SUMMARY: netgroup

From: Ricardo Ruiz (rruiz@census.gov)
Date: Thu Feb 16 1995 - 08:42:40 CST

My original questions read:

> I use NIS to manage about 10 SPARC stations running SunOS v4.1.3_U1 and 30
> PCs running UnixWare. I have a group of users that will only have access
> to our PCs. I would like to deny accesss to these users if they try to
> login to any of our SPARC systems.
>
> My idea was to create a group with these users in netgroup and add the
> line -@group-name to the /etc/passwd file on each SPARC station just
> before the line +::0:0:::. My group entry in netgroup looks like this:
>
> subgroup1 (,keyer1,), (,keyer2,), (,keyer3,)
> subgroup2 (,keyer4,), (,keyer5,), (,keyer6,)
> group-name subgroup1, subgroup2
>
> My problem is that this did not work. My host continues to allow users
> from this group to login. Any ideas? Do you have a better solution?

I needed two syntax changes:

1. netgroup definitions are separated by a space not commas.

I fixed this but my -@group-name continue to allow these users in. After
a few days playing around with it, the answer was to make my -@group-name
line in /etc/passwd needed to look more like a user entry. Therefore,

2. I modified my group line in /etc/paswd
from

        -@group-name

to

        -@group-name::0:0:::

Some people recommended to use +@group-name:0:0:::/usr/nosh and type a
message from /usr/nosh or point /usr/nosh to /dev/null. I tried using
/usr/nosh and that would work as well.

Many thanks to:

Joey R Montilla <Jose.Montilla@gain.com>
Dirk Somers <dsomers@roam.agfa.be>
Yair Gany <gany@math.tau.ac.il>
Jim Murff <murff@nicimg.com>
Mike Rembis 66520 <ebumfr@ebu.ericsson.se>
Brian T Wightman <wightman@sol.acs.uwosh.edu>
Marc Gibian <gibian%typhoon@stars1.HANSCOM.AF.MIL>
Jochen Bern <bern@penthesilea.uni-trier.de>
Daniel E Zegarac <zegarac@gdls.com>
Pauline van Winsen <Pauline.van.Winsen@uniq.com.au>
Juergen Peus <grobi@uni-paderborn.de>
Paulo Licio de Geus <paulo@parana.dcc.unicamp.br>
Paul H Allen <pha@cs.rit.edu>

                            \\|||//
                             |^ ^|
                             (0|0)
/------------------------oOO--(_)--OOo---------------------------\
| Ricardo J Ruiz E-MAIL: rruiz@census.gov |
| U.S. Census Bureau |
| Systems Support Division FAX: (301) 457-2477 |
| Visit our award-winning home page: http://www.census.gov/ |
\---------------------------ooo-ooo------------------------------/

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:16 CDT