The Nobody Class

The nobody class is composed of anyone who is not properly authenticated. In other words, the nobody class includes everyone who does not present a valid DES credential.

Authorization Classes and the NIS+ Object Hierarchy

There is a hierarchy of NIS+ objects and authorization classes that can apply independently to each level. The standard default NIS+ directory hierarchy is:

Directory level. In each NIS+ domain there are two NIS+ directory objects: groups_dir and org_dir. Each groups_dir directory object contains various groups. Each org_dir directory object contains various tables.
Group level or table level. Groups contain individual entries and possibly other groups. Tables contain both columns and individual entries.
Column level. A given table will have one or more columns.
Entry (row) level. A given group or table will have one or more entries.

The four authorization classes apply at each level. Thus, a directory object will have its own owner and group. The individual tables within a directory object will have their own individual owners and groups which may be different than the owner and group of the directory object. Within a table, an entry (row) may have its own individual owner or group which may be different than the owner and group of the table as a whole or the directory object as a whole. Within a table, individual columns have the same owner and group as the table as a whole.

NIS+ Access Rights

NIS+ objects specify their access rights as part of their object definitions. (You can examine these by using the niscat -o command.)

NIS+ objects specify access rights for NIS+ principals in the same way that UNIX files specify permissions for UNIX users. Access rights specify the types of operations that NIS+ principals are allowed to perform on NIS+ objects.

NIS+ operations vary among different types of objects, but they all fall into one of the four access rights categories: read, modify, create, and destroy.

Read A principal with read rights to an object can view the contents of that object.
Modify. A principal with modify rights to an object can change the contents of that object.
Destroy. A principal with destroy rights to an object can destroy or delete the object.
Create. A principal with create rights to a higher level object can create new objects within that level. In other words, if you have create rights to an NIS+ directory object, you can create new tables within that directory. If you have create rights to an NIS+ table, you can create new columns and entries within that table.

Every communication from an NIS+ client to an NIS+ server is, in effect, a request to perform one of these operations on a specific NIS+ object. For instance, when an NIS+ principal requests the IP address of another machine, it is effectively requesting read access to the hosts table object, which stores that type of information. When a principal asks the server to add a directory to the NIS+ namespace, it is actually requesting modify access to the directory's parent object.

Keep in mind that these rights logically evolve down from directory to table to table column and entry levels. For example, to create a new table, you must have create rights for the NIS+ directory object where the table will be stored. When you create that table, you become its default owner. As owner, you can assign yourself create rights to the table which allows you to create new entries in the table. If you create new entries in a table, you become the default owner of those entries. As table owner, you can also grant table-level create rights to others. For example, you can give your table's group class table-level create rights. In that case, any member of the table's group can create new entries in the table. The individual member of the group who creates a new table entry becomes the default owner of that entry.

The NIS+ Administrator

An NIS+ administrator is anyone who has administrative rights over an NIS+ object. For the purpose of this discussion, administrative rights are defined as create, destroy, and for some objects, modify rights. (See " NIS+ Access Rights" for a description of NIS+ access rights.)

Whoever creates an NIS+ object sets the initial access rights to that object. If the creator restricts administrative rights to the object's owner (initially the creator), than only the owner has administrative power over that object. On the other hand, if the creator grants administrative rights to the object's group, then everyone in that group has administrative power over that object.

Thus, who ever has administrative rights over an object is considered to be an NIS+ administrator for that object.

In other words, the NIS+ software does not enforce any requirement that there be a single NIS+ administrator.

Theoretically, you could grant administrative rights to the world class, or even the nobody class. The software allows you to do that. But granting administrative rights beyond the group class effectively nullifies NIS+ security. Thus, if you grant administrative rights to either the World or the nobody class you are, in effect, defeating the purpose of NIS+ security.

NIS+ Password, Credential, and Key Commands

Use the following commands to administer passwords, credentials, and keys (see the appropriate man pages for a full description of each command):

chkey. Changes a principal's Secure RPC key pair. Do not use chkey unless necessary, use passwd instead. See "Changing Keys for an NIS+ Principal" for more information.
keylogin. Decrypts and stores a principal's secret key with the keyserv.
keylogout. Deletes stored secret key from keyserv.
keyserv. Enables the server for storing private encryption keys. See "Keylogin" for more information.
newkey. Creates a new key pair in public-key database.
nisaddcred. Creates credentials for NIS+ principals. See "Creating Credential Information" and "Administering NIS+ Credential Information" for more information.
nisauthconf. Display or set the Diffie-Hellman key length.
nisupdkeys. Updates public keys in directory objects. See "Updating Public Keys" for more information.
passwd. Changes and administers principal's password. See Chapter 16, Administering Passwords for more information.


11. NIS+ Security Overview NIS+ Authorization and Access--Introduction Authorization Classes The World Class


	The Nobody Class The nobody class is composed of anyone who is not properly authenticated. In other words, the nobody class includes everyone who does not present a valid DES credential. Authorization Classes and the NIS+ Object Hierarchy There is a hierarchy of NIS+ objects and authorization classes that can apply independently to each level. The standard default NIS+ directory hierarchy is: Directory level. In each NIS+ domain there are two NIS+ directory objects: `groups_dir` and `org_dir`. Each `groups_dir` directory object contains various groups. Each `org_dir` directory object contains various tables. Group level or table level. Groups contain individual entries and possibly other groups. Tables contain both columns and individual entries. Column level. A given table will have one or more columns. Entry (row) level. A given group or table will have one or more entries. The four authorization classes apply at each level. Thus, a directory object will have its own owner and group. The individual tables within a directory object will have their own individual owners and groups which may be different than the owner and group of the directory object. Within a table, an entry (row) may have its own individual owner or group which may be different than the owner and group of the table as a whole or the directory object as a whole. Within a table, individual columns have the same owner and group as the table as a whole. NIS+ Access Rights NIS+ objects specify their access rights as part of their object definitions. (You can examine these by using the `niscat` `-o` command.) NIS+ objects specify access rights for NIS+ principals in the same way that UNIX files specify permissions for UNIX users. Access rights specify the types of operations that NIS+ principals are allowed to perform on NIS+ objects. NIS+ operations vary among different types of objects, but they all fall into one of the four access rights categories: read, modify, create, and destroy. Read A principal with read rights to an object can view the contents of that object. Modify. A principal with modify rights to an object can change the contents of that object. Destroy. A principal with destroy rights to an object can destroy or delete the object. Create. A principal with create rights to a higher level object can create new objects within that level. In other words, if you have create rights to an NIS+ directory object, you can create new tables within that directory. If you have create rights to an NIS+ table, you can create new columns and entries within that table. Every communication from an NIS+ client to an NIS+ server is, in effect, a request to perform one of these operations on a specific NIS+ object. For instance, when an NIS+ principal requests the IP address of another machine, it is effectively requesting read access to the hosts table object, which stores that type of information. When a principal asks the server to add a directory to the NIS+ namespace, it is actually requesting modify access to the directory's parent object. Keep in mind that these rights logically evolve down from directory to table to table column and entry levels. For example, to create a new table, you must have create rights for the NIS+ directory object where the table will be stored. When you create that table, you become its default owner. As owner, you can assign yourself create rights to the table which allows you to create new entries in the table. If you create new entries in a table, you become the default owner of those entries. As table owner, you can also grant table-level create rights to others. For example, you can give your table's group class table-level create rights. In that case, any member of the table's group can create new entries in the table. The individual member of the group who creates a new table entry becomes the default owner of that entry. The NIS+ Administrator An NIS+ administrator is anyone who has administrative rights over an NIS+ object. For the purpose of this discussion, administrative rights are defined as create, destroy, and for some objects, modify rights. (See " NIS+ Access Rights" for a description of NIS+ access rights.) Whoever creates an NIS+ object sets the initial access rights to that object. If the creator restricts administrative rights to the object's owner (initially the creator), than only the owner has administrative power over that object. On the other hand, if the creator grants administrative rights to the object's group, then everyone in that group has administrative power over that object. Thus, who ever has administrative rights over an object is considered to be an NIS+ administrator for that object. In other words, the NIS+ software does not enforce any requirement that there be a single NIS+ administrator. Theoretically, you could grant administrative rights to the world class, or even the nobody class. The software allows you to do that. But granting administrative rights beyond the group class effectively nullifies NIS+ security. Thus, if you grant administrative rights to either the World or the nobody class you are, in effect, defeating the purpose of NIS+ security. NIS+ Password, Credential, and Key Commands Use the following commands to administer passwords, credentials, and keys (see the appropriate man pages for a full description of each command): `chkey`. Changes a principal's Secure RPC key pair. Do not use `chkey` unless necessary, use `passwd` instead. See "Changing Keys for an NIS+ Principal" for more information. `keylogin`. Decrypts and stores a principal's secret key with the `keyserv`. `keylogout`. Deletes stored secret key from `keyserv`. `keyserv`. Enables the server for storing private encryption keys. See "Keylogin" for more information. `newkey`. Creates a new key pair in public-key database. `nisaddcred`. Creates credentials for NIS+ principals. See "Creating Credential Information" and "Administering NIS+ Credential Information" for more information. `nisauthconf`. Display or set the Diffie-Hellman key length. `nisupdkeys`. Updates public keys in directory objects. See "Updating Public Keys" for more information. `passwd`. Changes and administers principal's password. See Chapter 16, Administering Passwords for more information.