This "crib sheet" provides a quick reference for administrating NIS and NIS+. Information is presented in a task oriented manner. Commands are summarized in the table below which is followed by explanatory notes. Each task is followed by the command or commands necessary when using local files (e.g. /etc/hosts), NIS and NIS+.

Task Files NIS NIS+
Managing Users
List users cat /etc/passwd ypcat passwd.byname niscat passwd.org_dir.$DIRECTORY
List UIDs cat /etc/passwd | cut -f3 -d: | sort -n ypcat passwd.byname | cut -f3 -d: | sort -n niscat passwd.org_dir.$DIRECTORY | cut -f3 -d: | sort -n
Find user grep $USERID /etc/passwd ypmatch $USERID passwd.byname nismatch $USERID passwd.org_dir.$DIRECTORY
Add user useradd
  1. add user details to $NIS_SOURCE/passwd $NIS_SOURCE/shadow
  2. /usr/ccs/bin/make /var/yp/Makefile
  1. nistbladm -a name=$USERID passwd=$ENCRYPTED uid=$UID gid=$GID gcos='$DESCRIPTION' home=$PATH2HOME/$USERID shell=$SHELL shadow=:::::: passwd.org_dir.$DIRECTORY
  2. nisclient -c -o $USERID
Change user usermod
  1. edit user details in $NIS_SOURCE/passwd
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm -e column=value '[name=$USERID], passwd.org_dir.$DIRECTORY'

e.g.

nistbladm -e home=/somewhere/mynewhome '[name=evanst], passwd.org_dir.mydomain.local'

Delete user userdel
  1. delete user details from $NIS_SOURCE/passwd
  2. /usr/ccs/bin/make /var/yp/Makefile
  1. nisaddcred -r $USERID.$DIRECTORY $DIRECTORY
  2. nistbladm -r '[name=$USERID],passwd.org_dir.$DIRECTORY'

e.g.

nisaddcred -r evanst.mydomain.local mydomain.local

nistbladm -r '[name=evanst],passwd.org_dir.mydomain.local'

note there is no gap between ],passwd
Disable user account passwd -r files -l passwd -r nis -l
Change user's password passwd -r files $USERID passwd -r nis $USERID
  1. passwd -r nisplus $USERID
  2. nisclient -c -o $USERID

See note

Set user defaults useradd -D N/A N/A
Manage Unix Groups
List groups cat /etc/group ypcat group.byname niscat group.org_dir.$DIRECTORY
List GIDs cat /etc/group | cut -f3 -d: | sort -n ypcat group.byname | cut -f3 -d: | sort -n niscat group.org_dir.$DIRECTORY | cut -f3 -d: | sort -n
Add group groupadd
  1. add group details to $NIS_SOURCE/group
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm
Delete group groupdel
  1. remove group details from $NIS_SOURCE/group
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm
Add user to group usermod -G list-of-secondary- groups
  1. add user to member list for group in $NIS_SOURCE/group
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm -e
Manage netgroups
Add user to netgroup N/A
  1. Add user details in netgroup
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm –a name=’$NETGROUP’ user=’$USERID’ group=’ host=’ domain=’ comment=’ netgroup.org_dir.$DIRECTORY

or

nistbladm –a name=$NETGROUP user=$USERID netgroup.org_dir.$DIRECTORY

Add a host to a netgroup N/A
  1. Add host details in netgroup
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm –a name=’$NETGROUP’ user=’ group=’ host=’ domain=’ comment=’ netgroup.org_dir.$DIRECTORY

or

nistbladm –a name=$NETGROUP host=$HOST netgroup.org_dir.$DIRECTORY

Manage Computers
List hosts cat /etc/inet/hosts ypcat hosts.byname niscat hosts.org_dir.$DIRECTORY
Find host grep $HOST /etc/inet/hosts ypmatch $HOST hosts.byname nismatch $HOST hosts.org_dir.$DIRECTORY
Add host Edit /etc/inet/hosts
  1. Add host details in $NIS_SOURCE/hosts
  2. /usr/ccs/bin/make /var/yp/Makefile
  1. nisbtladm –a cname=’$CNAME’ name=’$HOST’ addr=’$IPADDR’ hosts.org_dir.$DIRECTORY
  2. nisclient –c –l $HOSTPASSWORD $HOST
Edit host Edit /etc/inet/hosts
  1. edit host details in $NIS_SOURCE/hosts
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm -e column=value '[name=$HOST],hosts.org_dir.$DIRECTORY'

e.g.

nistbladm -e alias=anothername '[name=myhost],hosts.org_dir.mydomain.local'

Remove host remove entry from /etc/inet/hosts
  1. remove entry from $NIS_SOURCE/hosts
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm –r name=’$HOST’ hosts.org_dir.$DIRECTORY
Manage Directory
Print domain N/A domainname domainname
Set domain N/A domainname $DIRECTORY domainname $DIRECTORY
List master server N/A ypwhich -m niscat -o $DIRECTORY
List directory servers N/A ypcat -k ypservers niscat -o $DIRECTORY
Update slave servers / replicas N/A yppush nisping org_dir.$DIRECTORY

nisping groups_dir.$DIRECTORY

List maps/ tables N/A ypwhich -m nisls org_dir.$DIRECTORY

The following variables have been used:

Variable Meaning
$DIRECTORY Your directory, e.g acme.local
$USERID User id / user name, e.g. jdoe
$NIS_SOURCE Directory containing NIS source files e.g /etc
$ENCRYPTED Encrypted password
$UID User's uid
$GID User's gid (primary group id)
$DESCRIPTION Description for account, typically a user's name, e.g. John Doe
$PATH2HOME Directory path to a user's home directory
$SHELL User's shell
$HOST Unqualified host name
$CNAME Alias
$HOSTPASSWORD Network password for host

NIS notes:

It is often recommended that the files in the /etc directory should not be used as the source files for a NIS system. The recommendation is to take copies of these files and store edited versions in an appropriate file system directory (e.g. /export/yp/etc). Unfortunately there is no standard directory for this purpose.

NIS+ notes:

Changing a user's password

As an administrator, when changing a user's password for them, it is also necessary to update the cred.org_dir table. This is most easily done using nisclient -c -o

NIS commands:

ypcat
Display the contents of a NIS table.
ypmatch
Find an entry in a NIS table.
yppush
Copy a NIS map to slave servers.
ypwhich
Find the name of a NIS server.

NIS+ commands:

nisaddcred
Add or delete (-r) NIS+ credentials
niscat
Display the contents of a NIS+ table.
nismatch
Find an entry in a NIS+ table.
nisping
Update replicas
nistbladm
Administer NIS+ table.
nisls
List contents of NIS+ directory

Other Commands

Some other commands relevant to directories that are not specific to a particular directory service:

In Solaris 10, pwck and grpck can be used to check the passwd and group files; the commands can take a parameter which is the name of the file to check which is useful if the source files for NIS are located in a directory other than /etc.

getent is a Solaris command for finding entries from a number of possible directory sources and / or files.

The command domainname in Solaris 10 will display (or set) the domain name for the directory service in use (NIS, NIS+ or DNS).

Notes

The versions of NIS and NIS+ from Sun running on Solaris 10 have been used as a reference. Please note that setting up NIS and NIS+ services is outside the scope of this document. This document does not necessarily advocate the use of NIS or NIS+.

Further information

Sun document: System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) http://docs.sun.com/app/docs/doc/816-4556

Sun document: System Administration Guide: Naming and Directory Services (NIS+) http://docs.sun.com/app/docs/doc/816-4558