Configuring the Network Information Service (NIS)

Administering NIS users and groups

Once you have initialized an NIS domain, most user account administration within the domain can be performed using the Account Manager. You can:

Although it is possible to create new user accounts anywhere in an NIS domain (if you have user equivalence and auth permissions), we recommend that distributed NIS user account administration be performed on the NIS master server only. This will ensure that account permissions are distributed properly.

You must be in multiuser mode (init state 2) with NIS daemons running before creating or modifying user accounts.

NOTE: On an NIS client machine or slave server, the Account Manager allows access to attributes that cannot actually be changed for the distributed user account. This is not a fatal problem, as the client will display an error box with error information, and administration can proceed normally after the error box is dismissed.

WARNING: Do not make administrative accounts (for example, root, MMDF, or UUCP) distributed. Doing so may seriously compromise the security of your network.

By default, only non-administrative accounts will become distributed NIS accounts when NIS is initialized by either ypinit or mkdev nis.

ypinit will ask the user whether administrative accounts should be distributed. If the user chooses to do so, the ADMACCTS variable in /etc/yp/Makefile and /etc/yp/ypmake will be set to -a.

See also:

Next topic: Managing distributed user accounts
Previous topic: Administering NIS logfiles

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003