ypserv.conf(5) [redhat man page]
YPSERV.CONF(5) Reference Manual YPSERV.CONF(5) NAME
ypserv.conf - configuration file for ypserv and rpc.ypxfrd DESCRIPTION
ypserv.conf is an ASCII file which contains some options for ypserv. It also contains a list of rules for special host and map access for ypserv and rpc.ypxfrd. This file will be read by ypserv and rpc.ypxfrd at startup, or when receiving a SIGHUP signal. There is one entry per line. If the line is a option line, the format is: option: <argument> The line for an access rule has the format: host:domain:map:security All rules are tried one by one. If no match is found, access to a map is allowed. Following options exist: files: 30 This option specifies, how many database files should be cached by ypserv. If 0 is specified, caching is disabled. Decreasing this number is only possible, if ypserv is restarted. trusted_master: server If this option is set on a slave server, new maps from the host server will be accepted as master. The default is, that no trusted master is set and new maps will not be accepted. Example: trusted_master: ypmaster.example.org xfr_check_port: [<yes>|no] With this option enabled, the NIS master server have to run on a port < 1024. The default is "yes" (enabled). The field descriptions for the access rule lines are: host IP address. Wildcards are allowed. Examples: 131.234. = 131.234.0.0/255.255.0.0 131.234.214.0/255.255.254.0 domain specifies the domain, for which this rule should be applied. An asterix as wildcard is allowed. map name of the map, or asterisk for all maps. security one of none, port, deny: none always allow access. port allow access if from port < 1024. Otherwise do not allow access. deny deny access to this map. FILES
/etc/ypserv.conf SEE ALSO
ypserv(8), rpc.ypxfrd(8) WARNINGS
The access rules for special maps are no real improvement in security, but they make the life a little bit harder for a potential hacker. BUGS
Solaris clients don't use privileged ports. All security options which depend on privileged ports cause big problems on Solaris clients. AUTHOR
Thorsten Kukuk <kukuk@suse.de> YP Server October 2002 YPSERV.CONF(5)
Check Out this Related Man Page
YPSERV(8) NIS Reference Manual YPSERV(8) NAME
ypserv - NIS Server SYNOPSIS
/usr/sbin/ypserv [-d] [-p port] [-f|--foreground] DESCRIPTION
The Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes. The databases are gdbm files in a directory tree rooted at /var/yp. The ypserv daemon is typically activated at system startup. ypserv runs only on NIS server machines with a complete NIS database. On other machines using the NIS services, you have to run ypbind as client or under Linux you could use the libc with NYS support. ypbind must run on every machine which has NIS client processes; ypserv may or may not be running on the same node, but must be running somewhere on the network. On startup ypserv parses the file /etc/ypserv.conf. It is also possible to pass OPTIONS to ypserv using the environment variable YPSERV_ARGS and this variable can be set in /etc/sysconfig/network. OPTIONS
-d, --debug Causes the server to run in debugging mode. Normally, ypserv reports only errors (access violations, dbm failures) using the syslog(3) facility. In debug mode, the server does not background itself and prints extra status messages to stderr for each request that it revceives. -p, --port port ypserv will bind itself to this port. This makes it possible to have a router filter packets to the NIS ports, so that access to the NIS server from hosts on the Internet can be restricted. -v, --version Prints the version number -f, --foreground will not put itself into background. SECURITY
In general, any remote user can issue an RPC to ypserv and retrieve the contents of your NIS maps, if he knows your domain name. To prevent such unauthorized transactions, ypserv supports a feature called securenets which can be used to restrict access to a given set of hosts. At startup ypserv will attempt to load the securenets information from a file called /var/yp/securenets . This file contains entries that consist of a netmask and a network pair separated by white spaces. Lines starting with "#" are considered to be comments. A sample securenets file might look like this: # allow connections from local host -- necessary host 127.0.0.1 # same as 255.255.255.255 127.0.0.1 # # allow connections from any host # on the 131.234.223.0 network 255.255.255.0 131.234.223.0 # allow connections from any host # between 131.234.214.0 and 131.234.215.255 255.255.254.0 131.234.214.0 If ypserv receives a request from an address that fails to match a rule, the request will be ignored and a warning message will be logged. If the /var/yp/securenets file does not exist, ypserv will allow connections from any host. In the /etc/ypserv.conf you could specify some access rules for special maps and hosts. But it is not very secure, it makes the life only a little bit harder for a potential hacker. If a mapname doesn't match a rule, ypserv will look for the YP_SECURE key in the map. If it exists, ypserv will only allow requests on a reserved port. For security reasons, ypserv will only accept ypproc_xfr requests for updating maps from the same master server as the old one. This means, you have to reinstall the slave servers if you change the master server for a map. BUGS
Sending the signal SIGHUP to the server can lead to a deadlock or crash. FILES
/etc/ypserv.conf configuration file. /var/yp/securenets which hosts are allowed to contact ypserv. /etc/sysconfig/network setting additional arguments to ypserv. SEE ALSO
domainname(1), ypcat(1), ypmatch(1), ypserv.conf(5), netgroup(5), makedbm(8), revnetgroup(8), ypinit(8), yppoll(8), yppush(8), ypset(8), ypwhich(8), ypxfr(8), rpc.ypxfrd(8) The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be used without permission. AUTHOR
ypserv was written by Peter Eriksson <pen@lysator.liu.se>. Thorsten Kukuk <kukuk@linux-nis.org> added support for master/slave server and is the new Maintainer. NIS Reference Manual 01/27/2010 YPSERV(8)