up | Inhaltsverzeichniss | Kommentar

Manual page for IDLOAD(8)

idload - RFS user and group mapping

SYNOPSIS

idload [ -n ] [ -g g_rules ] [ -u u_rules ] [ directory ]

AVAILABILITY

This program is available with the RFS software installation option. Refer to [a manual with the abbreviation INSTALL] for information on how to install optional software.

DESCRIPTION

idload is used on Remote File Sharing (RFS) servers to build translation tables for user and group IDs. It takes your /etc/passwd and /etc/group files and produces translation tables for user and group IDs from remote machines, according to the rules set down in the u_rules and g_rules files. If you are mapping by user and group name, you will need copies of remote /etc/passwd and /etc/group files. If no rules files are specified, remote user and group IDs are mapped to MAXUID+1. This is an ID number that is one higher than the highest number you could assign on your system.

By default, the remote password and group files are assumed to reside in /usr/nserve/auth.info/domain/host/[passwd|group]. The directory argument indicates that some directory structure other than /usr/nserve/auth.info contains the domain/host passwd and group files. host is the name of the host the files are from and domain is the domain where host can be found.

This command is restricted to the super-user.

This command is run automatically when the first remote mount is done of a remote resource (see mount.8

If any of the following are true, an error message will be sent to standard error.

Partial failures will display a warning message, although the process will continue.

OPTIONS

-n
Do not produce a translation table, however, send a display of the ID mapping to the standard out. This is used to do a trial run of the mapping.
-u u_rules"
The u_rules file contains the rules for user ID translation. The default rules file is /usr/nserve/auth.info/uid.rules.
-g g_rules
The g_rules file contains the rules for group ID translation. The default rules file is /usr/nserve/auth.info/gid.rules.

USAGE

Rules

The rules files have two types of sections, both optional: global and host. There can be only one global section, though there can be one host section for each host you want to map.

The global section describes the default conditions for translation for any machines that are not explicitly referenced in a host section. If the global section is missing, the default action is to map all remote user and group IDs from undefined hosts to MAXUID+1. The syntax of the first line of the global section is:

global

A host section is used for each client machine or group of machines that you want to map differently from the global definitions. The syntax of the first line of each host section is:

hostname[...]

where name is replaced by the full name(s) of a host (domain.hostname).

The format of a rules file is described below. All lines are optional, but must appear in the order shown.


global
default local | transparent
exclude
[remote_id-remote_id] | [remote_id]
map [remote_id:local]

host domain.hostname [domain.hostname...]
default local | transparent
exclude [remote_id-remote_id] | [remote_id] | [remote_name]
map [remote:local] | remote | all

Each of these instruction types is described below.

The line

default local | transparent

defines the mode of mapping for remote users that are not specifically mapped in instructions in other lines. transparent means that all remote user and group IDs will have the same numeric value locally unless they appear in the exclude instruction. local can be replaced by a local user name or ID to map all users into a particular local name or ID number. If the default line is omitted, all users that are not specifically mapped are mapped into a ``special guest'' login ID .

The line

exclude [remote_id-remote_id] | [remote_id] | [remote_name]

defines remote IDs that will be excluded from the default mapping. The exclude instruction must precede any map instructions in a block. You can use a range of ID numbers, a single ID number, or a single name. (remote_name cannot be used in a global block.)

The line

map [remote:local] | remote | all

defines the local IDs and names that remote IDs and names will be mapped into. remote is either a remote ID number or remote name; local is either a local ID number or local name. Placing a colon between a remote and a local will give the value on the left the permissions of the value on the right. A single remote name or ID will assign the user or group permissions of the same local name or ID. all is a predefined alias for the set of all user and group IDs found in the local /etc/passwd and /etc/group files. You cannot map by remote name in global blocks.

Note: idload will always output warning messages for `map all', since password files always contain multiple administrative user names with the same ID number. The first mapping attempt on the ID number will succeed, all subsequent attempts will fail.

RFS does not need to be running to use idload.

EXIT STATUS

On successful completion, idload will produce one or more translation tables and return a successful exit status. If idload fails, the command will return an unsuccessful exit status without producing a translation table.

FILES

/etc/passwd
/etc/group
/usr/nserve/auth.info/domain/host/[user|group]
/usr/nserve/auth.info/vid.rules
/usr/nserve/auth.info/gid.rules

SEE ALSO

mount.8


index | Inhaltsverzeichniss | Kommentar

Created by unroff & hp-tools. © by Hans-Peter Bischof. All Rights Reserved (1997).

Last modified 21/April/97