Pat Pinchera
2006-Jul-13 17:48 UTC
[dtrace-discuss] DTrace Privileges under NIS+, LDAP, the /etc/user_attr file
IHAC who is currently using NIS+. They have to plan to migrate to LDAP, but it will take some time. They want to allow a subset of their 4,000 total users (like 500 or so) to be able to use DTrace. They think that they need to edit the /etc/user_attr file on all of their machines, and make an entry for each user allowed to use DTrace. This would obviously be too much maintenace. Is there any way to accomplish this under NIS+, and then later on, under LDAP, by not having to edit files in individual machines? The man page for user_attr(4) says:> /etc/user_attr is a local source of extended attributes > associated with users and roles. user_attr can be used with > other user attribute sources, including the LDAP people con- > tainer, the user_attr NIS map, and the user_attr NIS+ table. > Programs use the getuserattr(3SECDB) routines to gain access > to this information. >Would they use the smattrop(1M) command to populate the NIS+ user_attr database like so?> /usr/sadm/bin/smattrpop -c -f -v -s file:/foobar/var/temp \ > -t nisplus:/foobar/East.Sun.COM user_attr >I''m afraid that I am not NIS+ savvy, but I''d like to made some specific recommendations to my customer. I do not believe that they have used any of the user_attr capabilities to date. Thanks in advance, Pat
Darren J. Moffat
2006-Jul-24 12:25 UTC
[dtrace-discuss] Re: DTrace Privileges under NIS+, LDAP, the /etc/user_attr file
While you could use smattrpop it would be much easier to either just use nistbladm directly or create an /etc/user_attr format file and use nisaddent to populate user_attr.org_dir. This message posted from opensolaris.org