Automount/netgroup/NIS interaction problem

Andrew C. Pineda pineda at ronis.chem.mcgill.ca
Fri Mar 22 07:31:00 AEST 1991 

We have two NIS/YP master servers (one a sun3-180 running SunOs 4.1.1, the
other a sun386i running SunOs 4.0.2, the NIS/YP domains chem2.mcgill.ca
and YP.chem.mcgill.ca, respectively) in our Internet sub-domain,
chem.mcgill.ca, and we are experiencing a minor problem configuring the
/etc/exports file using netgroups defined in the /etc/netgroup file. We
are trying to configure the sun386i so that it will export portions of its
file systems to selected machines or better yet selected users/machines on
our net (which include the sun3-180 and its diskfull/diskless clients).
The sun3-180 serves its clients without difficulty.

   To this end we set up the following entry in /etc/netgroup:

ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,YP.chem.mcgill.ca)

(this should work if the sun386i thinks sun3-client is part of it's YP
domain) and put the following line in /etc/exports:

/export/home/users/user1 -access=ourmachines

This does not work!!!  Changing the entry in /etc/netgroup to any of

ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,chem2.mcgill.ca)

(the line above should work if the sun386i thinks sun3-client is part of
the sun3-180's NIS domain)

or

ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,chem.mcgill.ca)

(the line above should work if the sun386i thinks sun3-client is part of
the Internet domain)

or

ourmachines (sun386i,,YP.chem.mcgill.ca) (sun3-client,,)

(the line above should not care what domain sun3-client is in)

or finally

ourmachines (sun386i,,YP.chem.mcgill.ca) (,sun386-user,)

(the line above should only care about the user and not the domain or
host) also does not work. (We remade the NIS/YP netgroup maps on the
sun386i each time and re-exported everything when we made each change.)

The only thing that seems to work is changing the line in /etc/exports to
read:

/export/home/users/user1 -access=ourmachines:sun3-client

with

ourmachines (sun386i,,YP.chem.mcgill.ca)

or simply removing the access restrictions entirely.

By the way the machines are listed in each others /etc/hosts
files as:

IP#            sun3-180 sun3-180.chem.mcgill.ca
IP#            sun3-client sun3-client.chem.mcgill.ca
IP#            sun386i sun386i.chem.mcgill.ca

Also both servers use are set up to use domain name resolver services from
a nameserver on our network for names not in their local NIS/YP databases.

What are we doing wrong? Or is this a bug?  None of our local Unix gurus
have a clue. Should we turn the sun386i into a slave server or is there
another solution?

        Sincerely,
          Andy Pineda
	  <pineda at ronis.chem.McGill.CA> --- <(514) 398-7382>

PS - I just noticed another weird thing when automounting files on the
sun3-180 from the sun386i and a sun4-client (SunOS 4.1,diskful,NIS DOMAIN
chem2.mcgill.ca) of the sun3-180. I get access to one file system that I
to which I should not get access and don't get access to one that I should
be able to access.

The sun3-180 defines two netgroup domains as

domain (sun3-client1,,chem2.mcgill.ca) (sun3-client2,,chem2.mcgill.ca) ...

(note that "domain" does not include the sun386i or the sun4-client)

department (sun386i,,chem2.mcgill.ca) (sun4-client,,chem2.mcgill.ca) domain

or in another attempt

department (sun386i,,YP.chem.mcgill.ca) (sun4-client,,chem2.mcgill.ca) domain

and exports two of its filesystems as

/files1 -access=department
/files2 -access=domain

Guess what happens? The sun386i can access /files2 but not
/files1. This is WRONG!!!  The sun4-client can access /files1 but
not /files2 which is the CORRECT behavior.

It's looking more and more like a bug to me.

More information about the Comp.sys.sun mailing list