1YPSERV(8)                      Reference Manual                      YPSERV(8)
2
3
4

NAME

6       ypserv - NIS server
7

SYNOPSIS

9       /usr/sbin/ypserv [ -d [ path ] ] [ -p port ] [ -i iface ]
10

DESCRIPTION

12       The  Network Information Service (NIS) provides a simple network lookup
13       service consisting of databases and processes.  The databases are  gdbm
14       files in a directory tree rooted at /var/yp.
15
16       The  ypserv  daemon  is  typically activated at system startup.  ypserv
17       runs only on NIS server machines with a complete NIS database. On other
18       machines  using  the  NIS services, you have to run ypbind as client or
19       under Linux you could use the libc with NYS support.  ypbind  must  run
20       on  every machine which has NIS client processes; ypserv may or may not
21       be running on the same node, but must be running somewhere on the  net‐
22       work. On startup or when receiving the signal SIGHUP, ypserv parses the
23       file /etc/ypserv.conf.
24

OPTIONS

26       -d --debug [path]
27              Causes the server to run in  debugging  mode.  Normally,  ypserv
28              reports  only errors (access violations, dbm failures) using the
29              syslog(3) facility. In debug mode, the  server  does  not  back‐
30              ground  itself  and  prints  extra status messages to stderr for
31              each request that it receives.  path is an optionally parameter.
32              ypserv is using this directory instead of /var/yp
33
34       -i --iface iface
35              Causes  the  server to only be available via interface iface Use
36              this if you want ypserv to only provide service on a  particular
37              network interface.  iface is a required parameter ypserv will be
38              using that interface instead of all the available network inter‐
39              faces.
40
41       -p --port port
42              ypserv will bind itself to this port.  This makes it possible to
43              have a router filter packets to the NIS ports, so that access to
44              the NIS server from hosts on the Internet can be restricted.
45
46       -v --version
47              Prints the version number
48

SECURITY

50       In general, any remote user can issue an RPC to ypserv and retrieve the
51       contents of your NIS maps, if he knows your  domain  name.  To  prevent
52       such  unauthorized  transactions,  ypserv  supports  a  feature  called
53       securenets which can be used to restrict  access  to  a  given  set  of
54       hosts.   At  startup  or  when  arriving the SIGHUP Signal, ypserv will
55       attempt  to  load  the  securenets  information  from  a  file   called
56       /var/yp/securenets .  This file contains entries that consist of a net‐
57       mask and a network pair separated by white spaces.  Lines starting with
58       ``#'' are considered to be comments.
59
60       A sample securenets file might look like this:
61
62              # allow connections from local host -- necessary
63              host 127.0.0.1
64              # same as 255.255.255.255 127.0.0.1
65              #
66              # allow connections from any host
67              # on the 131.234.223.0 network
68              255.255.255.0   131.234.223.0
69              # allow connections from any host
70              # between 131.234.214.0 and 131.234.215.255
71              255.255.254.0   131.234.214.0
72
73       If  ypserv  receives  a  request  from an address that fails to match a
74       rule, the request will be ignored and a warning message will be logged.
75       If  the  /var/yp/securenets file does not exist, ypserv will allow con‐
76       nections from any host.
77
78       In the /etc/ypserv.conf you could specify some access rules for special
79       maps  and  hosts.  But  it is not very secure, it makes the life only a
80       little bit harder for a potential hacker. If a mapname doesn't match  a
81       rule,  ypserv will look for the YP_SECURE key in the map. If it exists,
82       ypserv will only allow requests on a reserved port.
83
84       For security reasons, ypserv will only accept ypproc_xfr  requests  for
85       updating  maps  from the same master server as the old one. This means,
86       you have to reinstall the slave servers if you change the master server
87       for a map.
88

FILES

90       /etc/ypserv.conf /var/yp/securenets
91

SEE ALSO

93       domainname(1),   ypcat(1),   ypmatch(1),  ypserv.conf(5),  netgroup(5),
94       makedbm(8), revnetgroup(8), ypinit(8), yppoll(8), yppush(8),  ypset(8),
95       ypwhich(8), ypxfr(8), rpc.ypxfrd(8)
96
97       The  Network Information Service (NIS) was formerly known as Sun Yellow
98       Pages (YP).  The functionality of the two remains the  same;  only  the
99       name  has  changed.  The name Yellow Pages is a registered trademark in
100       the United Kingdom of British Telecommunications plc, and  may  not  be
101       used without permission.
102

AUTHOR

104       ypserv  was  written  by Peter Eriksson <pen@lysator.liu.se>.  Thorsten
105       Kukuk <kukuk@suse.de> added support for master/slave server and is  the
106       new Maintainer.
107
108
109
110YP Server                         August 2001                        YPSERV(8)
Impressum