1YPSERV(8) Reference Manual YPSERV(8)
2
3
4
6 ypserv - NIS server
7
9 /usr/sbin/ypserv [ -d [ path ] ] [ -p port ] [ -i iface ]
10
12 The Network Information Service (NIS) provides a simple network lookup
13 service consisting of databases and processes. The databases are gdbm
14 files in a directory tree rooted at /var/yp.
15
16 The ypserv daemon is typically activated at system startup. ypserv
17 runs only on NIS server machines with a complete NIS database. On other
18 machines using the NIS services, you have to run ypbind as client or
19 under Linux you could use the libc with NYS support. ypbind must run
20 on every machine which has NIS client processes; ypserv may or may not
21 be running on the same node, but must be running somewhere on the net‐
22 work. On startup or when receiving the signal SIGHUP, ypserv parses the
23 file /etc/ypserv.conf.
24
26 -d --debug [path]
27 Causes the server to run in debugging mode. Normally, ypserv
28 reports only errors (access violations, dbm failures) using the
29 syslog(3) facility. In debug mode, the server does not back‐
30 ground itself and prints extra status messages to stderr for
31 each request that it receives. path is an optionally parameter.
32 ypserv is using this directory instead of /var/yp
33
34 -i --iface iface
35 Causes the server to only be available via interface iface Use
36 this if you want ypserv to only provide service on a particular
37 network interface. iface is a required parameter ypserv will be
38 using that interface instead of all the available network inter‐
39 faces.
40
41 -p --port port
42 ypserv will bind itself to this port. This makes it possible to
43 have a router filter packets to the NIS ports, so that access to
44 the NIS server from hosts on the Internet can be restricted.
45
46 -v --version
47 Prints the version number
48
50 In general, any remote user can issue an RPC to ypserv and retrieve the
51 contents of your NIS maps, if he knows your domain name. To prevent
52 such unauthorized transactions, ypserv supports a feature called
53 securenets which can be used to restrict access to a given set of
54 hosts. At startup or when arriving the SIGHUP Signal, ypserv will
55 attempt to load the securenets information from a file called
56 /var/yp/securenets . This file contains entries that consist of a net‐
57 mask and a network pair separated by white spaces. Lines starting with
58 ``#'' are considered to be comments.
59
60 A sample securenets file might look like this:
61
62 # allow connections from local host -- necessary
63 host 127.0.0.1
64 # same as 255.255.255.255 127.0.0.1
65 #
66 # allow connections from any host
67 # on the 131.234.223.0 network
68 255.255.255.0 131.234.223.0
69 # allow connections from any host
70 # between 131.234.214.0 and 131.234.215.255
71 255.255.254.0 131.234.214.0
72
73 If ypserv receives a request from an address that fails to match a
74 rule, the request will be ignored and a warning message will be logged.
75 If the /var/yp/securenets file does not exist, ypserv will allow con‐
76 nections from any host.
77
78 In the /etc/ypserv.conf you could specify some access rules for special
79 maps and hosts. But it is not very secure, it makes the life only a
80 little bit harder for a potential hacker. If a mapname doesn't match a
81 rule, ypserv will look for the YP_SECURE key in the map. If it exists,
82 ypserv will only allow requests on a reserved port.
83
84 For security reasons, ypserv will only accept ypproc_xfr requests for
85 updating maps from the same master server as the old one. This means,
86 you have to reinstall the slave servers if you change the master server
87 for a map.
88
90 /etc/ypserv.conf /var/yp/securenets
91
93 domainname(1), ypcat(1), ypmatch(1), ypserv.conf(5), netgroup(5),
94 makedbm(8), revnetgroup(8), ypinit(8), yppoll(8), yppush(8), ypset(8),
95 ypwhich(8), ypxfr(8), rpc.ypxfrd(8)
96
97 The Network Information Service (NIS) was formerly known as Sun Yellow
98 Pages (YP). The functionality of the two remains the same; only the
99 name has changed. The name Yellow Pages is a registered trademark in
100 the United Kingdom of British Telecommunications plc, and may not be
101 used without permission.
102
104 ypserv was written by Peter Eriksson <pen@lysator.liu.se>. Thorsten
105 Kukuk <kukuk@suse.de> added support for master/slave server and is the
106 new Maintainer.
107
108
109
110YP Server August 2001 YPSERV(8)