Administering NIS users and groups
Once you have initialized an NIS domain,
most user account administration within the domain can be
performed using the Account Manager.
You can:
Although it is possible to create new user accounts anywhere in
an NIS domain (if you have user equivalence and auth
permissions), we recommend that distributed NIS user account
administration be performed on the NIS master server
only. This will ensure that account permissions are distributed
properly.
You must be in multiuser mode (init state 2) with NIS daemons
running before creating or modifying user accounts.
NOTE:
On an NIS client machine or slave server, the
Account Manager allows access to
attributes that cannot actually be changed
for the distributed user account.
This is not a fatal problem, as the client will display an error box
with error information, and administration can proceed normally after
the error box is dismissed.
WARNING:
Do not make administrative accounts (for example, root,
MMDF, or UUCP) distributed.
Doing so may seriously compromise the security of your network.
By default, only non-administrative accounts
will become distributed NIS accounts when NIS
is initialized by either ypinit or mkdev nis.
ypinit will ask the user whether administrative accounts
should be distributed. If the user chooses to do so,
the ADMACCTS variable in /etc/yp/Makefile
and /etc/yp/ypmake will be set to -a.
See also:
Next topic:
Managing distributed user accounts
Previous topic:
Administering NIS logfiles
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005