[Hoary] Centos NIS server, Hoary NIS client, groups don't match
Ewan Mac Mahon
ewan at macmahon.me.uk
Mon Jul 25 20:54:59 UTC 2005
On Sun, Jul 24, 2005 at 08:01:27PM -0400, P Jones wrote:
> I saw a thread in the Ubuntu Forums that made some adjustments to some
> pam configuration files, and that works to a degree (haven't played
> around with it much yet), but I'm wondering if there is a solution to
> my problem.
That'll be using pam_group? I've got a similar setup here; there's no
need for me to restrict access to the devices so I have a line in
/etc/security/group.conf that unconditionally gives membership of the
floppy, cdrom, audio etc groups to anyone that logs in to the Ubuntu
machine.
What would be ideal would be if you could give membership of all the
local groups based on membership of a single nis group, but from my
reading of the docs that seems not to be possible.
> The whole point of me setting up NIS is to NOT have to set up user
> accounts on every workstation, and to be able to manage access from
> the server.
The best way I can think of managing that is to create another admin
group on the server with a high gid so it gets included in the nis maps
(say wksadmin, for workstation admins), then add that group to the
sudoers files on the clients just like the default admin group is. That
way any local users in the 'admin' group get sudo rights[1], and any nis
users in the 'wksadmin' nis group do too.
As a side note, IMHO, it's a good idea to have a local user with admin
rights on a nis client box, since if the network breaks you can be left
with no way in (other than recovery mode) to fix the problem.
Ewan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050725/c807f1e5/attachment.sig>
More information about the ubuntu-users
mailing list