Thanks to Robert L. McMillin and Gilles Casavecchia for their responses.
The consensus seems to be that there are no tools which really address
this problem. Dxaccounts appears to quietly limit the line length in
the NIS group file to 256 characters, so it is not adequate. I'm rather
surprised - I didn't think that distributed administration was so nearly
unique.
My original question was as follows:
David and Rhonda Ritch wrote:
> I have a fairly large network, which will be administered by several
> people, who are physically located in different offices. We are using
>
> NIS, and have a heterogeneous network including DEC alphas, Sun
> machines, and HP's. Our master NIS server is a DEC alpha running
> Digital Unix 4.0B.
>
> Here is the problem I am trying to solve. I would like to provide
> some
> mechanism to protect the master nis source files against inadvertent
> corruption. I would like to prevent typos, and provide a way to back
> out changes if they cause a problem. My first attempt at a solution
> to
> this was to use RCS or SCCS - possibly in suid mode with access lists
> -
> so that we could have a preserved file history in case we needed to
> back
> off a change in a hurry. However, the users *can* modify their
> passwords using yppasswd, and I don't want to overwrite this by
> checking
> out the password file to edit it. My next attempt was to use
> dxaccounts
> for passwd - and I found that it also controls the group file. This
> provides file locking and prevents glaring typos, and appeared to be a
>
> good solution. It doesn't provide an undo facility, but its nature
> prevents the sort of typographical error that most concerns me. But
> then I discovered that it corrupts our group file. Specifically,
> large
> groups are split into several smaller groups with the same name and
> gid. dxaccounts transparently merges these into a single group, but
> the
> rest of Digital Unix does not.
>
> So, my question is this. Do you have any suggestions to address this
> problem?
>
> Thank you,
>
> David Ritch
Received on Wed Jul 23 1997 - 07:44:41 NZST