On Thu, 2005-07-28 at 06:32 -0400, P Jones wrote: > On 7/28/05, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > > On Wed, 2005-07-27 at 22:08 -0400, Peter Arremann wrote: > > > On Wednesday 27 July 2005 21:50, P Jones wrote: > > > > Hi all; > > > > > > > > I have a Centos 4.1 server and three FC4 workstations in my little > > > > network. I just started using NIS for authentication and NFS for /home > > > > serving. For fun I did a quick Ubuntu install on one machine, and ran > > > > into the wall when it came to differences between groups/GIDs. > > > > We have RHL9, RHEL3, RHEL4, FC1, FC3, FC4, HP-UX and Solaris boxes at > > $WORKPLACE all using the same NIS. The way we do it is to use NIS only > > for regular user accounts, and we use UIDs >= 1000 for this. We use > > separate files /etc/passwd.nis and /etc/group.nis on the NIS master > > server (HP-UX) rather than its own /etc/passwd and /etc/group to create > > the NIS databases. This is done by modifying the Makefile on the NIS > > master server. > > > > So each client uses its own UIDs for system accounts (< UID 1000) and > > NIS for user accounts. Works fine. > > Hi Paul; > > But what do you do in the case of hardware on the client being in a > group that is below 100? Unless I'm not understanding your reply (I'm > new to NIS). On Ubuntu (and therefore Debian, I assume), audio, > plugdev, floppy, cdrom, and other important GIDs are below 100, so you > can't grant or restrict access with NIS from the server. Correct. We don't do that; we only really use NIS for file access. Each client will use its own UIDs/GIDs for these important users/groups, which are managed locally on the client. > If all you > want to do is grant or restrict access to files NIS would seem to work > just fine across a number of different clients/OSs, but when it comes > to hardware it seems to fall short - again, if I'm understanding > things correctly. Yes, I think you are. > And although I don't have this problem in my home > network, what happens if you want to take someone's floppy access away > and they're in another town, do you have to drive over there? Never had that problem; we're all engineers at work and are pretty much trusted, so that sort of issue never comes up. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
