From f274239ba025e0ac5966aeed7f12012970331e97 Mon Sep 17 00:00:00 2001 From: Garrett Wollman Date: Tue, 20 Sep 1994 22:44:37 +0000 Subject: [PATCH] Documented YP functionality, part II. --- share/man/man5/group.5 | 40 ++++++++++++++++++--- share/man/man5/passwd.5 | 79 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 109 insertions(+), 10 deletions(-) diff --git a/share/man/man5/group.5 b/share/man/man5/group.5 index 958494b31b1a..a785743544ca 100644 --- a/share/man/man5/group.5 +++ b/share/man/man5/group.5 @@ -29,9 +29,10 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)group.5 8.3 (Berkeley) 4/19/94 +.\" From: @(#)group.5 8.3 (Berkeley) 4/19/94 +.\" $Id$ .\" -.Dd April 19, 1994 +.Dd September 29, 1994 .Dt GROUP 5 .Os .Sh NAME @@ -100,16 +101,40 @@ entry and does not need to be added to that group in the .\" char **gr_mem; /* group members */ .\" }; .\" .Ed +.Sh YP/NIS INTERACTION +The +.Pa /etc/group +file can be configured to enable the YP/NIS group database. +An entry whose +.Ar name +field consists of a plus sign (`+') followed by a group name, will be +replaced internally to the C library with the YP/NIS group entry for the +named group. An entry whose +.Ar name +field consists of a single plus sign with no group name following, +will be replaced with the entire YP/NIS +.Dq Li group.byname +map. +.Pp +If the YP/NIS group database is enabled for any reason, all reverse +lookups (i.e., +.Fn getgrgid ) +will use the entire database, even if only a few groups are enabled. +Thus, the group name returned by +.Fn getgrgid +is not guaranteed to have a valid forward mapping. .Sh FILES .Bl -tag -width /etc/group -compact .It Pa /etc/group .El .Sh SEE ALSO -.Xr setgroups 2 , -.Xr initgroups 3 , .Xr crypt 3 , +.Xr getgrent 3 , +.Xr initgroups 3 , .Xr passwd 1 , -.Xr passwd 5 +.Xr passwd 5 , +.Xr setgroups 2 , +.Xr yp 4 .Sh BUGS The .Xr passwd 1 @@ -121,3 +146,8 @@ A .Nm file format appeared in .At v6 . +The YP/NIS functionality is modeled after +.Tn SunOS +and first appeared in +.Tn FreeBSD +1.1. diff --git a/share/man/man5/passwd.5 b/share/man/man5/passwd.5 index 584bc272cd3c..238ae568d111 100644 --- a/share/man/man5/passwd.5 +++ b/share/man/man5/passwd.5 @@ -29,9 +29,10 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)passwd.5 8.1 (Berkeley) 6/5/93 +.\" From: @(#)passwd.5 8.1 (Berkeley) 6/5/93 +.\" $Id$ .\" -.Dd June 5, 1993 +.Dd September 29, 1994 .Dt PASSWD 5 .Os .Sh NAME @@ -152,16 +153,77 @@ If there is nothing in the field, the Bourne shell .Pq Pa /bin/sh is assumed. +.Sh YP/NIS INTERACTION +The +.Pa /etc/passwd +file can be configured to enable the YP/NIS group database. +An entry whose +.Ar name +field consists of a plus sign (`+') followed by a login name, will be +replaced internally to the C library with the YP/NIS password entry for the +named group. An entry whose +.Ar name +field consists of a single plus sign with no login name following, +will be replaced with the entire YP/NIS +.Dq Li passwd.byname +map. +.Pp +If any fields other than the login name are left empty, they +will be used to override the YP/NIS database's values. So, for +example, an +.Pa /etc/master.passwd +entry of: +.Bd -literal -offset indent ++:::::::::/etc/noaccess + +.Ed +would use the entire contents of the YP/NIS password database, but +each entry would have its designated shell replaced by +.Pa /etc/noaccess +(presumably, a program to tell those users that they are not allowed to +access the machine). +This is the only way to specify values for the fields which are not +present in the Sixth Edition format used by YP/NIS. +.Pp +If the YP/NIS password database is enabled for any reason, all reverse +lookups (i.e., +.Fn getpwuid ) +will use the entire database, even if only a few logins are enabled. +Thus, the login name returned by +.Fn getpwuid +is not guaranteed to have a valid forward mapping. +.Sh FILES +.Bl -tag -width /etc/master.passwd -compact +.It Pa /etc/passwd +ASCII password file, with passwords removed +.It Pa /etc/pwd.db +.Xr db 3 -format +password database, with passwords removed +.It Pa /etc/master.passwd +ASCII password file, with passwords intact +.It Pa /etc/spwd.db +.Xr db 3 -format +password database, with passwords intact +.El .Sh SEE ALSO +.Xr adduser 8 , .Xr chpass 1 , +.Xr getpwent 3 , .Xr login 1 , .Xr passwd 1 , -.Xr getpwent 3 , -.Xr adduser 8 , .Xr pwd_mkdb 8 , -.Xr vipw 8 +.Xr vipw 8 , +.Xr yp 4 .Sh BUGS User information should (and eventually will) be stored elsewhere. +.Pp +The YP/NIS password database makes encrypted passwords visible to +ordinary users, thus making password cracking easier. +.Pp +The YP/NIS password database is in old-style (Sixth Edition) format, +and so cannot specify site-wide values for user login class, password +expiration date, and other fields present in the current format and +not in the old. .Sh COMPATIBILITY The password file format has changed since 4.3BSD. The following awk script can be used to convert your old-style password @@ -184,3 +246,10 @@ A .Nm file format appeared in .At v6 . +The YP/NIS functionality is modeled after +.Tn SunOS +and first appeared in +.Tn FreeBSD +1.1. The override capability is new in +.Tn FreeBSD +2.0.