Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-4.1.3)
Apropos / Subsearch:
optional field

IDLOAD(8)                   System Manager's Manual                  IDLOAD(8)

       idload - RFS user and group mapping

       idload [ -n ] [ -g g_rules ] [ -u u_rules ] [ directory ]

       This  program  is  available with the RFS software installation option.
       Refer to for information on how to install optional software.

       idload is used on Remote File Sharing (RFS) servers to  build  transla-
       tion  tables  for  user  and  group IDs.  It takes your /etc/passwd and
       /etc/group files and produces translation tables for user and group IDs
       from  remote  machines,  according to the rules set down in the u_rules
       and g_rules files.  If you are mapping by user and group name, you will
       need  copies  of  remote /etc/passwd and /etc/group files.  If no rules
       files are specified, remote user and group IDs are mapped to  MAXUID+1.
       This  is  an  ID  number that is one higher than the highest number you
       could assign on your system.

       By default, the remote password and group files are assumed  to  reside
       in   /usr/nserve/auth.info/domain/host/[passwd|group].   The  directory
       argument  indicates  that   some   directory   structure   other   than
       /usr/nserve/auth.info  contains the domain/host passwd and group files.
       host is the name of the host the files  are  from  and  domain  is  the
       domain where host can be found.

       This command is restricted to the super-user.

       This  command  is run automatically when the first remote mount is done
       of a remote resource (see mount(8)).

       If any of the following are true, an error  message  will  be  sent  to
       standard error.

              o  Neither rules files can be found or opened.

              o  There are syntax errors in the rules file.

              o  There are semantic errors in the rules file.

              o  Host information could not be found.

              o  The command is not run with super-user privileges.

       Partial  failures  will display a warning message, although the process
       will continue.

       -n          Do not produce a translation table, however, send a display
                   of  the ID mapping to the standard out.  This is used to do
                   a trial run of the mapping.

       -u u_rules" The u_rules file contains the rules for  user  ID  transla-
                   tion.        The       default      rules      file      is

       -g g_rules  The g_rules file contains the rules for group  ID  transla-
                   tion.        The       default      rules      file      is

       The rules files have two types of sections, both optional:  global  and
       host.   There  can  be only one global section, though there can be one
       host section for each host you want to map.

       The global section describes the default conditions for translation for
       any  machines that are not explicitly referenced in a host section.  If
       the global section is missing, the default action is to map all  remote
       user and group IDs from undefined hosts to MAXUID+1.  The syntax of the
       first line of the global section is:


       A host section is used for each client machine  or  group  of  machines
       that you want to map differently from the global definitions.  The syn-
       tax of the first line of each host section is:

              where  name  is  replaced  by  the  full  name(s)  of   a   host

       The format of a rules file is described below.  All lines are optional,
       but must appear in the order shown.
              default local | transparent
              [remote_id-remote_id] | [remote_id]
              map [remote_id:local]

              host domain.hostname [domain.hostname...]
              default local | transparent
              exclude [remote_id-remote_id] | [remote_id] | [remote_name]
              map [remote:local] | remote | all
       Each of these instruction types is described below.

       The line

              default local | transparent

       defines the mode of mapping for remote users that are not  specifically
       mapped  in  instructions  in  other  lines.  transparent means that all
       remote user and group IDs will have  the  same  numeric  value  locally
       unless  they  appear in the exclude instruction.  local can be replaced
       by a local user name or ID to map all users  into  a  particular  local
       name  or ID number.  If the default line is omitted, all users that are
       not specifically mapped are mapped into a "special guest" login ID .

       The line

              exclude [remote_id-remote_id] | [remote_id] | [remote_name]

       defines remote IDs that will be excluded from the default mapping.  The
       exclude  instruction must precede any map instructions in a block.  You
       can use a range of ID numbers, a single ID number, or  a  single  name.
       (remote_name cannot be used in a global block.)

       The line

              map [remote:local] | remote | all

       defines  the  local  IDs  and  names  that remote IDs and names will be
       mapped into.  remote is either a remote ID number or remote name; local
       is  either  a local ID number or local name.  Placing a colon between a
       remote and a local will give the value on the left the  permissions  of
       the  value  on  the  right.  A single remote name or ID will assign the
       user or group permissions of the same local name or ID.  all is a  pre-
       defined  alias for the set of all user and group IDs found in the local
       /etc/passwd and /etc/group files.  You cannot map  by  remote  name  in
       global blocks.

       Note:  idload  will always output warning messages for `map all', since
       password files always contain multiple administrative user  names  with
       the  same  ID  number.  The first mapping attempt on the ID number will
       succeed, all subsequent attempts will fail.

       RFS does not need to be running to use idload.

       On successful completion, idload will produce one or  more  translation
       tables  and return a successful exit status.  If idload fails, the com-
       mand will return an unsuccessful exit status without producing a trans-
       lation table.



                                 30 June 1988                        IDLOAD(8)