I have just been informed about something that we have been discussing recently on toasters. The issue was exports allowing NIS netgroups to be used in the rw= and root= options on the exports of file systems. The above RFE was posted
7 YEARS AGO
Woohoo! Is that a record or something? :-)
But remember, the "R" in RFE is for Request...
What I'm curious about is who was the original submitter? I wonder if it was one of the old Teleport gang. We had our first filer in '95, eh Darrell? We put in tons of feedback and sent in our share of core files... we whined/commented about how quotas worked (or, sometimes failed to), about wanting multiple volumes, about hot spots in mixed-size RAID groups, about their list of Woody Allen movies... :-)
The reason for not allowing this was sited as performance issues. Well, we have come an awful long way with speed and abilities in this time. I think it is just plain silly that this RFE has been ignored for so long. Solaris allows this now and I don't think the issue will be resolved until enough people complain.
I agree it would be a nice feature. Of course, they do allow you to have a "files" backend for netgroups - does Solaris allow that yet? Not through Solaris 7, anyway...
Maybe to mitigate the netgroup lookup on every access they could simply cache the netgroups map on a schedule, like they do with regular groups? That seems a reasonable compromise between performance and new functionality. In your NIS Makefile you could add the appropriate [rs]sh command to invoke an immediate refresh if you're impatient... or, heck, let's just put in an RFE to have ONTAP be able to act as its own NIS slave server, so any time you push updates the filer could cache 'em locally, and just bind to itself. :-)
Yeah, I know, that's Silly. NIS has been dead for 6 of those 7 years, but it's like a comfortable old pair of sneakers. They're stinky and beat up and have holes in 'em, but you keep wearin' 'em. Maybe they secretly hoped to let this RFE die of old age, but they "misunderestimated" how stubborn old Sun hacks can be. :-) Perhaps we should start lobbying for having ONTAP allow LDAP backends in nsswitch.conf? Maybe when that happens I for one might start taking LDAP a little more seriously and think about fiiiinally dumping NIS...
-- Chris "I don't care what the people say, ASCII config files are here to stay!"
-- Chris Lamb, Unix Guy MeasureCast, Inc. 503-241-1469 x247 skeezics@measurecast.com