idload(8) CLIX idload(8)
NAME
idload - Remote File Sharing user and group mapping
SYNOPSIS
idload [-n] [-g g_rules] [-u u_rules] [directory]
idload -k
FLAGS
-n Used to do a trial run of the ID mapping. No translation
table will be produced but the output is displayed at the
terminal (stdout).
-k Used to display the idmapping that is currently in use.
(Specific mapping for remote machines will not be shown until
that machine mounts one of your resources.)
-u u_rules The u_rules file contains the rules for user ID translation.
-g g_rules The g_rules file contains the rules for group ID translation.
DESCRIPTION
The idload command is used on Remote File Sharing (RFS) server machines to
build translation tables for user and group IDs.
The idload command takes the /etc/passwd and /etc/group files and produces
translation tables for user and group IDs from remote machines, according
to the rules set down in the u_rules and g_rules files. If you are
mapping by user and group name, you will need copies of remote /etc/passwd
and /etc/group files. If no rules files are specified, remote user and
group IDs are mapped to MAXUID+1 (this is an ID number that is one higher
than the highest number you could assign on your system.)
By default, the remote password and group files are assumed to reside in
/usr/nserve/auth.info/domain/nodename/[passwd|group]. The directory
argument indicates that some directory structure other than
/usr/nserve/auth.info contains the domain/, nodename, passwd, and group
files. (The nodename argument is the name of the computer from which the
files originate and domain is the domain to which the computer belongs.)
You must run idload to put the mapping into place. Global mapping will
take effect immediately for machines that have one of your resources
currently mounted. Mapping for other specific machines will take effect
when each machine mounts one of your resources.
The idload command is restricted to use by the superuser.
2/94 - Intergraph Corporation 1
idload(8) CLIX idload(8)
Rules
The rules files have two types of sections (both optional): global and
host. There can be only one global section, though there can be one host
section for each computer you want to map.
The global section describes the default conditions for translation for
any machines that are not explicitly referenced in a host section. If the
global section is missing, the default action is to map all remote user
and group ids from undefined computers to MAXUID+1. The syntax of the
first line of the global section is:
global
A host section is used for each machine or group of machines that you want
to map differently from the global definitions. The syntax of the first
line of each host section is:
host name ...
where name is replaced by the full name of a computer (domain.nodename).
The format of a rules file is described below. (All lines are optional,
but must appear in the order shown.)
global
default local | transparent
exclude remote_id-remote_id | remote_id
map remote_id:local
host domain.nodename [domain.nodename ... ]
default local | transparent
exclude remote_id-remote_id | remote_id | remote_name
map remote:local | remote | all
Each of these instruction types is described below.
The line
default local | transparent
defines the mode of mapping for remote users that are not specifically
mapped in instructions in other lines. The transparent entry means that
each remote user and group ID will have the same numeric value locally
unless it appears in the exclude instruction. The local argument can be
replaced by a local username or ID to map all users into a particular
local name or ID number. If the default line is omitted, all users that
are not specifically mapped are mapped into a special guest login ID.
The line
2 Intergraph Corporation - 2/94
idload(8) CLIX idload(8)
exclude remote_id-remote_id | remote_id | remote_name
defines remote_id(s) that will be excluded from the default mapping. The
exclude instruction must precede any map instructions in a block. You can
use a range of ID numbers, a single ID number, or a single name. (the
remote_name cannot be used in a global block.)
The line
map remote:local | remote | all
defines the local IDs and names into which remote IDs and names will be
mapped. The remote argument is either a remote_id number or remote_name;
the local argument is either a local_id number or local_name. Placing a
colon between a remote and a local will give the value on the left the
permissions of the value on the right. A single remote_name or remote_id
will assign the user or group permissions of the same local_name or
local_id. The all alias is predefined for the set of all user and group
ids found in the local /etc/passwd and /etc/group files. (You cannot map
by remote_name in global blocks.)
Remote File Sharing does not need to be running to use idload.
EXAMPLES
The following examples of mapping involve only remote ID numbers.
1. In this example, all remote_IDs for users will be mapped into the same
user ID permissions on your host, except for root (ID number 0), which
would only have special guest permissions.
global
default transparent
exclude 0
2. In this example, users have the same permissions as in the previous
example. The exception is that user IDs 0 through 100 will have
MAXID+1 permissions, and any user ID 732 would have the same
permission as local user ID 106.
global
default transparent
exclude 0-100
map 732:106
3. In this example, users from host fee, in other words, nodename fee, in
domain graph will not be mapped by the global rules. Instead, all
users will have the permissions of local user mpg and only user IDs
0-50 will have MAXID+1 permissions.
2/94 - Intergraph Corporation 3
idload(8) CLIX idload(8)
global
default transparent
exclude 0-100
map 732:106
host graph.fee
default mpg
exclude 0-50
4. In this example, all users from the host (in other words, nodename)
will be mapped into their same user IDs with the following exceptions:
⊕ Remote user mcn will have the permission of local user jcb
⊕ Remote user rall will have the permissions of local user ral and
⊕ Remote user gwn will have the permissions of local user ID 103.
global
default transparent
exclude 0
host graph.fee
default transparent
exclude 0
map mcn:jcb rall:ral gwn:103
FILES
/etc/passwd
/etc/group
/usr/nserve/auth.info/domain/nodename/[passwd|group]
/usr/nserve/auth.info/uid.rules
/usr/nserve/auth.info/gid.rules
NOTES
The idload command will always display warning messages for map all, since
password files always contain multiple administrative usernames with the
same ID number. The first mapping attempt on the ID number will succeed,
each subsequent attempt will produce a warning.
DIAGNOSTICS
An error message will be sent to stderr if:
4 Intergraph Corporation - 2/94
idload(8) CLIX idload(8)
⊕ Either rules file cannot be found or opened
⊕ There are syntax errors in the rules file
⊕ There are semantic errors in the rules file
⊕ The host password or group information could not be found or
⊕ The command is not run with superuser privileges.
Partial failures will cause a warning message to appear, though the
process will continue.
EXIT VALUES
The idload command exits with a value of 0 if successful. It will exit
with a value of 1 under the following conditions:
⊕ The user who invokes idload is not root.
⊕ The user incorrectly specified the command line arguments.
⊕ The idload command is unable to access mapping information for the
process/program in question.
RELATED INFORMATION
Commands: mount(8)
AT&T UNIX System V System Administrator's Guide
2/94 - Intergraph Corporation 5