NIS and mixing distros

Paul Howarth paul at city-fan.org
Thu Jul 28 17:08:24 UTC 2005 

On Thu, 2005-07-28 at 06:32 -0400, P Jones wrote:
> On 7/28/05, Paul Howarth <paul at city-fan.org> wrote:
> > On Wed, 2005-07-27 at 22:08 -0400, Peter Arremann wrote:
> > > On Wednesday 27 July 2005 21:50, P Jones wrote:
> > > > Hi all;
> > > >
> > > > I have a Centos 4.1 server and three FC4 workstations in my little
> > > > network. I just started using NIS for authentication and NFS for /home
> > > > serving. For fun I did a quick Ubuntu install on one machine, and ran
> > > > into the wall when it came to differences between groups/GIDs. 
> > 
> > We have RHL9, RHEL3, RHEL4, FC1, FC3, FC4, HP-UX and Solaris boxes at
> > $WORKPLACE all using the same NIS. The way we do it is to use NIS only
> > for regular user accounts, and we use UIDs >= 1000 for this. We use
> > separate files /etc/passwd.nis and /etc/group.nis on the NIS master
> > server (HP-UX) rather than its own /etc/passwd and /etc/group to create
> > the NIS databases. This is done by modifying the Makefile on the NIS
> > master server.
> > 
> > So each client uses its own UIDs for system accounts (< UID 1000) and
> > NIS for user accounts. Works fine.
> 
> Hi Paul;
> 
> But what do you do in the case of hardware on the client being in a
> group that is below 100? Unless I'm not understanding your reply (I'm
> new to NIS). On Ubuntu (and therefore Debian, I assume), audio,
> plugdev, floppy, cdrom, and other important GIDs are below 100, so you
> can't grant or restrict access with NIS from the server.

Correct. We don't do that; we only really use NIS for file access. Each
client will use its own UIDs/GIDs for these important users/groups,
which are managed locally on the client.

> If all you
> want to do is grant or restrict access to files NIS would seem to work
> just fine across a number of different clients/OSs, but when it comes
> to hardware it seems to fall short - again, if I'm understanding
> things correctly.

Yes, I think you are.

> And although I don't have this problem in my home
> network, what happens if you want to take someone's floppy access away
> and they're in another town, do you have to drive over there?

Never had that problem; we're all engineers at work and are pretty much
trusted, so that sort of issue never comes up.

Paul.
-- 
Paul Howarth <paul at city-fan.org>

More information about the fedora-list mailing list