Access Lists

Previous page
Table of content
Next page
Team-Fly    
Solaris™ Operating Environment Boot Camp
By David Rhodes, Dominic Butler
Table of Contents
Chapter 18.  NFS, DFS, and Autofs

Access lists allow us to group machines together when specifying share options. In fact, we've just shown the most common method of using them: a list of individual host names, similar to that shown below:

 server# share -F nfs -o ro=helium:lithium /file/to/share server#

An access list can be formatted in a number of other ways. These are shown in the table below. Any of the types in Table 18.5 can be used, so long as the list is colon-separated.

Table 18.5. Access List Types

Type

Used For

Example

Host name

List of individual hosts

lithium

Netgroup

Name of an NIS netgroup map

some_machines

Network

Network name or IP address, identified by an "@"

@192.168.22

DNS

Machines in a specific domain, identified by a "."

.sun.com

(Deny access)

Deny access to this type, identified by a "-"

-hydrogen

Using this allows us to create quite a complicated access list. For example, to deny read-write access to lithium, allow all machines on the 192.168.22.0 network, allow any that are in the "some_machines" netgroup, and lastly include hydrogen, we could use something similar to the following syntax:

 server# share -F nfs -o rw=-lithium:@192.168.22:some_machines:hydrogen /file/to/share server#

Using Netgroups

Netgroups are a special casethey only work with NIS or NIS+, not "local files." For example, if NIS is configured on the network, the netgroup's map can be used to provide a series of machine or user names that can be used when sharing resources. It may prove easier to maintain an NIS map and plug the netgroup into the dfstab file, rather than adding every machine.

Each entry in the configuration file, /etc/netgroup, is defined as a set of triples consisting of the host name, user name, and the domain name. We're only concerned about machine-level access here, so we can ignore the other two entries in each triple. To configure netgroups we would create the input file, /etc/netgroup, on the NIS server. This is only used as an intermediate file, to populate the NIS map. Next, we would build the maps following the steps explained in Chapter 12, "Naming Services and NIS."

For example, if we wanted to create two netgroups to suit the machines on our two subnets, say, machines_22_net and machines_44_net, the /etc/netgroup file could be similar to that shown below:

 nis server# cat /etc/netgroup machines_22_net (hydrogen,,), (helium,,), (lithium,,) ? (n,,) machines_44_net (tin,,), (iodine,,), (xenon,,) ? (n,,) nis server# cd /var/yp nis server# make nis server#

Once the map has been built, it can be used within the share options, as shown below, as long as the NFS server was also configured for NIS:

 helium# cat /etc/dfs/dfstab share -F nfs -o rw=machines_22_net /data share -F nfs -o ro=machines_44_net /data helium#
    Team-Fly    
    Top
    		  


    Previous page
    Table of content
    Next page
    Solaris Operating Environment Boot Camp
    Solaris Operating Environment Boot Camp
    ISBN: 0130342874
    EAN: 2147483647
    Year: 2002
    Pages: 301
    Authors: David Rhodes, Dominic Butler
    BUY ON AMAZON
    Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
    Competency-Based Human Resource Management
    Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
    InDesign Type: Professional Typography with Adobe InDesign CS2
    The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
    VBScript in a Nutshell, 2nd Edition
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy