From owner-cvs-usrsbin Thu Mar 23 14:58:15 1995 Return-Path: cvs-usrsbin-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA24900 for cvs-usrsbin-outgoing; Thu, 23 Mar 1995 14:58:15 -0800 Received: (from wpaul@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA24890; Thu, 23 Mar 1995 14:58:12 -0800 From: Bill Paul Message-Id: <199503232258.OAA24890@freefall.cdrom.com> Subject: Re: cvs commit: src/usr.sbin/pwd_mkdb pwd_mkdb.c To: gibbs@estienne.CS.Berkeley.EDU (Justin T. Gibbs) Date: Thu, 23 Mar 1995 14:58:12 -0800 (PST) Cc: CVS-commiters@freefall.cdrom.com, cvs-usrsbin@freefall.cdrom.com In-Reply-To: <199503232233.OAA05397@estienne.cs.berkeley.edu> from "Justin T. Gibbs" at Mar 23, 95 02:33:58 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 2180 Sender: cvs-usrsbin-owner@freebsd.org Precedence: bulk > > >wpaul 95/03/23 14:31:14 > > > > Modified: usr.sbin/pwd_mkdb pwd_mkdb.c > > Log: > > Re-enable +::::::::: wildcards that I had previously disallowed. > > > > Note: if you put +::0:0:::::: in /etc/master.passwd as your only NIS > > entry, it will cause all NIS uids and gids to be remapped to zero. This > > is *intentional*. That's the way it's supposed to work. Enabling NIS with > > no remapping at all is done with +:::::::::, not +::0:0::::::. Similarly, > > +:::::::::/bin/csh will remap the shells of all NIS users to /bin/csh. > > Or, you could do +wpaul:::::::::/bin/csh to remap NIS user wpaul's shell > > to /bin/csh but leave everyone else alone. > > Is there anyway I can do remapping on a group of accounts that are in > /etc/group, but not in a netgroup? > -- > Justin T. Gibbs > ============================================== > TCS Instructional Group - Programmer/Analyst 1 > Cory | Po | Danube | Volga | Parker | Torus > ============================================== > There isn't any support for that, no. I'm trying to emulate the mechanism in SunOS (and in other implementations based on code license from Sun, like IRIX and HP-UX) which, so far as I know, only supports +@netgroup/-@netgroup remapping. The fact that we also have +user/-user remapping actually puts us a step ahead of them in this department. I desperately wanted the +@netgroup/-@netgroup support since everybody else seems to have it and I need it to properly integrate FreeBSD machines into my existing network: I use the remapping mechanism for access control purposes. The main problem I see in implementing group remapping would be that I'd need yet another magic symbol (+ for just username remapping, +@ for netgroup remapping and something else to represent plain group remapping), and I'd have to modify pwd_mkdb, pwd.h and the cacheing function in getpwent.c some more. This isn't that tough to do, but it would be very non-standard. (The +user/-user stuff is also non-standard, but I kept it for backwards compatibility.) If enough people say they want this, I'll do it. Anybody have any suggestions as to what magic symbol I should use? -Bill