shell > > to /bin/csh but leave everyone else alone. > > Is there anyway I can do remapping on a group of accounts that are in > /etc/group, but not in a netgroup? > -- > Justin T. Gibbs > ============================================== > TCS Instructional Group - Programmer/Analyst 1 > Cory | Po | Danube | Volga | Parker | Torus > ============================================== > There isn't any support for that, no. I'm trying to emulate the mechanism in SunOS (and in other implementations based on code license from Sun, like IRIX and HP-UX) which, so far as I know, only supports +@netgroup/-@netgroup remapping. The fact that we also have +user/-user remapping actually puts us a step ahead of them in this department. I desperately wanted the +@netgroup/-@netgroup support since everybody else seems to have it and I need it to properly integrate FreeBSD machines into my existing network: I use the remapping mechanism for access control purposes. The main problem I see in implementing group remapping would be that I'd need yet another magic symbol (+ for just username remapping, +@ for netgroup remapping and something else to represent plain group remapping), and I'd have to modify pwd_mkdb, pwd.h and the cacheing function in getpwent.c some more. This isn't that tough to do, but it would be very non-standard. (The +user/-user stuff is also non-standard, but I kept it for backwards compatibility.) If enough people say they want this, I'll do it. Anybody have any suggestions as to what magic symbol I should use? -Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503232258.OAA24890>