Setting up NIS

Preparing /etc/passwd

Programs first consult an NIS client's local /etc/passwd (and /etc/shadow) file to determine access permission before consulting the NIS maps. Therefore, every client's /etc/passwd file should contain entries for root and the primary users of the machine. Also, the /etc/passwd file should have an entry containing a ``+:'' (plus sign and colon) to force the use of the NIS maps passwd.byname and passwd.byuid. If there is no ``+:'' entry, programs will not consult the NIS maps at all.

There are three styles of ``+'' entries in the /etc/passwd file:

Insert the entire contents of the NIS password database at that point.

Insert the entry (if any) for login from the NIS password database at that point.

+@ netgroup
Insert the NIS password database entries for all members of the network group netgroup at that point.
If a ``+login'' entry has a non-null password (in /etc/shadow), comment, home directory, or login shell field, the value of that field overrides what is contained in the NIS service. The user ID and group ID fields cannot be overridden.

The /etc/passwd file can also have lines beginning with a ``-'' (minus sign) which means to disallow entries from the NIS service. There are two styles of ``-'' entries in /etc/passwd:

Disallow any subsequent entries (if any) for login (in this file or in the NIS password database).

Disallow any subsequent entries for all members of the network group netgroup.
Refer to the passwd(4) manual page for more information.

A typical NIS client's /etc/passwd file might look like:

   mary:x:508:10:& Mary Sunshine:/usr2/mary:/usr/bin/ksh

In this example, there are specific entries for users root, mary, daemon and sync, to ensure that they can log in even when the system is running standalone. The user kelsey will have his password entry in the NIS database incorporated without change; anyone in the netgroup downtown will have their password field disabled, and anyone else will be able to log in with their usual password, shell, and home directory, but with a comment field of ``Guest''. The password field of the /etc/shadow entry for the netgroup downtown should contain the value ``*LK*''.

Note that earlier entries in /etc/passwd take precedence over, or mask, later entries with the same user name or same user ID. Therefore, please note the order of the entries in the example for the daemon and sync user names (which have the same user ID). Make sure you do not alter this order in your own file.

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004