passwd/netgroups
stanonik at nprdc.navy.mil
stanonik at nprdc.navy.mil
Fri Nov 3 05:24:00 AEST 1989
We've been trying to use netgroups to control login access. Every user
account is in the yp passwd map, but, for example, a project might not
want anyone outside of the project logging into their machines. They do,
however, still want to be able to finger anyone. So, the passwd file on
their machines might look like
root:... and other common entries for sys admin
+ at project1
+::0:0:::/dev/null
The problem with this is that programs which getpwent through passwd will
find some entries twice. For example, if smith is in the project
netgroup, then getwpent will find smith twice, once with a real shell and
again with /dev/null shell. Groan. True, that's what the passwd file
says, but it's not what we meant.
One way around this is as follows
root:... and other common entries for sys admin
+ at project1
- at project1
+::0:0:::/dev/null
Seems kludgey.
An alternative to ensure that everyone is in some project (ie, netgroup)
and no one is in two projects, then use
root:... and other common entries for sys admin
+ at project1
+ at project3::0:0:::/dev/null
+ at project4::0:0:::/dev/null
etc
Groan. This seems like an administrative headache as projects come and
go.
Any suggestions?
Thanks,
Ron Stanonik
stanonik at nprdc.navy.mil
More information about the Comp.sys.sun
mailing list