dms@ai.mit.edu (David M. Siegel) (10/08/90)
There are several administration problems with SunOS that I've mentioned to Sun over the years that are still not corrected in the latest release. Let me mention a few of them here. The printer software (lpd/lpr/lpq) doesn't use an NIS map for "/etc/printcap", and that the "/usr/spool/printer" directories should be created on demand. There are a few other files in "/etc" that should also be under NIS control, to make client maintenance easier. (I've been told the 386 release of SunOS printer software has NIS support, it just never made it into the standard release.) Another problem is with the /etc/exports file. Not all the fields in the file can take a netgroup. For example, the "root=" directive only accepts hosts, while the "access=" directive can take netgroups or hosts. Why can't "root=" also accept a netgroup? The netgroup "(,,domain)" wildcards on all hosts in the Internet, not just the hosts in the particular domain. So, if we want to give "access=all", where "all" is a netgroup of all the hosts in our domain, we must created a netgroup listing, explicitly, all our hosts. This is inconvenient for our site, as we have over 200 machines that need to be listed. The problem is even worse because netgroup entries are limited in size to 1K or so. To create the "all" group requires making a tree of netgroups! One other limitation with netgroups is that they only work when you're running NIS. For sites that don't run NIS, it would be nice to support the netgroup mechanism using the local /etc/netgroup file. We had wanted to be able to support hosts that allow users from multiple domains to login to certain hosts. To do this, we created two netgroups called, say, users1=(,,site1) and users2=(,,site2). In the password file on a particular host, we allowed access to users in netgroup users1 and users2. It turns out that this doesn't work at all. The question I have then is, what is the domain portion of a netgroup used for? These are just the most annoying problems that we've had, not the only ones. I mention them now simply because our 4.1 conversion is fresh on my mind. I'm curious, do other people run up against problems like these? How do you get around them? Do sites normally report these issues to Sun? -Dave