Subject: recent changes to YP.
To: None <current-users@NetBSD.ORG>
From: Phil Nelson <phil@steelhead.cs.wwu.edu>
List: current-users
Date: 08/02/1995 17:00:51
Recently, I committed several changes to the YP support in the getpwent() 
and getgrent() suites.  These changes allow SunOS-style YP inclusions and 
exclusions in the passwd file and individual group inclusions in the 
group file.

If you are not using YP, you do not need to rebuild the passwd database.
If you are using YP, it is recommended, but not required that you
rebuild the passwd database.  (You should if you want to make use of any 
of the new fetures.)  pwd_mkdb(8) inserts a special token 
into the database to tell getpw*() whether or not YP tokens are in the 
database, speeding lookups greatly; YP requires that the passwd file be 
read sequentially, but if no YP tokens are present, regular hash lookups 
occur.  Other than that, the db files are completely backwards-compatible
with the old.

Examples:

If you wish to include or exclude individuals or netgroups in the passwd 
file, the following formats should be used (while in vipw(8); note that 
the entries may look different in /etc/passwd after pwd_mkdb has munged 
them):

	-luser::::::::
	-@BOZOS::::::::
	+niceguy::::::::
	+@STAFF::::::::
	+::::::::/usr/bin/false

The first entry excludes the user `luser'.  The second entry excludes all 
of the users in the netgroup `BOZOS'.  The third entry includes the user 
`niceguy'.  The fourth entry includes all the users in the netgroup 
`STAFF'.  The fifth entry catches everyone else, but gives them the shell 
`/usr/bin/false'.  For a detailed list of which portions of a passwd 
entry may be overridden with the YP prototype, see passwd(5).  Also, make 
sure to read group(5) for details on changes to the group file.

(Thanks to Jason Downs for the implementation.)

-- 
Phil Nelson
phil@steelhead.cs.wwu.edu (NetBSD/pc532 machine)
phil@cs.wwu.edu (work)
http://www.cs.wwu.edu/~phil