up | Inhaltsverzeichniss | Kommentar

Manual page for UID_ALLOCD(8C)

uid_allocd, gid_allocd - UID and GID allocator daemons

SYNOPSIS

/usr/etc/rpc.uid_allocd
/usr/etc/rpc.gid_allocd

AVAILABILITY

Available only on Sun 386i systems running a SunOS 4.0.x release or earlier. Not a SunOS 4.1 release feature.

DESCRIPTION

The UID (or GID) allocator will temporarily allocate an unused UID (or GID) for use by account administration tools. It maintains a cache of UIDs (GIDs) that have been allocated by potentially multiple tools (or instances of tools) in a distributed system, so that they can create accounts (or groups) concurrently. It also provides the ability to safely enter a UID (GID) into the cache which was allocated using some other method, such as manually by an administrator; and the ability to delete entries from the cache. Entries in this cache persist for at least an hour even through system crashes.

These allocators are available on the system which contains the master copy of the list of UIDs (or GID). Since this list is currently maintained using the Network Information Service (NIS), the service is available on the master of the passwd.byuid (group.bygid) NIS map. The service could be provided using a UID database service other than the NIS service.

This implementation uses DES authentication (the Sun Secure RPC protocol) to restrict access to this function. The only clients privileged to allocate UIDs (GIDs) are those whose net IDs are in the accounts group (fixed at GID 11). All machine IDs are allowed to allocate UIDs (GIDs).

If the file /etc/ugid_alloc.range exists, the allocator only allocates UIDs (GIDs) in the range listed there. This feature is intended to be used by sites which have multiple NIS domains on their networks; each NIS domain would be assigned a unique range of UIDs (GIDs). If the file exists, and the local NIS domain is not explicitly assigned a unique range of UIDs or GID, none will be allocated. Without a mechanism to ensure that UIDs are uniquely assigned between NIS domains that share resources, normal NFS security mechanisms (excluding Secure NFS) may fail to serve as an advisory security mechanism. Common alternative methods for ensuring UID uniqueness include using a function of some preexisting identifier such as an employee number, or using a single NIS domain for the entire site.

FILES

/var/yp/domainname/passwd.byuid.{dir,pag}
/var/yp/domainname/group.bygid.{dir,pag}
/var/yp/domainname/netid.byname.{dir,pag}
/etc/uid_alloc.cache
/etc/gid_alloc.cache
/etc/ugid_alloc.range
/usr/include/rpcsvc/uid_alloc.x
/usr/include/rpcsvc/gid_alloc.x

SEE ALSO

snap.1 ugid_alloc.range.5 logintool.8

BUGS

Using UID (GID) ranges does not solve the problem that two different machines, or groups of machines, may assign different meaning to a given UID (GID).

The current implementation of the daemon is tuned towards small lists of active UIDs (GIDs), both in the NIS service and in the cache it maintains.

NOTES

The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed.


index | Inhaltsverzeichniss | Kommentar

Created by unroff & hp-tools. © by Hans-Peter Bischof. All Rights Reserved (1997).

Last modified 21/April/97