About managing users

Two types of account exist on an NIS network: those that are distributed (and must be administered from the master machine) and those that are local (and must be administered from the local computer). Distributed accounts allow users to access any machine on the NIS network, while local accounts allow users access to the local host machine only:

distributed

Provides account information that is uniform on each machine in an NIS domain. Changes made to distributed accounts are automatically propagated through NIS maps to other NIS nodes. You can easily manage distributed accounts from a central node, the master server.

local

Provides account information that can be unique to a particular machine. Because they are not affected by maps that are propagated between servers, local accounts allow you to exempt certain users from NIS management. In addition, changes that you make to local accounts do not affect NIS.

NIS password information is maintained by the following files in the /etc directory:

passwd.yp

Contains entries for distributed accounts. After entries are added using the Account Manager, The passwd map is created from this file.

passwd.local

Contains entries for local accounts. Entries are created by default when NIS is initialized on a system or added later using the Account Manager.

passwd

Contains entries for all active accounts, local and distributed. On the master server, passwd contains all entries from passwd.yp and passwd.local. On slave and copy-only servers, it contains entries from passwd.local and ASCII translations of the passwd map received from the master.

Entries in passwd.local take precedence over entries in passwd.yp. That is, if the two files include a user with the same name, the information in passwd.local is incorporated into passwd and the corresponding information in passwd.yp (and the passwd map) is overridden.

On clients, you can use NIS maps to augment local password information in the /etc/passwd file. See ``Using NIS maps in the password file'' for more details.

ptmp

Is a locking file used by yppasswd (see ``Special NIS password change'' later on in this chapter).

group.yp

Contains entries for distributed groups. After entries are added manually, the group map is created from this file. Each NIS domain has a unique group.yp file existing only on the master server.

group.local

Contains entries for local groups. Entries are created by default when NIS is initialized on a system or added later manually.

group

Contains entries for all active groups, local and distributed. On the master server, group contains all entries from group.yp and group.local. On slave and copy-only servers, it contains entries from group.local and ASCII translations of the group map received from the master.

Entries in group.local take precedence over entries in group.yp. That is, if the two files include a group with the same name, the information in group.local is incorporated into group and the corresponding information in group.yp (and the group map) is overridden.

On clients, you can use NIS maps to augment local group information in the /etc/group file. See ``Using NIS maps in the group file'' for more details.

You can manipulate NIS account files directly from the command line or scripts using the useradd(ADM), userdel(ADM), and usermod(ADM) commands.