doc:appunti:linux:sa:nis
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
doc:appunti:linux:sa:nis [2020/05/13 10:15] – [Name Service Switch] niccolo | doc:appunti:linux:sa:nis [2020/12/16 14:52] – [NIS users unable to poweroff/reboot or manage printers] niccolo | ||
---|---|---|---|
Line 220: | Line 220: | ||
< | < | ||
IPAddressDeny=any | IPAddressDeny=any | ||
+ | </ | ||
+ | |||
+ | ====== NIS users unable to poweroff/ | ||
+ | |||
+ | We experienced a problem with an **Ubuntu 20.04** Focal Fossa used as **NIS client**: some tasks were inhibited because the user - despite it was **logged-in locally** on the physical machine - it was considered **as a remote** one. | ||
+ | |||
+ | FIXME What the errors? | ||
+ | |||
+ | It turned out that the **[[https:// | ||
+ | |||
+ | One solution is to create a file on the NIS client, name **/ | ||
+ | |||
+ | < | ||
+ | [Allow Printer administration for NIS users] | ||
+ | Identity=unix-group: | ||
+ | Action=org.opensuse.cupspkhelper.mechanism.* | ||
+ | ResultAny=yes | ||
+ | |||
+ | [Allow halt power-off and reboot for NIS users] | ||
+ | Identity=unix-group: | ||
+ | Action=org.freedesktop.login1.halt*; | ||
+ | ResultAny=yes | ||
+ | </ | ||
+ | |||
+ | The syntax of the file is explained into the **[[https:// | ||
+ | |||
+ | First of all usint the **Identity** option we select the users interested into that policy. For managing printers we required the user to belong to the **lpadmin** and **adm** groups. The first group is the standard Debian group to manage printers, whereas the **adm** group is an arbitrary group assigned to some users by the NIS server (see the page **[[https:// | ||
+ | |||
+ | For the **Action** part we had to discover the name of the printer management and the poweroff/ | ||
+ | |||
+ | < | ||
+ | pkaction | grep cupspkhelper | ||
+ | org.opensuse.cupspkhelper.mechanism.all-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.class-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.devices-get | ||
+ | org.opensuse.cupspkhelper.mechanism.job-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.job-not-owned-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-enable | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-local-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-remote-edit | ||
+ | org.opensuse.cupspkhelper.mechanism.printer-set-default | ||
+ | org.opensuse.cupspkhelper.mechanism.printeraddremove | ||
+ | org.opensuse.cupspkhelper.mechanism.server-settings | ||
+ | </ | ||
+ | |||
+ | For the reboot/ | ||
+ | |||
+ | < | ||
+ | org.freedesktop.login1.halt | ||
+ | org.freedesktop.login1.hibernate | ||
+ | org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.reboot | ||
+ | org.freedesktop.login1.suspend | ||
+ | </ | ||
+ | |||
+ | each of them have some sub-actions: | ||
+ | |||
+ | < | ||
+ | pkaction | grep org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.power-off | ||
+ | org.freedesktop.login1.power-off-ignore-inhibit | ||
+ | org.freedesktop.login1.power-off-multiple-sessions | ||
+ | </ | ||
+ | |||
+ | Finally the problem-solving option is **ResultAny**, | ||
+ | |||
+ | < | ||
+ | ResultAny=no | ||
+ | ResultInactive=no | ||
+ | ResultActive=yes | ||
</ | </ |
doc/appunti/linux/sa/nis.txt · Last modified: 2020/12/16 16:27 by niccolo