diff options
author | sheldonh <sheldonh@FreeBSD.org> | 2000-03-01 14:09:25 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 2000-03-01 14:09:25 +0000 |
commit | b2240fc1c08ba82628285458b057b5f795a68a43 (patch) | |
tree | 5acb2bdc9bc2d2c26e220a424cc6f0b29df60dec /usr.sbin/ypserv | |
parent | 3197c29bd1de99eb5100db75bfb4d651f6878fa7 (diff) | |
download | FreeBSD-src-b2240fc1c08ba82628285458b057b5f795a68a43.zip FreeBSD-src-b2240fc1c08ba82628285458b057b5f795a68a43.tar.gz |
Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
Diffstat (limited to 'usr.sbin/ypserv')
-rw-r--r-- | usr.sbin/ypserv/ypinit.8 | 33 | ||||
-rw-r--r-- | usr.sbin/ypserv/ypserv.8 | 69 |
2 files changed, 68 insertions, 34 deletions
diff --git a/usr.sbin/ypserv/ypinit.8 b/usr.sbin/ypserv/ypinit.8 index 8e560d5..dc4565ce 100644 --- a/usr.sbin/ypserv/ypinit.8 +++ b/usr.sbin/ypserv/ypinit.8 @@ -61,10 +61,12 @@ directory, the .Pa /var/yp/ypservers file, and calls .Pa /var/yp/Makefile -to create and populate an initial set of NIS maps. The maps are +to create and populate an initial set of NIS maps. +The maps are created from local source files using the .Xr yp_mkdb 8 -command. The script will prompt the user for a list of servers +command. +The script will prompt the user for a list of servers that support the specified domain; this list is used to populate the ypservers map. .Pp @@ -72,10 +74,12 @@ On a slave server, .Nm creates the .Pa /var/yp/$DOMAINNAME , -populates it with copies of the NIS maps from the master. The maps +populates it with copies of the NIS maps from the master. +The maps are obtained from the master using the .Xr ypxfr 8 -command. The +command. +The .Nm script obtains the list of maps to transfer in one of two ways: if the system is configured as an NIS client and is bound to the master @@ -87,8 +91,10 @@ command to obtain a list of maps exported by the master server. If the system is not configured as a client of the NIS master, .Nm uses a hardcoded list of maps, some of which may or may not actually -exist on the master. The system administrator can edit the script and -modify the map list if necessary. Otherwise, indivudual maps can +exist on the master. +The system administrator can edit the script and +modify the map list if necessary. +Otherwise, indivudual maps can be transfered manually from the master using .Xr ypxfr 8 . .Sh OPTIONS @@ -96,8 +102,10 @@ be transfered manually from the master using supports the following options: .Bl -tag -width indent .It Fl m Op Ar domainname -Set up a master server. By default, the script sets up a server for -the system default domain. The user can override this default by specifying +Set up a master server. +By default, the script sets up a server for +the system default domain. +The user can override this default by specifying .Ar domainname explicitly. Maps are constructed from scratch using local files as templates using @@ -107,16 +115,19 @@ command. .It Fl s Ar master_server Op Ar domainname Set up a slave server using .Ar master_name -as the master. Maps are copied from +as the master. +Maps are copied from .Ar master_server to the slave using .Xr ypxfr 8 . By default, the script sets up a server for -the system default domain. The user can override this default by specifying +the system default domain. +The user can override this default by specifying .Ar domainname explicitly. .It Fl u Op Ar domainname -Update the ypservers map on the master server. When a new slave +Update the ypservers map on the master server. +When a new slave server is added to a domain, its hostname must be added to the ypservers map so that .Xr yppush 8 diff --git a/usr.sbin/ypserv/ypserv.8 b/usr.sbin/ypserv/ypserv.8 index e6a06bd..08d82f8 100644 --- a/usr.sbin/ypserv/ypserv.8 +++ b/usr.sbin/ypserv/ypserv.8 @@ -44,7 +44,8 @@ .Sh DESCRIPTION .Tn NIS is an RPC-based service designed to allow a number of UNIX-based -machines to share a common set of configuration files. Rather than +machines to share a common set of configuration files. +Rather than requiring a system administrator to update several copies of files such as .Pa /etc/hosts , @@ -70,7 +71,8 @@ one of the domains served by .Nm using the .Xr domainname 1 -command. The clients must also run +command. +The clients must also run .Xr ypbind 8 in order to attach to a particular server, since it is possible to have several servers within a single @@ -83,7 +85,8 @@ are stored in .Pa /var/yp/[domainname] where .Pa domainname -is the name of the domain being served. There can be several +is the name of the domain being served. +There can be several such directories with different domainnames, and you need only one .Nm daemon to handle them all. @@ -93,13 +96,15 @@ The databases, or as they are often called, are created by .Pa /var/yp/Makefile -using several system files as source. The database files are in +using several system files as source. +The database files are in .Xr db 3 format to help speed retrieval when there are many records involved. In .Fx , the maps are always readable and writable only by root for security -reasons. Technically this is only necessary for the password +reasons. +Technically this is only necessary for the password maps, but since the data in the other maps can be found in other world-readable files anyway, it doesn't hurt and it's considered good general practice. @@ -120,7 +125,8 @@ database via normally only stores encrypted passwords in .Pa /etc/master.passwd , -which is readable and writable only by root. By turning this file +which is readable and writable only by root. +By turning this file into an .Tn NIS map, this security feature would be completely defeated. @@ -133,7 +139,8 @@ handles the .Pa master.passwd.byname and .Pa master.basswd.byuid -maps in a special way. When the server receives a request to access +maps in a special way. +When the server receives a request to access either of these two maps, it will check the TCP port from which the request originated and return an error if the port number is greater than 1023. Since only the superuser is allowed to bind to TCP ports @@ -155,12 +162,14 @@ the standard .Pa passwd.byname and .Pa passwd.byuid -maps will be accessed instead. The latter two maps are constructed by +maps will be accessed instead. +The latter two maps are constructed by .Pa /var/yp/Makefile by parsing the .Pa master.passwd file and stripping out the password fields, and are therefore -safe to pass on to unprivileged users. In this way, the shadow password +safe to pass on to unprivileged users. +In this way, the shadow password aspect of the protected .Pa master.passwd database is maintained through @@ -213,7 +222,8 @@ In general, any remote user can issue an RPC to and retrieve the contents of your .Tn NIS maps, provided the remote user -knows your domain name. To prevent such unauthorized transactions, +knows your domain name. +To prevent such unauthorized transactions, .Nm supports a feature called .Pa securenets @@ -231,7 +241,8 @@ that consist of a network specification and a network mask separated by white space. Lines starting with .Dq \&# -are considered to be comments. A +are considered to be comments. +A sample securenets file might look like this: .Bd -unfilled -offset indent # allow connections from local host -- mandatory @@ -247,9 +258,11 @@ sample securenets file might look like this: If .Nm receives a request from an address that matches one of these rules, -it will process the request normally. If the address fails to match +it will process the request normally. +If the address fails to match a rule, the request will be ignored and a warning message will be -logged. If the +logged. +If the .Pa /var/yp/securenets file does not exist, .Nm @@ -270,7 +283,8 @@ and .Pa tcpd.h , you can easily recompile .Nm -with them. This allows the administrator to use the tcpwrapper +with them. +This allows the administrator to use the tcpwrapper configuration files ( .Pa /etc/hosts.allow and @@ -297,7 +311,8 @@ implementation only uses the .Tn NIS v2 protocol, however other implementations include support for the v1 protocol for backwards compatibility -with older systems. The +with older systems. +The .Xr ypbind 8 daemons supplied with these systems will try to establish a binding to an @@ -311,14 +326,16 @@ does not handle v1 map transfer requests; consequently, it can not be used as a master or slave in conjunction with older .Tn NIS servers that -only support the v1 protocol. Fortunately, there probably aren't any +only support the v1 protocol. +Fortunately, there probably aren't any such servers still in use today. .Ss NIS servers that are also NIS clients Care must be taken when running .Nm in a multi-server domain where the server machines are also .Tn NIS -clients. It is generally a good idea to force the servers to +clients. +It is generally a good idea to force the servers to bind to themselves rather than allowing them to broadcast bind requests and possibly become bound to each other: strange failure modes can result if one server goes down and @@ -342,16 +359,19 @@ handles yp_match requests for the .Pa hosts.byname and .Pa hosts.byaddress -maps. By default, if +maps. +By default, if .Nm can't find an entry for a given host in its hosts maps, it will -return an error and perform no further processing. With the +return an error and perform no further processing. +With the .Fl n flag, .Nm will go one step further: rather than giving up immediately, it will try to resolve the hostname or address using a DNS nameserver -query. If the query is successful, +query. +If the query is successful, .Nm will construct a fake database record and return it to the client, thereby making it seem as though the client's yp_match request @@ -371,14 +391,17 @@ option when serving only .Tn NIS clients. .It Fl d -Cause the server to run in debugging mode. Normally, +Cause the server to run in debugging mode. +Normally, .Nm reports only unusual errors (access violations, file access failures) using the .Xr syslog 3 -facility. In debug mode, the server does not background +facility. +In debug mode, the server does not background itself and prints extra status messages to stderr for each -request that it receives. Also, while running in debug mode, +request that it receives. +Also, while running in debug mode, .Nm will not spawn any additional subprocesses as it normally does when handling yp_all requests or doing DNS lookups. (These actions |