To assign a column its own set of rights at table creation time, append access rights to each column's equal sign after the column type and a comma. Separate the columns with a space:
column=type, rights column=type, rights column=type, rights |
The example below creates a table named depts in the doc.com directory, of type div, with three columns (Name, Site, and Manager), and adds modify rights for the group to the second and third columns:
rootmaster% nistbladm -c div Name=S Site=S,g+m Manager=S,g+m depts.doc.com. |
For more information about the nistbladm and the-c option, see Chapter 19, Administering NIS+ Tables.
Adding Rights to an Existing Table Column
The nistbladm -u option allows you to add additional column access rights to an existing table column with the nistbladm command. To use this option you must have modify rights to the table column. To add additional column rights use:
nistbladm -u [column=access,...],tablename |
Where:
column is the name of the column.
access is the access rights for this column that you specify using the syntax described in "Specifying Access Rights in Commands" .
... indicates that you can specify rights for multiple columns.
tablename is the fully qualified name of the table you are creating.
Use one column=access pair for each column whose rights you want to update. To update multiple columns, separate them with commas and enclose the entire set with square brackets:
[column=access, column=access, column=access] |
The full syntax of this option is described in Chapter 2, NIS+: An Introduction .
The example below adds read and modify rights to the group for the name and addr columns in the hosts.org_dir.doc.com. table.
client% nistbladm -u `[name=g+rm,addr=g+rm],hosts.org_dir..doc.com.' |
Removing Rights to a Table Column
To remove access rights to a column in an NIS+ table, you use the -u option as described above in "Adding Rights to an Existing Table Column" except that you subtract rights with a minus sign (rather than adding them with a plus sign).
The example below removes group's read and modify rights to the hostname column in the hosts.org_dir.doc.com. table.
client% nistbladm -u 'name=g-rm,hosts.org_dir.doc.com.' |
Changing Ownership of Objects and Entries
The nischown command changes the owner of one or more objects or entries. To use it, you must have modify rights to the object or entry. The nischown command cannot change the owner of a column, since a table's columns belong the table's owner. To change a column's owner, you must change the table's owner.
Changing Object Owner With nischown
To change an object's owner, use the following syntax:
nischown new-owner object |
Where:
new-owner is the fully qualified user ID of the object's new owner.
object is the fully qualified name of the object.
Be sure to append the domain name to both the object name and new owner name.
The example below changes the owner of the hosts table in the doc.com. domain to the user named lincoln whose home domain is doc.com.:
client% nischown lincoln.doc.com. hosts.org_dir.doc.com. |
Changing Table Entry Owner With nischown
The syntax for changing a table entry's owner uses an indexed entry to identify the entry, as shown below:
nischown new-owner [column=value,...],tablename |
Where:
new-owner is the fully qualified user ID of the object's new owner.
column is the name of the column whose value will identify the particular entry (row) whose owner is to be changed.
value is the data value that identified the particular entry (row) whose owner is to be changed.
... indicates that you can specify ownership changes for multiple entries.
tablename is the fully qualified name of the tables containing the entry whose owner is to be changed.
Be sure to append the domain name to both the new owner name and the table name.
The example below changes the owner of an entry in the hosts table of the doc.com. domain to takeda whose home domain is doc.com. The entry is the one whose value in the name column is virginia.
client% nischown takeda.doc.com. '[name=virginia],hosts.org_dir.doc.com.' |
Changing an Object or Entry's Group
The nischgrp command changes the group of one or more objects or table entries. To use it, you must have modify rights to the object or entry. The nischgrp command cannot change the group of a column, since the group assigned to a table's columns is the same as the group assigned to the table. To change a column's group owner, you must change the table's group owner.
Changing an Object's Group With nischgrp
To change an object's group, use the following syntax:
nischgrp group object |
Where:
group is the fully qualified name of the object's new group.
object is the fully qualified name of the object.
Be sure to append the domain name to both the object name and new group name.
The example below changes the group of the hosts table in the doc.com. domain to admins.doc.com.:
client% nischgrp admins.doc.com. hosts.org_dir.doc.com. |
Changing a Table Entry's Group With nischgrp
The syntax for changing a table entry's group uses an indexed entry to identify the entry, as shown below (this syntax is fully described in "Syntax for Objects and Table Entries").
nischgrp new-group [column=value,...],tablename |
Where:
new-group is the fully qualified name of the object's new group.
column is the name of the column whose value will identify the particular entry (row) whose group is to be changed.
value is the data value that identified the particular entry (row) whose group is to be changed.
tablename is the fully qualified name of the tables containing the entry whose group is to be changed.
... indicates that you can specify group changes for multiple entries.
Be sure to append the domain name to both the new group name and the table name.