This "crib sheet" provides a quick reference for administrating NIS and NIS+. Information is presented in a task oriented manner. Commands are summarized in the table below which is followed by explanatory notes. Each task is followed by the command or commands necessary when using local files (e.g. /etc/hosts), NIS and NIS+.

All trademarks are the property of their respective owners.

Task Files NIS NIS+
Managing Users
List users cat /etc/passwd ypcat passwd.byname niscat passwd.org_dir.$DIRECTORY
List UIDs cat /etc/passwd | cut -f3 -d: | sort -n ypcat passwd.byname | cut -f3 -d: | sort -n niscat passwd.org_dir.$DIRECTORY | cut -f3 -d: | sort -n
Find user grep $USERID /etc/passwd ypmatch $USERID passwd.byname nismatch $USERID passwd.org_dir.$DIRECTORY
Add user useradd
  1. add user details to $NIS_SOURCE/passwd $NIS_SOURCE/shadow
  2. /usr/ccs/bin/make /var/yp/Makefile
  1. nistbladm -a name=$USERID passwd=$ENCRYPTED uid=$UID gid=$GID gcos='$DESCRIPTION' home=$PATH2HOME/$USERID shell=$SHELL shadow=:::::: passwd.org_dir.$DIRECTORY
  2. nisclient -c -o $USERID
Change user usermod
  1. edit user details in $NIS_SOURCE/passwd
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm -e column=value '[name=$USERID], passwd.org_dir.$DIRECTORY'


nistbladm -e home=/somewhere/mynewhome '[name=evanst], passwd.org_dir.mydomain.local'

Delete user userdel
  1. delete user details from $NIS_SOURCE/passwd
  2. /usr/ccs/bin/make /var/yp/Makefile
  1. nisaddcred -r $USERID.$DIRECTORY $DIRECTORY
  2. nistbladm -r '[name=$USERID],passwd.org_dir.$DIRECTORY'


nisaddcred -r evanst.mydomain.local mydomain.local

nistbladm -r '[name=evanst],passwd.org_dir.mydomain.local'

note there is no gap between ],passwd

Disable user account passwd -r files -l passwd -r nis -l
Change user's password passwd -r files $USERID passwd -r nis $USERID
  1. passwd -r nisplus $USERID
  2. nisclient -c -o $USERID

See note

Set user defaults useradd -D N/A N/A
Manage Unix Groups
List groups cat /etc/group ypcat group.byname niscat group.org_dir.$DIRECTORY
List GIDs cat /etc/group | cut -f3 -d: | sort -n ypcat group.byname | cut -f3 -d: | sort -n niscat group.org_dir.$DIRECTORY | cut -f3 -d: | sort -n
Add group groupadd
  1. add group details to $NIS_SOURCE/group
  2. /usr/ccs/bin/make /var/yp/Makefile
Delete group groupdel
  1. remove group details from $NIS_SOURCE/group
  2. /usr/ccs/bin/make /var/yp/Makefile
Add user to group usermod -G list-of-secondary- groups
  1. add user to member list for group in $NIS_SOURCE/group
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm -e
Manage netgroups
Add user to netgroup N/A
  1. Add user details in netgroup
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm –a name=’$NETGROUP’ user=’$USERID’ group=’ host=’ domain=’ comment=’ netgroup.org_dir.$DIRECTORY


nistbladm –a name=$NETGROUP user=$USERID netgroup.org_dir.$DIRECTORY

Add a host to a netgroup N/A
  1. Add host details in netgroup
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm –a name=’$NETGROUP’ user=’ group=’ host=’ domain=’ comment=’ netgroup.org_dir.$DIRECTORY


nistbladm –a name=$NETGROUP host=$HOST netgroup.org_dir.$DIRECTORY

Manage Computers
List hosts cat /etc/inet/hosts ypcat hosts.byname niscat hosts.org_dir.$DIRECTORY
Find host grep $HOST /etc/inet/hosts ypmatch $HOST hosts.byname nismatch $HOST hosts.org_dir.$DIRECTORY
Add host Edit /etc/inet/hosts
  1. Add host details in $NIS_SOURCE/hosts
  2. /usr/ccs/bin/make /var/yp/Makefile
  1. nisbtladm –a cname=’$CNAME’ name=’$HOST’ addr=’$IPADDR’ hosts.org_dir.$DIRECTORY
  2. nisclient –c –l $HOSTPASSWORD $HOST
Edit host Edit /etc/inet/hosts
  1. edit host details in $NIS_SOURCE/hosts
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm -e column=value '[name=$HOST],hosts.org_dir.$DIRECTORY'


nistbladm -e alias=anothername '[name=myhost],hosts.org_dir.mydomain.local'

Remove host remove entry from /etc/inet/hosts
  1. remove entry from $NIS_SOURCE/hosts
  2. /usr/ccs/bin/make /var/yp/Makefile
nistbladm –r name=’$HOST’ hosts.org_dir.$DIRECTORY
Manage Directory
Print domain N/A domainname domainname
Set domain N/A domainname $DIRECTORY domainname $DIRECTORY
List master server N/A ypwhich -m niscat -o $DIRECTORY
List directory servers N/A ypcat -k ypservers niscat -o $DIRECTORY
Update slave servers / replicas N/A yppush nisping org_dir.$DIRECTORY

nisping groups_dir.$DIRECTORY

List maps/ tables N/A ypwhich -m nisls org_dir.$DIRECTORY

The following variables have been used:

Variable Meaning
$DIRECTORY Your directory, e.g acme.local
$USERID User id / user name, e.g. jdoe
$NIS_SOURCE Directory containing NIS source files e.g /etc
$ENCRYPTED Encrypted password
$UID User's uid
$GID User's gid (primary group id)
$DESCRIPTION Description for account, typically a user's name, e.g. John Doe
$PATH2HOME Directory path to a user's home directory
$SHELL User's shell
$HOST Unqualified host name
$CNAME Alias
$HOSTPASSWORD Network password for host

NIS notes:

It is often recommended that the files in the /etc directory should not be used as the source files for a NIS system. The recommendation is to take copies of these files and store edited versions in an appropriate file system directory (e.g. /export/yp/etc). Unfortunately there is no standard directory for this purpose.

NIS+ notes:

Changing a user's password

As an administrator, when changing a user's password for them, it is also necessary to update the cred.org_dir table. This is most easily done using nisclient -c -o

NIS commands:

Display the contents of a NIS table.
Find an entry in a NIS table.
Copy a NIS map to slave servers.
Find the name of a NIS server.

NIS+ commands:

Add or delete (-r) NIS+ credentials
Display the contents of a NIS+ table.
Find an entry in a NIS+ table.
Update replicas
Administer NIS+ table.
List contents of NIS+ directory

Other Commands

Some other commands relevant to directories that are not specific to a particular directory service:

In Solaris 10, pwck and grpck can be used to check the passwd and group files; the commands can take a parameter which is the name of the file to check which is useful if the source files for NIS are located in a directory other than /etc.

getent is a Solaris command for finding entries from a number of possible directory sources and / or files.

The command domainname in Solaris 10 will display (or set) the domain name for the directory service in use (NIS, NIS+ or DNS).


The versions of NIS and NIS+ from Sun running on Solaris 10 have been used as a reference. Please note that setting up NIS and NIS+ services is outside the scope of this document. This document does not necessarily advocate the use of NIS or NIS+.

All trademarks are the property of their respective owners.


This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.