idload(1M) (Remote File Sharing Utilities) idload(1M)
NAME
idload - Remote File Sharing user and group mapping
SYNOPSIS
idload [-n] [-g g_rules] [-u u_rules] [directory]
idload -k
DESCRIPTION
idload is used on Remote File Sharing server machines to build
translation tables for user and group ids. It takes your /etc/passwd
and /etc/group files and produces translation tables for user and
group ids from remote machines, according to the rules set down in
the u_rules and g_rules files. If you are mapping by user and group
name, you will need copies of remote /etc/passwd and /etc/group
files. If no rules files are specified, remote user and group ids
are mapped to MAXUID+1 (this is an id number that is one higher than
the highest number you could assign on your system.)
By default, the remote password and group files are assumed to reside
in /etc/rfs/auth.info/domain/nodename/[passwd| group]. The directory
argument indicates that some directory structure other than
/etc/rfs/auth.info contains the domain/nodename passwd and group
files. (nodename is the name of the computer the files are from and
domain is the domain that computer is a member of.)
You must run idload to put the mapping into place. Global mapping
will take effect immediately for machines that have one of your
resources currently mounted. Mapping for other specific machines
will take effect when each machine mounts one of your resources.
-n This is used to do a trial run of the id mapping. No
translation table will be produced, however, a display of the
mapping is output to the terminal (stdout).
-k This is used to print the idmapping that is currently in use.
(Specific mapping for remote machines will not be shown until
that machine mounts one of your resources.)
-u u_rules
The u_rules file contains the rules for user id translation.
The default rules file is /etc/rfs/auth.info/uid.rules.
-g g_rules
The g_rules file contains the rules for group id translation.
The default rules file is /etc/rfs/auth.info/gid.rules.
This command is restricted to the super-user.
Rules
The rules files have two types of sections (both optional): global
and host. There can be only one global section, though there can be
7/91 Page 1
idload(1M) (Remote File Sharing Utilities) idload(1M)
one host section for each computer you want to map.
The global section describes the default conditions for translation
for any machines that are not explicitly referenced in a host
section. If the global section is missing, the default action is to
map all remote user and group ids from undefined computers to
MAXUID+1. The syntax of the first line of the global section is:
global
A host section is used for each machine or group of machines that you
want to map differently from the global definitions. The syntax of
the first line of each host section is:
host name ...
where name is replaced by the full name of a computer
(domain.nodename).
The format of a rules file is described below. (All lines are
optional, but must appear in the order shown.)
global
default local | transparent
exclude remote_id-remote_id | remote_id
map remote_id:local
host domain.nodename [domain.nodename...]
default local | transparent
exclude remote_id-remote_id | remote_id | remote_name
map remote:local | remote | all
Each of these instruction types is described below.
The line
default local | transparent
defines the mode of mapping for remote users that are not
specifically mapped in instructions in other lines. transparent
means that each remote user and group id will have the same numeric
value locally unless it appears in the exclude instruction. local
can be replaced by a local user name or id to map all users into a
particular local name or id number. If the default line is omitted,
all users that are not specifically mapped are mapped into a "special
guest" login id.
The line
Page 2 7/91
idload(1M) (Remote File Sharing Utilities) idload(1M)
exclude remote_id-remote_id | remote_id | remote_name
defines remote ids that will be excluded from the default mapping.
The exclude instruction must precede any map instructions in a block.
You can use a range of id numbers, a single id number, or a single
name. (remote_name cannot be used in a global block.)
The line
map remote:local | remote | all
defines the local ids and names that remote ids and names will be
mapped into. remote is either a remote id number or remote name;
local is either a local id number or local name. Placing a colon
between a remote and a local will give the value on the left the
permissions of the value on the right. A single remote name or id
will assign the user or group permissions of the same local name or
id. all is a predefined alias for the set of all user and group ids
found in the local /etc/passwd and /etc/group files. (You cannot map
by remote name in global blocks.)
Note: idload will always output warning messages for map all, since
password files always contain multiple administrative user names with
the same id number. The first mapping attempt on the id number will
succeed, each subsequent attempts will produce a warning.
Remote File Sharing doesn't need to be running to use idload.
EXIT STATUS
On successful completion, idload will produce one or more translation
tables and return a successful exit status. If idload fails, the
command will return an exit status of zero and not produce a
translation table.
ERRORS
If (1) either rules file cannot be found or opened, (2) there are
syntax errors in the rules file, (3) there are semantic errors in the
rules file, (4) host password or group information could not be
found, or (5) the command is not run with super-user privileges, an
error message will be sent to standard error. Partial failures will
cause a warning message to appear, though the process will continue.
FILES
/etc/passwd
/etc/group
/etc/rfs/auth.info/domain/nodename/[user| group]
/etc/rfs/auth.info/uid.rules
/etc/rfs/auth.info/gid.rules
7/91 Page 3
idload(1M) (Remote File Sharing Utilities) idload(1M)
SEE ALSO
mount(1M).
"Remote File Sharing" chapter of the System Administrator's Guide for
detailed information on ID mapping.
Page 4 7/91