Steve Fuller fuller at
Fri May 15 15:36:40 GMT 1998

> #!/bin/sh
> #
> # Creates smbpasswd table and smb group in NIS+
> #
> nistbladm \
>     -D access=og=rmcd,nw= -c \
>     -s : smbpasswd_tbl \
>     name=S,nogw=r \
>     uid=S,nogw=r \
>     lmpwd=C,nw=,g=r,o=rm \
>     ntpwd=C,nw=,g=r,o=rm \
>     gcos=,nw+r \
>     home=,wn+r \
>     shell=,wn+r 	smbpasswd.org_dir.`nisdefaults -d`
> nisgrpadm -c smb.`nisdefaults -d`
> nischgrp smb.`nisdefaults -d` smbpasswd.org_dir.`nisdefaults -d`
> benny, other NIS+-ites,
> i want to have these additional fields (hee hee :-).  what do the C, nw=
> g=r (group = read?) o=rm (other = read something) etc etc all mean?  help,
> help (gloop)
> what's the difference between nw+r, wn+r and nogw=r?

Here are the relevant sections from nistbladm(1) and nischmod(1):

     Syntax for column definitions is:


     flags is a combination of:

          S       Searchable. Specifies that searches can be done
                  on the column's values (see nismatch(1)).
          I       Case-insensitive (only makes sense in  combina-
                  tion  with  S).  Specifies that searches should
                  ignore case.
          C       Crypt.   Specifies  that  the  column's  values
                  should be encrypted.
          B       Binary data (does not make sense in combination
                  with  S).   If not set, the column's values are
                  expected to be null terminated ASCII strings.
          X       XDR encoded data (only makes sense in  combina-
                  tion with B).

    access has the form:

          [ who ] op permission [ op permission ]...

     who is a combination of:

          n       Nobody's permissions.
          o       Owner's permissions.
          g       Group's permissions.
          w       World's permissions.
          a       All, or owg.

          If who is omitted, the default is a.

     op is one of:

          +       To grant the permission.
          -       To revoke the permission.
          =       To set the permissions explicitly.

     permission is any combination of:
          r       Read.
          m       Modify.
          c       Create.
          d       Destroy.

THe 'nobody' column is used for unauthenticated requests. (guest or invalid

Permissions can be set at the table, column, or row level.

The other big weirdness is that the permissions are additive. If you have
read access on the table, you have read access on the *entire* table,
even if individual entries say otherwise.

so the line: lmpwd=C,nw=,g=r,o=rm above is overridden by the table access
permissions: access=og=rmcd,nw=  giving the group modify,create and destroy
access (unintentionally?).

ps. I'd like to say thanks a million to you and the entire samba team for
all your work on samba. It has made a world of difference to our department.

Steve Fuller
fuller at
System Administrator
Agricultural Engineering - Texas A&M University

More information about the samba-ntdom mailing list