NetInfo Planning 31
Controlling NetInfo Data Visibility
If you want certain NetInfo data to be visible to all computers in a NetInfo hierarchy, you’d
store that data in the root domain of the hierarchy. To make NetInfo data visible only to a
subset of computers, store it in a shared domain below the root domain.
You might want to set up shared domains to support computers used by specific groups
within an organization. For example, you could make directories containing programming
applications and files visible only to engineering computers. On the other hand, you could
give technical writers access to directories that store publishing software and document files.
If you want all employees to have access to each other’s home directories, you would store
mount records for all the home directories in the root domain.
Simplifying Changes to NetInfo Data
Organize NetInfo hierarchies so you minimize the number of places data has to change over
time. Devise a plan that addresses how you want to manage such ongoing events as
mnew users joining and leaving your organization
mfile servers being added, enhanced, or replaced
mdirectories being created and reorganized
mprinters being moved among locations
Try to make each domain applicable to all the computers that bind to it so you don’t have to
change or add information in multiple domains. In the educational hierarchy example, all
students may have user records in the Students domain and all employees have accounts in
the Employees domain. As undergraduate students leave or become graduate students, or as
employees are hired or retire, the administrator can make adjustments to user information
by simply editing one domain.
If you have a widespread or complex NetInfo hierarchy in a network that is managed by
several administrators, devise strategies to minimize conflicts. For example, set aside ranges
of user IDs (UIDs) for specific groups of users within the organization to avoid granting file
access to the wrong users (see “User Data Planning” on page 32 for more information).
Identifying Computers for Hosting Shared Domains
Identify the computers on which shared domains should reside. Shared domains affect many
users, so they should reside on Mac OS X computers that
mhave restricted physical access
mhave limited network access
mare configured with features that make them constantly available, such as uninterruptible
power supplies
It’s best to locate shared domains on Mac OS X Servers. They provide more NetInfo data
management applications than computers running Mac OS X.