lid_and_priv(4)


lid_and_priv -- distributed filesystem security database

Synopsis

/etc/dfs/lid_and_priv

Description

/etc/dfs/lid_and_priv is the Distributed Filesystem (DFS) security database. It acts as a mechanism that allows network administrators to control access to RFS and NFS® resources on a server.

File entries have the format

   domainname  hostname  level_name  priv_list
where:

domainname
Indicates the name of an RFS client's domain. A dash (-) in the field indicates that the domain is the same as the server's local domain. The domainname field is ignored by NFS.

hostname
Indicates the client's machine name.

level_name
Indicates the security label, or its alias, assigned to requests from a client. A dash (-) in the level_name field indicates the default behavior.

priv_list
A comma-separated list of privileges that the server will accept from the client. If the network administrator wants to accept the same privileges assigned to the process on the client side, then the field should contain the entry allprivs. See the intro(2) manual page for a complete list of privileges and their meanings.
The special character ``*'' can be used in a file entry to set up new default values. By specifying ``*'' in the domainname and hostname fields, the network administrator indicates that the values in the level_name and priv_list fields in that same entry are to be used as defaults, overriding the system-defined defaults.

The dash special character (-) is a placeholder. It can be used in a file entry in either or both of the fields level_name and priv_list to indicate that the label and/or privileges assigned to the client are the same as the defaults.

The contents of lid_and_priv must be loaded into the kernel whenever changes are made to the file. A network administrator loads the contents of the file into the kernel by running the lidload(1M) command. When lidload in run, all changes in the database immediately affect all NFS resources. All RFS resources are affected immediately as well, with the exception of those with open files, which are affected once the files are closed and re-opened.

Usage

It is possible for the same RFS client to have more than one entry in lid_and_priv, with a different domain indicated in each entry. NFS clients should have only one entry each. If an NFS client has two entries in the file, a warning message is printed and NFS acts on the information in the first entry.

References

intro(2), lidload(1M)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004