[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: Groups per host, same User pool

To: "Mladen Sekara" <dev@emefes.com>, <openldap-technical@openldap.org>
Subject: Antw: Groups per host, same User pool
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Mon, 14 Jul 2014 09:41:36 +0200
Content-disposition: inline
In-reply-to: <1405132289.2637.10.camel@vaio-emefes-com>
References: <1405132289.2637.10.camel@vaio-emefes-com>

Hi!

Probably not really an OpenLDAP issue:

If your system has "man netgroup", read it; otherwise try your luck in "man groups". In Linux the manual pages may lack essential information on that (I had a service request on that, but that ended up in ignorance).
---
 NETWORKING FEATURES
    NIS
      The passwd file can have entries that begin with a plus (+) or minus
      (-) sign in the first column.  Such lines are used to access the
      Network Information System database.  A line beginning with a plus (+)
      is used to incorporate entries from the Network Information System.
      There are three styles of + entries:

           +           Insert the entire contents of the Network Information
                       System password file at that point;

           +name       Insert the entry (if any) for name from the Network
                       Information System at that point

           +@name      Insert the entries for all members of the network
                       group name at that point.

      If a + entry has a non-null password, directory, gecos, or shell
      field, they override what is contained in the Network Information
      System.  The numerical user ID and group ID fields cannot be
      overridden.

      The passwd file can also have lines beginning with a minus (-), which
      disallow entries from the Network Information System.  There are two
      styles of - entries:

           -name       Disallow any subsequent entries (if any) for name.

           -@name      Disallow any subsequent entries for all members of
                       the network group name.
---

I haven't tried to define a netgroup of GROUPS (instead of users) to use in /etc/group (instead of /etc/passwd), but maybe that works.

---
 NETWORKING FEATURES
    NIS
      The /etc/group file can contain a line beginning with a plus (+),
      which means to incorporate entries from Network Information Services
      (NIS).  There are two styles of + entries: + means to insert the
      entire contents of NIS group file at that point, and +name means to
      insert the entry (if any) for name from NIS at that point.  If a +
      entry has a non-null password or group member field, the contents of
      that field overide what is contained in NIS.  The numerical group ID
      field cannot be overridden.

      A group file can also have a line beginning with a minus (-), these
      entries are used to disallow group entries.  There is only one style
      of - entry; an entry that consists of -name means to disallow any
      subsequent entry (if any) for name.  These entries are disallowed
      regardless of whether the subsequent entry comes from the NIS or the
      local group file.
---

Regards,
Ulrich


>>> Mladen Sekara <dev@emefes.com> schrieb am 12.07.2014 um 04:31 in Nachricht
<1405132289.2637.10.camel@vaio-emefes-com>:
> Hi all,
> 
> Any way of restricting groups per host, so not all groups are available
> on every host...
> 
> For example, host1 has a special user group defined, that is available
> to host1 only, host2 has it's own group etc. 
> Both of these share the same users.
> 
> -- 
> Mladen Sekara <dev@emefes.com>

References:
- Groups per host, same User pool
  - From: Mladen Sekara <dev@emefes.com>

Prev by Date: Re: Groups per host, same User pool
Next by Date: Re: issue with bad data ? In MMR setup
Index(es):
- Chronological
- Thread