We have a nis server and a nis client in a domain. As part of the in-charge of a subdomain, I want to enable nis logins for only some users on a particular machine, and want to disable the rest of the users. I DO NOT have administrative access to nis master password file.
Can it be done. If so, how?
e.g. machine1, all users enabled for nis login
machine2, only xyz, and pqr are allowed to login
machine3, abc and def are not allowed, rest all are allowed.
In short, to allow/disallow a subset of users from accessing a particular nis-client, without root/administrative privileges to the nis server.
nsswitch.conf looks like this:
#other entries before this
passwd: files nis
shadow: files nis
group: files nis
#other entries after this.
Client runs Ubuntu 10.04.(Don't flame me for this please :|)
My /etc/passwd does not have a +:::::: entry, but/and all the users from nis can log in.
Thanks.
Best Answer
tYes, in many ways:
/etc/passwd/etc/passwd/etc/passwdNumber 1 is usually considered "more correct" from an admin standpoint
Number 2 is convenient if you don't have a lot of users who need to access this host and your admin team is slow creating/updating netgroups.
Number 3 is best if there are a few users who should be excluded but everyone else (or everyone else in a specific netgroup) should have access - e.g. denying an intern access to the NIS master server :-)
(If you have had the misfortune to be dropped into a NIS environment and don't have much experience with it I suggest picking up a copy of the O'Reilly "Managing NFS & NIS" Book - http://oreilly.com/catalog/9781565925106 - It's a good bet if you're in a NIS shop someone has a copy laying around :)